I need to change up my network for a few reasons and have some older equipment laying around which gives me a lot of options. So many choices in fact that I am not sure what the best way to go about it is.
I have attached an infographic for some context. Basically it has some details on hardware/software options available to me, my goals and ideas for this homelab build.
Maybe I need to invest in newer/better hardware and ditch the old gear? Relax and not overkill with multiple solutions or unnecessary complication? AM I missing the gotcha’s of this kind of setup?
Just need other people’s viewpoints and perspectives so I can make up my own mind on what I want to do. Thanks.
*edit*
As suggested. Here is a breakdown of what I am trying to accomplish. Its multiple things and I was trying not to write a book that no one would read.
- I have too many wireless devices to support with just one AP and I want to separate my network to isolate things from each other … control who can talk to who. So what’s the best way to do that with what I have?
- I need to decide what kind of firewall to go with. Physical (w/ DD-WRT, OpenWRT, other) or virtual on Proxmox (pfSense, OpenSense, etc.)?
- I need to decide how to set up VPN access (inbound and outbound w/ killswitch so outgoing VPN connections from certain devices drop internet if the VPN drops). Do I need two separate VPN setups for that?
- Do I need to upgrade the server hardware I have because it is too old/underpowered to do what I have in the picture?
You may want to edit your post and break it down so it’s easier for people to understand.
From my understanding (let me know if I missed anything)
You basically are wondering
- network segment: is it better to virtualize OPNsense/ pfSense or use an older device with openWRT or DDWRT?
- if you should buy a new server instead of using your current hardware that includes a xeon processor?
Will try to answer all your questions with some more details
- network segment
- a lot of people virtualize their firewall and OPNsense (I preferred this over pfSense) and pfSense are great firewall solutions. They have more plugins available to them then openWRT and DDWRT and will have more processing power than an older router.
- but some people (like myself) don’t like virtualizing their firewall. Mostly because if the hypervisor goes down, let’s say during updates, then all the Internet goes down for the house hold. It also adds a layer of abstraction which is proxmox. Which isn’t to bad for you because you can pass on the NIC directly into the firewall VM
- openWRT and DDWRT are both good softwares and will mostly suit your needs, you just need to be careful with speeds. Some devices after getting flashed with the software don’t perform as well.
- you can even use these routers as just access points if you want to virtualize your firewall. That way you can have LAN wifi separation for your IOT devices (or not virtualize and still have VLAN/LAN wifi separation.
- personally I would go with the openWRT route and see how the router performs.
- more about LAN separation
- I would put my services inside a DMZ and just ensure it can’t talk to anything.
- home assistant can be in its own DMZ (proxmox can do VLANs) where it can only talk to IOT devices and of course IOT devices can’t talk to anything which includes the Internet
- should you get a newer server?
- if power consumption is an issue then I would measure how much the server will idle at. Having both a xeon CPU and GPU most likely will consume a lot of power. If not then the only reason you should update if the software requirements aren’t met with the hardware.
- typically you only upgrade if you hit a limitation or just plain want to upgrade (but typically recommended not to upgrade unless you have to)
- lastly I would use the RPi only as a backup solution. As in put Pihole on the proxmox sever and use the RPi as a secondary DNS if you want to. You can utilize OPNsense/ pfSense unbound which can do the same thing as pi hole by Pihole has a more mature GUI.
Hope that helps
