Where's the pain-free device with open source, easily upgradeable firmware, that puts all of our IoT devices in their own private network but lets us tunnel through to them? It needs to be easy enough that our (grand)parents could pick one up on Amazon, Best Buy, or Home Depot and plug in and go...
If these are connected by cellular, they are given a private network that does not connect to the public internet and are in-accessible from the public internet unless the app provider explicitly chooses to do so
Most better home routers can restrict devices connecting to the internet (either through the Firewall or more comfortably configured through family filters) and offer VPNs to the internal network?
It's called PLAN (short for physical LAN). It doesn't need a managed switch, like VLAN, because you just use one switch for each network. Careful: Don't connect them.
