Skip to content

Commit 1be75d1

Browse files
committed
Update for 2nd insiders edition goal
1 parent a1411bd commit 1be75d1

File tree

6 files changed

+18
-30
lines changed

6 files changed

+18
-30
lines changed

docs/ap-basics.md

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ WPA2 is currently the most secure standard utilizing AES (Advanced Encryption St
4444
By default, RaspAP's access point is configured with WPA2 and CCMP encryption. You may of course change this to allow legacy clients (older mobile devices, for example) by selecting `TKIP+CCMP` as the encryption type. Choose **Save settings** and **Restart hotspot** for your changes to take effect.
4545

4646
### WPA3-Personal
47-
:octicons-beaker-24: Experimental · :octicons-heart-fill-24:{: .heart } [Insiders only](insiders.md)
47+
:octicons-beaker-24: Experimental
4848

4949
WPA3 is an improved encryption standard, thanks to Simultaneous Authentication of Equals (SAE) which replaces the Pre-Shared Key (PSK) authentication method used in prior WPA
5050
versions. WPA3-Personal allows for better password-based authentication even when using simple passphrases. In general, WPA3-Personal networks with simple passphrases are more difficult to crack
@@ -59,7 +59,7 @@ security mode is also available.
5959
The Raspberry Pi's onboard wireless chipsets do not currently support the WPA3 standard. For this reason, in order to use this setting you will need to configure your AP with an external wireless adapter that supports WPA3.
6060

6161
### 802.11w
62-
:octicons-beaker-24: Experimental · :octicons-heart-fill-24:{: .heart } [Insiders only](insiders.md)
62+
:octicons-beaker-24: Experimental
6363

6464
The 802.11w amendment was introduced as a way to secure Wi-Fi management frames against attacks by ensuring that these frames are legitimately exchanged between an AP and its clients, rather than
6565
a malicious third-party. These 802.11w Protected Management Frames (PMFs) can mitigate common types of "deauthentication" and "disassociation" attacks.
@@ -68,8 +68,6 @@ Similar to WPA3-Personal, 802.11w may be configured in one of two modes: enabled
6868
while also allowing devices that support 802.11w to use the PMF features. _Required_ will prevent clients that do not support 802.11w from associating with the SSID.
6969

7070
## Printable signs
71-
:octicons-beaker-24: Experimental · :octicons-heart-fill-24:{: .heart } [Insiders only](insiders.md)
72-
7371
Beneath the QR code on the **Hotspot > Security** tab, you will find a link to open a "Wi-Fi connect" sign suitable for printing. Click or tap the link after the :fontawesome-solid-print: printer icon to open a new window with your hotspot's QR code, SSID and password neatly formatted.
7472

7573
![](https://user-images.githubusercontent.com/229399/148738058-dfe7ea04-d59b-460a-a8b8-f0fca15ef715.png){: style="width:580px"}

docs/dynamicdns.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
![dynamic-dns](https://github.com/user-attachments/assets/ac4fa7b4-a485-4696-9a25-238cd896cdc8){: style="width:640px"}
44

55
## Overview
6-
:octicons-beaker-24: Experimental · :octicons-heart-fill-24:{: .heart } [Insiders only](insiders.md)
6+
:octicons-beaker-24: Experimental
77

88
Accessing your device from anywhere in your local network is great, but there are times when you might want it to be reachable from remote locations. This is particularly true for projects such as media servers, network attached storage (NAS) and VPNs such as those provided by RaspAP. However, due to the [shortage of IPv4 addresses](https://en.wikipedia.org/wiki/IPv4_address_exhaustion), it's likely that you will receive a new and different external IP address from your ISP each time your router is rebooted.
99

docs/firewall.md

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,6 @@
33
![firewall](https://github.com/user-attachments/assets/f821bd3e-9380-4515-ac2c-0950201e6139){: style="width:640px"}
44

55
## Overview
6-
:octicons-beaker-24: Experimental · :octicons-heart-fill-24:{: .heart } [Insiders only](insiders.md)
7-
86
If your device is exposed to the outside world, firewall rules can provide a layer of security against intruders to your network. A firewall also gives us granularity in terms of what is allowed to be forwarded across interfaces. Using the rule sets described below, we can effectively control which packets
97
are allowed to be inputted to, and outputted from, the RaspAP router itself.
108

docs/insiders.md

Lines changed: 13 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -23,20 +23,12 @@ If you're unsure if you should sponsor this project, check out the list of [comp
2323
The moment you [become a sponsor](#how-to-become-a-sponsor), you'll get **immediate access to the additional features below** that you can start using right away, and which are currently exclusively available to sponsors:
2424

2525
:octicons-check-circle-fill-24:{: .check } [Network device management](net-devices.md)
26-
:octicons-check-circle-fill-24:{: .check } [Firewall settings](firewall.md)
27-
:octicons-check-circle-fill-24:{: .check } [WPA3-Personal AP security](ap-basics.md#wpa3-personal)
28-
:octicons-check-circle-fill-24:{: .check } [802.11w Protected Management Frames](ap-basics.md#80211w)
29-
:octicons-check-circle-fill-24:{: .check } [Printable Wi-Fi signs](ap-basics.md#printable-signs)
30-
:octicons-check-circle-fill-24:{: .check } [MAC address cloning](net-devices.md#changing-the-mac-address)
31-
:octicons-check-circle-fill-24:{: .check } [Network diagnostics](net-devices.md#diagnostics)
32-
:octicons-check-circle-fill-24:{: .check } [WireGuard kill switch](wireguard.md#kill-switch)
33-
:octicons-check-circle-fill-24:{: .check } [Dynamic DNS](dynamicdns.md)
3426
:octicons-check-circle-fill-24:{: .check } [Multiple WireGuard configs](wireguard.md#multiple-configs)
27+
:octicons-check-circle-fill-24:{: .check } [MAC address cloning](net-devices.md#changing-the-mac-address)
3528
:octicons-check-circle-fill-24:{: .check } [Wireless LAN routing](wlanrouting.md)
3629
:octicons-check-circle-fill-24:{: .check } [Custom user avatars](authentication.md#custom-user-avatars)
37-
:octicons-check-circle-fill-24:{: .check } [WiFi repeater mode](ap-basics.md#wifi-repeater-mode)
38-
:octicons-check-circle-fill-24:{: .check } [NTP Service](ntp.md)
39-
:octicons-check-circle-fill-24:{: .check } [Limited privilege user role](authentication.md#limited-privilege-user-role)
30+
:octicons-check-circle-fill-24:{: .check } [WiFi repeater mode](repeater.md#alternate-routing-method)
31+
:octicons-check-circle-fill-24:{: .check } [Limited privilege user mode](authentication.md#limited-privilege-user)
4032
:octicons-check-circle-fill-24:{: .check } [Tailscale VPN support](tailscale.md)
4133

4234
Look for the list above to grow as we add more exclusive features. Be sure to visit this page from time to time to learn about what's new and follow [@RaspAP on :fontawesome-brands-square-x-twitter:](https://x.com/rasp_ap/) for the latest announcements.
@@ -61,16 +53,6 @@ Below is a list of funding targets. When a funding target is reached, the featur
6153
### Goals
6254
The following section lists all funding goals. Each goal contains a list of features prefixed with a checkmark symbol, denoting whether a feature is :octicons-check-circle-fill-24:{: .check } already available or :octicons-check-circle-fill-24:{ style="color: var(--md-default-fg-color--light)" } planned, but not yet implemented. When the funding goal is hit, the features are released for general availability.
6355

64-
#### **$1,000** - 2nd Insiders Edition
65-
:octicons-check-circle-fill-24:{: .check } [Firewall settings](firewall.md)
66-
:octicons-check-circle-fill-24:{: .check } [WPA3-Personal AP security](ap-basics.md#wpa3-personal)
67-
:octicons-check-circle-fill-24:{: .check } [802.11w Protected Management Frames](ap-basics.md#80211w)
68-
:octicons-check-circle-fill-24:{: .check } [Printable Wi-Fi signs](ap-basics.md#printable-signs)
69-
:octicons-check-circle-fill-24:{: .check } [Network diagnostics](net-devices.md#diagnostics)
70-
:octicons-check-circle-fill-24:{: .check } [Dynamic DNS](dynamicdns.md)
71-
:octicons-check-circle-fill-24:{: .check } [WireGuard kill switch](wireguard.md#kill-switch)
72-
:octicons-check-circle-fill-24:{: .check } [NTP Service](ntp.md)
73-
7456
#### **$1,500** - 3rd Insiders Edition
7557
:octicons-check-circle-fill-24:{: .check } [Network device management](net-devices.md)
7658
:octicons-check-circle-fill-24:{: .check } [Multiple WireGuard configs](wireguard.md#multiple-configs)
@@ -95,6 +77,16 @@ The following section lists all funding goals. Each goal contains a list of feat
9577
:octicons-check-circle-fill-24:{: .check } [WireGuard support](wireguard.md)
9678
:octicons-check-circle-fill-24:{: .check } [Set AP transmit power](ap-basics.md#transmit-power)
9779

80+
#### **$1,000** - 2nd Insiders Edition
81+
:octicons-check-circle-fill-24:{: .check } [Firewall settings](firewall.md)
82+
:octicons-check-circle-fill-24:{: .check } [WPA3-Personal AP security](ap-basics.md#wpa3-personal)
83+
:octicons-check-circle-fill-24:{: .check } [802.11w Protected Management Frames](ap-basics.md#80211w)
84+
:octicons-check-circle-fill-24:{: .check } [Printable Wi-Fi signs](ap-basics.md#printable-signs)
85+
:octicons-check-circle-fill-24:{: .check } [Network diagnostics](net-devices.md#diagnostics)
86+
:octicons-check-circle-fill-24:{: .check } [Dynamic DNS](dynamicdns.md)
87+
:octicons-check-circle-fill-24:{: .check } [WireGuard kill switch](wireguard.md#kill-switch)
88+
:octicons-check-circle-fill-24:{: .check } [NTP Service](ntp.md)
89+
9890
## Transparency
9991
We've chosen [OpenCollective](https://opencollective.com/raspap) as the fiscal host for our [GitHub sponsors organization](https://github.com/sponsors/RaspAP). This means that our budget is completely transparent — financial contributions, expenses and payouts to project team members are automatically reported. Everyone can see where money comes from and what it's spent on. This committent to full transparency was central in our decision to implement Insiders.
10092

docs/ntp.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
![ntp-service](https://github.com/user-attachments/assets/9bd23465-5fd2-4a58-98e2-ab28ccc22a16){: style="width:640px"}
44

55
## Overview
6-
:octicons-beaker-24: Experimental · :octicons-heart-fill-24:{: .heart } [Insiders only](insiders.md)
6+
:octicons-beaker-24: Experimental
77

88
One of the limitations of devices such as the Raspberry Pi is that it lacks an onboard **real-time clock (RTC)** to accurately keep track of the time, including when the device is powered off. To overcome this, two solutions are generally available: 1) install a hardware RTC module, or 2) synchronize time from the network.
99

docs/wireguard.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -124,7 +124,7 @@ These `iptables` rules are defined in WireGuard's [default settings](defaults.md
124124
If your VPN server is behind a NAT, you will need to open a UDP port of your choosing (51820 is the default).
125125

126126
## Kill switch
127-
:octicons-beaker-24: Experimental · :octicons-heart-fill-24:{: .heart } [Insiders only](insiders.md)
127+
:octicons-beaker-24: Experimental
128128

129129
In the event that the WireGuard tunnel accidentally goes down, unencrypted traffic may reveal your real IP address. To prevent this from happening, additional `PostUp` and `PreDown` rules may be
130130
added to the firewall. Simply choose the **Enable kill switch** option when uploading your WireGuard configuration:

0 commit comments

Comments
 (0)