Homelab Adventures Continue2 min read

My updates here have been few and far between, mostly because I’ve been writing for other entities (when I’m in the mood to write at all). But sometimes I’m working on things where my own blog is the most appropriate outlet.

Longtime followers may recall my homelab efforts. My work in the homelab had, until now, largely been stymied by my dependence on Apple’s anemic Airport Extreme hardware, and an Airport Express to bridge my downstairs homelab to my upstairs cable modem. This is no longer a problem.

Over this past weekend, my wife and I ran some CAT6 cable to set up a wall port near the cable modem and another one near my server rack. Now the cable modem’s ethernet out patches into the wall jack, which comes out the other end in my home office. I’ve temporarily put a straight patch cable between the wall jack and the eth1 interface of my Dell PowerEdge 1950 server, which now runs pfSense and acts as my router/firewall. I say this patch is temporary because I’m going to be standing up a new Force10 S50 switch in the server cabinet, and the smaller (now saturated) Cisco SG300-10 is going to move upstairs to the living room. The cable modem will patch into the new Force10 switch, and the firewall will see that network as just another tagged VLAN.

Why put a layer 3 switch upstairs? WiFi. I’ve broken up the illicit partnership that Apple had spawned between routing/firewall functions and WiFi access point. As it turns out, Apple wasn’t great at any of those things. So what am I using now for WiFi?

Ubiquiti UniFi UAP-PRO. Right now I’ve got it sharing two different WiFi networks:

  • authenticated network for my household and our devices
  • unauthenticated network for everybody else (guests, neighbors, etc)

The unauthenticated network has its SSID attached to a special transparent Tor proxied VLAN. Yes, I’m actually using a Raspberry Pi for right now as the Tor gateway. I expect that to be replaced by a very small virtual machine this summer. Anybody who attaches to this network will have their traffic transparently proxied through the Tor network. Fringe benefit: you can directly access .onion hidden services without any special client-side configuration if you attach to this wireless network.

Right now I’m really loving the Ubiquiti gear. My Mac Mini is currently hosting the configuration daemon, but I expect to migrate that to a Docker container soon. It’s giving me a lot more control over my wireless networks. I can see what the traffic trends look like, who are my most active guests, what sort of traffic volume are they passing, etc.

pfSense was up and running in minutes. I pretty quickly added a transparent Squid proxy without any issues, and bootstrapped IPv6 without too much trouble (though this is one thing Apple did do a better job of).