cat << EOF | curl -X PUT -d @- uberleet.org
Decided to upgrade to enterprise level gear for the home network for about $310!
This has solved some issues with shoddy wifi propagation mainly, but I wanted a decent security gateway too.
- Pfsense on a server (firewall/gateway/router) ($60)
- Cisco Cataylist 2960S (24 port switch) ($40)
- 3 Ubiquity Wifi UAP access points ($150)
- Rasberry Pi for DNS advertisement blocking/Ubiquity configuration server ($60)
I decided to go with this because the amount of features for free.
IPSec VPN, DNS, DHCP, Firewall, IDS (Suricata), Routing, Forwarding… it’s all there.
The install was as easy as grabbing a server and running
dd if=release.img of=/dev/sdb
setup asked me which VLANs and interfaces I wanted.
I noticed hardware checksum offloading on Asus NICS causes a ton of issues with the IDS and had to disable that (to little detriment on overall CPU.)
Cisco Cataylist 2960S
Configured the uplinks for the Vlans and attached the appropriate interfaces. Once you learn IOS you never forget.
I notice the links on my Ubiquiti’s don’t negotiate at full duplex on both sides, this is likely a cable issue.
I setup the DNS server and Ubiquity control software on the rasberry pi to keep these resources separate. Had one lying around and threw it up.
Ubiquity Access Points
I deployed 3 of these in my house with enough isolation to prevent receiver front-end overload. Two broadcast LAN1 SSIDs and roam, while one is dedicated to LAN2