Nostr Web Client

PrivacyTechPro tip:

Your router likely has proprietary software installed from a large company that has full access to your internet connection and can "call home" at any minute.

Use a hardware firewall and a VPN on your network.

Every IOT (Internet of Things) device you connect to your home network not only announces your IP address, but also expands your network attack surface to hackers.

I recommend #Protectli Vault Pro VP242 4x 2.5G as a hardware firewall for most client's home and small business networks.

#cybersecgirl #privacytechpro #network #security

https://protectli.com/product/vp2420/

Reply to this note

Please Login to reply.

Discussion

Ava 1y ago

*VP2420

Ava 1y ago

coreboot + pfsense

Dr. Hax 1y ago

I've started building an OPNsense box to replace my enterprise router on similar hardware. I needed more ethernet ports for more zones, but otherwise very similar.

I have lots of complicated rules in my existing router that need to be ported over and testing is going to take a while, but it'll be worth it in the end.

And as soon as it's set up and working properly, Im going to wipe it and restore from a backup. Because I'm the type of hacker who tests my backups! 🤓

Ava 1y ago

Awesome! And yes 💯 same :)

Ava 1y ago

I have a couple of switches, so I don't really need the extra lan ports on the firewall. I keep two of the firewall lan ports free from always on VPN, because sometimes it's useful.

sergiu 1y ago

is it actually good? I was exploring some options on the market. Decided to go with a refurbished SFF PC and a managed switch.

Ava 1y ago

nice. yes, it is. i generally recommend having a separate travel and home router. for firewall though, protectli (no wifi) tpm, coreboot, pfsense + vpn combined with an open source router is good stuff.

sergiu 1y ago

cool stuff. Will give it a shot with pfsense at another location. Interesting experiment to run.

Ava 1y ago

if you get it from protectli vs amazon or going with the "whitelabel" yangling on alibaba, there is better customization, better return guarantees. and the fact that protectli can flash it with coreboot is well worth the $50 imo. have fun!

. 1y ago

Yes protectli customer service has been excellent.

I have a vault with coreboot + opnsense and it is awesome!

sergiu 1y ago

thanks for the advice. I'll see what I can get my hands on here in Europe

Slimer 1y ago

What wifi access points would you recommend to go with it?

Ava 1y ago

i don't recommend it for wifi. a dedicated open source router/router+wifi (home and travel) will most always achieve better results.

jimbocoin 🃏 1y ago

So what does this thing do then?

Ava 1y ago

it is an open source hardware firewall where you can install an always-on vpn on your network to secure all of your IoT devices etc from the prying eyes of big tech, hackers, and your isp.

nobody 1y ago

I'm trying to understand how this thing is superior to a gl-inet router/firewall/wifi setup.

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

i just run a wireguard on my VPS and set up clients using a handy script that spits out a QR code i can scan with my phone, or for a pc, just c&p the short little file across to it and voila, instant VPN, and not just a VPN but one that routes traffic between my several clients

this is how i run my relay-in-development and test it with regular nostr clients, using a reverse proxy to connect using WG to my machine, it's super simple, cheap VPS, wireguard, and a domain name, and you can do the same thing

Ava 1y ago

it comes down to performance, control and robustness. running pfsense or opnsense on the firewall + vpn and openwrt on the open source router.

i prefer the ability to control and disable wifi at will, especially if a client's threat model calls for ports activate without vpn for services that don't play nicely with vpn (streaming, gaming, banking etc)

having at least one dedicated open source router (as well as a travel router) often gives much better performance.

also, I highly recommend people consider whether they need wireless access at all, but I understand most prefer or need it for quality of life.

Shawn 1y ago

You are such a wealth of knowledge, nostr:npub1f6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4kslazcka, I can’t wait to read the articles on your upcoming web site. If you make an RSS feed, I’ll be the first to subscribe!

Ava 1y ago

awesome! thank you for the kudos and encouragement 🫂🚀

LO₿ONODE 1y ago

What about cheaper alternatives like TP switches with pfsense or opnsense compatibility?

Ava 1y ago

firewall hardware + switch is more robust

LO₿ONODE 1y ago

Clearly I know nothing about this and plan is to buy a few devices to learn.

Rudy Nutstink 1y ago

Does firewall hardware replace a router? Or does it sit between your devices and the router?

phil 1y ago

I put any IOT devices on a separate VLAN where possible with firewall rules to prevent them talking back to the VLAN that my PCs etc are on.

GHOST 1y ago

Run separate LANs for IoTs and your phone and computers. Also setup a guest WiFi account to give to friends that come over. Don’t let them connect to your home LAN

fc994dc4... 1y ago

With openwrt you can achieve that and much more with less money.

shitCoiner 1y ago

What router do you recomend to flash with openwrt? Thanks

Low Information Voter 1y ago

Anything that supports the latest version:

https://openwrt.org/toh/start

Its very hard to recommend a specific product, because manufacturers keep coming out with new, low-spec versions of their own flagship devices under the same model number. Can be very frustrating to find you've bought the XXXX YY.ZZ (7) variant that has half the RAM of the (1) through (6) but costs 20% more.

Now I just go with whatever is available second-hand.

shitCoiner 1y ago

Many thanks!

fc994dc4... 1y ago

It depends what you want, if only router and speed is not a problem one of those tplink, if you want a 4g/5g modem inside gl.inet. if you want with modem also a Fritz box.

shitCoiner 1y ago

Thank you very much

fc994dc4... 1y ago

You're welcome

Islamic Audiobooks Central 1y ago

Devices with #OpenWrt as a stock firmware

https://openwrt.org/docs/guide-user/installation/openwrt-as-stock-firmware

shitCoiner 1y ago

Thank you

kidwarp 1y ago

Hope you all realize how expensive this is…

Ava 1y ago

it's the price of an xbox series x. more than worth it imo.

kidwarp 1y ago

95% of people won’t spend that sort of money on something like this.

Ava 1y ago

95% of people is hyperbole, but i read your point.

most people don't use a vpn or e2ee form of communication either.

i work with people of many threat levels and this is a essential recommendation in most cases.

Ava 1y ago

*an

Ava 1y ago

nostr:nevent1qqsztpnuj96dx26jhpyc4p4hq7mavvs2c67dj9w6glz63egxq2tuhtspp4mhxue69uhkummn9ekx7mqzyr7fjnwym900uch9a5wgg4p0gzsl2ylzcjlej5cq82jdl69dvjd3zqcyqqqqqqgx2cu4d

RobOK 🔸 1y ago

Using Firewalla Gold. Have read mixed messages whether a VPN helps much. Shields from your ISP.

anonymous 1y ago

Asus wifi/routers have a builtin persistent connection to Asus. The Asuswrt-Merlin firmware exposed it and it was listed as a configuration/access support feature.

milkpaste 1y ago

Set one one of these up with 2x Beryl AX's as access points one for VPN protection and the other for video streaming. Cost about $750 AUD and a few days of research, but it was fun and now know my home network is fairly secure.

Marks 1y ago

How do you feel about Unifi? Trustworthy?

jb55 1y ago

unifi scares me

Marks 1y ago

Why’s that? Genuinely curious to make my setup less captured. Too proprietary?

jb55 1y ago

Don’t they run all the command and control servers? Seems like it completely back doors your network? At least thats what it seemed like when I set it up for a startup I worked for.

Dimi 1y ago

It’s for the prosumer, but not a privacy minded one. It’s simplicity & UX is powerful, but the software is totally cucked. Hardware probably is too.

I have it on my network edge for braindeadness, foss software router as my core.

Ava 1y ago

not a fan for many reasons. i do not trust them.

Jamin ☦️🏴󠁧󠁢󠁥󠁮󠁧󠁿 1y ago

I'm using one of these with pfsense, really easy to use and great experience so far

Duvel 1y ago

I bought this model a few months ago. I'm going to install this soon :-)

ManiMe 1y ago

Like… I know THAT more can be done to secure my network … and this looks super cool and useful … but how tf to set it up to best suit my needs? I’d spend at least week figuring this out. So daunting.

Ava 1y ago

yet so worth it.

i help paying client's who need anonymity with this setup. i'm also completely rebooting my website to include resources for lower threat models as well so i will def have some valuable guides and resources up when the re-launch is complete.

Baba Malaika ⚡ 1y ago

Please let me know the website if ready. Thanks for your valuable insights!

siim 1y ago

Great little device! Can handle running a hypervisor and a couple of small VMs too if you want to run something alongside your firewall.

nostr:note1q2tqmnwhhm0hlhxlx04zg5km0u0q9d00yxz4ugrp7u909pz89dnsn2qa23

0xtr 1y ago

Thanks for this thread Ava 🤙

Ava 1y ago

yw 🤙

kuiperbelt 1y ago

where I live the only option is AT&T. And they require you to use their proprietary router.

Dr. Hax 1y ago

You can put this setup behind that router 😎

localist 1y ago

Would it be reasonable to have this downstream of the router provided by (say) Starlink to securely separate local network traffic from IoT stuff? My paranoia here is in the developing stages.

Dr. Hax 1y ago

Yes. If you don't need direct network access to your IoT things this is a great option (e.g. if they are all controlled by some server on the internet). Then they can be completely isolated from your local network. That way when they get compromised, the damage is contained.

I do not like that type of IoT device myself. I prefer something where I can be confident it's not going to be connecting to random servers out on the internet. So for the things I run, I want to be able to access them from the local network.

So which network setup is preferable will depend on your situation.

Obi-₿it Koinobi 1y ago

For those who may not be as technically-inclined or that well-versed with networking, would you recommend this set up guide?

https://www.youtube.com/watch?v=h2_cQxTkh3Q

Ava 1y ago

It's a good tutorial. I tried to get through it, but I found his written website to be better for me. Most of my clients need/want WiFi and open ports free of VPN traffic, so I use a different set up. LAN Firewall, to switch, to WiFi is all always-on VPN protected, other ports on the firewall are free from VPN traffic.

Luffy 1y ago

I also found Naomi brockwells 'You won't believe how UNSAFE your home router is!' a decent tutorial.

She is great

Ava 1y ago

She is

GHOST 1y ago

What if you have one of those stupid all in one provider provided routers? Internet will not work unless you port forward it. With it still in the network do you even gain any privacy advantage?

Ava 1y ago

Make sure you spoof your firewall MAC before plugging it in to your ISP's modem the first time if you don't want them to recognize it every time you move.

How so? Port forwarding is a feat of the router, not the modem, so why not enable bridge-mode on your ISP all-in-one modem and pick up one of these WiFi routers for home and travel, and just plug it into your network switch.

NOTE: I'm not a fan of more powerful WiFi. I run line-in to most devices and would prefer my signal not reach the road since ofc neighborhood network scanning is a thing.

GHOST 1y ago

Pre-installed with OPNsense? How badass is that! Thanks

Ava 1y ago

Ikr?! You bet :-)

zaytun 1y ago

do you really have to worry about neighborhood network scanning with sufficiently secure passwords?

zhenya 1y ago

the opnsense setup with protectli hardware is nice

Jon 1y ago

Hey Ava. What do you recommend for travel?

Ava 1y ago

I recommend two separate devices. The Protectli VP2420 is an awesome hardware firewall for most home networks. The Beryl AX3000 is an awesome travel router and extender, and even home if you don't like your network name being scanned at the road by map cars etc. I recommend it to my clients. It's great to run behind the Protectli firewall with OPNsense and always-on VPN for when WiFi is necessary.

nostr:nevent1qqsq99sdehtmahmlmn0n863y2tdh78szkhhjrp27ypslwzhjs3rjkecpzemhxue69uhhyetvv9ujumn0wd68ytnzv9hxgq3qf6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4ksxpqqqqqqzealnts