Snot Flickerman

Yes, consumer routers are much lower powered because they’re built to be a router so they can simplify it to the basics needed just for routing. The trade-off is that most off-the-shelf consumer routers don’t support V-LANs. The person you were responding to notes they have a Mikrotic device, which is one of the most popular series of devices for people to put OpenWRT on. (EDIT: Memory was foggy it’s actually devices with MediaTech CPUs is what I am thinking of) The major downside here when it comes to exposing devices to the internet is you lose the strong firewall. Part of why the OPNsense firewall is stronger than what a consumer firewall even with OpenWRT on it is because it isn’t just built to be a router, and being much beefier allows it to handle much more complex firewall rules and things like packet inspection or intrusion detection. OpenWRTdevice has a basic firewall which will do the job, for sure, but I am definitely on the side of using something a little bit more powerful for more firewall features and options. You’d probably still be relatively safe with OpenWRT/, but the low power of the devices may make them less robust depending on how many users you plan on having, in which OPNsense’s beefy nature makes it more robust for more data passing through.

EDIT: Those Mikrotik devices OP is referring to are different than what I was thinking of, but they also have a good price point and are dedicated routing appliances thus lower power draw (many of them support Power over Ethernet). Their OS isn’t as open as any of the others though, however it offers a full featured enterprise grade router OS. A good choice for someone who isn’t as savvy off the bat, although you lose the powerful firewall.

https://mikrotik.com/products/group/ethernet-routers

They also have a demo of their RouterOS which seems like it’s very full-featured: https://demo.mt.lv/

Yeah, get your new OPNsense device fully set up through the guide, and it will act as a router and firewall. Once it’s ready to go, plug it in with ethernet to the Verizon router (with the ethernet connected to your OPNsense going into the WAN port) and make sure it’s picking up internet from the Verizon router. Once you’re sure it is, then go into your Verizon router’s settings and turn on bridge mode. The internet should auto-reconfigure for your new router to grab the IP from the modem by passing through the Verizon router.

If for whatever reason this doesn’t work, you can regain access to the Verizon router by doing a factory reset (as you won’t be able to view it’s settings as it no longer has an IP on the network in bridge mode). So don’t be afraid of it, worst that can happen is a factory reset. Just back up your settings beforehand (either manually writing them down or exporting a config file) so you can restore them easily.

I am pretty sure both switches will need to be managed because you will need a trunk between the firewall and the first switch and a trunk between the first switch and the second switch. A trunk needs to be defined on both ends, and with an unmanaged switch in between the firewall and managed switch I am fairly sure that’s not possible.

There are two types of ways VLANs communicate, and that’s through trunk ports and access ports. Trunking ports basically bundle all the VLANs together and send them to the next destination, such as another switch. Access ports are for giving access to end devices for a specific VLAN.

So I am fairly sure you’ll need a trunk between Firewall and Living Room Switch and a trunk between Living Room and Office Switch. It’s been a minute since I did work with VLANs myself though, so others feel free to correct me.

Related, I am also fairly sure the router itself will need VLAN support so while it’s understandable to not want to replace it, it may be a requirement and most consumer routers don’t come with VLAN support. Options are finding a router that supports alternative firmware like OpenWRT or DD-WRT which adds VLAN support or go whole hog and set up OPNsense or PFSense and essentially build your own router/firewall.

EDIT: I just looked at the Home Network Guy’s guide you linked to. His guide is helping you build a combination router and firewall with OPNsense. If you really need to keep the Verizon router, check if the Verizon router has an option called “Bridge mode” where you can bridge the connection to your own router/firewall and basically turn the Verizon router into a dummy passthrough device that the network just sort of passes through and otherwise ignores.

Where do all the lovely self-hosters here turn when they want to chat networking or server hardware?

I know this might seem like a strange answer, but… IRC channels on private torrent trackers. Many of the people on these sites actively have large and complex setups running. There often is a lot of talk about hardware for servers and networking in those IRC channels. Or at least there is on the trackers I am on.

I know that’s not necessarily a helpful answer to anyone not already in the private torrent tracker community, since its often quite a task to get involved if you aren’t already. However, it’s one that I have had great success with, personally. To anyone who already is on a private torrent tracker, if you haven’t checked out the IRC, give it a shot and see.

Oh and don’t forget you can self-host The Lounge for a self-hosted web-based IRC client.

Security through obscurity isn’t security.

There goes my excuse for not giving up and just paying for Unraid.

This is fucking amazing. I’m gonna go out and get a weed vape right now! I mean, for hosting a website on, yeah, that’s why, sure, let’s go with that.

loose /= lose

Sorry this one had bothered me for years now and it just seems to get worse over time.

“I let the dogs loose from their enclosure.”

“Of course I would lose my phone when I don’t have Google’s Find My Phone anymore.”

/grammar nazi

Thought it was pretty clear. Matrix sucks.

LOOOOOLOLOLOLOL

I mean I wouldn’t say the original message was clear at all that you as an individual have had bad experiences. There are also people who may have things to say from a development standpoint beyond just “I have personally had bad experiences with it.” So, sorry you had bad experiences, but to be perfectly clear “LOOOOOLOLOLOLOL” doesn’t actually tell anyone anything at all. Thanks, however, for the clarification. I haven’t had issues like that with Matrix in a long time now, but I’ve been using it off-and-on since 2018-ish.

LOOOOOLOLOLOLOL

Compelling argument.

That’s really not something to be proud of.

I suppose XMPP’s 27 years of development is embarrassing as well?

Or are you just shitposting without any concrete arguments for what you’re saying? I won’t argue well thought out arguments, but this shit is just childish. You can do better, artyom.

Personal opinion, Discord was already enshittifying before they did an IPO, like at least 6 years ago or more. The IPO just gave them an excuse to speed up the process.

Exactly this, that’s a client quirk, probably Element in this case.

Exactly, this isn’t even a new problem… it just keeps happening.

As someone who has been advocating for the use of the federated Matrix protocol for a long, long time now, the proliferation of new, competing options actually is frustrating to me. Technically Matrix is actually already fleshed out very well, has several different clients, and even has Thunderbird support so if you’re already using Thunderbird you don’t even need a separate client.

The beginnings of Matrix go back as far as 2014 so it honest has at this point 12 years of development behind it. I know Matrix has it’s issues, but it’s by far the most secure combined with being able to communicate with large groups of people via federation. There’s definitely slightly more secure options, because they lack federation (and thus don’t leak metadata), but I personally am ambivalent about them because some of them have a kind of crypto-bro feel to the companies behind them and I’m skeptical they won’t go down a path similar to Discord while Matrix on the other hand has been slowly but surely leveraging itself into a position of secure government communications all over Europe. So, to me, Matrix already has a game plan for staying relevant and staying solvent, while things like SimpleX or Stoat I’m just waiting for the other shoe to drop and for the enshittification to begin

Open source bona-fides are great and all, but for a lot of these messengers, I absolutely think not enough discussion is made regarding their financial plans to stay afloat whereas the reality is that while Matrix doesn’t exactly have money coming out their ears, they have a slow, steady gameplan that is working out so far.

The whole reason everyone moved to Discord was because it was a centralized place and since Discord needed to pay for it’s servers, it had to find a way to finance that, and enshittification naturally happened. I think it would be foolish to pretend that can’t happen again with several of the current alternatives.

(see: A/C chargers, character encoding, instant messaging, etc.)

I know that people often find IPv6 confusing and that’s fine, but at the very least you need to explain that you’re specifically talking about IPv4 IP and Subnetting configuration and that is very much how things used to be done. IPv6 is finally gaining real adoption and can make a lot of things confusing.

For example, until I got a handle of IPv6, my Android phone never had proper ad-blocking from my Pi-Holes because Google would make Android auto-configure an IPv6 DNS address that would bypass my IPv4 DNS addresses. Even if I filled every IPv4 DNS slot, my phone would still automatically make a slot for the IPv6 DNS and fill it with a Google-chosen DNS. There were two ways to fix this, and I’ve done both: Set up IPv6 and fill that slot with my Pi-Hole IPv6 DNS address, and/or setting up a VPN that hands out the Pi-Holes as DNS and bypasses Google’s auto-configurations entirely. I ended up with both because I also use the VPN to keep ad-blocking functional on my phone while I’m away from home.

Especially in keeping with your “Zero trust” idea, you can’t have rogue IPv6 traffic all over your network unless you’ve managed to disable IPv6 on every network interface and the traffic is just being dumped since it’s disabled. (Also, personal opinion, subnetting on IPv6 is so much more elegant and straightforward than on IPv4)

Finally, you mention “bytes” (it’s actually bits) and CIDR notation, but that’s probably more confusing than illuminating if someone has no idea that an IPv4 address has four sets of octets (eight bits) for a 32-bit addressing scheme. You might consider expanding on how IPv4 addresses function to make that a little clearer.

Isn’t wireguard already pretty easy???

Also unless it changed I thought Plexamp was only available to Plex Pass subscribers.

I don’t think we are the target audience for those, though, as weird as that sounds. More likely intended to be sold to less tech savvy people who are willing to pay for the convenience of some company handling their security.

open wource

Look I know it’s fun to make fun of the French…