Setup guide Proxmox, Opnsense, HA, OpenWRT - eviltoast

So I bought a fanless firewall appliance with 4x2.5Gbps ports and I would like to setup Proxmox on two identical SSD drives. I also want to configure a bridge on my ISP router and then configure the router as a firewall on top of Proxmox. My plan is to install HA on top of Proxmox too.

My goal is to separate both my normal WiFi connection into two or even 3 VLANs, one for normal devices, one for IoT and a third for Guest VLAN. And I would like the Home Assistant to have access to both my normal SSID and IoT VLANs.

For the Access point I have a mesh router that doesn’t support VLANs and I was thinking temporary to repurpose an old Netgear R7800 and here I don’t know whether I should simply configure the Guest SSID to be for the IoT or repurpose the 2.4GHz network and leave the 5Ghz for normal devices. Currently on the WiFi router I have OpenWRT but I am also considering switching to Voxel?

Can you maybe recommend some tutorials with what settings and setup to use and if you had similar network setup to give me some hints on what to

  • giacomo@lemm.ee
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    1 year ago

    Can you list the devices you have and what you want each one to be doing?

    • filister@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      I have this fanless PC, and it has 4 ethernet ports, 2.5Gbps. I have equipped it with 2x2Tb of SSD and 32Gb of RAM.

      I have an ISP router, but it would only serve to bridge the WAN interfaces.

      I have Netgear with OpenWRT running on it.

      I want to install proxmox on the fanless PC and spin up Opnsense and Home assistant on it. The plan is to run a couple of containers but I consider them out of scope for now.

      I want to pass through the network interfaces to Opnsense directly as I have a Gbps Internet connection.

      The plan is to create a couple of VLANs, e.g.

      • 100 - home connection
      • 200 - IoT
      • 201 - Guest WiFi VLAN

      Here I am debating whether I need a fourth for the management interfaces of all services, but let’s say not for now.

      The WiFi router would be connected to one of the ports of the firewall appliance and it would need to have access to all three VLANs in tagged mode. I want to configure them on the Netgear R7800 running OpenWRT or Voxel, need to decide what’s better suited for my needs as I believe this router would only act as a dumb AP and all the networking and firewalling will be handled by Opnsense. Here the plan is to create three different SSIDs (Home WiFi, connected to VLAN 100 on 5GHz, IoT SSID for the IoT devices connected to VLAN 200 and running at 2.4GHz and a Guest SSID.

      My HomeAssistant VM should have access to both the VLAN 100 and 200. Eventually it should have management IP from VLAN 100 and also access to see all the IoT devices over VLAN 200.

      I know that’s not the best setup and I have one huge point of failure, but since I am living in Europe in a country where electricity is one of the most expensive, I wanted to minimise my cost over time. I specifically bought a fanless firewall appliance that is using N100 CPU and through some BIOS tweaks I managed to reduce the idle power consumption to 9 Watts, as I don’t want my annual electricity bill to balloon by adding a couple of devices. Alternatively I also have a Raspberry Pi but I would prefer not to use it, to save on electricity costs.

      My goal is to try this setup for a couple of days and in the worst case I can always revert to the old setup.

      • NeoNachtwaechter@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        Your MQTT broker for IoT lives in your IoT VLAN, obviously.

        Assuming your Home Assistant webfrontend lives in your “home” VLAN (otherwise you can’t get all the fancy controls). Then how are these two talking to each other?

        • filister@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          That’s the question? If the device has access to both VLANs I presume I would be able to configure the Management interface to be on VLAN 100 while everything else is on VLAN 200 Is it that hard to configure?