Future Proofing Server
-
The attacking bots will surely be liking all your 'buts'
-
Regrading AP. Why can't you just use the wifi functionlity and let your server do the rest? APs are really just glorified WiFi cards with a bridge.
-
Commenting in case I need this someday.
-
i have no key for the windows10 vm
MAS will activate Windows server versions as well. Much easier to use that and keep a persistent install IMO.
-
i haven’t yet encountered an AP that is capable of providing all of the features that i currently use. ie ad blocking; personal vpn;
Pfsense does both of these. pfblocker NG in particular is a very powerful network adblocker with lots of lists. Pfsense can also run VPNs, it supports openvpn and wireguard in both client and server mode and you can set up multiple so one client, one server.
web hosting; and cloud-like internet accessible storage via ssh tunnel (in addition to others).
If you just need personal services it would be best to run something local, setup a wireguard tunnel on pfsense that gives access to your network and VPN in to access things remotely. If you need to share with others I suppose this can become a problem.
-
Yes, I use a pfsense based virtual machine as my firewall and I have availed myself to some of these capabilities like I've mentioned earlier.
I've grown accustomed to have this broad range of capabilities and the idea of getting a home router without this functionality feels foolish because I would literally be paying for the privilege of denying myself these utilities.
-
Im stuck at sub-100-megabit Wi-Fi speeds if I use Intel Linux driver; but their Windows driver doesn't have any such restriction, so I give the Windows virtual machine full control of the wireless adapter via PCI passthrough to workaround this annoying and pointless restriction.
-
I hope you help me better appreciate your recommendation better; the windows machine only faces internally so if there's bots they would be coming from my personal Linux laptop or work MacBook and those things never leave the house.
It feels like if pfsense is unable to help them out; then I stand little chance of doing myself so myself.
-
The standard (automated) attacker manipulates the 'inside' device first and makes it perform an attack on the WiFi router, to which the device is connected.
If the inside device is a windows pc and the WiFi router has it's inside port open for administrative actions, this is an easy game. Millions of WiFi routers have been turned into bots this way.
In your case the WiFi router is windows. This is different from the usual plastic router, but still not really a safe situation.
-
What's an ESU?
I wish I could get rid of the windows VM but doing so would slow my Wi-Fi speeds below 100 megabits since Intel won't allow the Linux driver to do the same in AP mode.
I like unifi; I would probably be using them if I didn't hate the idea of throwing away perfectly good equipment.
I spent a little over ten years in IT and it always saddened me to witness and commit the staggering volume of wastefullness of all of it, so try not to now
-
The router is a pfsense virtual machine based on openbsd; Windows is only the wifi access point and no administration whatsoever is conducted from it.
However the delineation between router and Wi-Fi access point gets murky for me here since the an access point is a effectively router, but by this same loose definition, it's also, effectively, a proxy.
Since this Windows virtual machine is headless like is host server, so the only possible entry vector would come from its clients entirely made up of Linux, android, and Mac machines. If those are compromised; then I don't think there's any way for me to stop it.
-
Connect the AP to a Gigabit ethernet port. No way that should be it should be limited to 100MBit.
-
Extended Security Updates.
I agree with you on throwing out perfectly good hardware. Either you hang on it until it’s useless, or you throw it on eBay and let someone else have it.
