HACKER Q&A
📣 mattrighetti

What's your home network setup?


I have always been interested in home networking and I've quite enjoyed my minimal all-in-one solution for a long time but with more and more devices connected to the network I feel like it's getting outdated and out of hands.

My current setup includes a 4G LTE modem (no better solution in my area unfortunately) connected to a FRITZ!Box 4040 router to which every device jumps on.

With this setup I am able to do simple stuff like DynDNS/VPN and route DNS traffic to my self-hosted AdGuardHome device but I'm not quite there yet.

Next step is to gather some info and start working on network partitioning and VLANs to isolate specific devices.

I'm trying to get some ideas so I'd like to know what's your home network setup

  👤 rocket_surgeron Accepted Answer ✓
I was a network engineer for many years and had a setup consisting of cast-off enterprise gear until I got tired of managing enterprise gear.

Now my setup is:

Gigabit Fiber ONT -> Dell Optiplex 980 running OPNsense -> cheap gigabit switch feeding patch panel to in-wall CAT6 -> 2x hardwired Eero Pro6e APs. A 10-gig switch sits in my office and all of my 10-gig devices are connected to it to access an all-SSD NAS over NFS and Samba.

Every device that has an ethernet jack is hardwired.

The 12 year old i5-540 in the Optiplex is capable of 300mbps wireguard VPN connections, which is more than enough for the hotel wifi I use to connect back to home. Optiplexes are so cheap that I have two, with a pre-configured spare sitting right next to the running system ready to go.

I run a lot of services but am smart enough to know that I am too dumb to port-forward responsibly so while everything has an entry in my local DNS server if I need to access anything remotely, I do so via the VPN.

👤 cricalix
500 Mbit/s fibre to the house. Pi4 running OpenWRT, onboard gigabit to the house, USB gigabit to the ONT. Ubiquiti PoE 8 port gigabit switch. 4 ports PoE. 3 in-wall Ubiquiti access points, PoE. Structured cabling to every room, small cabinet with punchdown, router, switch.

Mobile devices use the Wi-Fi. Desktop uses wired. PoE camera watches the front gate.

Router also runs AdGuard Home, denies all direct port 53 to the world. Doesn't deal with DoH, but I also don't have IoT devices on the network.

I could probably VLAN if needed (and the WAN is tagged because that's how my ISP works), but with Irish power costs I don't do at-home server hosting.

👤 mindwork
I just got Unifi Dream Router and started playing with it a day ago. So far I've got: home, guest and IoT networks set up. PiHole and VPN server running on my Synology NAS server. I want to add captive portal for my guest network and move VPN server to the router itself. Forwarding some ports to access Synology from the internet with custom domain name. DDNS on synology. Pretty simple but I look forward to expand with my home server. Also in plans to setup second Synology box offsite and connect them via Point to Point VPN or tailscale
👤 karmakaze
I used to have a lot of complicated setups that used static IPs, DSL connections with an ISP that supported MLPPP which I used Tomato firmware with VPN and QoS configs.

Now networking is pretty good using stock ISP provided modem/router and I added Netgear mesh base station and 2 satellites. The satellites have an Ethernet port which I use for the gaming PC-that's all that I need. Considered a PiHole but uBlock origin is good enough.

👤 PaulHoule
I have 2 phone lines with 2 DSL connections that are around 20 MBps, a load balancing router, four Ubiquiti access points, lots of gigabit ethernet with I think four hubs, one of which is a Ubiquiti managed hub, 3 IoT gateways, a tower PC that works as a server. I have some long range Ubiquiti radios that I've thought about using to run a link to the barn or the other house but never got around to installing it.
👤 occoder
Fanless mini-PC running Ubuntu acting as a router, with WiFi routers running in access-point mode to cover the house.

Rule-based routing of traffic through different VPNs depending on the destination domain name, done with a combination of iptables, ipset, and dnsmasq.

Use iptables rules to block internet access for settop boxes, smart TVs, printers, etc.

Ad-blocking with simple dnsmasq config files.

👤 SirChainsaw
Small 12 U cabinet with:

12 port patch panel.

Draytek P2121 PoE 12 port 1U Switch.

2x Draytek AP912C Wireless AP's.

Very old Netgear ReadyNAS 1200 1U NAS.

IBM Network Professional 1U UPS.

Lenovo M73e running openwrt with 4G dongle internet. AdGuard Home (All network dns traffic forwarded to bind9 below for direct ns lookup and ntopng traces). ProtonVPN.

Lenovo M73e running Solaris 11.4 running Bind9, DHCP, RabbitMQ, MySQL.

Lenovo M73e running Home Assistant.

Lenovo M73e running Ubuntu for my dev work.

👤 brudgers
At the connection, there's a Surfboard.

A whatevre Orbi router with a satellite that connects mostly automatically because my creative interests no longer extend toward:

working on network partitioning and VLANs to isolate specific devices

Before that I had routers running OpenWRT for about a decade.

👤 aappleby
Cable modem, Synology wifi router, Synology NAS, Synology wifi mesh node out in the shop.

Simple, fast, stable.

👤 bradwood
1 x unifi edgerouter connected to cable modem

2 x 8 port Gbit switch

1 x linux intel NUC for DHCP, DNS, Docker, etc

2 x unifi APs

2 x powerline ethernet adaptors

this gives me strong and far-reaching wifi coverage with multiple SSIDs, plenty physical ports for printers and wired connections

👤 KomoD
A router