Hey everyone!

I just ordered a Flint 2 to replace a TP-Link AX3000 (keeping as a backup) primarily for the faster WG VPN, to try an open source OS and try to segment my network for security and to manage devices easier. But I’m feeling a tad overwhelmed trying to do research. I’ve got a background in IT, so I’m not concerned with flashing firmware or SSH. But networking concepts always take a minute to sink in.

Current situation

  • AX3000 is connected to 1G Fios
  • Unmanaged 1G Netgear switch at entertainment center (TV, PS5, Apple TV, Hue Hub)
  • Poorly daisy chained unmanaged Cisco 1G switch at my desk with my server (Proxmox on old Mac Mini), PiHole Pi and Mac Studio
  • 5Ghz and 2.4Ghz with Hue bulbs, iPhones, Steam Deck etc
  • Slow WG VPN on AX3000

The dream

  • OpenWRT (open source OS router) which hopefully the Flint 2 works out
  • 1G managed switch at entertainment center
  • 2.5G (or 10G supposedly because I can’t find prosumer 2.5G options) managed switch at my desk
  • Build a NAS (Node 304) to replace the Mac Mini hardware, make sure it has a 2.5G/10G NIC so my Studio to NAS connection is fast
  • VLAN and Firewall rules to separate IoT, servers, personal devices and ensure everything is secure but also ensure the correct devices can talk to each other (phone turn on lights, HomePod accessible from iPad)
  • WG VPN where I can access all of these VLANs and manage my services (something I can’t seem to figure out on the AX3000)
  • Also fix my wiring to my bedroom so the switches aren’t daisy chained, it’s a tiny rented NYC apartment

Questions

  • Any recommendations for articles, videos or forums/communities with tutorials for OpenWRT VLAN/Firewall setup similar to my goals? Anything specific to the Flint 2?
  • Tips or guidance on how to divide my network appropriately and still allow communication between devices?
  • Switch suggestions that you know will work well with the Flint 2? Also thoughts on the 2.5G vs 10G situation, spent ages looking at expensive switches and got window shopping fatigue
  • What am I missing or forgetting about?

Finally, if this is not the appropriate place to post this, please provide suggested communities. I went back to the community that shall not be named because I was struggling to find comparable Lemmy communities. Oh boy was that a depressing experience and I really want to build out what I used to have on Reddit in Lemmy, but I can’t find active alternatives.

Thank you in advance to anyone that read this far 😊

  • greyneEnglish
    2·
    27 days ago

    Probably too late for you but I just setup 2 GL.iNet GL-MT6000 Flint 2 routers, 1 as a dumb AP. I had the same challenges and I’ll share my tips with anyone else who is new to OpenWRT.

    I had problems with the stock GL.Inet firmware (even though I liked it) so I flashed it with OpenWRT 24.10.0-rc5 (as 23.05.5 had performance issues for me). Use the firmware selector and the SYSUPGRADE version.

    Note when you connect for the first time, the router IP will be 192.168.1.1, not GL.Inet’s 192.168.8.1.

    Follow the OpenWRT documentation Quick Start guide for initial setup (password, ssh, time, etc).

    Learn to backup your configuration and recover as necessary when you make misconfigurations and need to start over.

    Watch the onemarcfifty VLAN, firewall and dumb ap videos:

    I setup 4 vlans with matching firewall zones and interfaces.

    • 10 lan 192.168.10.1
    • 20 guest 192.168.20.1
    • 30 iot 192.168.30.1
    • 40 media 192.168.40.1

    Note that for the trunked ports my lan vlan id had to be set U while the others were set to T to allow my router to talk to the dumb ap. Also set lan as PVID.

    -[How to configure OpenWrt as Firewall for your home network and Guest Wifi and IPTables explained]

    I haven’t completely restricted my iot devices as some of them need to connect and I’m still working on the firewall rules.

    Read the OpenWrt docs on Wi-Fi Extender/Repeater with Bridged AP over Ethernet.

    For switches, I decided that a single vlan capable 1G switch (Netgear GS308E) would be sufficient for iot and tv devices. I’ll see how it works when it arrives. I have direct connected the router to the dumb ap using the 2.5G connection.

    When you get that all sorted out, you may be interested in Adblock (luci-app-adblock) and banIP (luci-app-banip) and DoH with Dnsmasq and https-dns-proxy (https-dns-proxy).