On Mon, Mar 14, 2022 at 01:45:09PM +1000, Stuart Longland wrote: > On Mon, 14 Mar 2022 03:43:01 +0100 > Nicolas Goy <k...@goyman.com> wrote: > > > I looked at the hardware that was supported, but I forgot to check > > the wifi controller, I took that for granted, my bad. > > > > Thanks for the pcengine suggestion, but I have already a dedicated > > OpenBSD box as router/firewall. I just want to replace my access > > points. > > > > Last time I installed an access point (netgear) for my aunt, I had to > > create a cloud account to be able to access the config UI, this > > enraged me quite a bit, that's why I am scared to buy a WAP that I do > > not control. I live in a old farm with very thick stone walls and I > > currently have 8 WAP to cover all rooms. > > Yeah, that seems to be the latest fashion, "let's require a > cloud-hosted server to control a device on your network critical for > security of said network". Given how well consumer routers' firmware > seems to be written, I don't hold a lot of faith for security when they > decide to host that rubbish publicly.
Yeah, this is literally a gift to DDoS botnet. I must be seeing an article about a remote control exploit on consumer router at least once a month. > > If you don't mind having a small Linux machine running Java 8 (yes, I > know), Ubiquiti UniFI APs aren't bad, but I can well understand the > desire to avoid such a dependency. The silver lining I guess is the > Linux machine could be a virtual machine running atop an OpenBSD host > on-premise and "powered off" unless configuration settings need to be > made. Aren't unifi AP notorious for phoning home? Well, I can deny them outside access. I actually have a linux server with java for my kids' minecraft world, so I can use that. The controller is only required to be running for configuration changes? I guess that could work. > > The other approach would be to look for something that runs OpenWRT, > either as an after-market OS or out-of-the-box. Yes it's still Linux, > but the source code is available (like OpenBSD) and the user interfaces > are all _local_. I actually have an OpenWRT box (LTE SMS gateway, the LTE modem wasn't compatible with OpenBSD when I installed it), and yeah, it is very decent. I guess that would be a viable alternative. Thanks for the suggestions. -- Nicolas Goy https://www.kuon.ch https://www.goyman.com
