Intro
Hello all!
First things first: this is my first post, I just joined the forum to post this. I’ve been watching LevelOne Tech videos for years, and the team always speaks highly of the forum community. I need a little help for networking setups and I feel I’m not proficient enough to not make mistakes. Therefore, I tought I’d ask for help here, to people who will know much more than I.
Also, I think this will be quite a long post. I feel I have to explain and describe a lot of things to be sure to be thorough enough because networking stuff needs to be. So… Sorry and thank you for reading, I guess?
Finally, since it’s my first post, a little bit about myself: I’m a 30-something french professional AV systems engineer (think meeting rooms, videoconferencing, auditoriums and such). Long time gaming and computer enthusiast, opensource advocate, privacy and online security tight-a**, I also dabble in networking (mostly surface stuff, both for personnal home networking and for professionnal use).
And please “forgive my french”. English isn’t my native language, but I tried to proofread as much as I could, sorry if some mistakes slipped through.
Now that that’s out of the way, on to the show!
What I have today:
I’m buying my first appartment and will be moving in in a few months. I’ve always wanted to create my own home network infrastructure, and I feel that this will be the perfect moment to start from scratch. To understand what I started to think about, let’s talk about what I already use.
The devices and use-cases I have:
- Main Gaming/Workstation computer
- Home entertainment/media consumption PC that doubles as a networked storage solution
- IoT/connected robot vacuum cleaner
- an android tablet, used as a remote control over wifi for several different pieces of software
Today I use my internet service provider’s all-in-one box (modem, router, DHCP server, WiFi access point) as the node to my home network. I use my home entertainement PC as a do-it-all box. It’s old hardware I had laying around that I repurposed: Intel i5-2400, 8GB DDR3, no-name 120GB system SSD, 11TB of HDD in one box. I installed a Ubuntu OS and it stores all my media files (movies, TV Shows, music) as well as personnal files (pictures, backups, etc.). It is not setup with any redundancy (RAID), but it is a redundant storage since all the personal/critical files are also copied on 2 other seperate drives in my main PC, as well as off location on a relative’s NAS. Except the media files, but those are really not critical and don’t need redundancy.
For media consumption, I mainly use Kodi on all my devices and I set up a seperate SQL server to share my database between all my networked devices, instead on a local one on each. This way, a movie will be marked as “seen” on all devices simultaneously and I can pause and resume playing a movie between 2 devices automagically. Works great. Since all media files are stored on the Media PC, I use simple smb file sharing on the network to access those from all devices.
I have both a Logitech Harmony universal remote (with a USB IR receiver) and the Yatse Android App on my tablet to control the thing. Perfect use for me.
For music, I use 2 seperate pieces of software that I would like to consolidate. On my main PC, I use iTunes ('cause I’m still rocking that iPod Classic, baby!), with music files stored locally. On the media PC, I use Rythmbox (also with files stored locally), that I find good enough, although I haven’t found a decent remote Android app to work with it yet.
Now, one of the goals I have for the new setup is to have everything properly stored on a NAS and have everyone target this NAS for reading files.
The new home, the new network and my goals:
- New place has Fiber to the Home, and IPS offers a cheap $50/month 2000Mbps down/600Mbps up plan (yeah France…), so I’d like to take full advantage of that.
- That means, at least, 2,5Gbps networking for devices that supports it
- I want to run my own pfSense router to be able to set everything as I want and use the ISP’s box as a “dumb” modem
- I want to have at least 3 seperate VLANs, with 3 separate SSIDs to separate devices on the network, acces, and improve security
- I want to install a server box to host different VMs, hosting different services, including (but not limited to): a NAS, a home-automation server, my media file SQL server
Here’s what I thought of:
The modem:
ISP has 3 models of boxes available. The most high-end one supports FTTH and 2,5Gbps LAN (1 port). I would like to disable every “smart” function of the thing (DHCP, Access Point, DNS resolution, etc.) and only use it as a modem, connected to a pfSense router that would do everything. As far as I read online, it would mean set it as a DMZ server. Am I wrong? Is there another (safer) solution I should look into? What are your thoughts?
pfSense router
Up until very recently, I was thinking of having a pfSense router run as a VM on the “does-it-all” server. But then, yesterday, Wendell called it “the forbidden router” in his most recent video so I guess I won’t do that? All jokes aside, he made very good points. So I was thinking of buying a NETGATE 4100 BASE PFSENSE+ SECURITY GATEWAY. It would host my pfSense router and supports 2,5Gbps networking. Any feedback on those devices?
Having my own router means several things:
- I can use a different DNS resolution server than the one used by my ISP, thus optimizing privacy. I was thinking about Cloudfare’s 1.1.1.1 service. Any thoughts on that? Do you recommend other solutions?
- I have a paid subscription to PIA VPN services. Would it be possible to have it run at a router’s level and have every internet packet go through VPN tunneling and encryption?
- By using both a different DNS resolution server and a VPN service, I would like to create a network wide add blocking system, like pi-hole. Is this something I can setup directly within pfSense or do I need to have it running on a seperate VM on my network?
- I would like to set up at least 3 seperate VLANs with: 1 main VLAN with everything that need to communicate on the network (Main PC, Media PC, Android tablet, NAS, etc.), 1 seperate VLAN with dedicated WiFi SSID for guest use (with only internet connection, and no access to other devices on the network and a 3rd seperate VLAN for IoT things (so far, only my connected vacuum cleaner, but the list might expand) for only internet access.
Am I missing something? Is it something blatantly wrong with my train of thought?
The switch:
To provide wired networking to all devices that need it, I obviously need a network switch. It must support 2,5Gbps networking and VLANs. I found this QNAP QSW-M2108-2C (sorry I can’t post URLs). Any thoughts on QNAP devices? would it support what I’m trying to do here?
The access point:
As stated before, I would like to assign 3 different SSIDs to the 3 different VLANs. I could even go as far as having only one SSID broadcasted (the guest wifi) and unfiltered, while the IoT and main one would be hidden and with MAC address filtering. I found this TP-Link EAP610 (Sorry I can’t post URLs) that seems to support both multiple SSIDs and SSID to VLAN mapping. Is that all I’m looking for?
Note: the appartment is fairly small, a single Access Point will be enough, no need for mesh.
The almighty all-in-one server:
I found a website to buy refurbished servers on the cheap, and I found this HPE ProLiant ML350p Gen8 Server (sorry I can’t post URLs) for ~$500. Specs are 2x Xeon Eight Core E5-2665, 64GB DDR3. It comes already equipped (on-board) with 4x 1Gbps ethernet, but I can cheaply add a 2,5Gbps PCIe card. It also has a 6x 3,5’’ HDD bay associated with a HP Smart Array P420i/512M FBWC Controller RAID controller. I would stuff it with NAS rated HDDs and use it to run my VMs.
- What virtualization server system should I use? Is ProxMox a good bet?
- For the NAS VM, I was thinking about TrueNAS. Any thoughts?
- I want to play around with home automation, so I will probably install a home-assistant VM as well,
- To host my SQL media library, I’ll probably just install a Ubuntu or Debian distro that I would be able to remote in.
The death of Dropbox:
I try to use as little as cloud storage as possible (“the cloud doesn’t exist, it’s just someone else’s computer”), although I do still use Dropbox for 1 feature I like. My personnal Dropbox is always synced with my actual storage server, so whatever I put on Dropbox immediatly drops onto my personnal storage. With that, I use the Dropbox Adroid app feature that, whenever I take a picture, it is sent to Dropbox. Therefore, whenever I take a picture with my smartphone, it is send to Dropbox that is immediatly synced to my storage at home. I love it.
Now, the goal is to try to do the same, without going through Dropbox. Back in December 2020, Ryan made a video about NextCloud. Although he hosted it through Linode, it seems to be available for TrueNAS and I believe that the NextCloud app for Android could do the same “automatic sync” of pictures.
The issue here is: so far, I was talking about having storage available on my home network. Having a “NextCloud” feature on my NAS opens it to the internet. I worry about security here. How safe would it be? I guess I could have “NextCloud” set up within a small dedicated part of my whole storage, to safely seperate my home storage from my cloud storage?
What is this Spotify you keep talking about?:
I hate streaming media. I like the idea of owning my files and access them as I please, even if I don’t have an internet connection (which is rare, I confess, but still). I’m also fairly picky about music rendering and quality, that is why I am still using my good old iPod Classic I bought back in '07. Since then, I modded it with a 256GB SD card and custom firmware, to be able to read lossless audio (like FLAC). And I’m not keen to replace it any time soon.
That being said, there might be a few instances when having access to my home music library might be interesting. Once again, part of the “Ultimate Home Server!” series, Wendell demoed the Navidrome service, which runs on TrueNAS as well.
Navidrome works with Android clients and desktop clients (both Windows and Linux), so I’m thinking of ditching both iTunes for Windows and Rythmbox for Ubuntu and install SoniXD on both. But there are 2 features I still enjoy about iTunes: adding content and remote control.
When I wish to add content to my music library, through iTunes, I simply point to the folder of content I wish to add, and then iTunes scans it, reads the ID3Tag info of the files, creates a folder tree for artist and album in my “Music” repertory and stores it there.
I know Navidrome would read ID3Tag info as well and keep a clean library, but would it be also able to change my “Music” folder structure like iTunes does?
Also, when I listen to music with iTunes on my desktop, I can use an Android app on my tablet to remote in on iTunes, access all my library and control the playback. Any way to keep this with SoniXD?
Closing thoughts
This is where I am so far. I’ve been thinking on and off about such a solution for a few years now. Even if most (if not all) software listed above is OpenSource and free, it does involve some fairly expensive hardware and (I assume) a lot of time to set up correctly, and I foresee the endeavour being sweat inducing. But hey, I don’t have to do it, I chose to do it. But before investing any money and time in this, I thought of asking around for some help and have someone second check my findings (not too dissimilar to an OpenSource project).
I would like to thank the whole LevelOne Tech team to inspire me in this project and I would also like to preemptively thank any and everyone of you who will take the time to read my here novel and give me feedback about it.
I can’t wait to read from you.
Sincerely,
Poggo.