OK. Let’s reschedule for a week.
On the subject of topics, I have sent off for @Kangie’s NUK but it won’t arrive for a couple of weeks (omething about Chinese holidays) but I would be interested to hear from anyone running OPNsense or OpenWRT.
I am also about to build a new proxmox server for my daughter and I see version 9 is now out. One thing I have never played with is the proxmox mail server. Does anybody have any experience with using it?
I’m running OpenWRT on a Ubiquiti UNIFI AC-M. It provides full on router facilities with 5Ghz and 2.45 GHz wifi facilities.
I was using it as a gateway to my cellphone to distribute an Aldi Internet connection to my PC’s via a local lan network, before I switched to Starlink ‘Standby’.
The Ubiquiti UAP-AC-M is a dual-band 802.11ac Wi-Fi access point designed for both indoor and outdoor use, offering a maximum data rate of up to 1167 Mbps, combining 300 Mbps on the 2.4 GHz band and 867 Mbps on the 5 GHz band.
It features 2x2 MIMO technology on both bands and includes dual-band omnidirectional antennas with gains of 3 dBi on 2.4 GHz and 4 dBi on 5 GHz.
The device supports simultaneous dual-band operation and is compatible with 24V passive PoE or 802.3af PoE (Alternative A), with a maximum power consumption of 8.5W.
It is weather-resistant with an IP55 rating and can operate in temperatures ranging from -30°C to 70°C.The UAP-AC-M is mountable on walls or poles using included hardware and has a compact form factor measuring 353 x 46 x 34.4 mm and weighing 152 grams.
It is managed via the UniFi Controller software, which enables centralized configuration, monitoring, and administration of the network.The device supports up to eight BSSIDs per radio and includes wireless security protocols such as WEP, WPA-PSK, and WPA-Enterprise.
It is available from various retailers in Australia, with prices starting from approximately AUD 183.70.
Openwrt tables listing supported hardware
It deploys some reasonable hardware:
The other important thing to remember is that OpenWRT has 8000 networking apps, any of which which may be easily installed from the Internet with the ‘PKG’ manager.
775 Mhz is (just) fast enough with the Athereos dedicated hardware, to run GB Ethernet and a responsive Web Browser based device manager, in this case it’s LUCI.
A word of caution: With OpenWRT-current installed, your device will cease to be the user-friendly retail router it was, and you’ll be launched straight into the serious deep-end with a ton of terms and selections you’ve probably never seen before. If you’ve never run OpenWRT, allow a week of serious study to get acquainted.
That’s part of my fear.
What do you run on it? DHCP, NAT, MAC address mapping, other?
I don’t think the learning curve will be too high for either option if you’re already comfortable navigating your Draytek’s UI and getting stuff done. Features wise, it looks like there’s a ton of overlap with what you’ve already got with the Draytek.
OpenWRT and OPNsense are both very easy to have a play with - just spin them up in a VM with as many interfaces as you like, and start tinkering.
I probably should have brought this up in the Time to get serious about my router thread, but GL.iNet routers have firmware based on OpenWRT and can be easily flashed with stock OpenWRT too. I did exactly that in the An ode to OpenWrt thread. They’re commonly available for sub-$50, sub-$100, or sub-$200 depending on the desired feature set and would make a very powerful home router or homelab router as well.
For what it’s worth, I migrated my prod Proxmox server from 8 to 9 several weeks ago without issue. Currently running 9.0.10, and it’s been completely stable the whole time.
I’ve not ever used Proxmox Mail Gateway, but have looked into it. As you mentioned the word server, I’ll point out that Proxmox Mail Gateway isn’t a “mail server” in the sense that it is providing user mailboxes, etc., it’s something that sits between your “mail server” and the rest of the internet to do filtering. Given how good PVE is, I’d imagine Mail Gateway is worth giving a go if you’re self-hosting mail - please let us know if you roll it out!
It’s actually configured as a wifi receiver using station mode, it’s not an access-point. It associates with the Starlink AP and then provides an Ethernet cabled link to my in-house PC’s via a network hub.
It works on either the 5.8Ghz or 2.4Ghz bands as both the Starlink AP and this ex-Unifi mesh AP are dual band.
To do this, DHCP, NAT, and MAC address mapping are required as my in-house PC’s need to use the router IP when they access the Internet (via IPV4) and the replies need to have their headers stripped by the router on their way back to the originating host. For this ‘CONTRACK’ is also needed.
OpenWRT has all this capability out of the box, so to speak, plus around 8000 other networking apps that are easily installed depending on how much ‘spare memory’ your chosen device has.
However, many retail routers don’t have much memory or CPU grunt to spare in my experience.
Then there are the IP tables … these have to be set up by hand, there are no ‘wizards’ to help you, as there are on Ubiquiti models like the ‘ER-X’ series of routers.
You’ll need to create and configure three sets of RULES for handling packets of type :
I’ve been doing this for so long that it now that it’s familiar to me, but I feel sorry for anyone encountering this stuff for the first time because it’s not obvious and OpenWRT offers no help. Thankfully there are plenty of online articles about and I imagine AI could also make short work of this.
The RISKS of a working but incorrect configuration could expose your hosts to the Internet, making them easy prey for cracking bots.
So this is a serious matter indeed, it’s complex and definitely requires running cracking tools (i.e. nmap) against your setup from outside to make sure it’s secure. One can’t afford to just assume it’s secure, without first testing and verifying that it is.
This isn’t a simple thing, for instance LOGS are mandatory in my opinion, but retail routers won’t have the space to host them locally, so you’ll need remote logging to a PC that’s running 24/7. While you’re at it an automatic log analyser that can email you anytime a serious matter is uncovered is also a good idea.
Because your router is your gateway to the Interverse, while you’re looking out, there are also millions who want to look in and steal your passwords, account numbers, email address book etc, so good knowledge, experience and planning are needed for this one very important link in the chain.
Ahhh, so it’s a proxy doing filtering on email on the way in and way out.
I wonder if it does more than mailcow’s builtin tools. I am thinking probably not.
Yes, thus why it has taken me so long.
I have this on the website for tomorrow night’s meeting (14 October).
WRT administrivia I have just made a few entries.
Note this meeting starts at 7.00 pm AEST. For the @techman and @russell.davie that’s 8.00 pm in NSW.
Apologies to all, I couldn’t make it to the 14 October meeting, but had planned to be there especially as David has scheduled it to start earlier due to the NSW ‘daylight saving’ now in effect here.
Cheers,
Terry
No worries, Terry. We’re back again on 11 November, if you’re free.
Know anything about vLANS?
I’ve used them briefly a decade ago to see what they were, so no, not well enough to talk about them.