(Small) Home Network Setup advice



  • Hi,

    I want to redecorate my (small) Home Network setup physically and keep it technically as simple as possible. Mainly for 2 reasons:

    • There are too many devices in my living room on the 1st floor (wife = 😠 )

    • And I want to create an additional (open)VPN connection for (mainly) my RPi/Kodi device.

    Because the Rpi/Kodi device is not powerful enough to run an openvpn client which provides descent speeds, I bought a Mini PC with 4 ethernet/nic ports and AES-NI (pfSense pre-installed). My Idea was to turn this device into my Main home router. But I found out that pfSense is much more than any router software. There are so many possibilities that you sometimes can not see the forest through the trees  ;).

    Now the basic pre-installed Pfsense on the device has a WAN LAN OPT1 OPT2 where only the WAN and LAN are assigned to interfaces. But I want to create a home network as shown in the attached diagram.

    The orange LAN cables (running through the hallway closet) are the connection between the first and second floor. This means I physically need the ethernet ports to connect my AP’s and NAS to the gateway (192.168.1.1). Besides that also the tunnel of the openVPN client needs to be assigned to an interface.

    Can somebody give me advise how to set this up?

    Greetoidzzz

    ![Home Network Setup.JPG](/public/imported_attachments/1/Home Network Setup.JPG)
    ![Home Network Setup.JPG_thumb](/public/imported_attachments/1/Home Network Setup.JPG_thumb)


  • Rebel Alliance

    So you want all this stuff on the same network 192.168.1/24 Why would you use pfsense interfaces.  Get a small switch = done, connect your AP1,  AP2 nas to this switch.  Connect the switch to your lan interface…  Any 20$ 5 port switch would be good here.  But I would suggest a 8 port smart gig for like $30-35

    That would allow you do vlans in the future and segment out your network vs everything being same network.

    As to vpn… It does not need a physical interface.

    BTW: “(pfSense pre-installed).”  Where did you buy this?  Unless its netgate or a PARTNER companies are not allow to pre-install pfsense on some china box and sell it like that.



  • (pfSense pre-installed)

    You really should wipe it and install 2.4.2 yourself.  Who knows what they may have installed on that box.



  • A colleague found it during his trip to china.
    Re-install would be step 1 at arrival, I first want to stress test the device.

    I do have a 5 port switch (which means also an extra power connection $$)

    Thanx for the tips!



  • @gschmidt:

    A colleague found it during his trip to china.

    Read this and you will want to immediately wipe it before letting it close to your network.


  • Rebel Alliance

    “I do have a 5 port switch (which means also an extra power connection $$)”

    Oh my gawd… You can not be serious…  Are you talking a Cisco 3850 POE switch or something… Then you might has something to mention power…  A 5-8 port gig switch uses like 3 watts…  You want to do the math on how much that would cost to run…

    So at like 12 cents per Kwh… A YEAR would cost you 3 dollars to run a 3watt switch…

    Your raspberry pi costs about the same to run… But I see you have 1, and a ps4 and an av recv… If that is going to be your excuse for wanting to bridge interfaces and make your life complicated with configuration you clearly do not understand… Good Luck 😉



  • @gschmidt:

    … a 5 port switch … extra power … $$

    Must be a really old switch that burns lots of energy for nothing if you even mention this. Get a current green switch and that’s not an issue worth mentioning anymore.

    A software bridge on regular i386 or AMD64 hardware can never (read: never ever) replace a hardware bridge which does it in dedicated ASICs or FPGAs.


  • Rebel Alliance

    It shouldn’t even be an issue worth mentioning if an OLD soho 5-8 port switch…  Maybe if some old monster he got off ebay with 24 ports and 2 fans, etc.

    I just looked at an old SFH105A “HUB” I have on my shelf… It list 12VDC at 800ma - so max it could at what 15 ohms is 9.6 watts… Lets call it 10watts… OMG – 10$ a year to run at 12 cents per KWh…



  • Ok Ok Ok Ok Ok Ok guys….I get it!  :-[

    It’s a TP-LINK TL-SG1005D…and indeed probably low powered.
    I’ll take your advice…you see under my name is a status mentioned…newbie


  • Rebel Alliance

    https://www.tp-link.com/us/products/details/cat-5581_TL-SG1005D.html#specifications

    Yup MAX that lists is 3watts… So clearly its not going to run at that… So less than $3 a YEAR…



  • OK we are side tracking the original issue, have to use pfsense for VPN or not?  Something cheaper and easier (to configure) VPN than pfsense?

    As far as the WAF, move stuff to a closet dude, and run wall wirings.



  • @johnpoz:

    https://www.tp-link.com/us/products/details/cat-5581_TL-SG1005D.html#specifications

    Yup MAX that lists is 3watts… So clearly its not going to run at that… So less than $3 a YEAR…

    Does it do VLANs properly?


  • Rebel Alliance

    You want something easier to use for vpn?  As to cheaper?  Pfsense is FREE can run it on your existing PC as a VM if you wanted to to provide your whole network vpn access…

    I have read over the OP post again a few times.  His question was how to connect his stuff because he is going to use pfsense… So not sure where your getting cheap low cost vpn way to run vpn was his question?

    edit:
    He doesn’t need vlans in his current config… He has everything on 1 network 192.1681/24

    That model is the dumb one, and no even their so called smart one doesn’t do vlans correctly.  If he wants to graduate to vlans he would need different switch.  If he was going to use different networks then he could prob leverage his ports on his pfsense box… But that is not what he wants to do per his drawing.



  • @johnpoz:

    You want something easier to use for vpn?  As to cheaper?  Pfsense is FREE can run it on your existing PC as a VM if you wanted to to provide your whole network vpn access.

    I have read that future release pfsense 2.5 will need a device with a AES-NI processor.
    My only wired PC is not capable of AES-NI. will VM work with the new release then?

    My (relocated) network is up and running according to your advise with switch.
    Next step is configure the openvpn client and the rules for the vpn tunnel


  • Rebel Alliance

    2.5 is going to require it sure… You can think about then once 2.5 comes out… Not going to be next week 😉  And even then not like they will drop support for 2.4 line as soon as they release 2.5… Sure 2.4 will be supported for a good year or so after 2.5 releases, etc.

    So you have plenty of time to worry about that when the time comes.  If you were in the market for buying new hardware now then sure hardware support of aes-ni should be a factor for sure in picking said hardware…  A year or so down the road will brings all kinds of new hardware to market I am sure - and one thing for sure with IT stuff, price only drops going forward…



  • Well, for a start I now have an AES-NI mini-pc with pfsense running as main router. 🙂


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy