I’ve heard of this setup before. I had thought of using PFSense + UniFi Apps/ Switch, but haven’t pulled the trigger on it yet
I’ve heard of this setup before. I had thought of using PFSense + UniFi Apps/ Switch, but haven’t pulled the trigger on it yet
Oh interesting. So you can’t manage Ubiquiti devices without an Internet connection? TIL
Would you use it at home over PF/OPNsense?
Got it, thanks so much for the explanation!
StandardNotes for me
I try to balance things between what I find enjoyable/ worth the effort, and what ends up becoming more of a recurring headache
Understood. Thanks so much!
Just SSH dropping. Everything on the VM side is ok.
And yes, the computer I’m using is on .6.X (LAN VLAN) and the VM is on .1.X (MGMT VLAN).
The management VLAN is only accessible by a couple devices and this is one of them. To get PiAlert to be able to see devices on the LAN VLAN, it has to have an interface to be able to ARP from.
Would that be similar to telling SSH to listen on only one interface? Because I did try that but it unfortunately did not resolve the issue
Edit: Found what you mean. I’ll give this a try, thanks!
Yeah, such a nightmare, lol. If I ever feel like hosting a honeypot I’ll probably DMZ it or use a VPS or something, but I’m going to change gears on projects for now.
Right. Most of my VLANs are set up that way; they’re silos. The VLAN that this is running on is the “management” VLAN that can see the other ones
I have a somewhat dated (but decently specd) NUC running Proxmox, and it’s the backbone of my home lab. No issues to date.
Updated with the forum posts
Gotcha. I’m using a ATX 1800 with full tunnel. I figured there would be a default deny all (haven’t touched anything in the way of the firewall on that device yet), but wasn’t sure if ARP would be able to get past it from the public AP side. I guess I can always do a few experiments at home in the lab too. Thanks again!
Thanks so much for looking into it! That’s a relief
Ty!
Hey there,
Yeah I’m doing it manually, and I did try importing the config from pfsense, however it would say import successful and then “Failed” at the bottom, lol. I did end up getting it working after finding a post from the staff mentioning that you should not put a listening address on the Peer and you should set a manual MTU of like 1300 which worked for me.
Thank you, I might give this a try tomorrow. I thought I read something similar, but that it would require you to take care of log rotation as well otherwise they would just grow. Not sure how true that is.
Oooh, good point. I’m not even sure if I should be using this with cert only based auth
It does usually not make sense to use fail2ban with e.g sshd when only public key authentication or similar is enabled.
Ah got it. I was looking at the UDM Pro. Is that a router and a controller? If so, I should be able to access locally I’d hope