This repository describes the configuration for my home network.
It also includes a wrapper around the OpenWRT
build system,
allowing an easy way to template the configuration files that are then
built-in as part of the image.
With this approach flashing the device applies all the settings that are required,
including wireless, VLANs, firewall and additional features.
For more details take a look at build/README.md file.
Repository homelab assumes the
homeserver
IPs match the ones defined in this repo.
A picture is worth more than a thousand words:
What's covered:
- reproducible OpenWRT builds using custom scripting (mostly wrappers over OpenWRT's build system) in
build
- reproducible OpenWRT configuration, via
uci-defaults
(with YAML based config) - basic monitoring enabled
- zero-touch bootstrap after the OpenWRT is flashed on a device
- automated obtaining of certificates for routers' UI via Let's Encrypt
- Internet connectivity monitoring (ping Google and Cloudflare DNS and check if they respond)
- Secure connectivity from outside the network via Wireguard
- Encrypted DNS queries sent out to Cloudflare
- DNS level ad-blocking
- applying custom patches
- bit-to-bit reproducible builds (there seem to be some issues with
libgcc
orlibgcc1
being required, only the name differs though)
Allows the internet connectivity via ISP's router (a temporary measure before obtaining the proper ONT. Unfortunately the device has to be provided by ISP, custom ones won't work).
ISP's router spans the 192.168.240.1/24
network, main router is assigned the static IP of 192.168.240.99
.
Main router is put in the DMZ, as described in the OpenWRT wiki guide.
DDNS is set up on this device to point to a custom domain.
This part of the configuration is not covered by this repo.
Interface | CIDR | Internet access | Clients can communicate |
---|---|---|---|
LAN | 192.168.1.1/24 | yes | yes |
Guest | 192.168.2.1/24 | yes | no |
IoT | 192.168.3.1/24 | no | no |
VPN | 192.168.69.1/24 | yes | yes |
VLAN | ETH0 | ETH1 |
---|---|---|
20 (guest) | t | |
30 (iot) | t | |
99 (lan) | (t*) | |
WAN router |
Currently Raspberry Pi 4 (8GB RAM variant) is used as a main router. It's paired with two TP-Link UE300 USB-Ethernet adapters (RTL8153), one is used for WAN, the other for AP Router.
It does all the heavy lifting in this setup:
- routing
- DNS
- DHCP
- DNS-level adblock
- SQM
Look into its config for more details.
VLAN | LAN1 (mainrouter) | LAN2 | LAN3 | LAN4 (aprouter) | LAN5 | LAN6 | LAN7 | LAN8 |
---|---|---|---|---|---|---|---|---|
20 (guest) | t | t | ||||||
30 (iot) | t | t | u | u | u | u | ||
99 (lan) | t | u | u | t |
Zyxel GS1900-8HP powering some devices over PoE and switching traffic with VLANs.
Look into its config for more details.
VLAN | WAN | LAN1 | LAN2 | LAN3 |
---|---|---|---|---|
20 (guest) | mainrouter (t) | |||
30 (iot) | mainrouter (t) | |||
99 (lan) | mainrouter (t) |
ASUS RT-AX53U running openwrt, used as a managed switch and an AP for all the networks.
Look into its config for more details.