Banging my head against the wall..why are routers such black magic right now?

I still have Aimesh working on my T-Mobile routers. I luckily flashed them a few days before that stupid update came. Sucks they did that.

quote:

---

Build a pfsense router, buy a POE switch and get a ubiquiti AP

---

my FiL did this exact thing. i'm just not sure i want to deal with the hassle of a DIY router solution.

You took the words right out of my mouth

If building a pfsense router is too much, get a ubiquiti edgerouter lite to run to a POE switch

I've only got a Linksys max stream until I get a house I can run my own networking.

Then I'll be getting a pfsense router or edgerouter lite, POE switch and some ubiquiti APs

quote:

---

my FiL did this exact thing. i'm just not sure i want to deal with the hassle of a DIY router solution.

---

It's more hassle up front but it's so much better long term.

Last year I got tired of dealing with ASUS router bullshite and got a bunch of spare equipment from an office I upgraded and set out to build a pfSense box. Ended up saying frick pfSense because it couldn't do everything I wanted to, and I built a vanilla FreeBSD server box.

It took the weekend and quite a bit of frustration (no GUI, everything is configured through writing text files from scratch) but I now have the home network infrastructure of my dreams.

Besides being able to do so much more, I never have any problems, and the only maintenance I need is to run a few commands to make sure packages are up to date and aren't vulnerable. And if I do have problems, I can quickly diagnose through a console exactly what is going wrong.

No ragrets.

The Mikrotik ones look interesting as an off the shelf version. I'm interested in trying one out next. Can anyone here speak to them and their features vs PFSense?

Lol.

What more do you need that an er8 pro cant do. Lol.

And combo routers/switches/wifi aps are not "routers" they are consumer grade crap.

A router is a router and should never do switching.

quote:

---

Intrigued to hear more about this

---

Sure, why not? It'll be long, but probably worth the read if you like this kind of shite.

So at the office I do side work for, I upgraded 5 machines and I inherited the old parts to do with as I please (owner is a friend, doesn't care what I do with the stuff).

Purchasing some additional things myself, I ended up with a system of the following specs:

Fractal Design R4 Black (a nice heavy duty steel case that's just plain black)
i5-3570K CPU @ 3.40GHz
32GB DDR3
250GB SSD
1TB HDD
Four 4TB HDDs and a 4-port pcie SATA card
Intel duel ethernet NIC card

My house is a small 3 bedroom with cat6 run to an outlet in every room including below the living room 4KTV (with Nvidia Shield, 5.1 Surround setup).

I also purchased business class internet service from Cox, $120/month for 100 down, 20 up with no data caps, static IP address, reverse DNS entry, priority/business tier customer service, prioritized truck rolls, etc. Yes, it's a little expensive and the speeds are not the numbers people drool over, but my house is just me and my girlfriend, and I never find myself wanting more bandwidth ever.

I bought a domain name strictly to be used for my home network (we'll call it "efradhome.net"), and had Cox set my IP address's reverse DNS entry to point to my domain name. I created a free Hurricane Electric DNS account and set up the domain to point to my home's IP address.

Built the computer, went to install pfSense, ended up not going that route because I wanted to install additional software packages on my server and the support for that is not completely there. I ended up deciding to make this a completely educational experience, if I want to improve my career in IT, I should build everything from scratch so I can legitimately speak from experience. That meant downloading vanilla FreeBSD and installing it on the SSD with ZFS, getting dropped to a command prompt and setting up the entire server/network infrastructure from just a text terminal.

Modem goes to first ethernet port, Dell 24 port switch goes to the second ethernet port.

I got the book "The Book of PF: A No-Nonsense Guide to the OpenBSD Firewall" and after an afternoon learned how to write a pf.conf file, learned the ins-and-outs of firewall rules under pf. Wrote a beautiful and fully documented (for my future self) pf.conf which basically configures my network layout, NAT rules, firewall rules, port forwarding rules, etc.

Installed dnsmasq which is a hybrid DHCP and DNS server. I dug up every goddamn device in my home with a MAC ID and added it to have static local IP addresses, then In my hosts file I defined a subdomain for every device connecting to my network. So yeah, my iPhone is iphone.efradhome.net, my MacBook Pro is mbp.efradhome.net, my goddamn Sega Dreamcast is dreamcast.efradhome.net, and even my Mac SE/30 from 1989 is se30.efradhome.net. All of my security IP cameras have their own IPs and subdomains. Overkill? Sure, but you have no idea how tremendously easy this makes a lot of tasks. dnsmasq even lets me put both MacBook Pro ethernet and WiFi MAC IDs as the same IP address, so whenever I dock my laptop in the office and switch to ethernet everything still works off of the same IP/subdomain. Never seen that in a consumer router or custom firmware interface.

Any devices that will be accessed over the internet also get their own subdomains on the Hurricane Electric DNS which means that whether I'm on my home network or away somewhere, the subdomains for my devices still work.

Set up Hurricane Electric IPv6 tunnel and configured it on my server (HE IPv6 has advantages over Cox's native IPv6).

Set up the four 4TB hard drives with ZFS storage with RAID5-style redundancy for an effective storage space of 12TB. Attached additional 12TB of USB3 external storage for lower priority data. Set up different storage pools for my different types of data (docs, pics, videos, etc.). Depending on the type of data being stored, I have some pools set with automatic data compression and/or deduplication.

Installed samba SMB server and configured it for various network shares corresponding to the various pools.
Installed netatalk Apple AFP server and configured it for the same shares. Installed the Avahi zeroconf server and configured it so that when Macs see my server on the network, the icon displayed is an Apple Xserve (I'm guilty of being a fool for Apple stuff). Set up netatalk so that the 1TB HDD is a Time Machine-enabled AFP share, and my MacBook Pro does hourly encrypted Time Machine backups to it over the network.

Installed transmission-daemon, a torrent client so that whenever I torrent things I just browse to transmission.efradhome.net and drag/drop the torrents there and it automatically downloads to my "Incoming Torrents" network share.

Got an HDHomeRun and a Plex Pass and installed Plex server. Set up Plex DVR with the HDHomeRun for antenna broadcasts. Now every day at 6PM my server tunes into FOX8, records Jeopardy, automatically strips out all of the commercials, transcodes it into my desired format, and makes it available for streaming. And of course, I can watch live broadcasts with it, from anywhere in the world I have internet.

Next I installed Nextcloud and Collabora Office, which allows me to create a complete cloud server (storage, calendar, contacts, word processor, spreadsheet, etc.). I have the Nextcloud iPhone app so I can access my files on-the-go, and have it set up so that all photos I take on my iPhone automatically transfer to my server in the background. I can edit documents on my server anytime with the web-based office suite. All accessible at cloud.efradhome.net.

All of these services are jailed (jails are FreeBSD sandboxes) so if for example there's an exploit in Plex, anyone who breaks into the Plex server will find themselves in a sandbox unable to access anything else. One command in FreeBSD will audit all installed packages against vulnerability disclosures so I just run that frequently and run updates frequently.

I have a few other services I run on the box too that are related to personal projects and niche interests.

Yes, it's all a bunch of overkill, but I learned a hell of a lot about networking, computer security, FreeBSD, etc. along the way, and used that knowledge to make some more money in my side work. And there's always little perks to having such a great setup. For example, a few weeks ago I decided to play some old Sega Dreamcast games online (fans have programmed and created private servers for those long-discontinued games). Most people have to fiddle with burning patcher boot discs or using GameSharks to get the game to connect to the private server instead of the defunct Sega server, but I just had to pop open my DNS configuration file and override the domain entry, and no more hassle.

I know this is way beyond the scope of what CAD703X was looking for, but I strongly suggest anyone who is into routers/networking and custom firmware just skip those half-arse solution headaches and try something like pfSense at least. Once you set up your own router, you will never want to use an off-the-shelf solution for a home network ever again.

quote:

---

Dude, that's impressive.

---

Thanks man! I know it's a long post so I'm glad someone at least read it

This project sort of also made me a bit of a "tech prepper" unintentionally. I started making a lot of decisions about my network with the "what if shite hits the fan?" scenarios in mind (loss of power, loss of internet connection, California got nuked by North Korea and now half the country's datacenters are gone, etc.). Right now I have all this stuff on battery backup so when the power goes out I can still do almost any of the normal internet tasks, but the stuff is all at home. It's also why I don't care that I only have 100mbps internet -- almost everything I need is on the local network!

I'll be getting some new parts for free again soon so I plan on upgrading the system's CPU and motherboard in the coming months. Not that I need it, but because I'll have the parts anyway. My next investment will be more storage but I will also be paying attention to putting in more storage redundancy. I don't want to free myself from the datacenter cloud only to lose my shite to basic hardware failure. My girlfriend just moved in and wants in on this for Time Machine backups and for redundant network storage for her photography projects, so she's agreed to donate some additional storage.

I know IoT stuff is hot right now but if you really want to change your home life a home Linux/BSD server would go further to improve your home life, it's cheaper (you can do this shite with old parts, it's really the storage that costs so much), you can always upgrade it or fix it, and never have to replace it, never have to worry about it being discontinued. It's the cool little things, like now that my girlfriend has moved in and will be responsible for half of the bills, just syncing my bill schedule on my computer with her devices via the CalDAV server, so she can always just look at a calendar on her computer, tablet, or phone to see what bills are paid/unpaid and when she owes me the money, all automated. It's a bigger help in making our life easier than wifi light switches ever will be.

That was a pretty awesome post. You have done some very similar stuff I want to do.

I'm still deciding on the following...

- PfSense box router (probably run it as VM on my server), 24 port POE managed gig switch, and some APs

- Full on ubiquiti. Gateway pro, 8 port POE switch, 24 port non poe switch, and two AC pro APs

The former will probably be a cheaper option if I run it as a VM, but I know myself and I'd probably want to build a PC for it