Please create a new Web-access for configuring OpenWRT
Features:
Goal driven configuration
Tag based (examples and possibilitie to create new.
e.g. smarthome = (no internet access, one way access to untrusted (e.g. tv and printer)
Preview about assumed Network design as tree view (Diagram design)
Scan for devices and present them in a list for manually assign them to tags.
According to assigned tags the networks, firewall rules and other settings get modified or created.
Local domain driven
Setup a reverseproxy and issue a self-signed certificate. All webservices on the by the router controlled network should be able to work with https.
(Optional) - docker network management
You could connect a docker host. The network-configurator take over the network configuration of the host and container and allow to manage the network access to docker services as well as a local domain and https.
My use case is only for private network. Router, a nas with several docker container (nextcloud, ntfy, immich, paperless), homeassistant and devices, TV and Printer, guest network.
I don't know Fritzbox. I only heard they are good.
No I don't think so. Because set-up a basic setting took me 4h last time I did it. And my frustration about this is the cause of this Blueprint.
Boot Router
(Have some dummy devices on the gui, to draft a design without real devices)
I think you hardly underestimate the scope and scale of such a project and even the impossibleness of such a task to be generic compatible.
If your blue print works for you, nice. Build your own around it and bake it into the firmware and flash each device with its intended config.
Im not a developer. I know IT from hobby and maintaining my private network.
I know that such a project is not easy and not fast done. I even not assume that it would be finished in a near time.
But now, I'm frustrated because I'm able to do docker, have a working libreelec and desktops running Linux. But until now I newer was able to understand network. I setup my private network. It took me 4h our. Two years later I want change something and took another 2h to get some simple changes.
Every time I do something I have to learn it again beacuse I nearly never need to do the same thing twice.
Yeah, that's the drawback of a tinkerer oriented solution like openwrt.
And that's why you pay for other routers a lot of money, because they have to spend a lot of time developing that user friendly UI with its wizards and such.
This is a project that will need many developers and many months of not years. No easy task for a weekend.
I assume that tag is not the correct wording. I will edit the initial post if I get the correct term.
With tag I mean a set of definition that has to be met. Like:
"Has internet acces"/"Has no Internet access"
"Could be accessed from - PrivatComputers"/Is not allowed to be accessed from - SmartHome"
No In this case you would create a dummy device "TV" or "Desktop"
and create you network with them and merge them the moment the device appaear on network.
To be clear - you're asking for a Firewall Configuration Wizard that asks if you want/don't want a particular network to have Internet access?
How would this easier than a default LAN with known firewall settings?
OK, I understand this. Basically this Firewall Configuration Wizard would determine the Firewall zones by interrogating you about all interfaces, correct?
Instead of simply assigning the interface to a zone when hitting the Add button...or a known default (i.e., the current status quo).
Seem tedious, but cool.
You lost me. To be clear are you saying that:
the you want to bridge "dummy devices" the moment the [real] devices appear on the network, or
is this description some kind of "network sandbox" that you're asking the developers to implement?
Dude im doing network professionally and I'm still learning new stuff or run into issues and I had havoc situations where I needed to shut down a whole company 2 times because they and such shitty legacy network that every time we wanted to change something everything broke apart till we figured it out after 2 days of test, trial and error!
Regarding openwrt. The first time I really wanted to learn how to use batman it took me a full week! So 2h of maintenance every 2 years is nothing.
A request for configuration assistants is understandable from a user's perspective, actually implementing it in a way that doesn't stomp over the existing configuration however is another topic. Keep in mind that OpenWrt is a very modular and flexible router firmware, the decision matrix quite literally explodes with rather small changes already and in the larger scheme of things these cause more trouble, than they fix.
These generics out of the way, your envisioned requests are very specific to your particular usage scenario and intentions. Valid, but far from the expectations of >98% of all users. It's safe to assume that even if OpenWrt would ever gain guided configuration assistants, none of these topics would be covered by that.
I related to the user-base:
I would argue that OpenWrt is still an OS used by developers and also by a bunch of home-network enthusiasts. Because its popular (but not the gold standard) of these enthusiasts, you also have a bunch of students who use it in virtual homelabs, for learning of course.
I still don't see and probably will never see, that its somehow "mainstream" to be aware of running OpenWrt at home andtaking care of and using it.
There are and will be lots of OpenWrt deployments, where users are not aware they have an embedded Linux in their house; neither would be those users allowed to fiddle with their software, because the vendor doesn't like getting it touched.
In comparisim: There is this spain?/catalan? university? but Open Wireless Network project and they developed an Free and Open Source Config and Management Panel, which used for and scales to, and is able to run an Wireless ISP with >10k nodes in the field! (@nemesis are you still involved? I just wanted to be sure to not mix things up...)
And this is huge. It supports a bunch of devices and enables you to run a large scale network, but with a very well defined and specified use- and config-case.
A tool which promises it can do "everything", in combination with "everything else", will just go boom. It will be a shit pile full of ugly hacks.
Again, I would argue that the typical home-network enthusiast-user is served quiet well with the DIY principle, and learning to use the image-builder to build and flash full-self-containted-and-suited-firmware-images for each device.
Can confirm, I did exactly that and I like it. Took me a couple weeks to get it all done, but now I can get a reproducible image that does, what it is supposed to be and can just run.
I think this is also very true, because people like having a free and open router firmware to replace their original firmware. While at the same time they are no developers or tinkerers, they just don't trust the router company.
See links in libremesh.org , with the exactly big mesh control panels, but very little to do with home lab nor one-ap home typical use case.
Take together your silent DAU community and maybe add one or two buttons to luci-mod-dashboard easing some of firsttimer tasks?
Yes, I agree. I think that's the cause with LuCi. Thats also the cause why I limitted the feature of my proposal to only an essential feature set.
No entry for IP's nor MAC Address, no definition of DNS, DHCP or anything else. The only cause this Idea solve is to design the basics of designing a network, setting Zones, and Firewall for some comon cases.
I just wanted to be sure to not mix things up...)