Home Network Setup - pfSense, VLANs, VPN, HAProxy, 10G, and more

home networking can be one of the most

simple things in your entire setup

or one of the most complicated and

pretty much anything in between

it just depends on your use case and how

many devices you have

and how complicated you want it to be

now for me

someone with a home server a couple of

pcs

a couple of laptops and some smart home

devices

i really wouldn't consider myself to be

an advanced

user with advanced needs but i would say

my home

networking setup is more on the advanced

side so

what am i running let's check it out

[Music]

all right before i get into it i just

want to say really quickly if you're a

fan of the channel

and a fan of these videos please

consider subscribing

it helps a lot uh with the channel as

small

as small as mine and i would really

appreciate it

if you would consider subscribing it

would help a bunch

and also i'm not going to ask you to

like the video yet because

you haven't really seen it so if you

liked the video at the end

please consider dropping a like okay

home networking there are basically four

major components that go

into 99.9 of

home networking setups that being a

modem

a router a switch and a wireless

access point in a lot of cases your isp

is going to provide you with a box

that acts as basically all four of those

things

and that's what i mean when i say your

home networking can be one of the

simplest things

in your entire setup now more common

setup is to take that modem provided to

you by your isp

and then pair it with a more advanced

router that you get

on your own something from netgear

linksys asus whatever now that router

is generally going to act as your router

your switch

and your wireless access point in my

case though i actually have a dedicated

modem

a dedicated router a dedicated switch

and

two access points so

that's what i mean when i say mine's

more on the advanced side

of a basic home networking setup so

let's jump into it the modem is just a

standard modem provided to me by

my isp which is charter spectrum and one

quick thing i don't have much to say

about the modem but

whoever chartered decided that the modem

should only have

a mobile app interface and no web gui at

all

um what ceremony is probably the least

important part in this entire setup

because it's basically there to provide

a link to the internet

and give you a public ip and that's

kind of it the router though is arguably

the most important

and my router is a netgate

sg 1100 now it's not

in this box it's actually running

because i don't want to shut off my

internet

i couldn't recommend this router enough

if you are someone that wants to do

more advanced things in your network

like set up customized

firewalls set up a vpn

do separate vlans set up reverse proxies

do

custom port forwarding and custom dns

stuff

this thing will do all of that and

for 179 dollars for a dedicated router

with no

you know wireless functionality and no

real

switch functionality um it

is kind of pricey for that but for the

functionality it provides

it's amazing now if you don't want to do

any of that advanced stuff

just go with the generic netgear asus

linksys router and you'll be good to go

and you'll probably

stop watching the video now the sg 1100

is

their entry-level router system

and it's pretty much designed for small

home labs which

is what i'm running so it's perfect for

me now mine's actually doing a bunch of

stuff

let's start out with the most basic

thing the most

basic functionality that your router is

going to provide and act as your dhcp

server which is basically meaning that

your router

is passing out ip addresses to every

device on your internet

a couple of more advanced things like

setting up

vlans this is where the

1100 shines and running pf sense

on the 1100 makes it super super easy to

do these more advanced things now

i'm running two separate vlans one for

my

main network which contains basically

everything

that i personally use in my home network

and then i have a separate vlan that i

named guest and this is essentially for

anybody that comes over and wants to use

a guest network

and it houses all of my iot devices

and smart home stuff and the reason for

separating that is because

i don't want to have my

iot devices or my smart home devices be

able to talk

to my main network stuff so my home

server

my nas any personal

uh computers that we have on the network

i don't want there to be any possibility

of some security breach and i know you

guys hear a lot about

in the news you know you know ring

devices people talking

through your ring network and certain

you know iot devices getting compromised

and if that happens all of those live on

a separate

vlan so i don't have to worry about that

i'm also using pf

sense to run h.a proxy which is a

reverse proxy

that allows me to take certain devices

within my home network and expose them

to the internet and the outside world

it's useful for certain things

like cloud services if you want to run

plex

stuff vpns anything you want to expose

to the outside internet

uh ha proxy does a very good job at that

along with those things pf sense is also

acting as a certificate authority so

that i can enable https on

any devices or services that i want to

expose to the internet

and i'm doing this with the help of

cloudflare

so cloudflare is acting

as kind of a middleman between my

network

and the outside internet and for some

reason they provide

a bunch of useful services for free so i

recommend go and check out cloudflare

you can play around with it for free and

do a lot of cool

things with it on top of all that stuff

you know you're getting your generic

stuff like dhcp

port forwarding firewalls and a whole

handful of things i could spend

hours talking about all the features of

pf sense

and using the netgear mecure

netgate sg 1100 but there are

more components in my network that i

want to get to okay the switch

your switch is basically acting

as a hub

to all of your devices and that is if

you're running

a bunch of hard-line devices meaning

that

you have a bunch of computers that you

don't want to use wi-fi with you want

a hardline network cable directly into

that machine

you're probably going to need a switch

because most routers these days come

with about

four plugs and

if you have four computers that's fine

but if you have

more and you're wanting to do more

sophisticated things

you're probably going to need a

dedicated switch so switch i chose is a

qnap

qsw 4

0 8 4 c that really rolls off the tongue

right

and the reason i went with this is

because of its

price to features is

probably the best you're gonna find for

a small

network setup like mine it's about 300

but what it does do is it comes with

four dedicated 10 gigabit

rj45 ports and this is perfect for me

because

it allows me to do everything i need and

gives me a little more

wiggle room if i ever want to upgrade

down the line because

my server is running a 10 gig connection

and

my main pc is running a 10 gig

connection

that's only two so i have two left over

if i ever want to expand in the future

and the switch also comes with eight

dedicated

one gig ports another solid feature of

this switch is that it supports vlans

okay

wireless access points i have actually

two

dedicated wireless access points to

allow

wi-fi my main wireless access point is a

netgear r 6700

b2 it's a router i've been using for

about

four or so years and it runs

perfectly now stripped most of the

features out of it before it was acting

as a router switch and access point

but now since i have the sg 1100 and the

qnap

the 6700 is basically

just an access point but why do i have

two

why do you need two access points well

the second one is another netgear but

it is the ac 1200 and this is a

dedicated wireless access point so why

do i have

two access points well when i was

setting up vlans

it was convenient to have a dedicated

access point

act as my guest network

you know access point and one

access point to act as my main access

point whenever i want to connect things

within my home network to the main vlan

i connect to the 6700 and everything on

the guest vlan

goes directly through the 1200 and that

is also where i've connected my home

security

and iot devices and then at the very end

of the chain we have

these asus 10 gigabit

cards now depending on the motherboard

and devices you

use a lot don't really come with 10

gig built in so you may need to purchase

a dedicated 10 gig

card but i have one of these running in

my main computer and i also had a second

one running in my server

but since upgrading i'll leave a link to

that video

above uh that motherboard now has

dual 10 gigabit ports built in so i

actually have an extra one of these that

is not being used this is about a

hundred dollars i recommend it

i know there are cheaper ones out there

but

this had a lot of good reviews in terms

of using it with windows and linux

and i wasn't necessarily sure of my use

case yet so

this is what i went with and no real

complaints works perfectly

so that's the hardware setup that i'm

using

basically i get the internet from my isp

through the modem

my router takes that connection and does

all the fancy stuff with it

like assigns ip addresses to all my

devices using dhcp

it acts as a vlan so my network is

basically split up in

two separate parts another thing i

forgot to mention is that

my router is also acting and hosting a

vpn so that anywhere in the world i can

vpn back into my home network and access

anything

on my home network as if i were actually

here then from the router that

connection goes directly to the switch

where the switch takes that connection

and

basically makes a hard line connection

to

all the devices that i have hardwired

and then the access points are also

making direct connections to the switch

and then broadcasting that signal

throughout the house

and depending on which device i'm using

will determine which access point i

connect to

and everything's all happy so you know

what let's

actually go take a look at everything

i'm running

okay so this is my dedicated network

room with a built-in

washer dryer and a washer dryer is

probably the most important part of a

network uh physical room because if any

of the devices

mess up you can just grab it throw it in

the washer and

you're good to go okay actually uh this

is my laundry room which doubles as

my network uh hub

i guess you could say and this is where

all the magic happens so like i said

before

we have our modem which

comes from spectrum or your isp and just

sits there and does

it's one thing um

here is the brains this is the net gate

i can't really pull it out because of

all the wiring that's so neatly

tucked in behind but this is the netgate

sg 1100

and it's pretty tiny and

it's not the size of the router in the

network

it's the size of the network

and the router okay so the router then

goes to the switch and this is our qnap

qs408 4c something

whatever here's the switch and

that you can see all these beautiful

uh cat6a cables which i don't recommend

because they're paying in the ass

to crimp and terminate

but that's running directly on the

switch and those go up into the attic

and to all the rooms in the house to

give me some nice

hardwired 10 gig connections

and then from there you will see the

access point so here is the

ac 1200 which is the guest network

and this is the quite dusty

um b2

and that's the setup it's not really

that exciting there's a couple of lights

going on and you're probably wondering

what this is this is my

backup sync thing server i'm gonna leave

a link to that video

above if you want to check it out but

that backs up all my files

if you're interested and oh there's a

ups

so i recommend having a ups in your

network set up so that when the power

flickers

your entire network doesn't go down so

that's it

um it's not that exciting the i think

the most exciting part is the washer

dryer but

okay back to the office

okay so not too exciting right i mean

that's basically my networking setup

it's just sitting in my laundry room

and kind of doing its thing and it's all

just sitting there

running and that's kind of it but if

anywhere in the process

i went into something that you have

specific questions about

like setting up a vpn um

setting up vlan setting up reverse

proxies

uh handling certificates for https uh

let me know i'd be more than happy to

make a video going into more detail

about those things

especially if there are some of you out

there that really

want to learn how to do this and want to

utilize it

in your home setup so that's all i have

for you today uh leave a comment below

on what your home networking setup looks

like

uh let me know if it's more complicated

or more

simple than what i'm running but if you

like this video be sure to drop a like

below

if you're a fan of the channel and these

types of videos be sure to subscribe

it really helps me a ton and i will see

you guys

in the next one

[Music]

you