Thank you! Even if I go with a USFF I would still have to enable AES-NI in it right? And for what I’m trying to do, do you think that will still be overkill? Quoted it below.
AES-NI is an instruction dependent on the CPU. For example: https://ark.intel.com/content/www/us/en/ark/products/95594/intel-celeron-processor-j3455-2m-cache-up-to-2-3-ghz.html
On the bottom: AES New Instructions = yes
As I mentioned, it is only necessary for pfSense 2.5 onwards and you don’t necessarily need it to run an OpenVPN server, but it’s a nice bonus to lower the load from your CPU.
Edit: ie the form factor doesn’t matter. AES-NI is only an extension of the CPU, to put it that way.
It’s possible but you lose the mesh capability as you are no longer able to use the app to admin it. This happens on my openwrt router because the error becomes “no route to host”
Might be worth a try but like novasty and I were saying it isn’t ideal
Ahh this clears it up. How many hardwired devices do you have?
I might try the google wifi once and see. if it doesn’t work it doesn’t work but I have looked at some Mesh AP products now expecting to buy them. I will probably only have 1-2 hardwired devices. Personal and work computer. The 2-3 mesh devices will be hardwired as well.
Then I recommend the protectli FW4B
1 Like
Thank you. 8gb? is the wireless worth it? What BIOS? Worth having OPNSense already installed?
Wireless not worth it
I did coreboot. I like it
8 GB is nice but not necessarily needed. You can escape with 2 or 4 gb
Upgrade later if you need.
Heres my page to give you an idea
and I do IDS and a lot of other things. theres not much load on the memory or the disk
BTW when you are setting it up and recieve it should you choose to buy it…
make a thread on it
So you can also get help when you galaxy brain it like I did
1 Like
I think that has solved it!! I appreciate all the help. I will start a thread because I will probably need it!
If the google wifi doesn’t work I was thinking TP-Link Omada N300 Ceiling Mount Wireless Access Point Am I on the right track? I know they are PoE. Is there something similar that might be better?
1 Like
there are a billion better dumb APs… lol let me know what speed you want
haha. I mean I don’t necessarily want to spend $200 on each one. $100 or so on each or if there is one closer to $150 that would be way better sure. Is it worth doing 2.4 and 5 on it? probably 5-600 mbps? or should it be higher? I will have probably 15-20 devices on the wifi with 8-10 in use at the same time.
I really hate to say this but maybe you should stick with your google home and toss out the firewall idea.
Heres why:
You lose a lot of capability of what you bought and thats a lot of wasted money to add a firewall that wont necessarily improve your home experience.
I did so as more of a home lab deal. I learned alot for instance I had to set and forget all my settings on my AP as you can see in my thread before enabling bridge mode. When I enabled bridge mode I lost access to my interface to control everything including SSID and password. Because I was comfortable with openWRT this did not necessarily bother me… https://openwrt.org/docs/guide-user/network/wifi/dumbap They warn you in the documentation.
The issue here becomes are you ready to go through a lot of network diagnosis to get this executed correctly? Its likely that other firmware will do the same thing this is why you would lose the mesh capability of the google home.
Now what we can setup is the old style mesh where they had the same SSID and different channels around the house and the client handles the roaming.
If you want to do this with a nicer configuration and a solid access point thats well designed. The portals
If you want to do this with 3 of your own openwrt configured boxes… I suggest
Both are in your price range. Do you understand the endeavour you are about to partake on? I did so . Can tell you it was very frustrating for a while. I often needed to bounce ideas (such as @Novasty) off fellows that understood it better than I but in the end I have a strong protected open firmware setup. (not necessarily a requirement)
If you understand this and want to do this… then go for it. I am just stating that you spent a lot of money on those google home devices only to toss out 99 percent of their functionality. I just want to make sure you are completely informed.
If you wish to do it with your existing google homes, you will need to bridge mode behind the firewall. You will need to place the switch between the firewall and your APs. Your APs will be a 2000s era mesh as discussed earlier wired into the dumb switch and pointed to a default gateway that is your protectli OPNsense firewall. You will then lose access to their interfaces so be sure everything you want set is set.
Your network, Your call
Have you set a static IP on your WAN interface before you enabled bridge mode? I got an old Zyxel router, but this is how it works for most (if not all) routers: configure your wireless settings, disable DHCP on the LAN, set a static IP on the WAN from the same subnet that you are going to use the router in AP / bridge mode (eg 192.168.1.253), connect one of the LAN ports to your router or switch, then when you want to access the web interface, use the IP you assigned to the WAN to connect to it.
I agree that a firewall won’t improve your home experience, but that isn’t their purpose. An appliance OS like pfSense or OPNSense may improve your experience if you want things like a VPN (that nowadays is available on most newer routers anyway), or doing fancy dns blocking (that you can do anyway using Pi-Hole). The only way I can see a firewall improving your experience (or rather keep your sanity in check) on-the-cheap is if you don’t have a managed switch so you can block all traffic from a VLAN, but you can use a dumb switch and block internet access to IoT devices manually (ie block all traffic coming from the IoT devices’ IPs).
I haven’t worked with mesh networks or devices that support meshing, so I can’t comment on that (I prefer wires whenever possible). I see no reason why they wouldn’t keep working as a mesh, but I could see why their mobile apps would stop working. And knowing Google and Amazon, I don’t think they would allow people to buy cheap devices that they could dumb down and control, because their business model is based on data collection.
Thank you guys for all your input. Really making me reconsider everything. I enjoy the challenge and wanted to learn more. I thought it would allow my network to be faster and more reliable as well. The firewall and VPN are nice additions on top of that. With 1Gig from the ISP, the google wifi can be slow sometimes with too many devices connected at the same time. Thought this might help with that or if i just need a better router/mesh network.
I did so. Still lost access. This is fine for me. I don’t very much get bothered by this. I followed the guide it worked. Set and forget. Without any access to it, it would not matter if it has a vulnerability 
Also notice the guide has you disable the wan port on openwrt and leave it unused. Optionally you can add it to the switch routing as a whole but what the dumb switch guide does is it disables everything including the switch. All wifi is handled via your preconfigured settings and all routing is layer 2.
It makes it a simple device. Mines been doing its job for a month or two now no complaints
1 Like
Agreed, this is basically 90% of the home usage of routers and other similar devices.
I guess you meant all routing is disabled and the device only handles layer 2 (if so, agreed).
With my current google wifi, I could be watching Netflix on my apple tv and it will still take a little bit to buffer or stop and have to buffer even with 1 gig internet. Would the protectli router help with this? The VPN and firewall are nice add-ons but I really just want better more consistent internet. I was looking at the Ubiquiti access points for the mesh. I was looking at the portal mesh, but couldn’t figure out how to put it in AP mode. Is the Ubiquiti ok or something better?
Edit: also looking at the Asus ZenWifi CT8. More than I wanted to spend, but looks like a great option.
There may be a few things going on here, especially related to Netflix:
- Your ISP may be either traffic shaping (and throttling your traffic to Netflix) or
- Your ISP could be caching part of the content and the buffering may be because traffic may come from the main servers (or rather, the CDNs) of Netflix.
- Maybe your current router may be lacking in power to route all the traffic (doubt it, I used very, very bad routers in the past and none had problems when I had a 150mbps pipe).
Try a free VPN and see if Netflix gets better (preferably near one of their servers or CDNs, if you can find a VPN advertising better netflix experience). If it doesn’t work, I would recommend something like an Asus RT-AX58U (or more in mesh). I haven’t used them, so I can’t vouch for them (I mostly used garbage routers behind my pfSense box).
oh ok. Thank you!
I know it’s already been 2 weeks, but I just wanna chime in here to make sure you know about 802.11r. That’s the tech most (if not all) mesh solutions use to provide the roaming between the aps. This is fully functional and working within OpenWRT on almost all newer models. The great thing about it is that, when you soely rely on that and an ethernet backhaul, it makes for a very nice, fast and reliable wifi network. I have it running on 2 dirt cheap Xiaomi MI Router 4A Gigabit aps and a Fritz!Reaper 1750E and it worked pretty nicely. Another feature that stands out is that I can make wifi networks for all of my vlans. So the router’s itself is in the vlan designed for my homelab, one IOT ntw is who would have though for untrusted IoT like devices, another one provides a vpnned connection without any routes to any other private IPs and last but not least I of course have another wifi for my normal devices. This is really cool, though unifi obviously does the same thing without much manual work. But well looking at their last security flaws, you wouldn’t have to be worried about any of that really. OpenWRT is just too small to make exploits for I guess
1 Like
This topic was automatically closed 273 days after the last reply. New replies are no longer allowed.