Suggestion for "home" network setup

lg.lindstrom · August 20, 2021, 2:39pm

Hi

I am searching for advice regarding my new “home” (or small business, don’t know what to call it) setup.

We have a apartment and a summer house. More and more work is performed from “home” and it always seems like information is placed on the “other” location.

My places.

Apartment:

3 access points for wifi.
NAS
IoT hub
1Gbit internet access, flat rate

Summer house

1 access point for wifi, must be expanded to 3 in total.
IoT hub
40 Mbit LTE router with 100 Gbit/month.

I am looking for a way to seamless merge the two location so everything on the NAS can be accessed from both locations.

Also am I thinking of setting up a small Home lab that can be accessed from both places.

I would like to add a backup server for my NAS placed the sommer house. I have my Nas backed up locally but a friend of mine, lost everything when he had a visit of burglars. My NAS contains about 4T of data, music, pictures.

Last but not least. The system must be robust and easy to maintain.

As always best bang for the money with respect to requirements is a good start.

After looking at your video unify or omada can be a option but every system is under evaluation.

neogrid · August 20, 2021, 3:40pm

Think the solution is super simple, connect the two sites with an openVPN connection.

Using static routes you can easily route traffic, using different address ranges helps, say 192.168.x.x in your flat and 10.x.x.x in your summer house.

Your NAS or router probably has a solution for running a VPN connection of some sort.

If you want to keep two NAS boxes synced, then if they are the same brand they probably have some kind of RSync option to keep the two boxes synced up.

That can be done with the kit you have.

I know this as I had a somewhat similar setup with an Asus router.

I’d recommend you take this approach first as you can then use what you have and then know what you actually want !

The problem you will later face is that you need to have some openVPN redundancy. If you run a site-to-site VPN, then you basically have one connection, if there is a failure then it’s down, so I’d recommend that you set-up a OpenVPN server and client on both sides so you basically have two connections. Goes without saying having yet another OpenVPN server would mean you can access your site from your phone/laptop.

As you fall down the rabbit hole you can run pfSense at both sites with vlans, and then run multiple OpenVPN connections between vlans. pfSense can run many OpenVPN clients and servers, most consumer routers will be limited. It might sound like over kill, but, if you cost the travel to and back from the summer house it pays for itself. However, you then need a box for pfSense and a managed switch, costs soon add up when you have two sites.

Honestly I don’t think you need Unifi or Omada at this stage, you will hardly ever look at the switch config. I use Netgear switches, they have a crappy interface but budget friendly.

If you have a power outage then the kit you are running ought to restart when power comes back up, so you need to keep that in mind.

neogrid · August 20, 2021, 3:44pm

Btw obviously, if you later buy a managed POE switch you can add a cam to your summer house and spot any uninvited guests !!

lg.lindstrom · August 21, 2021, 7:04am

Okay, I understand what you are saying but spending time trying to get my Huwaei LTE router connect to TP-link Deco router over VPN, don’t seem as an easy way to go, if even possible?

I is prepared to invest in new hardware if it will give me a more out of the box experience.

FredFerrell · August 21, 2021, 2:51pm

I think Neogrid has some good recommendations. One other thing to consider with the VPN is maybe use AWS/GCP/Azure as your front end and run IPSec tunnels from there to your two networks. This will scale well with multiple sites since you just have to join them to your cloud instance and you can provide access and security between them. They also have robust firewall features for just about anything you would want to provide access to. For backups, take a look at S3 Glacier.

ajrbservices · August 21, 2021, 4:28pm

Draytek devices are super cheap, super reliable and super easy to setup. Plus, you can get LTE Draytek devices capable of doing Ipsec VPN tunnels.
Be aware that you may have issues if the LTE connection uses CG-NAT.

An alternative would be to connect the two sites together using point to point wireless links like Unifi AIRMAX