I run a number of Ubiquiti network switches and access points all managed by a self hosted manager running in a VM. Behind an OPNsense router with multiple physical NICs and physical networks.
Original setup:
Internet–>ISPModem_10.0.0.x–>OPNsense–>Mutiple Home/LAB networks (all RFC1918 networks)
This setup worked great as I was able to setup firewall rules to allow access between Home/LAN Networks as well as any devices in the ISP Network (10.0.0.x). The only problem with this was my Home/Family network would go down if/WHEN I broke it and reprograming all the IOT devices and computers was very annoying. To resolve this I purchased a Ubiquiti Cloud Gateway Ultra (UCGU) to manage the Home/Family Network as well as manage all the Ubiquiti devices on the Home/Family network. I installed this along side the OPNsense router that now only serves to create my LAB Networks.
I got really busy recently and am wondering if chasing an actual workable solution: Would setting up OSPF on the Gateway Ultra and OPNSense allow each system to talk with the other without the need for NAT port forwarding? I would like to use my Home/Family network for example to access one or all of my LAB Networks or vice versa. I could then utilize firewall rules on OPNsense or UCGU to further harden the networks.
Make sure the family can connect to internet and printers in the easiest way. This of course means that my lab is secondary.
Set up another wifi access point on the lab. That way I can connect to the difficult to grasp system and the family can go on and do their thing. Yes it means that you will never be able to put your lab directly accessible from the internet, but the consequences are for more forgiving.
And if you make the system so complex that the family can’t understand things, what happens if you get hurt and can’t keep it running? You are one drunk away from having a problem, this is my car about 6 years ago after meeting a drunk head on.
Yes blurry, one eye was shut because I had an orbital fracture that blew through the sinus into my eye, this was on the way to the hospital again to have my eye looked at. Needed to grab my license plates so I could stop the insurance and get a new car. Poor little car did it’s job, no life threatening injuries but things are never the same after.
I hear ya about the car accident. You’re never the same afterwards. My wife went through this when a semi spun her car off the road several years ago. She wasn’t the same after that.
Getting back to topic yes I agree to keeping the home “public” network simple for the household. Can’t tell you how many times my wife would look at me as if I broke the internet.
Yes, if you configure OSPF on both devices they will learn the networks available on the other device and you will be able to route between all your networks. This is a good setup since when you build a new lab network you won’t need to add it manually each time to your UCGU.
