Quick Question before I order hardware…
I'm looking to order this with 8GB Ram and 64GB SSD
Currently I have the following:
openReach Modem -> Router -> Switch
The router is also the DHCP server.
The switch is doing port based VLAN's segmenting home and office.
This all works fine as it is, but I'm having an issue with the router.
I frequently need to change the port forwarding rules and when doing that I have to reboot the router which obviously causes down time.
I'm thinking of changing to the Qotom and doing.
Port 1 -> WAN -> openReach Modem -> Fibre
Port 2 -> LAN -> Network switch as above
Port 3 -> OPT1 -> Wireless Access point.
I assume this should work ?
I'm looking to add a rule to LAN that blocks all from OPT1 except an alias list of IP Addresses.
My aim is to allow trusted wireless devices (by IP) access WAN & LAN, but others devices WAN only.
Is that feasible ?
Finally I may need to have one or two VPN clients connecting. (possibly one openVPN and the other IPSEC)
Ideally I want to restrict client one to have access to only ONE specific LAN IP Address and client two to only a list of addresses with the LAN.
Can that be done ?
Thanks for the advice.
I can help you with a few answers, but I can't answer all.
The box you found is probably a good one. It and a similar one on Amazon appear to be very popular. I built a J1900 oriented router with 8GB ram and a 120GB ssd. It was over-provisioned but I wanted a device that could be used for something else if it ever stopped being a router. Ram and a SSD were cheap extras. The router has a lot of processing capacity.
I have three OpenVPN servers built and active. One is specifically for safe remote browsing where I need my home IP address visible. Two have remote lan access. I keep the lan access servers off when I don't expect to need them. (use different ports and different internal network addresses to keep them from locking each other up.) They work great.
pfSense allows you to create multiple users and certificates and give each a different password. These users can be linked to OpenVPN on an as needed basis. The download wizard makes makes it easy to download certs and config files for user devices.
OpenVPN is pretty flexible about the network range you can connect to.
I wired my lan port to a switch and the switch goes to a wireless access point in another room via normal cat6 wiring. Pretty ordinary. Works great.
Re port forwarding: I don't know your system and port forwarding is an absolute necessity for a lot of purposes. I use one of my OpenVPN servers for remote lan access. Then access is just as if I were at home. OpenVPN protects the open ports. No ports are forwarded. Obviously, this would not work if you needed public access to a server behind the router.