NEED HELP: Proxmox + OpenWrt + AdGuard + ( OPNsense / pfSense ? ) + more

Operating Systems & Open Source Linux
1

I am working on re-deploying my Proxmox and home network from scratch again, albeit differently this go around and looking for help / clarification as I go.

SEE:
1st [successful] attempt here

This time around, my cable modem feeds directly into my OpenWrt-flashed Netgear WAX206 router’s WAN port which then feeds my Proxmox host and everything else to follow in my network.

I still do not have any physical switches in the mix and intend to do everything virtually through software, etc.

MAIN GOALS

  • HARDWARE CONFIGURATION
    ++ utilize AR9280 mini PCIe wifi card installed in Proxmox host (via passthrough and/or virtualization, whichever is better overall)
    ++ deploy Netgear WAC720 AP to extend network to garage / side yard / back yard

  • SECURITY
    ++ properly segmented & secured home network
    +++ FreeRADIUS ?
    +++ 802.1X ?

  • ISOLATION
    ++ VLANS
    +++ security cameras
    +++ phones / tablets / TV’s / FireSticks / etc.
    +++ lizard habitat automation hardware
    +++ 3D printer

  • ADBLOCKING
    ++ network-wide ad-blocking / DNS control / etc.
    +++ AdGuard Home

  • REMOTE ACCESS
    ++ TailScale (or similar) -and/or- VPN that allows me to access my home network from anywhere on all devices

  • NETWORK / FAMILY MANAGEMENT
    ++ family network control (to limit the kids as needed)

  • SELF-HOSTED SERVICES
    ++ Jellyfin (or similar)
    ++ Immich (or similar)
    ++ Home Assistant (or similar)
    ++ Mealie.io
    ++ Frigate
    ++ hopefully more …

  • EXPLORE & PLAY WITH
    ++ IPv6
    ++ OpenWRT
    +++ WiFi Fast Roaming ?
    +++ WiFi mesh ?
    ++++ B.A.T.M.A.N. ?

So far I have a relatively flat network with just a couple of interfaces / SSIDs setup on OpenWrt running on the WAX206:

LAN ( 10.10.10.x ) - LAN1, LAN2, LAN3 (wired ports only atm)

IOT ( 10.10.20.x ) - 2 radios – 2.4GHz + 5.0GHz

GUEST ( 10.10.30.x ) - 2 radios – 2.4GHz + 5.0GHz

LAB ( 10.10.40.x ) - LAN4 (feeds Proxmox host’s “WAN”) && 2 radios – 2.4GHz + 5.0GHz

I haven’t had much time to think past here really, so suggestions for logical layouts / deployment schemes are welcome.

At the moment I have my Proxmox host stood up at:
vmbr0 [10.10.40.40/24, gateway 10.10.40.1]

with an Owrt VM running at:
vmbr0[10.10.40.50]

whose LAN is set to:
vmbr1[10.10.50.50/24]

I managed to pass wifi [wlp7s0] via direct PCIe passthrough to OpenWrt and installed the ath9k driver to get it operational using this tweak. I installed the intel-microcode package and wpad-mesh-openssl packages and configured my WiFi to match my main router’s SSID’s with same configs on both sides, including 802.11r fast roaming, 802.11RRM (802.11k + 802.11v).

2

So far I have got my OpenWrt-WAX206 set up with VLANs but at this point I am struggling capturing and forcing all DNS through AdGuard Home running on Proxmox. I tried various firewall rules on OpenWrt along with different configurations involving forwarding, re-routing, etc. but every time connectivity breaks.

I have seen it mentioned in a few places it’s best to put DNS in its own network / subnet for proper redirection and client labeling within AGH.

I am beginning to wonder if some of the struggle may be because I do not have a switch between Proxmox and OpenWrt, but am not exactly sure.

Any help would be greatly appreciated. I am about to jump back in again this morning with more experiments.