Hey Guys! I am pleased with the Flint --> Flint 3 upgrade I have gifted myself! Good move on rushing the Flint 3 after getting screwed by MediaTek with the Flint 2. This is both the least expensive wifi 7 router (unless you hack an approximation with an M.2 card on an old mini pc) and is the most configurable, programmable, and unbrickable/unownable option on the market, and I have no doubt will remain so. Are you guys with the CIA or something.???? JOKE!
Anyway, I use this router series as my DMZ'd WAN and Microsoft on-premises Active Directory LAN Gateway, which I bet is what a significant fraction of your home lab/office userbase does too. So, they might really like to hear the best practices solution to the following:
I use DHCPd to dole out most addresses, save for Microsoft Domain Controllers, even for VM hosts, for security reasons. My pattern is to use the Flint (3) dhcpd, for initial setup and major changes. Then I used to have to go to LuCi to check the ignore box on the bridge-lan interface to stop the Flint (3) dhcpd acting on my AD lan, after getting my dual Domain Controllers with failover dhcpd configured and activated. And that's how it has been. Recently the Gl.iNet team added the lan dhcpd controls to the main graphical interface, which I like and appreciate, but it still isn't exactly what would be my ideal solution. Without DHCPd, my main workstation and all the VMs on it lose network access, and I absolutely dislike security-wise using static IP address assignments anywhere, but especially on my main workstation guarding some of my most critical data. Part of it is sudden loss of all the dhcpd scope options I use; static assignment doesn't include these. As a result, I lose a safe internet connection and various important configuration elements that leave me without access or function of core dependencies and critical security definitions.
So, what I would like is for the Flint to have a daemon that is VLAN protected that keeps a constant eye on the Domain dhcpd and as soon as it goes down, a script is run that utilizes WinRM, and ssh, and other methods to imemediately access, diagnose, and fix whatever is amiss with both my domain controllers. During this automatic triage, which could last for days based on past unbelievable obscure corruption suddenly happening, I want the Flint gateway to no longer hav its dhcpd ignore the bridge interface, and immediately resume being the only dhcpd on the lan.
I'm not asking for anybody to write this monitor daemon living on the Flint completely as I've alluded to. All I want is some simple code the just simply continually polls the domain controllers, and IF-THEN reactivates the dhcpd on the Flint, and does the opposite of course when domain controller dhcpd availability returns on the network.
I'm going to add all sorts of triage and treatment methods to some scripts I'll run to fix things, and I'll include them in a new contribution to the openwrt package sources eventually, but I need the possibly quite short code for the new daemon on the Flint I feel, because I've experienced random seeming behavior arising from many many single LuCi-interface tweaks over the years, and it's predominately closed source components that have been the apparent sources of the bugs. So a small open-source daemon written by the Gl.iNet team, along with some very likely necessary modifications to the closed-source components, would free me to do the rest, which I without fail will keep totally open-source so others can use it and configure it too. These things are wildly variable home lab to home lab in my experience.
Thoughts, Gl.iNet team? You might really jump on this simply because you could advertise ALL your routers as having "Active Directory Integration" or whatever. That will definitely bring you a lot more business.
Thanks in advance!
Aharon S.
