Announcement

Collapse
No announcement yet.

WAYYYY OT: Home Networking

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • WAYYYY OT: Home Networking

    At one point in my life I became Cicsco certified, out of boredom. CCENT.
    The online course I took was out of date, and the switches and routers I purchased for my home lab were even more out of date(still have them) What I learned was that enterprise level networking hardware is not desirable for a home network, they are POWER HUNGRY!

    Anyhow, fast forward to today. I am using a TP-Link 6000 router that supports Open VPN and Dynamic DNS, built in. I can now use OpenVPN to connect to my home network from anywhere in the world and work with my computers as if I was home, even use the network printer. With Dynamic DNS I do not need a static IP address, so no issues with having a dynamic IP.

    I had some spare boxes laying around so thought it would be cool to turn them into servers. Hey, what's this remote desktop? Will it work over the VPN? Oh, I need Win10 Pro? Ok, upgraded to Pro. Holy Cow!!! I no longer need another keyboard, monitor, mouse, HELL, I removed the video card from my server!! Yes, it works over VPN!!!!

    Now I am thinking that having a NAS would be cool for all my files. TrueNAS runs on its own box, but some one mentioned virtualizing it with Hyper V. What is Hyper V? Oh, it comes with Win10 Pro? Lets give it a try! So now I have TrueNAS running as a Hyper V VM on the server and I have networked drives that ALSO work over the VPN!

    My NAS automatically backs up all of my photos to the cloud as a backup, on top of the fact it has 3 drives configured in a RAID 5 array for redundancy.

    In the future however, I think TrueNAS really should have its own box and not be virtualized.
    I know I am only scratching the surface, but the VPN stuff is really amazing and wasn't even covered by the CCENT course, it was in the next course. Now I can just buy a router that does it!

    I don't even have to pay for a VPN service anymore for my cell phone, OpenVPN will tunnel through to my home network and use my 1G/1G home internet connection from anywhere in the world.

  • #2
    Way - way over my head! In particular I really like the independent Cloud you set up rather than paying for commercial cloud storage. I am against subscribing to anything more than absolutely necessary. I have often though about how hard it would be to set up one’s own cloud system. Storage devices are large and cheap to purchase. However in my case I don’t have the know-how to do it.
    You sound like a genius when it comes to this sort of thing. Very nice ;-)

    Comment


    • #3
      Originally posted by Robg View Post
      ,,,,,,,,,,,,,, In particular I really like the independent Cloud you set up rather than paying for commercial cloud storage. I am against subscribing to anything more than absolutely necessary. ..........................
      Just remember............... by definition, "the Cloud" is vaporware !!
      CNC machines only go through the motions.

      Ideas expressed may be mine, or from anyone else in the universe.
      Not responsible for clerical errors. Or those made by lay people either.
      Number formats and units may be chosen at random depending on what day it is.
      I reserve the right to use a number system with any integer base without prior notice.
      Generalizations are understood to be "often" true, but not true in every case.

      Comment


      • #4
        I think that the problems with "independent clouds" is security of the data stored.
        Helder Ferreira
        Setubal, Portugal

        Comment


        • #5
          Originally posted by Noitoen View Post
          I think that the problems with "independent clouds" is security of the data stored.
          You have copies in multiple places, that get updated weekly or daily. When I push stuff to the cloud, it is a COPY, not a sync. If my stuff gets deleted locally, I don't want the backup getting deleted. I guess a real jerk would simply keep all the files but destroy the data within each file. One of your off site backups, like a tape backup would save you. Also the NAS can do snapshots.

          Comment


          • #6
            If you are using a home NAS, beware the silent death syndrome as well as the corporate tendency to orphan them. Let me explain...

            Orphan: I've used several home NAS systems over the years. Some were big names like EMC and others were home brew. In recent years, it's become common to find that there are newly discovered security holes in the NAS systems but the vendors refuse to patch or update the software. My home NAS systems were retired when I found that the parent company was no longer providing security patches. I've run into the same problem with network hardware. Imagine my chagrin when I found that my Cisco VPN router had a flaw that made it trivial for hackers to take over the router and monitor all traffic. Cisco had declared that hardware as EOL (end of life) and did not supply a patch.

            My VPN now resides on a sub net behind a firewall.

            Regarding silent death: More than once, I found my backup copies were corrupt when I needed to restore old data. Most recently I had a commercial NAS that failed to boot after a network reconfiguration. Two disks had failed and the encryption was such that it would not boot . I was unable to find a way to re-establish the RAID since multiple disks were scrambled.

            Dan

            At the end of the project, there is a profound difference between spare parts and left over parts.

            Location: SF East Bay.

            Comment


            • #7
              You may recall that only recently I posted a link to my own Western Digital psuedo-NAS but various browsers took exception to this and interrupted callers' connections and posted red flag warnings.

              Comment


              • #8
                Originally posted by danlb View Post
                If you are using a home NAS, beware the silent death syndrome as well as the corporate tendency to orphan them. Let me explain...

                Orphan: I've used several home NAS systems over the years. Some were big names like EMC and others were home brew. In recent years, it's become common to find that there are newly discovered security holes in the NAS systems but the vendors refuse to patch or update the software. My home NAS systems were retired when I found that the parent company was no longer providing security patches. I've run into the same problem with network hardware. Imagine my chagrin when I found that my Cisco VPN router had a flaw that made it trivial for hackers to take over the router and monitor all traffic. Cisco had declared that hardware as EOL (end of life) and did not supply a patch.

                My VPN now resides on a sub net behind a firewall.

                Regarding silent death: More than once, I found my backup copies were corrupt when I needed to restore old data. Most recently I had a commercial NAS that failed to boot after a network reconfiguration. Two disks had failed and the encryption was such that it would not boot . I was unable to find a way to re-establish the RAID since multiple disks were scrambled.

                Dan
                My NAS is TrueNAS software running 100% virtualized, nothing to "EOL" other than the free software?

                Comment


                • #9
                  Originally posted by The Artful Bodger View Post
                  You may recall that only recently I posted a link to my own Western Digital psuedo-NAS but various browsers took exception to this and interrupted callers' connections and posted red flag warnings.
                  What a pity, I was one of those that got flagged, would of loved to have read it.

                  Comment


                  • #10
                    The bigger problem with Cisco is that you can't get any patches without a support contract. That's a big blow for Windoes folk. I spent my last 15 years at work herding Cisco kit. One range of switches, the 3750 series, had a slight power supply 'feature' when running at 240V, if there was the slightest hiccough in the mains, the switch would shut down. It was only recoverable by unplugging it and plugging it in again. We had these switches in both office and factory areas... Cisco refused to offer any fix, so I eventually had 30 switches running from 240-110V step down transformers, because the PSU didn't show this behaviour on the lower voltage.

                    At home I've got the little Cisco 2960CX switches, Cisco 1702 access points and a cisco 2504 Wireless Lan Controller. it's all obsolete, but still works. I have to set the WLC's date to 2018 because the embedded certificates in the access points expired after that and I can't get the patch that tells the controller to ignore the expired certificates. never mind It works.

                    I used to have a Netgear VPN box+ router to connect me to work. It meant that I could be on call 24/7. It also meant that I could do anything with my home machines from work, I was just another small site set up on the company Wide Area Network.
                    Location- Rugby, Warwickshire. UK

                    Comment


                    • #11
                      Since the early 90's when I had dial-up (300 baud - 9600 baud), then Frame Relay to the house, then dsl, and now fiber I've used Sun servers and then dual homed Dell servers. I currently have fiber. The fiber switch connects to a Cisco router and that connects to a Dell R-710 running Oracle Linux. Both the Cisco router and the Dell server function a firewall components. The Cisco allows only what the Dell needs, and the Dell allows only what the home network needs. I have static IP address space and also run my own DNS and email services.

                      I started out in the early 2000s using tunneling over SSH and went to VPN when it became viable. The Dell has RAID5 storage and I have two hot spares. The Dell server is running Firewalld with IPset and IPTables. I have defined IPset zones for each of the regional internet registeries (ARIN, RIPE, LACNIC, APNIC, AFRINIC, two whitelists, and since TCP Wrappers has been removed from the Linux build, I've created a denyhosts IPset for short term blocking. I also have Fail2ban configured to monitor web, ssh, sftp, smtp, and imap traffic for abusive behavior.

                      There are also service-layer protections (.htaccess, sshd_config, etc) and all passwords are 256 bit hashes of passages from the built-in RND function. I have no idea what they are so they're stored on an airgap server in a double-hashed MariaDB database. If my firewall logging registers a probe attempt from any non-ARIN geolocation I pull up the whois info, expand the AS number, and firewall all the networks in that AS group. These all get passed through a CIDR block analyzer which aggregates overlaps where possible such that the fewest possible entries can be used. This results in CIDR blocks in the /8 category emerging over time. I don't miss them much.

                      My personal devices are Mac which is a variation on Unix and they have always had remote desktop capability. I rarely need it when on the road as any terminal software gives me all the access I need, but it is there. It is normally blocked in the firewall and manually enabled if desired. It was a lot of work to set it all up but most of that was done years ago so I only need to keep up on the security patches. If I hadn't done this kind of work for a living before retiring I probably would not have built this.

                      Comment


                      • #12
                        Originally posted by dp View Post
                        Since the early 90's when I had dial-up (300 baud - 9600 baud), then Frame Relay to the house, then dsl, and now fiber I've used Sun servers and then dual homed Dell servers. I currently have fiber. The fiber switch connects to a Cisco router and that connects to a Dell R-710 running Oracle Linux. Both the Cisco router and the Dell server function a firewall components. The Cisco allows only what the Dell needs, and the Dell allows only what the home network needs. I have static IP address space and also run my own DNS and email services.

                        I started out in the early 2000s using tunneling over SSH and went to VPN when it became viable. The Dell has RAID5 storage and I have two hot spares. The Dell server is running Firewalld with IPset and IPTables. I have defined IPset zones for each of the regional internet registeries (ARIN, RIPE, LACNIC, APNIC, AFRINIC, two whitelists, and since TCP Wrappers has been removed from the Linux build, I've created a denyhosts IPset for short term blocking. I also have Fail2ban configured to monitor web, ssh, sftp, smtp, and imap traffic for abusive behavior.

                        There are also service-layer protections (.htaccess, sshd_config, etc) and all passwords are 256 bit hashes of passages from the built-in RND function. I have no idea what they are so they're stored on an airgap server in a double-hashed MariaDB database. If my firewall logging registers a probe attempt from any non-ARIN geolocation I pull up the whois info, expand the AS number, and firewall all the networks in that AS group. These all get passed through a CIDR block analyzer which aggregates overlaps where possible such that the fewest possible entries can be used. This results in CIDR blocks in the /8 category emerging over time. I don't miss them much.

                        My personal devices are Mac which is a variation on Unix and they have always had remote desktop capability. I rarely need it when on the road as any terminal software gives me all the access I need, but it is there. It is normally blocked in the firewall and manually enabled if desired. It was a lot of work to set it all up but most of that was done years ago so I only need to keep up on the security patches. If I hadn't done this kind of work for a living before retiring I probably would not have built this.
                        You are way more advanced with this stuff than I am. I remember helping a friend with his homework setting up an IPTables firewall. He ended up getting an A on his final thanks to me. That was many years ago and I don't remember a darn thing about it.

                        Comment

                        Working...
                        X