I use Linux on all my personal computers and privacy respecting ROMs on phones, and Pi-Hole, but a part I haven’t really taken a look at is my network at home.
I currently have my ISP’s smart router in bridge mode connected to a brand name Wi-Fi 6 router with a wireless “mesh” range extender. I really like the range extender because it has an Ethernet port so it’s basically a “free” Ethernet plug for that room connected to a high power Wi-Fi transceiver that’s faster than a lot of on board Wi-Fi antennas.
But I feel like it’s probably not the best thing privacy and security wise? I already don’t use the app and luckily it still has a web interface for management, but I don’t know how secure the firmware is or if it has any corporate “analytics” or not. I’m thinking a PFsense or similar router software on Linux box to connect to the bridge port of my ISP’s router since I was told the “Ethernet” cable connecting from it to the fiber modem won’t work with a store bought router, I assume it has some kind of DRM?
I already have an old PC in mind to convert to a router. I assume I could just use the onboard Ethernet port to talk to the router and add my own USB NIC to connect to the main switch?
I don’t know what to do for Wi-Fi though, could I buy two dedicated access points and put them on different floors, and have them both connected to the wired network? How hard would it be to have those be the same Wi-Fi network and have devices actually switch between them depending on location?
Also, most of my NICs and switches are from the thrift store or eBay for higher end used server parts. Is that bad? As in how worried should I be about the firmware running in those being tampered with by whoever owned it last?
If you are worried about the security of the brand name WiFi router, i would just try to set up pfsense on a stick(need only one NIC). I am pretty sure i have seen an official guide for that. So basically, you plug your switch (access port) to the isp router, and plug the pfsense box into another port(trunk port) on your switch. Define a vlan for internet, and have that access port tagged with the same vlan. Then turn off routing in your brand name router and use it as a pure access point. Now you can play with vlans as much as you want. I wouldn’t worry about the isp router, it has no access to your network, and most traffic going through it should be encrypted anyway. And for your brand named access points, you can block them from accessing internet.