New router at home this week. Old one is getting flaky and i bought it in 2018 i guess, so time to retire it. This new one, aside from an annoyance on the WiFi options, and it has monster antennas sticking out all over it like something out of a batman movie, has built in openvpn and wireguard servers, and client of some sort. I wonder if i should trust it and ditch my 2 VMs that are doing that now.
some sort. I wonder if i should trust it and ditch my 2 VMs that
are doing that now.
No.
1. I trust the Latvians more than I trust the Chinese.
2. My VPN exists to check a box that says "Yes I used a VPN, I followed the rules, so leave me alone" rather than to provide a particular level of privacy.
Hi again fandarel, nice to see you :)
Its a TP-link. I forget the model without going and looking. its a WiFi 6 thing.
To be honest, i'm less worried about the Chinese watching me than the NSA. I am of zero interest to the CCP as i have no money, influence or secrets, but as i wont follow agenda i am of interest to the US government. Not being a target is one reason it didn't bother me to buy Chinese phones for many years ( they didn't have all the carrier crap, and were 1/4 the price for the same feature set, so it was a practical win ).
I was meaning trust more in the sense of just trusting the thing is going go work, and not go wacko on me or just do stupid stuff and be unstable. Purely from the technical standpoint.
2025-01-09 00:01 from Nurb432
New router at home this week. Old one is getting flaky and i
bought it in 2018 i guess, so time to retire it. This new one,
aside from an annoyance on the WiFi options, and it has monster
antennas sticking out all over it like something out of a batman
movie, has built in openvpn and wireguard servers, and client of
some sort. I wonder if i should trust it and ditch my 2 VMs that
are doing that now.
My policy is to not trust consumer-grade networking equipment. Quite often you can tell it comes with ok hardware, but they can't bother putting together decent firmware for it.
Few years ago id just roll my own. But getting tired.
My policy is to not trust consumer-grade networking equipment. Quite often you can tell it comes with ok hardware, but they can't bother putting together decent firmware for it.
My policy is to not trust consumer-grade networking equipment. Quite
often you can tell it comes with ok hardware, but they can't bother
putting together decent firmware for it.
More and more it's just a system-on-chip with something close to the reference design implemented around it. There's no way every vendor is going to just write a custom operating system so they just take something off the shelf and put their vendor skin on it. I guess that's what makes it relatively easy to replace the firmware.
I'm a big fan of VyOS and I even like it better than a regular Linux image.
I would like to run it at home but I have Mikrotik access points and their controller software is built into their router software so I am sticking with that. Mikrotik RouterOS is pretty decent, if a bit exotic.
To be honest, i'm less worried about the Chinese watching me than the
NSA. I am of zero interest to the CCP as i have no money, influence
Sorry to tell you, they're likely the same. Or at the very least there is probably cross talk.
Nah they have zero interest in me. The only capture of my data is side-noise.
To be honest, i'm less worried about the Chinese watching me than the
NSA. I am of zero interest to the CCP as i have no money, influence
Sorry to tell you, they're likely the same. Or at the very least there is probably cross talk.
2025-01-12 12:25 from Nurb432
Subject: Re: Trusting the new router
Few years ago id just roll my own. But getting tired.
Then just buy non-consumer grade networking hardware.
You can buy old stuff from dealers and still have a better experience with it than running new consumer grade equipment.
2025-01-12 12:25 from Nurb432 <nurb432@uncensored.citadel.org>
Subject: Re: Trusting the new router
Few years ago id just roll my own. But getting tired.
What exactly does this mean, btw? Were you writing router firmware?
No. Just getting tired of it all to be honest. My entire life i have 'done it myself' ( see the hot rod and home handyman rooms for more on that.. )
What exactly does this mean, btw? Were you writing router firmware?
It's not all that uncommon. I ran my home network without a "real router" for the first 17 years (1996 through 2011). My main server had a local network connection and an Internet connection and passed traffic between them. In the 1990s this design pattern was more common than you might imagine today. Eventually I switched to a consumer grade router. A lot of people are still enthusiastic about building their own routers, using VyOS or OpenWRT or pfSense or whatever. Some will even just drop a Linux machine across both networks and run iptables etc. by hand, which I've also done from time to time.
There's no wrong answer. You decide where you want to spend your time and what makes you happy.
Ya i have done it all at one point too.
But its not 'fun'.. anymore. I just want to push a button and it work. Its just a router..
2025-01-18 17:37 from Nurb432
Subject: Re: Trusting the new router
Ya i have done it all at one point too.
But its not 'fun'.. anymore. I just want to push a button and it
work. Its just a router..
It is not about fun. It is about having good service. I tend to go the manual way because otherwise you have crap service. Fun is just a bonus.
I donno, the last one i had, was "push button" and it was fine for 8+ years and cost me like 50 bucks. It gave me NAT, routed ports, reserved addresses. 6G WiFI.. it 'just worked' ( and 1G ports so fast enough for me )
The new one, donno yet, i did get it ready, including all my IP/MAC reservations but not taken the time to take it out back and install it since its been chilly, a foot of snow, and the other started working ok again after the last power cycle. ( long story i have told before, weather matters unless its 'critical' as that part of the house is 'outside access', at least until i get the energy to tear down a wall in the utility room and extend it out to this 'isolated room' thing )
It is not about fun. It is about having good service. I tend to go the manual way because otherwise you have crap service. Fun is just a bonus.
2025-01-18 15:55 from IGnatius T Foobar <ajc@citadel.org>
Subject: Re: Trusting the new router
It's not all that uncommon. I ran my home network without a "real
router" for the first 17 years (1996 through 2011). My main server
had a local network connection and an Internet connection and passed
traffic between them. In the 1990s this design pattern was more
common than you might imagine today. Eventually I switched to a
consumer grade router. A lot of people are still enthusiastic about
building their own routers, using VyOS or OpenWRT or pfSense or
whatever. Some will even just drop a Linux machine across both
networks and run iptables etc. by hand, which I've also done from
time to time.
There's no wrong answer. You decide where you want to spend your
time and what makes you happy.
I've considered doing this, but I figured routing in software would have a noticable impact. Maybe not, though. With my setup, I spend 99% of my time in a VM where the host is performing routing, and it doesn't seem to bother me there.
I've considered doing this, but I figured routing in software would
have a noticable impact. Maybe not, though. With my setup, I spend 99%
of my time in a VM where the host is performing routing, and it doesn't
seem to bother me there.
Your CPU has to be very bottom of the barrel for you to notice if you are routing domestic LAN traffic.
Pro-routers need to move harder traffic so they resort to tricks that does not require as much traffic to go through the CPU.
Even lower than bottom.. considering the CPU In some of the commodity routers are worse than an RPI.
2025-01-19 11:53 from Nurb432 <nurb432@uncensored.citadel.org>
Subject: Re: Trusting the new router
Even lower than bottom.. considering the CPU In some of the
commodity routers are worse than an RPI.
But the CPU isn't doing the routing. They have some Broadcom ASIC doing the heavy lifting, and the CPU is only there for configuration.