Some time ago... a couple years, now... my trusty old cheap Netgear router breathed its last, and I bought a new one. The new one had this pain in the ass "Single Sign On" thing that made you set up an account with Netgear in order to log in to the router. Hard pass on that. It's possible to log-in locally, but it's extra steps that piss me off. I've been ruminating on switching to pfSense for my routing/firewall needs, and just getting one or more cheap Wireless Access Points to handle the WiFi. I have enough hardware just lying around that I could have done pfSense on a dedicated x86 machine, but the power, space, and noise were things I was not crazy about dealing with. I'd thought about installing it on a VM on my Threadripper VM Host, but the networking would be a problem without additional hardware. I finally got a 4x1G ethernet card for my VM Host, and stood up and pfSense VM.
The config process was not bad, per se, but it was a little opaque in spots. I have a separate Raspberry Pi running dnsmasq, handling local DNS, DHCP, and DNS forwarding, whereas nearly all of these modern router appliances have built-in, and a pretty enthusiastic about acting as your DHCP and DNS server. Chalk it up to paranoia, if you like, but I prefer the "component stereo" model here, if for nothing else, it allows be to keep at least some of my more complex config stuff up and running if something like a router quits. Getting DNS forwarding through pfSense was a little bit confusing at first, but I got it worked out.
Port forwarding turned out to be easy once I figured out that refreshing DHCP leases had to be done on target boxes for return traffic to go back through the router. I'm smart.
OpenVPN server setup on pfSense has not brought me joy, yet, but it could, still. I remain hopeful. Part of the problem, I think, is that my network is on another RFC-1918 network -- that is, I need to traverse another "local" network to get to the Internet.
I ran into a couple hiccups when I tried to get one of the WAPs I bought working. They're TP-Link AC1200 (TL-WA1201) devices, and they were cheap. I bought 3, because why not. The "quick setup" didn't seem to stick, entirely... so I had to kind of work through "not quick setup", and it seemed to take a few tries at that, with resets in between for it to really come up and do its job. So far, an hour into its service life, the first TP-Link TL-WA1201 seems to be doing the right things.
So, now, my private network is fronted by a VM running pfSense through a dedicated 4x1GB ethernet card, and WiFi is running of a TP-Link WAP, and with any luck, I'll never have to deal with Netgear's stupid SSO nonsense again.
The next bit of excitement for the home network is a 48-port switch. I know, how can I possibly justify a 48-port switch?! Well... I'm not going to pretend that I have 48 wired Ethernet machines up and running all the time, but I do have 6 machines in my rack, and 20 or so machines strewn about, and I have little "desktop switches" all over the place... I'm hoping to get away from that. Of course, that will mean doing more home-runs, but I'm hoping it will make for less confusing networking.
No comments:
Post a Comment