Oddbean new post about | logout
 I recommend a #Protectli Vault Pro VP2420 4x 2.5G with no WiFi module, coreboot pre-installed, running OPNsense (or pfSense; I prefer OPNsense).

It's a great hardware firewall/router for most home and small business networks. You can install an always-on VPN if you like, assign interfaces, silo networks, assign subnets and static IPs, and generally keep your network monitored and secure.

Put your ISP router in bridge mode, then use the Protectli as your firewall/router.

You can run all interfaces off the same LAN network or get more granular with security through isolation...

Example:

  • LAN interface could be for your trusted devices like your computer, etc.
  • Opt1 could be your NAS or storage (siloed from both networks).
  • Opt2 could be your untrusted devices like IoT devices and for friends to connect to when they come over, etc.

You can then use OPNsense to set up rules for how these networks can and cannot interact with each other.

You can also run switches (large and small, managed or unmanaged) and/or WiFi routers (preferably running OpenWRT) in AP mode off of any of the three interfaces.

https://protectli.com/product/vp2420/