My home network has changed significantly in recent months.
First, I purchased three MikroTik devices, an RB260GS for my office and two hAP AC, one for my office and one for my garage. This allowed me to simplify my network and it provides for several changes. My network now looks like this:
As a result, I can upgrade the Synology RT1900ac without taking down my entire home network. I can upgrade the office switch or hAP AC without affecting my family's network access, and updates to the garage hAP AC will only affect my R610-based home lab.
A while ago I was introduced to Zerotier. I gave it a look and found an extremely useful networking solution. To use it, one need only do a few simple things:
-
Create a Zerotier login
-
Create a network
-
Install the software on your systems/devices
-
Join those systems/devices to your network
-
Approve the join requests (if your network is private)
The Zerotier admin UI shows the IP addresses of each system, and it allows the user to set a nickname for each device.
Using this solution, I was able to completely disable global SSH access to all of my systems: now, the only way to SSH to my systems is to be on my Zerotier network or my home network.
I created a services VM that sits on both ZeroTier and my home network; this VM forwards packets between ZeroTier and my home network, so with a few simple routes added to a few devices, I can now access my entire home network from anywhere:
- Synology RT1900ac has routes to the Zerotier subnet (via the services VM) and the lab subnet (via the hAP AC in the garage)
- My laptop has routes to the home and lab subnets, via the services VM
macOS has long had a very cool feature where you can use per-domain DNS servers, so I use my home-based DNS servers to resolve *.unixdude.net no matter where I am. This, coupled with these new routes, allows me to resolve everything at home by hostname, and to connect to it. This is immensely useful.
Daniel's Blog
I am a system engineer in the Raleigh, NC area. My main interests are Unix, VMware, and networking. More about me, and how I got started.
Categories
Tags
- IC-7300 1
- T1 1
- ansible 2
- anycast 2
- atari 1
- autofs 1
- battery box 1
- bgp 1
- cables 2
- cisco 1
- dashcam 1
- digitalocean 2
- disney 1
- diy 6
- dkim 1
- dns 2
- docker 6
- dsm 1
- ecmp 1
- email 2
- encryption 1
- esp32 2
- esphome 2
- esxi 3
- f150 2
- freebsd 1
- frr 3
- ft7800r 2
- git 1
- ham radio 6
- home assistant 4
- home automation 2
- home lab 1
- homelab 1
- icloud 1
- ipad 1
- iphone 1
- iscsi 1
- kasa 1
- letsencrypt 1
- m5stack 2
- m900 1
- mac 1
- macos 2
- mikrotik 1
- minfs 1
- mobile 1
- monitoring 1
- nas 1
- network 1
- networking 3
- nfs 3
- ospf 4
- pelican 1
- perl 1
- php 1
- pi-hole 2
- plex 1
- portainer 1
- postfix 5
- pota 1
- prepping 1
- printer 1
- pxe 2
- python 1
- r610 3
- rack 4
- radio box 1
- raspberry pi 8
- raspi 1
- routing 2
- scanner 3
- shell 4
- solenoid 1
- spf 1
- ssh 2
- ssl 2
- synology 7
- tinyminimicro 1
- traefik 2
- ubiquiti 5
- udm-se 1
- unix 8
- update 2
- usg 5
- virtualization 4
- vmware 4
- wireguard 6
- ysf 1
- zerotier 6