eyJhb changed the topic of #nixos-on-your-router to: NixOS on your Router || https://logs.nix.samueldr.com/nixos-on-your-router
claudiii has quit [Quit: Connection closed for inactivity]
{^_^} has quit [Remote host closed the connection]
{^_^} has joined #nixos-on-your-router
lopsided98 has joined #nixos-on-your-router
betawaffle has quit [Quit: Oh noes, my ZNC!]
betawaffle has joined #nixos-on-your-router
claudiii has joined #nixos-on-your-router
ottidmes has joined #nixos-on-your-router
<ottidmes> Maybe not the right place to ask, since it is not NixOS specific, but I got a question if I want to setup my own router. I plan to have 3 VLANs, can I set it up so that if someone connects say their smartphone on an access point that is within VLAN 1, that they get back a IP for VLAN 1 from the DHCP server that is shared by all 3 VLANs (same device)?
<cransom> as in, same ip no matter what vlan they are on?
<ottidmes> cransom: no, as in, an IP that is a valid IP for that particular VLAN (never used VLANs before, so this might just be default behavior)
<ottidmes> basically my question comes down to whether I can make it work with one custom router that handles everything, and a bunch of access points for wifi
<cransom> clients on a vlan will always get an ip thats tied to that vlan.
<cransom> but i think i'm trying to give an answer to a question i don't quite follow. whats the setup?
<ottidmes> the setup right now is one ISP router and a bunch of old routers configured to act like access points + one proper access point, but right now our network is all over the place, e.g. one cable goes to the Bed & Breakfast which I want on its own VLAN
<ottidmes> but one access point in the garden is also meant for the B&B, but is on a separate line, so not sure what the impact is of that in terms of VLAN
<cransom> if the ssids are different between vlans, thats fine. otherwise, if it's the same ssid on a different vlan, the clients are going to be very confused when they roam to another ap
<ottidmes> from my limited understanding it has to be a seperate network physically
<ottidmes> I already seperated the SSIDs between what are going to be VLANs
<cransom> if you have a vlan, you don't need to make it a separate physical device.
<ottidmes> so everything can be connected to the router through some complex wiring, and still be sorted out properly in seperated VLANs?
<cransom> the wiring shouldn't be complex. if anything, it should be simpler. one port goes to the real router that is tagged for multiple vlans, the other switch ports go to the APs for the appropriate single vlan.
<gchristensen> I don't know if I'm confusing thinsg here, but fwiw, the unifi APs support each SSID having a different vlan -- so each
<gchristensen> AP gets a single connection and each SSID has its own VLAN, sorted out at my router
<ottidmes> ideally I would just give a bunch of mac addresses and say these belong to VLAN X and some of them being APs and then when someone connect to one of the APs the clients will belong to the AP's VLAN too
<gchristensen> I don't think that is how it works
<cransom> (not how it works)
<gchristensen> each vlan shows up as a totally different network interface on the router, it is pretending that a single cable is many separate cables
<gchristensen> and that pretend cable extends all the way to the wireless radio's SSID
<cransom> if the APs were vlan aware, you could bind the ssid to the vlan and have all the ssids avilable on each ap, but otherwise, if it's soho type stuff with no openwrt type thing, you are better off with one vlan per port
<gchristensen> yea
<ottidmes> problem is that my network is not that clear, cable 2 is like 80% of the VLAN B&B, cable 2 is mostly VLAN personal but also an AP that goes to the garden for VLAN B&B
<ottidmes> * cable 1 is like
<gchristensen> if you want to go fancy like that, you're going to need APs which support multiple SSIDs with different VLANs
<cransom> then it's still multiple physical wires if the APs don't do ssids+vlans.
<gchristensen> or a semi-expensive switch which goes right before the AP, to do that step for you
<andi-> Actually most (if not almost all) APs that support OpenWRT can support VLANs (no need for a dedicated switch if you want to put in the time to configure them)
<ottidmes> right, and those semi-expensive switches / AP with VLAN support would be tagged VLANs then, right? and the simple VLAN per port is the untagged port variant, correct?
<gchristensen> yea
<ottidmes> Well I have a MikroTik AP that has RouterOS that has way too many options, pretty sure it support VLAN too, so guess I could try tagging it then
<gchristensen> and btw remember that if you have a tagged vlan port and Malory can plug in to it, she can tag her own packets
<cransom> that would do so.
<ottidmes> gchristensen: would that mean though that the rest would have to be tagged as well (i.e. configured as such), or can I have like VLAN port based (i.e. its default VLAN) and have their come in a tagged packet for another VLAN
<cransom> you can have tag and untagged vlan traffic, yes.
<ottidmes> Cool! Thanks for the awesome help! I will do some more reading on VLANs, and then just buy one of the custom routers that would work well with NixOS and just start experimenting :)
<gchristensen> definitely
<gchristensen> also, you can play with this in a VM!
<gchristensen> in fact, the nixos test framework
<gchristensen> and try to get comfortable with wireshark
<ottidmes> Thanks!
<ottidmes> Going to take one with 6 ports (WAN + VLAN Guest (B&B) + VLAN Home + VLAN Work) is already 4, and I would need an extra switch since 2 cables go to VLAN Guest, so by taking a 6 ports, I can do away with the switch + the hardware scales with ports, so it will definitely work well with NixOS and be speedy enough
<ottidmes> Too bad aliexpress is not the smart place to buy at the moment, it sells the most 6 port routers I have seen.
<ottidmes> Is Intel Celeron 3865U good enough? At one seller, the i3 variant costs 110 dollar more...
<cransom> last year i bought a crapload off of aliexpress for a 3d printer build, and then maybe 2 months after, fraud detection picked up my card being tested all over :(
<cransom> to route the amount of bandiwdth that wireless will use, i think pretty much every potato is capable.
<ottidmes> cransom: well it will not just a wireless (undecided if I even need wifi on it), it will basically route the traffic for 3 households
<cransom> i would be surprised if it couldn't route packets at 1g
<NinjaTrappeur> ottidmes: the celeron line does not implements the aes-ni instruction set. Might be a problem depending on what you're planning to use on your router.
<ottidmes> NinjaTrappeur: I am planning on buying this one: https://protectli.com/product/fw6a/ and it specifies support for it
<NinjaTrappeur> Nice!
<ottidmes> And Intel agrees :P https://ark.intel.com/content/www/us/en/ark/products/96507/intel-celeron-processor-3865u-2m-cache-1-80-ghz.html (it would not be the first time a seller has inconsistent with the hardware producer)
<ottidmes> This one seems nice to, especially given the price, but since it is China focused too, not sure how they are impacted: https://www.banggood.com/QOTOM-Mini-Pc-Intel-Core-I5-7200U-Barebone-6-Gigabit-Ethernet-Machine-Micro-Industrial-Q555G6-Multi-Network-Port-p-1463468.html?cur_warehouse=CN
<cransom> the only thing a router would benefit from for aes-ni is vpns, otherwise not a dealbreaker.
<ottidmes> I read that Protectli in the end is the same as Qotom, as in the same hardware. Partaker seems to be another brand, which sells roughly the same thing as Protectli does
<ottidmes> so now it is a matter of finding the best deal with the best chance of good deliverance
ottidmes has quit [Quit: WeeChat 2.7.1]
claudiii has quit [Quit: Connection closed for inactivity]