I’m finally moving back to a 10-gig fibre line, after 3-4 years in the fields…
That said, I’m struggling a bit to find a nice router to use it with. The stock one has very few 10g ports, and I would like to put at least the 2x NAS drives, the server and the WiFi7 router on a 10 gig link.
So my idea is to use the Flint 3 as an access point (they only do 2.5G on the WAN port), and maybe something like a firewalla 10G or an miniPC with pfSense at the gateway…
What do other people have between their ISP and their computer?
I have 10Gig fibre to my Swisscom IB4. It has, oddly, only an RJ45 10Gb port (no fibre). So I use a transponder to connect to my UDM Pro SE / Pro Max 24 Switch. From there, 2.5GB LAN to my computer and PoE APs
Could get high-speed Unifi APs but reports are they run very hot.
Love Unifi for my home network, makes troubleshooting easy, 4 VLANs (secure, guest, IoT and CCTV) and integrates my security cameras.
You can block VPN outright or use a managed device (e.g. google’s family) where you also manage the device for that side.
Of course, these should be coupled with an open conversation…
I’m a bit “paranoid” as I used to work as a sysadmin in schools, so I’ve seen what kids get up to. E.g. they (used to) send disappearing messages on whatsapp with content from ogrish (extreme gore, e.g. beheadings, stabbings, suicides, etc). By the time a parent looked at the content (or any tool), it was deleted.
I’ll probably establish a separate VLAN for the kids when they are old enough, and block VPN. Problem is they could find ways around it…the neighbours WLAN is probably strong enough signal if they could get the password from the similar aged neighbours kids.
In any case, being an ex-cop, my kids are going to have to work pretty hard hide things from me. And I’ve got enough teenage regret police stories to scare them into the next century.
Compared to the old WiFi 5 it has now replaced, It is fast and has WPA3. It also comes with free aiProtection via Trend Micro. However, I wonder if there is a catch with this non subscription deal?
Don’t underestimate kids Though given your previous profession, I’m sure I don’t need to tell you that…
I still volunteer in schools, and sometimes what I see boggles my mind. Have you heard of beReal? I still don’t get it -shows how much of a dinosaur I am.
Only if you go full bazooka and enroll all their devices into an MDM like JAMF or Intune and force an Always On VPN so they can’t use a 5G stick or the WLAN at their friends‘ homes.
If they complain just tell them you work for a secret government agency and may have Nation State Adversaries.
You can, of course, not control if they just get another device on the side. You could limit the use of that device at home with a NAC solution….
I am not sure if you can run a microcell as a private citizen. But if you try, you will likely meet a lot of interesting people from BAKOM.
I used to have a femtocell a few years ago. Quite normal in UK, and provided by O2 or EE (can’t remember) when you live in an area with no reception…but that’s besides the point.
Here is a blend of current + future plans:
At home I ran a version of NAC normally anyhow, I have three separate wireless networks - one for IOT, one for trusted devices and one for guests.
IOT used MAC based filtering + WPA2 (2.4GHz wifi), and heavily filtered access to the internet (whitelist only)
trusted is for most of my normal devices, and has moderately filtered internet. Currently MAC based identification of devices, blocking unknown MAC addresses. Yes, it’s trivial to bypass, but at some point I’ll move to cert based auth. VPNs are blocked (except to a few IP addresses that I need for work), as is pornography, gambling, violence, and a few other things (e.g. steam from midnight to 6am).
Guest WiFi has only the most basic filtering of the internet (e.g. adguard is running), but also is throttled in terms of speed and typically is on only when guests are over. I have played with captive portals, but had minimal use and was easier to turn things on/off.
Wired networks have my lab environment and a backup network (NAS that then replicates into azure). I want to split this into two, as the lab has both “productive” stuff and sandboxes for fooling around. The sandbox area I want to in turn have it’s own separate area which I can physically disconnect - and then the prod side I want to bridge to azure as I’m putting more and more there.
I also need to find time to create a new wired network for the CCTV (not a fan of having those on wifi), but in due course… also I need to run cable into the garden as the lawnmower struggles to connect as do the remote cameras.
Mobile phone is on a swisscom basic subscription - meaning unlimited data, but at 128kb/s. So downloading videos is near impossible outside of the house. Target was to then run bark + google family - though not a bad shout re inTune. I feel stupid for not thinking of that!
or use a managed device (e.g. google’s family) where you also manage the device for that side.
Though given your previous profession, I’m sure I don’t need to tell you that…