My Cracktop's routing, firewall, and monitoring facilities were the BOMB for say 2008 but I haven't needed or actually used any of that since then. (and rarely before, if your computer behaved weird in a motel i was at... sorry. But who doesn't like h0rse porn?).
In the modern world the OpenWRT folks have turned cheap consumer single board Wifi routers into real systems which do everything we need and can be made to do anything fancy I might want. Clear winner. ESR's "Best Wifi Routers in 2019" is a good resource for further reading on the subject.
I'd actually started thinking about this in October, and done some looking into what was available. Found these refurbished Linksys EA3500's, cheap, has a USB port, bought a pair. Having an extra one to mess up or experiment with is worth it.
This firmware image installs via the stock Linksys web interface:
Here's the OpenWRT Hardware page for this, I reccomend the "unplug 3 times" reset method, btw.
Situation Normal #
By the time I get to looking at the new hardware, theres an OpenWRT
19.07-rc1 release candidate, which installs on the router super easy
... well, as easily as anything will go here. Both the stock and
OpenWRT firmware want to use
192.168.1.1 as the IP address and one
of cracktop's tricks is that it guards all the RFC 1918 space it isn't
I'd forgotten that one but it was refreshing to see the old dog wake up and bite. cracktop could talk to it, but had no web browser new enough to speak to the routers configuration interface. So I had to bounce up a pi to route it as a spare segment ...
i could have grabbed a laptop or lit up a console (monitor / keyboard)
on a pi but neither of those were as viable at the moment. Or just
turned off the traps or added
192.168.1.0/24 to an allowed list
even... but where's the fun in that?
Further Distraction #
This guide https://openwrt.org/docs/guide-quick-start/ssh_connect_to_the_internet_and_install_luci was of enormous help to bootstrap the cold OpenWRT onto my LAN so i could mess with the rest.
Reading these documents
Got me excited about the possibility of making an unpassworded 'Guest' WiFi network, with perhaps limited or no internet access, and guarded access to LAN resources like the printer and media library. This would keep our phones and tablets software updates from eating our ISP bandwidth allocation, sometimes we actually do have guests with devices, etc.
On the other hand, currently my users don't have passwords and expect "the network" to just work, making no distinction between local and internet resources. Weather takes the satellite based ISP connection out regularly, and I'm regularly explaining "that's on the internet and we can't see it through the thunderstorm."
OOPS. Make it WORK. #
I can argue this either way still, but I had a priority interrupt and had to build a new office so a faster deployment became important. It's essentially vanilla now. It works well and has done so reliably since deployed 2 months ago.
That got cracktop off the network, with "quick snatch" backups / transfer of the files it served to the LAN over to myra, for the sake of expedience. There's some functions it had that i had wanted to move but now I've been without them for 2 months, I guess they weren't actually that necessary. If they were I'd have reimplemented them by now.
Addendum: By the time I get around to posting this, the OpenWRT 19.07 release is official and out today. I can reccomend it unreservedly.