skizzles

Is OPNsense like dd-wrt or OpenWrt?

Yes, both are similar in terms of being a firewall/access point. OpenWrt is Linux based and OPNsense is based on FreeBSD.

OpenWRT and OPNsense have similar wireless capabilities but OPNsense is a little bit more restricted due to being based on FreeBSD, it still should be easy to manage though. More on the wireless compatibility can be found at the below link.

https://www.freebsd.org/releases/14.2R/hardware/#wlan

I haven't used dd-WRT so I can't speak to it, but have tried OpenWRT. My personal preference is OPNsense, I just find it easier to use and prefer the interface.

Here's a link to the OPNsense documentation.

https://docs.opnsense.org/index.html

I'm far from a network engineer but have been tinkering with computers and network stuff for 20ish years and there is still a ton that I don't know. Don't let it discourage you, you can make it work! Documentation can be muddy sometimes, and bland, but I find it best to just go one step at a time and slowly implement each piece while testing after each step.

I mentioned a firewall in your last post, but didn't get a chance to respond to what you said and saw this post.

You can use something like opnsense or pfsense (or something similar) behind your current router/modem.

If you have a router/modem combo, it would look like this.

Wall cable (fiber, copper etc) > Router/Modem > Firewall/Router device with opnsense installed on it > wireless or wire connected devices.

The hardware will cost money up front, the OS for it is free.

You can use this to isolate your devices from the router/modem that is the cause of concern, and have a secure connection to your jellyfin server. Eliminating the need for signed certificates.

Don't over think it. You can secure your network without making it excessively complicated.

If you have a raspberry pi you can also experiment with running the firewall on that (just as a test since there aren't official builds for the RPI that I know of) and pentest from whatever device you use to do so connected to your router provided by your ISP or however you want to test it before you go out and buy hardware.

Just to be clear I wasn't trying to be any sort of way with my question previously, but wanted a better understanding of what you meant by not trusting your device.

Edit: So a little side note, there are options to increase security when using something like opnsense. You can use freeradius to harden the access requirements to your network.

Since you mentioned pen testing but also seem to say that your knowledge of networking is a little bit limited, it may be a bit more involved than you're ready for. The thing is (and this is by no means a knock on you) if you are doing pen testing then you definitely need to increase your knowledge on networking. Those two things kinda go hand in hand. If you don't understand networking but you are trying to pen test a network, then how do you know what you are doing is actually effective? I suspect you may understand a bit more than you think you do, so try to broaden your knowledge more!

https://wiki.freeradius.org/

There's something to check out just to get some concepts. You can do plenty of things to harden your security that could give you the comfort you need without defaulting to encrypted connections over LAN.

Just out of curiosity, why is your network not a trusted party?

You could start with an additional firewall and maybe setting up traffic restrictions on it to mitigate what devices can communicate with each other, in addition to setting up a local VPN.

Yes its possible to spoof mac addresses and such but it really sounds like your concerns could be mitigated by having a more secure network setup.

If your network isn't a trusted party then you need to start there. Why isn't it a trusted party and what do you need to do to secure the traffic to/through it.

I 100% agree with you there.

I would imagine "we're cops" was much easier to say than "were secret federal agents sent here to detain you because you said something we don't like".

Shitty situation all around and it's painful to watch this happen. I'm ashamed to be from a place that screams freedom but has consistently shown that freedom only applies when you meet certain criteria, on top of all the other shit that's happening.

Are you serious?

They might not be cops, but that was quick and efficient with almost no interference. Actual cops would have just laid her out and detained her with excessive force. What you saw was trained professionals. They surrounded her, overwhelmed her, arrested her, and quietly walked off with her.

I'm not defending it, but they knew exactly what they were doing and it went exactly as they planned it to go. Quietly.

Did you expect some kind of movie style abduction, roll up screeching tires in a panel van and 10 guys jump out and toss a bag over her head then toss her in the van and peel out?

Ok, yeah.

Fell asleep last night sorry.

I did the following for that. I just went and double checked it and it is set to what I want it to.

[Service]
User=username
Group=groupname

Ok, I'm not entirely sure what happened but it's working now. Just restarted my computer and it didn't revert.

Strange.

Nope, I'm running ext4 on pretty much everything.

Interesting, was there anything in particular that you did with the services other than editing the service to run as those particular users?

Side note, I just tried to chown the sabnzbd folder and everything inside updated but the main folder itself refuses to change. Even after stopping the service.

Edit: scratch that. I closed and re-opened Dolphin and checked the properties of the folder and now it's showing correctly.

I'm still working on learning about containers but not quite there yet.

Default being, when each service is installed it creates an individual user/group (sonarr, radarr, sabnzbd) and the folder that is created in /var/lib/ for each service is set to those particular users/groups.

At this time, sonarr and radarr seem to be ok (I will need to double check after an update to them) but SABnzbd reverts the folder permissions every time I reboot and complains whenever I reboot since it can't write to the db or log files because the permissions change. I have looked at the config but didn't see anything outstanding that would indicate a reason it would be changing. Unless I am missing a different config file somewhere outside of that folder. There aren't any settings from within the web interface pointing to that either, at least from what I could see.