I use affiliate links in this post

Hello everyone and welcome to my first annual assessment of my home network. I will be using this post to reflect how far the homelab has progressed in the past year, and where I hope to get it to in the next year.

All hail the diagram

A little different than most hobbyist homelabs, and we’ll go through all the weirdness from top to bottom.

LinksysLEDE

This is a Cisco/Linksys EA3500 router. I did a post on how to flash to OpenWRT here. Not much has changed since then, and this is a pretty stock install of OpenWRT. I did recently upgrade to OpenWRT 19.07 with no issues. I have had a few strange incidents where I would lose internet connectivity and a reboot of the router would restore the connection. Lately I have been trying to find out what is actually causing an issues and fixing that instead of just rebooting to solve an issue (except for Windows of course), but a few times in the past few months I have been stumped. Perhaps the update to the latest version of OpenWRT will fix the issue.

2. Pihole

Directly connected to the LinksysLEDE router is a Raspberry Pi Zero running Pihole. This one was the only one on the network, until I tried to load a 4 Million record domain list and crashed it for 3 or 4 days. Now the VM Pihole2 is actually the primary and the Pi Zero is the backup. It also has a small DHCP range for when LinksysLEDE, MerakiLEDE, and Pihole2 are unavailable for serving DHCP.

This is mostly hidden in the cupboard so even my clean freak SO doesn’t mind.

Picutred: Pihole, Modem, and LinksysLEDE

3. MerakiLEDE

This is a Meraki MR18 that is flashed to OpenWRT. This serves as the Wireless access point for the network. Other than that it is not also the router it is essentially default settings. I did attempt to create a separate wireless network for the “smart” devices like our SmartTV and Roku, but was unsuccessful in being able to configure the firewalls to DNS traffic across networks to my Pihole servers.

The Meraki MR18, probably not the best for wireless signal, but very modern looking

Not a great place to put a desk, but good for lab gore!

4. Wireless network

Not much new or of interest here either. I do have a Raspberry Pi B+ running MagicMirror minus the mirror part.

Thanks MagicMirror, you always know exactly what to say!

5. TP-Link router

Now if having a separate WAP and router wasn’t weird enough this is where it gets real weird. Previously I had all my networking equipment right next to my compute storage area. But as life goes, I moved to a new apartment, and with it got a new challenge. The only working coax jack I could find was in the entertainment center in the living room, and it wasn’t exactly an ideal spot to setup my desk. So digging in the old parts bin (can you believe my SO thinks it’s a waste of space?) I pulled out a trusty TP-Link TL-WR841N. For initial connectivity I just used client and NAT mode, but using that all the other wireless devices couldn’t get to the primary DNS server, and I couldn’t easily access Nextcloud from any wireless devices. That just wouldn’t do. So after a few days of messing with relayd (after retrieving that page I see other recommendations for this, adding it to milestone list this year) configuration with OpenWRT I had a wireless bridge. Some people might think that having 4 network devices between you and the internet would slow down your speeds, but I can say, not really. I’m not a big online gamer or downloader, so as long as the occasional Youtube video buffers fine, I am content.

6. TP-Link Switch

Now while the slow speeds to the internet didn’t bother me, the speeds between my workstation and the hypervisor did. I think I read somewhere about SoC on some OpenWRT routers being very slow for switching, but normal speed for routing. So to remove switching from my old router I bought a TP-Link SG105. The switch is a 5 port Gigabit unmanaged switch. It connects the Workstation, TP-Link router, and Fedora Hypervisor.

TP-Link Switch and Router

7. Workstation

This is a custom built computer that I use as my main workstation. You can view the specs here. I do do GPU pass through, you can read about my experience with it here. It also has a Toshiba 1 TB External Hard drive for backup and data storage. Otherwise a fairly typical Fedora Workstation setup.

8. Fedora Hypervisor

Now this machine is where I expect to get some questions. It’s the same Optiplex 7010 that I posted about last year. I did put in an extra 2x 8 GB of RAM for extra Why have Fedora with a DE to just run VMs? Well that’s a legitimate question. The answer is that I wanted to have a backup desktop in case my primary one failed. It also has a Seagate 1 TB External hard drive for backup data, replicated across the workstation hard drive. After a year of not needing it, I am wondering if it is worth it. For now however it will remain as is. Currently it has 3 always on VMs: Pihole2, Nextcloud, Elasticsearch.

If you have OCD you may want to look away

(Clockwise) Workstation, Tp-Link router, and Hypervisor

Pihole2: This is the primary Pihole DNS server.

Nextcloud: A pretty default instance of Nextcloud, it does have ClamScan run on new files that are uploaded, and the logs will one day be sent to the ElasticSearch server.

ElasticSearch: I did some blog posts about Security Onion in the past and had it running and collecting logs from a few different sources on my network. However, I recently began noticing Logstash kept failing. Initially I just restarted the container and it came back up no problem. Recently it was completely dead. A few of my coworkers noticed the same issue. With that and some other frustrations with not accepting a few of Elastic’s Beats, being behind in Elastic versions, and not needing the overhead of all the sensors at once, I decided to install a stock ElasticSearch instance. This is a very recent development and you can expect to see some blog posts in the future about Elastic, Logstash, and Kibana Dashboards.

The Future

Like anyone, I could really use some more hardware, if I had a million dollars I’d probably start off with:

A real NAS

A real backup solution

A IDS/IPS like Zeek, Suricata, or Snort

But I don’t have a million dollars, so my realistic goals for the next year are

Log sources to Elastic

Switch from realyd to WDS, Layer 2 GRE tunnels (“gretap”), or mesh networking

Rebuild Fedora Hypervisor to Proxmox

containerize

Add vulnerability scanner (likely OpenVAS)

Resume Pen Test/Hacking practice

Separate wireless network for IOT devices

What did you like in my lab? Think I’m a genius? Think I’m an idiot? Leave me a comment to let me know!

Happy Hacking and God Bless the United States of Hackistan!