Not sure if this topic belongs in the Hardware topic but …
Is it technically possible to set up a separate Wi-Fi access spot for “sketchy” Chinese (or similar) devices that require access to my home Wi-Fi? E.g. Broadlink RM
What I would like to achieve:
Such devices exist on their own network and have no access to other devices / resources on my LAN
Such devices should not be able to send/receive any data to Chinese servers, and basically become fully-local devices
But I would like to still be able to access these devices from Home Assistant
I’ve read that DD-WRT or other custom router firmwares can be used to set up separate Wi-Fi networks, but not sure how to configure everything.
This is definitely possible with dd-wrt, as well as LEDE/openwrt. It will require that you understand some basic principles of routing.
One alternative solution (with its pros and cons) is to forbid the Broadlink RM to talk to the internet through static IP provisioning (DHCP/hosts) and a firewall rule for that IP (drop all packets to WAN coming from this IP). This second approach should work on most routers, even with standard firmware
In the second scenario, I would guess that you could still send commands (from locations outside the home) to such a device - and the device would act on those commands - but it couldn’t report back to you as to its device status or whether the command was successful, correct? Would it be possible to setup rules allowing it to do so - but only to certain MAC addresses? (Drop all packets to WAN unless the destination MAC address is…)
If you’re using a VPN to connect home or tunneling through SSH you’re bascially ‘inside’
The same goes if you connect to HASS from ‘outside’ and use a hass button that triggers the command on the bean (in this case, be sure to secure the connection to HASS properly)
