So I bought a fanless firewall appliance with 4x2.5Gbps ports and I would like to setup Proxmox on two identical SSD drives. I also want to configure a bridge on my ISP router and then configure the router as a firewall on top of Proxmox. My plan is to install HA on top of Proxmox too.
My goal is to separate both my normal WiFi connection into two or even 3 VLANs, one for normal devices, one for IoT and a third for Guest VLAN. And I would like the Home Assistant to have access to both my normal SSID and IoT VLANs.
For the Access point I have a mesh router that doesn’t support VLANs and I was thinking temporary to repurpose an old Netgear R7800 and here I don’t know whether I should simply configure the Guest SSID to be for the IoT or repurpose the 2.4GHz network and leave the 5Ghz for normal devices. Currently on the WiFi router I have OpenWRT but I am also considering switching to Voxel?
Can you maybe recommend some tutorials with what settings and setup to use and if you had similar network setup to give me some hints on what to
You must log in or register to comment.
You need two Proxmox nodes for HA.
Virtual networking is also not a great idea in the homelab. It’s better if you do have HA, but even so, if you screw it up and break something in Proxmox, you’ll be without any network access to look for help online (except on your phone, so good luck retyping commands or transferring files).
HA = High-Availability
But I think OP meant Home Assistant
Exactly, sorry for the confusion
Sorry, HA is Home Assistant, not high availability.
Ok, so it is not that hard then I guess. Install proxmox on the appliance, then install two vm’s, HA and pfsense. Deal with further segmentation of your lan and the bridge to the router in pfsense.
But if you ask me, drop the idea of vlans for appliances and keep it simple. Only make a guest network on WiFi, but using vlans is a pita, people want to stream to tv’s, use the app to control heating, etc. If you are concerned about appliances connecting to internet, just block internet access in OpenWRT or pfsense.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters AP WiFi Access Point HA Home Assistant automation software ~ High Availability IP Internet Protocol IoT Internet of Things for device controllers MQTT Message Queue Telemetry Transport point-to-point networking SSD Solid State Drive mass storage
6 acronyms in this thread; the most compressed thread commented on today has 5 acronyms.
[Thread #245 for this sub, first seen 26th Oct 2023, 21:45] [FAQ] [Full list] [Contact] [Source code]
Can you list the devices you have and what you want each one to be doing?
I have this fanless PC, and it has 4 ethernet ports, 2.5Gbps. I have equipped it with 2x2Tb of SSD and 32Gb of RAM.
I have an ISP router, but it would only serve to bridge the WAN interfaces.
I have Netgear with OpenWRT running on it.
I want to install proxmox on the fanless PC and spin up Opnsense and Home assistant on it. The plan is to run a couple of containers but I consider them out of scope for now.
I want to pass through the network interfaces to Opnsense directly as I have a Gbps Internet connection.
The plan is to create a couple of VLANs, e.g.
- 100 - home connection
- 200 - IoT
- 201 - Guest WiFi VLAN
Here I am debating whether I need a fourth for the management interfaces of all services, but let’s say not for now.
The WiFi router would be connected to one of the ports of the firewall appliance and it would need to have access to all three VLANs in tagged mode. I want to configure them on the Netgear R7800 running OpenWRT or Voxel, need to decide what’s better suited for my needs as I believe this router would only act as a dumb AP and all the networking and firewalling will be handled by Opnsense. Here the plan is to create three different SSIDs (Home WiFi, connected to VLAN 100 on 5GHz, IoT SSID for the IoT devices connected to VLAN 200 and running at 2.4GHz and a Guest SSID.
My HomeAssistant VM should have access to both the VLAN 100 and 200. Eventually it should have management IP from VLAN 100 and also access to see all the IoT devices over VLAN 200.
I know that’s not the best setup and I have one huge point of failure, but since I am living in Europe in a country where electricity is one of the most expensive, I wanted to minimise my cost over time. I specifically bought a fanless firewall appliance that is using N100 CPU and through some BIOS tweaks I managed to reduce the idle power consumption to 9 Watts, as I don’t want my annual electricity bill to balloon by adding a couple of devices. Alternatively I also have a Raspberry Pi but I would prefer not to use it, to save on electricity costs.
My goal is to try this setup for a couple of days and in the worst case I can always revert to the old setup.