Please do. I took stole it >:D
Ah got it. I was looking at the UDM Pro. Is that a router and a controller? If so, I should be able to access locally I’d hope
I’ve heard of this setup before. I had thought of using PFSense + UniFi Apps/ Switch, but haven’t pulled the trigger on it yet
Oh interesting. So you can’t manage Ubiquiti devices without an Internet connection? TIL
Would you use it at home over PF/OPNsense?
Got it, thanks so much for the explanation!
StandardNotes for me
I try to balance things between what I find enjoyable/ worth the effort, and what ends up becoming more of a recurring headache
Understood. Thanks so much!
Just SSH dropping. Everything on the VM side is ok.
And yes, the computer I’m using is on .6.X (LAN VLAN) and the VM is on .1.X (MGMT VLAN).
The management VLAN is only accessible by a couple devices and this is one of them. To get PiAlert to be able to see devices on the LAN VLAN, it has to have an interface to be able to ARP from.
Would that be similar to telling SSH to listen on only one interface? Because I did try that but it unfortunately did not resolve the issue
Edit: Found what you mean. I’ll give this a try, thanks!
Yeah, such a nightmare, lol. If I ever feel like hosting a honeypot I’ll probably DMZ it or use a VPS or something, but I’m going to change gears on projects for now.
Right. Most of my VLANs are set up that way; they’re silos. The VLAN that this is running on is the “management” VLAN that can see the other ones
I have a somewhat dated (but decently specd) NUC running Proxmox, and it’s the backbone of my home lab. No issues to date.
Updated with the forum posts
Gotcha. I’m using a ATX 1800 with full tunnel. I figured there would be a default deny all (haven’t touched anything in the way of the firewall on that device yet), but wasn’t sure if ARP would be able to get past it from the public AP side. I guess I can always do a few experiments at home in the lab too. Thanks again!
Thanks so much for looking into it! That’s a relief
Is keeping everything inside of a local “walled garden”, then exposing the minimum amount of services needed to a WireGuard VPN not sufficient?
There would be be no attack surface from WAN other than the port opened to WireGuard