Public accessible AP / Simple(st) LAN segregation

Hello again!

My network exist of openwrt devices only. One main router with internet uplink and some "dumb" AP's.

I now deployed a wireless link to a location around 1000m far and it works! The link is stable (it's dry at the moment) but the device is just located beside the road (mandatory because of the elevation) and I want to minimize the potential attack surface.

Various things I have in mind:

  • extra SSID/WP2-PSK for that remote (openwrt) device which connects to one of the "dumb" AP's.
  • segregate all traffic coming from that remote location so that they have only internet access (vice versa would be nice to have access into the remote lan/nat)

I'm not really afraid if someone would rob this $15 old device and I hardly think it will happen at all here (rural area with few but honest people).

Thoughts and prayers anyone?

1 Like