Hello All,
I apologize in advance for this long post. I am redesigning our home network - thanks to a generous hEX donation from Patrick
Goal is a secure home network with 3 wireless subnets (Home, Guest, & IOT/DMZ), and 4 wired subnets (Home, IOT/DMZ, Lab, & Management).
DSL ISP speed is ~15Mbps down/~1.5Mbps up, and I just signed up for TorGuard VPN.
I have following equipment to use for our core network:
1. MicroTik hEX RB750Gr3
2. Ubiquiti EdgeRouterX ER-X
3. Ubiquiti UniFi UAP-LR
4. Raspberry Pi3
5. Kangaroo Mini PC with Atom x5 Z8500, 2GB memory (Not ECC), & Win10-Home
(I also have a Supermicro A1SRi-2758 with 32GB ECC memory, but no case yet)
6. GL-iNet GL-MT300N-V2 (Travel Router)
7. Various VLAN capable 8, 16, 24, & 48 port Switches (I will start a separate thread for extending network & lab set-up)
8. Epson XP-830 Cloud Printer & Scanner (need to share with Home, Guest, & Lab)
I am considering the following software (many overlap functions & features, so don't need it all:
a. Radius server
b. PiHole server
c. OpenVPN server
d. DNS server (DNSSEC vs DNSCrypt)
e. DHCP server
f. PXE server
g. TFTP server
h. NTP server
i. PFSense
j. miFi Controller
k. UniFi Controller
l. NeoRouter server
m. DNSMASQ server
n. DUDE
My initial thought is hEX or ER-X for edge router, Pi3 or Kangaroo for DNS, DHCP, VPN, etc. Router's Eth1 could be Internet(DSL), Eth2 UAP-LR (3 VLAN of Home, Guest, & IOT), Eth3 Home, Eth4 Lab & Management, and Eth5 IOT/DMZ. I will like to use the GL-iNet for VPN security while on travel. I was thinking IOT/DMZ network doesn't need VPN (TorGuard), but needs to be extra segregated from rest of network.
Key software functions include some form of DNS, DHCP, NTP, Security, VPN, UniFi Controller, MiFi Controller, & some minimum monitoring capabilities.
I am open to recommendations & trade-offs, so please let me know if you have good articles & 'how to' guides for me to read.
Thank You,
ABQ
I apologize in advance for this long post. I am redesigning our home network - thanks to a generous hEX donation from Patrick
Goal is a secure home network with 3 wireless subnets (Home, Guest, & IOT/DMZ), and 4 wired subnets (Home, IOT/DMZ, Lab, & Management).DSL ISP speed is ~15Mbps down/~1.5Mbps up, and I just signed up for TorGuard VPN.
I have following equipment to use for our core network:
1. MicroTik hEX RB750Gr3
2. Ubiquiti EdgeRouterX ER-X
3. Ubiquiti UniFi UAP-LR
4. Raspberry Pi3
5. Kangaroo Mini PC with Atom x5 Z8500, 2GB memory (Not ECC), & Win10-Home
(I also have a Supermicro A1SRi-2758 with 32GB ECC memory, but no case yet)
6. GL-iNet GL-MT300N-V2 (Travel Router)
7. Various VLAN capable 8, 16, 24, & 48 port Switches (I will start a separate thread for extending network & lab set-up)
8. Epson XP-830 Cloud Printer & Scanner (need to share with Home, Guest, & Lab)
I am considering the following software (many overlap functions & features, so don't need it all
:a. Radius server
b. PiHole server
c. OpenVPN server
d. DNS server (DNSSEC vs DNSCrypt)
e. DHCP server
f. PXE server
g. TFTP server
h. NTP server
i. PFSense
j. miFi Controller
k. UniFi Controller
l. NeoRouter server
m. DNSMASQ server
n. DUDE
My initial thought is hEX or ER-X for edge router, Pi3 or Kangaroo for DNS, DHCP, VPN, etc. Router's Eth1 could be Internet(DSL), Eth2 UAP-LR (3 VLAN of Home, Guest, & IOT), Eth3 Home, Eth4 Lab & Management, and Eth5 IOT/DMZ. I will like to use the GL-iNet for VPN security while on travel. I was thinking IOT/DMZ network doesn't need VPN (TorGuard), but needs to be extra segregated from rest of network.
Key software functions include some form of DNS, DHCP, NTP, Security, VPN, UniFi Controller, MiFi Controller, & some minimum monitoring capabilities.
I am open to recommendations & trade-offs, so please let me know if you have good articles & 'how to' guides for me to read.
Thank You,
ABQ
