I use freeipa and the only luck I’ve had with integrating that with storage was by rolling my own with rocky Linux.
Before that truenas worked well, OMV is good for Lower power machines that can’t handle full phat zfs and needs ext4 based mediums.
Pfsense is a lot more feature rich than openWRT, especially when it comes to firewall features. Personally I just use openwrt to run my access points.
I would replace that eero unit with an old dell optiplex with pfsense, and forego trying to virtualize PFSense.
Not sure what hardware is in that eero, but if you wanted to keep it as just a basic AP, that isn’t a bad plan.
After that get a second optiplex for publicly hosted stuff. Keep that on a separate port on your PFSense machine, completely firewalled off from the rest of your network via pfsense, only allowing traffic from LAN to your server.
Physically separating your internal network, and publicly hosted services, as much as possible is the goal.
If you can only afford one new piece of hardware, I’d get the pfsense box, and set it up as a wireguard VPN server, disabling the direct port forwards to the VM running Minecraft. Though your friends would need to install a VPN client, and youd have to provide config files.
A used optiplex on eBay usually isn’t much more money to get up and running than most Linux SoC’s after all the adapters and kit is purchased, and they’re usually specced out way better.
Actually if you wanted to do physical DMZ separation, and wireguard you’d really be doing good, but that’s probably a little paranoid.
You’re adding attack surface by keeping them separated only by vlan. VLAN hopping exploits exist, especially in older firmware, ESPECIALLY on EoL units.
Pfsense is a proper router/firewall built on one of the most hardened networking stacks on the planet. Plus it catches regular software updates, no matter how old your hardware is. You can run it on an old PC with a cheap quad gigabit nic card from eBay if you’d like.
If I might ask, what do you have handling your inter-vlan routing/firewall? Is it the same box you use to handle the firewall/routing between your WAN and LAN?
Is this machine sitting in your LAN, or on its own firewalled off network with a DMZ? No matter how secure it is, you don’t want it on the same network as the machine you do your taxes on.
A good poor mans option is to get a pfsense box with 3 NIC’s. One for WAN, one for LAN, and one for the machine you publicly host with.
Setup firewall rules so that LAN can reach the MC host on needed ports, but not the other way around.
Install this on top of a docker VM running in proxmox to get the real experience.
Now that code will never see the light of day.
Is there no mirror of what was released?
This seems like a regression. We use logs to tell us what’s wrong for a reason.
Why would I want to scan a qr code on my phone to read shit on a tiny screen you could’ve just printed on the computers display?
Also this is gonna play out great in secured environments where cameras are a no no.
Leave shit like this to the fuckers with no taste at Microsoft. Kernel panics are supposed to be verbose.
Good, it always kind of pisses me off that the premier open source NAS package supported AD which EEE’d several open source protocols instead of something like FreeIPA.
I get they’re a commercial company and this is their product, but they could’ve still had the decency to put that on the same level.