I got a Netgear AC2000 (R6850) for cheap on sale, and it’s been working flawlessly so far

https://programming.dev/comment/2512899 :)

🙈

WIth my previous ISP, I swapped the ISP’s router with my OpenWRT’s and everything worked fine. With my current ISP, it appears that it’s not that simple to swap the router altogether. But I’ll be honest, the biggest factors are price and number of routers/switch. As I want 2.5gbps, I’d need a router with at least dual 2.5gbps ports. The WIFI6 offering is also quite nice. And if I can’t swap my ISP router, it would just add another device. In a perfect world, I’d have a single router running openwrt, with wifi6 and couple of 2.5+gbps ports (but unfortunately openwrt doesn’t play nice with most wifi6 routers and these routers can get very expensive) For now, my ISP router does the job and I haven’t had any issue (yet)

If I ever need to update any device on the home automation vlan, I’d add an exception to the firewall for this specific host for the time of the update

I heard everyone on the internet is nice and have good intentions. Did they lie to me?

Well, to be honest if someone has access to my Wi-Fi, I’d consider that I’ve already lost. As soon as you’re on my lan, you have access to a ton of things. With this setup I’m not trying to protect against local attacks, but from breaches coming from the internet

Indeed, the isp router only has 1x 2.5gbps and 2x 1gbps. I wanted both my pc and my server to have 2.5gbps to wan, and I wanted 2.5gbps between them too

I’m not well versed in ARP spoofing attack and I’ll dig around, but assuming the attacker gets access to a “public” VM, its only network adapter is linked to the openwrt router that has 3 separated zones (home lan, home automation, dmz). So I don’t think he could have any impact on the lan? No lan traffic is ever going through the openwrt router.

I’m afraid I can’t take your upvote sir… excalidraw.com

Thanks, excalidraw.com if you’re ever interested