Upgrading Home Defence!

I need to upgrade my home network and need some honest opinions.

What I would like to do is have 2 separate networks at home. 1 hardened network, and 1 more relaxed network for the family with a isolated guest wifi network for visitors. Currently I have moved into a new place, and the ISP gave me one of those crappy all in one modem / routers. I want to get rid of that thing and purchase my own Modem (no wireless capability just a pass through modem) and add 2 routers running 2 differently configured networks.

Is it possible to configure a router to run VPN over certain Ethernet ports forcing whatever device is plugged into such ethernet port to connect over VPN, and likewise to have 2 SSID’s broadcast 1 forcing all connections to go through VPN and 1 to go through normally?

Looking to set up the home network to be as secure as possible without being a nightmare to manage. Networking is my weakest link, so I am looking to learn more and improve my home network in the process. Most of my personal devices I use to play with or work with are hard wired in. So the hardened network priority is wired connections (at least 4), while the relaxed network has to have good wifi.

How do you configure your home / lab network ?
How do you block Ads / Trackers / Malware ?
What Routers do you recommend (prefer OSS) ?

Thanks for taking the time to read and reply. Cheers :beers:

well the simplest way to do this is build two physical networks and have a Router with more than 1 LAN port.

Most of the time people just use VLANS on a managed L3 switch to keep traffic playing in their sandbox.

I would look at OpenSense and PFSense as your router, then run something like PIHole in a docker container on your infrastructure to deal with ADs.

If you’ve got some spare hardware you could build the router yourself also. Depending on budgets and available time that could be worth it. Might be difficult to find something at reasonable prices right now unless you get an appliance from the Netgate store or something.

Somehow I thought guns would be involved in this thread and screenshots would be posted but… oh well.


Yes, but also no.

I have to echo the suggestion to look into PFsense or Opensense as a router and getting an managed switch for configuring VLANs.

As for routing specific devices to the VPN, that can be managed in PFsense by having a VPN client, static IP mapping and using an Alias to assign specific clients to route through the VPN tunnel. This is how I have my home network setup.

If you need/want the 2 separated networks you will definitely require VLANs and a switch.