Your ideas for a network setup

In the near future I may be moving into the unit/flat next to my friend and I am investigating ways to share networks with each other. There will be 4 people normally and we aren't crazy downloaders but we might have video streaming or gaming happening at the same time.

Without running excessively long ethernet cables or drilling holes in walls this is my idea.

This is my current idea.

A quiet/silent PC running PFSense to handle networking and internet between the two units. I was thinking I could do Load Balancing between the 2 modems. There could be a rather high bandwith ethernet connection to the Server which will handle media transcoding, virtualization and file hosting.

PFSense would also host a WiFi hot-spot so we could just WiFi to it instead of running ethernet to all the devices.

I have a couple of questions though.

  1. What do you guys think? If you have a better idea what is it?

  2. The biggest bottleneck I can see is the WiFi hotspot, can you use multiple cards and "load balance" them or one that has multiple antenna (like the ASUS PCE-AC68) to increase potential bandwith?

  3. Drilling holes is a big "NOPE" so the only 2 options are to use WiFi to my friends modem or run a cable out through the front doors and to connect the two. The maximum bandwith of the modems won't be much (20MBps tops) so WiFi should be ok enough.... Right?

  4. I might set up a 2nd hotspot for my PIA (Private Internet Access) subscription so all I need to do is swap hotspots and my connection is encrypted. Is that easy enough to do or will it be better to just encrypt all the data?

  5. What do you suggest for the ethernet connection to the server? I was thinking a teamed gigabit network but is there a way I can use less cables and have the same or better speeds (for a reasonable price as well haha)?

Being able to cable it will make this a whole lot easier, but it is possible. In a couple of hours I'll be on a break and I can try to explain how I would set it up.

I agree with you there, Some devices on my side will be able to be cabled up but only the things for home entertainment (unless I want to run a long cable up to a switch to the spare room where my PC will be).

Okay so the best/cheapest way of doing this is to run two cables to your friends house. I know you can't do that so this is what I will call the second best way of doing it. You can do it cheaper and easier but there will be sacrifices to performance and manageability, but I'll let you know what I mean later.

What you'll need is two directional wireless bridges. They don't need to be directional but that will probably give you the best performance, you'll want to make sure you get something that uses 2.4ghz so it can penetrate walls, 5ghz might work but it depends on distance and how much it has to go through. (I'm assuming you can't install them outside the house or on the roof).

It's important that you get ones which support VLANs as you'll need to have two VLANs configured. On your friend's side you'll also need a smart or managed switch which supports VLANs. And on your side you will need a pfsense box with three physical NICs. On your friend's side you will configure the switch so that the port connecting to his modem is on VLAN2, with everything else on VLAN 1.the port connecting to the wireless bridge will be a trunk port that will carry both VLANs. On your side the bridge will connect to the pfsense box and you will create two VLAN interfaces on that NIC for VLAN 1 and 2.

VLAN 2 will be the second wan interface and vlan1 will either be a second lan interface or you could bridge it with yours, either will work but having separate networks will allow for access control between them as well as being able to run your own dhcp servers. Whereas a bridged network will allow for broadcast traffic which may be easier, but you'll have to have all dhcp stuff handled in your side.

So on your pfsense box you will have wan1 (connected to your modem), wan2 (the VLAN2 interface) which will be part of a load balance group, lan1(which connects to your network) and lan2 (which connects to your friends network. Or you would bridge the two lans so you just have wan1, wan2 and LAN.

In this way you can both run your own wireless networks. As for teaming to your server, I'd do this with a managed switch but there won't be much point if most things are connected with WiFi. If you want to use a single cable you'll need to look at 10gb stuff but I don't think it will be worth it.

This is if you want to load balance the two internet connections, if not and you don't mind setting up all your devices manually then a cheaper way of doing it is to have a wireless bridge on his side which connects to a wireless network on your side. You will need to configure all your devices manually so that your devices connect to your router as the gateway and all of his connect to his router.

You could also have his wireless bridge connect to your access point and have an access point configured with three VLANs, one for his wan, one for his lan and the other for your LAN, but the performance could be pretty bad depending on what sort of signal you get between the two houses, in my original plan your wireless network won't be affected by the connection between the two houses.

I'm writing this on my phone so let me know if it doesn't make sense.

Also, for you vpn, you can run that on pfsense. If you uncheck the box which will set it as the default gateway then you can Co troll which devices (or which tradfic) will use the VPN. That will be easier than having a second wireless network for it.

Once you have the VPN set up you just create firewall rules for the traffic that you want to use the VPN. In the advanced options there's a gateway setting, just change this to the VPN. So anything you can create a firewall rule for (ip, Port, protocol) you can configure to use the VPN. Just remember that firewall rules are first match from top to bottom so have your VPN rules above your regular internet rule.

Awesome :) That will be rather handy

The 2 Units share a common wall so distance and wall thickness doesn't matter much.

You did well to type that much on your phone :)

In that case you could probably get away with having his bridge connect to your access point, just get something which supports VLANs. Especially if you have dual band so you can use the 2.4ghz for the bridge and the 5ghz for your wireless network.

In that case, could I use a cheap Mini PC (maybe like a last gen Intel NUC) with WiFI and a pair of Network ports and load PFSense (Or some linux distro) on that to handle the WiFi and VLANs?

I am not sure what kind of connection it is to the internet. He said it was cable but he isn't THAT technically proficient (He prefers to play on the tech then to play with it haha).

WiFi will mostly be primary but there might be some things that will be connected to LAN.

I am from Australia sooooo.... It could be anything from ADSL2 to Fibre (Highly unlikely though).

I wouldn't use pfsense for WiFi, it has pretty awful support. Maybe you could have wireless on the pfsense box (assuming you get something supported) and have either connect to an access point on his side, but he'd still need an access point and switch which supports VLANs. And you'd still need another access point for your WiFi.

If he only plans on using WiFi then you can avoid the VLANs all together. Have his modem connected to a wireless network and have your pfsense box connect to that, then have an access point on your network that his devices can connect to.

Ah, thanks for letting me know about that :)

Maybe we can scratch the Wireless idea between the 2 houses and move to just ethernet. If I went through the back doors (it would be quite the run) It would be more stable and have more bandwith than WiFi would.

How would you go with that?

Much easier, basically you would need a pfsense box with four NICs. Connect WAN1 to your modem, WAN2 to his modem, LAN1 to your network and LAN 2 to his. You can do it with three NICs if he connects to your WiFi network, then you only need a cable that connects his modem to your pfsense box, but the cable will be much better. You could also have a cable that connected your LAN to his and you'd only need three NICs, just connect your switch to his. But a quad port nic is easy enough to get.

I dare say that the run will be more than the 100 Meter max that cat 5e/6 I would need a repeater or something out the back....

https://www.mwave.com.au/product/tplink-tlsg105e-5port-gigabit-easy-smart-switch-ab69353?gclid=Cj0KEQjwztG8BRCJgseTvZLctr8BEiQAA_kBD7fMCNsdpAZhvQIeKIHmhKNDYsXTn-7p3IN6uwUh_B8aAqVY8P8HAQ

Would that handle both "WAN2" and "LAN2"?

If it supports VLANs then you could have both cables going in to it and another two coming out, or get one switch for each cable, or get media converters and use fibre, but two switches would be cheaper.

It says it's a smart switch but doesn't say anything about VLANs, if you can find out if it supports them then it will work.

oooOOOooo, I didn't think of fibre networking ;) have ALL of the bandwith haha

So a 4 port VLAN switch will be fine or 2 separate switches for each.

Thanks for the help @Dexter_Kane I have lots to think about and to talk to my friend about

Yeah a four port switch would work fine as long as it supports VLANs. Then you just have 2 ports on vlan1 and the other 2 on VLAN2 and connect the cables accordingly, nothing else will need to be set up with VLANs.

You could also find a gigabit nic which uses fibre for your pfsense box, but I think you'd be bale to get a bunch of media converters for cheaper, the cable costs virtually the same. Have a look at (I think it's called) fibre store. They're a Chinese brand that makes cheap cable and transceivers.

If you get a VLAN switch you can get away with running one cable from the pfsense box to the switch and then too to your friend, but you might as well run two cables all the way.

One last question about PFsense.

I know that you can limit WAN connections by bandwith (speed) but can you set a data cap limit, as in 500GB to WAN1 and 750GB to WAN2 and then when the Load balancing is active it'll download no more than 500GB from WAN1 and "disable" that connection?

Possibly, as far as I can tell you can't set a limit as part of the load balancer, but you make be able to set a cap to each interface in the traffic shaper, but I'm not sure if that would work or not.

Actually that would probably only work for upload, if it worked at all. What you could do is set a weight to each wan interface, like 2 and 1 so that one connection will get twice as many connections as the other, or whatever ratio you'd like.

Yea, I read a bit about load balancing from their Wiki and learnt about "Weights" but that is fine :) thanks for the help @Dexter_Kane