HomeLAN

Well this crazy journey started out early. I was always interested in professional networking hardware and even had scored some old switches back in 2005, but was never able to actually build a full home network. When I got married and was now responsible for the home network of my our little home, as well as my neighbours (in-laws live next door and the neighbour on the other side also uses our internet) I had to step up my game.

First I started by downgrading my AVM FritzBox 7490 to do just the job of a simple modem. No more WiFi or routing responsibilities for you my friend. That job was taken over by an ASUS RT-AC88U router, where i soon after replaced the stock firmware with OpenWRT.

After starting a job as Recovery Manager for the SMC-A in Telefonica I got more familiar with enterprise grade hardware, since we were using Cisco SD-WAN and Meraki equipment for deployment in large parts of Europe. So it was just a matter of time until I had to get my own, but since those are expensive as fuck and I didn’t have that much experience yet, I needed something that I could easily mess up and restore which would also not break the bank.

eBay to the rescue! I got some old Dell R210 II Server which I was running OpnSense on – now doing it’s job as my router. Later I added a Dell R720 which was running TrueNAS Core. Here is where I really licked blood and was now able to configure everything to my needs and try things out. The machines were powerful enough to get everything done, but there of course were some small problems with them. First they were loud. Like really loud. If you ever stood next to commercial AC unit and thought “yeah I want something like this in my bedroom”, then you know what I was going through. After some tweaking with the fan settings via IPMI I was able to get that problem down to manageable levels. Sure, during boot they still sounded like a jet engine, but at least the wife was happy enough. For now at least, because the next problem got apparent when we got our next power bill. You see, drawing 250W + 150W from the wall for 24 hours adds up to a LOT over time (we pay appx. 25 cents per kWh).

The Cisco Catalyst Switch C3560G stayed for a while longer, but the router (Dell R210 II) was replaced pretty quickly with a Cisco ISR C1117 from eBay. The main problem with the Cisco ISR 1100 Series is, that you need a license to run them. I don’t have a license and I was never planning on spending 500€+ a year to get one. Luckily if you have access to the download section of such Cisco devices there is no one stopping you to flash an image on them and just running them. Sure, you do not get to use any of the additional packages (like the Security Package for VPN, or the High Bandwidth one), but to just use it as a router in my home network it was absolutely sufficient.

Of course the Dell R720 also had to go, but I still wanted network storage at home, since backing up important data is something everyone should be doing. TrueNAS also offers additional services and virtual machines that I was using, so no way I was gonna miss out on that. eBay to the rescue yet again. I bought a Fujitsu Esprimo P910, which is a small desktop you’d usually find in an office setting. It also had enough space for my 6 HDDs, even though that required some persuasion and several adapters. The main advantage is that those machines are pretty efficient and do not sound like a plane taking off.

The next upgrade phase was just around the corner though. Of course all things always come with some disadvantages. The network rack that I was using was initially used for audio equipment, so the hole spacing wasn’t perfect (nothing a drill and a file can’t fix) and was too deep anyways. The Cisco switch was dated and didn’t receive any more updates since like 5 years and while it did support power over ethernet, it wasn’t working perfectly. So it had to go and in its place a Cisco CBS220 joined the family. While the switch is not necessary enterprise grade, and more of small/home office it was affordable new and does what I need for my setup.

Another change had to be done to the server. I mentioned above that the Tower PC I used was meant for office use. Yeah, that’s also the problem – it doesn’t have enough cooling for 6 drives. So I got a 19″ Rack case from Amazon (actually really good quality), bought a new Mainboard, since the one that came with the Fujitsu didn’t have standard mounting and swapped everything over. Some nice Noctua Fans now also keep the drives cool and everything is quiet.

Some further additions that happened somewhere in-between was an upgrade to the FritzBox, now the new 7590 Model, since our internet was upgraded to 250 Mbit/s and the old one didn’t support VDSL2 35b G.Vector. In the near future I hope I can even get rid of this device, when the upgrade to fibre happens (not available here yet).
I’ve also added a Bosch Smart Home Controller and some Heater Thermostats, Door/Window contacts and a smart lock. A friend of mine supplied me with a Raspberry Pi 4 Model B, so I was able to run my PiHole DNS Server outside of a VM, which improves reliability by a lot.

Hardware

AVM Fritz!Box 7590

Some may wonder why I use a top end WiFi Router as a glorified modem, but it’s quite simple: They work. I have been using AVM products ever since I got a DSL internet connection and my Deutsche Telekom supplied modem died on me. Support then offered an upgrade to a Fritz!Box and I have been using them ever since – even through multiple other ISPs. My current internet connection at home (250 MBit/s VDSL2 35b G.Vector) required me to upgrade to their newer model though.

AstraeaCISCO ISR 1117-8PLTEP

Well the choice of this router might be a bit strange. The VDSL doesn’t support super vectoring (G.993.2 35b), Annex B… so why use this over something like the 1112 or 1113? Simple – Price. The better suited models go for over 300€ used while I got mine for less than 200€ – including shipping. And since it has LTE Backup included, I can scrap the shitty LTE USB Stick I had in my FritzBox and use some actual IP SLA Tracking to get my routes in place instantly instead of relying on the FritzBox to finally switch over to the Backup. Once I get fibre, I’ll just plugin an SFP Module and setup PPP dialing (depends on the ISP though, maybe they require me to use their own media converter or something, we’ll see once it’s available).

SagiraCISCO CBS220-16P-2G

Upgraded from a Catalyst 3560G-24PS. Not that anything major was wrong with the old one, but it felt a bit dated. I don’t need anything higher than 1 GBit/s anyways, but I still need the PoE. I like that it’s passively cooled, so less noise in the rack.

SoteriaRaspberry Pi 4 Model B

The RPi is running Raspberry OS 64Bit with PiHole and is acting as my DNS Server for everything except the guest network. I’ve added a PoE hat to have less cable clutter and also replaced the SD-Card with a USB to M.2 adapter and a Samsung M.2 SSD for better reliability. My network has approximately 70k DNS requests per day (again, excluding the guest network) with a block rate of 40-45%.

MitsukoTrueNAS Scale

  • CPU:
    • Intel i5-3470, 4x 3,2 Ghz
  • Mainboard:
    • ASUS P8B WS
  • RAM:
    • 16GB Micron DDR3-1600
  • HDDs:
    • 500GB WDE (4x)
    • 1TB DELL (2x)

I mainly use the NAS for Backup which is synced into “the cloud” once a day. Whenever HexOS will support it I’ll probably setup a “buddy backup” with a friend, so we both have our most important stuff in several places. But until that is the case the Server will run TrueNAS and will be responsible for running some virtual machines.

I am using SyncBackPro to sync files on change from my PC to a SMB share on the server and then a nightly upload to Google Drive. Also snapshots are saved nightly and uploaded to my vRoot Server at netcup (where this Homepage is hosted).
The virtual machines are running AgentDVR, a video surveillance software that is capturing everything my Reolink E1 Pro is seeing, but since scrolling through 24/7 recording is boring I have also setup a CodeProject.AI image recognition server that is checking whether a cat (or dog, because AI is dumb) is visible and tags those snippets. Internet Access is blocked for all IoT devices, because those things have more holes than most cheese and are never patched anyways. Sure, I cannot access the dashboard from remote, but so can no one else.

The virtual machines are running Ubuntu Server and all apps are running as Docker containers. Very slim and lightweight setup. I could have run them directly on TrueNAS, but I really don’t like their app integration.
The other machine is running Home Assistant OS natively.

CalamityVirtual Machine

  • Ubuntu Server 24.04 LTS
    • AgentDVR (IP Camera Server and DVR)
      • CodeProject.AI (AI Server for object detection)
      • Uptime-Kuma (Uptime monitoring and notification)
      • MRTG (Traffic Analysis)
      • Immich (Photo/Video Backup)
      • Watchtower (Auto Update of Docker Containers)

Virgil – Home Assistant

I didn’t like to be only able to control my smart home stuff via a phone app, so I looked into Home Assistant and was surprised by the amount of devices they either natively support or that are available via Plugins. I have setup a dashboard that I can supervise almost everything with just a glance. It also collects data about power usage and keeps the home at a comfy temperature depending on outside factors. Really happy with how it works.

WiFi – Meraki Go GR10-HW

Two Access Points designed for office spaces in a 55qm flat? yeah .. totally overkill. But I got those pretty cheap and they’re cloud managed, support up to 4 SSIDs each with their own VLAN Tag, can be powered by PoE and don’t look obnoxious. I may or may not be able to connect to my WiFi from the parking lot (I live in the 7th floor).