Homelab Update - Current Setup

I posted about my setup a couple of months ago, and the lab has mutated quite nicely from there. It's interesting the things you can come up with once the brain starts churning.

Here is the current state of kit:


The main change since my last update has been connectivity. Gone are the slow old powerline adapters, these have been replaced with the gigabit versions. On either end of this connection I now have managed switches - in the living room, connected to my Virgin hub (in modem mode) I have a D-Link DGS-1224T with the connection to the modem on a separate untagged VLAN port, and then the same VLAN tagged on the port that runs over the powerline connection. On the other end of this connection I now have a Draytek VigorSwitch P2121 with the same VLAN config. This lets me have my firewall on the lab end of things running to my modem which comes in to the house in the front room.

For the firewall I've tried a few things. First stop was the Sophos SG310 chassis, upgraded to XG v18, and while this worked it was a: very noisy (and probably power hungry), and b: a bit of a pain in the cock when not in a full enterprise environment. Next was ClearOS (looks pretty, but under this the GUI is horrible IMO - nothing makes sense or is placed in a coherent way). After this OPNSense (better, but not great GUI, and given that I was virtualising I had the benefit of being able to tinker, much to the chagrin of my family who had to put up with several hours of the Internet going up and down....) before settling on PFSense. Yes, most homelabbers will tell you to go straight to that, but I like to make up my own mind on these things. Next issue, as most sources of documentation will tell you, virtualizing PFSense will work, but these sources warn that it may not be a great solution. Mainly due to the virtualization of the network layer weird things are likely to happen. And they were right. Random unexplained slow-downs or Internet going down completely, lots of complaints from the kids when Netflix stops working. Hang on a moment! I have a desktop form-factor Optiplex 745 sitting in the loft. It isn't great (Pentium with 4GB RAM), but with a bigger hard drive chucked in and a server grade Intel Pro dual gigabit NIC acquired from eBay for the princely sum of £6 fitted, we have ourselves a perfectly acceptable firewall. One of the awesome things about PFSense is that even on old hardware like this I had it up and running in about 15 minutes. I might upgrade the hard drive to a SSD at some point, but no rush there.

The other change that was made was to the FreeNAS. I had it running from a USB stick, but the server that it's on is old enough to just have USB2. This was OK when it was up and running, but it took a good while to boot. Then I broke it. I tried to mirror the USB stick. And the server then would not boot. Bugger. Oh well thinks I, I'll just reinstall it. Oh my good god. Trying to install a server OS to a USB stick running on USB2 from a USB stick running on USB2. Don't do it kids. It was PAINful. After a good couple of hours of trying repeatedly to get it working (and a pretty pissed off wife who didn't know or care what I was doing) I gave up, spat my dummy out, switched off both servers and stole one of the 32GB SSD drives from my ESXi host, which as it turned out wasn't being used anyway because it was too small for the intended purpose. BOOM! So much better. Installed and working in about ten minutes. What's that you say? The storage pool was corrupted due to my general dicking about? Fuck. Several hours of copying data again it is. Thank Christ my backup was working.... While I was on I looked in to how best to aggregate the NICs and as I have a decent switch now I was able to set up a lagg interface.

The only other minor changes are that my Nakivo backup is running directly from the NAS as an appliance - I was getting strange disk consolidation issues when I was running it as an ESXi appliance which, when fixed on the VMs in question, broke Nakivo so that it wouldn't boot. Very odd. Plus it occurred to me that it was daft to be using resource up on my ESXi box when the NAS could do what I need quite adequately. This backup is still replicating to the bizzarly cheap Wasabi cloud space, along with a cloudsync task on the FreeNAS box. I've also started playing with Security Onion and am currently researching setting up an OpenVPN server with Active Directory authentication on my PFSense. Probably more on that later.

Until next time....