Securing Home Network

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

wReq1mNVfg_d

New Around Here
Hi, I've got a new home and am interested in getting some smart devices, but don't want to put these on my main wifi where anyone with the wifi password can see or access these devices or give the devices access to the internet at all if not necessary. I've searched for guides and gear recommendations, but haven't gotten very far: any suggestions for equipment and setup that would allow me to put some devices behind something (maybe wireguard?) so I can control them from all my main devices without exposing them to other people? I currently have an Netgear Orbi RBR750 and an ASUS RT-AC68u at my disposal.
 

airgap

Regular Contributor
It all depends on your chosen network hardware. If you chose a router which is capable of VLAN management, then you can seperate your network in more advanced way. if you have stupid cheap router then look for one which has separate network due to "guest-network" and "Normal network" which will have different SSIDs and most of the time different network ranges.

You could also configure a small SBC (like Raspberry pi) to act as DHCP, DNS server and there you can do all the magic too.

I guess may be there are more ways but those are which pop right out of my head.
 

wReq1mNVfg_d

New Around Here
The VLAN option sounds appealing. Will research more. I think the Asus router I have could be setup that way, but the Orbi I have doesn't seem like it'll help so I'll be looking to replace it with something else. Any recommendations for equipment that could improve my situation? I have about $400 to spend right now and would like to add something which I can setup with the VLAN, wireguard and ideally supports a mesh-like system. An RT-AX88u and a pi-hole are my current leaning, but if something else would be simpler or more suited to the situation I'm all ears.
 

airgap

Regular Contributor
I think your choice isn't that bad with the RT-AX88u. May be someone with that device could give some information or suggestions.
But if you can live with one antenna less then go for the RT-AX86U which is great peace of hardware for its price. But may be you should first do some research if the AX86U really satisfies your setup whish.
 

L&LD

Part of the Furniture
The RT-AX86U has 'one antennae less' only for the 2.5GHz band (3x3:3). The 5GHz bands are both 4x4:4 with internal antennae in the RT-AX86U.
 

Purdue

Occasional Visitor
The VLAN option sounds appealing. Will research more. I think the Asus router I have could be setup that way, but the Orbi I have doesn't seem like it'll help so I'll be looking to replace it with something else. Any recommendations for equipment that could improve my situation? I have about $400 to spend right now and would like to add something which I can setup with the VLAN, wireguard and ideally supports a mesh-like system. An RT-AX88u and a pi-hole are my current leaning, but if something else would be simpler or more suited to the situation I'm all ears.
FreshTomato have GUI capabilities when it comes to VLAN.
Merlin also have some workaround based on IPTV tagging + CLI iptables (quite painful unless you're a pro).

If you want something quick, I'd go for FT firmware: it allows up to 3-port VLAN, 4 bridges. Eventually, add something like this and you can manage slightly more ports.
Otherwise, you may invest around 90 USD for this and you're done, you'll have enterprise alike router/switch/etc management interface (demo here). Still, with quite a high learning curve due to the massive amount of options available.
 

coxhaus

Part of the Furniture
What about OpenWRT and loading it? It has VLANs? I am not sure how it compares to Tomato?

I ran Tomato when it first came out back in the old days on a Linksys.
 

Tech9

Part of the Furniture
An RT-AX88u and a pi-hole are my current leaning

No custom firmware with VLAN's support for this router.

FreshTomato have GUI capabilities when it comes to VLAN.

Fresh Tomato is excellent for your AC68U, but works best with no NAT acceleration. If your ISP speed is below 250Mbps, you get VLAN's, ad-blocker (good for phishing, malware, crypto etc. blocking as well), IP traffic monitoring, Traditional and Cake QoS (up to 200Mbps), Bandwidth Limiters, VPN server/client, captive portal, web server. All with fresh new GUI as option, better than 10-years old now Asuswrt GUI. Try it before you spend more money on hardware.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top