Hey Everyone
So I had to do a capture on one of my home machines the other day to troubleshoot something. Shortly into this capture I saw one of our Sony devices (either a ps4 or sony tv) appeared to be running a rogue dhcpv6 server on our network trying to get my machine to accept a lease. This seems like a pretty sneaky way do some network recon which I’m sure they sell to the highest bidder. Because of this little discovery as well as my significant other’s desire to get some cameras on the perimeter of the house, I’ve decided that it’s time to do some serious network segmentation in the home network.
For the past few months i’ve been on a quest to redo my home network. After a ton of research I think I’m just about sold on the Turris Omnia. It sounds like it has quite the feature set, as well as having the ability to flash to openwrt if this can gain some additional functionality.
Before I buy it, I wanted to ask some of you whether or not the router can do everything needed for the following setup:
I will be creating a router on a stick configuration which provides routing for roughly 20 vlans connected to an 802.1Q trunk on a netgear GS116E switch. If possible I’m going to try to portchannel 2 of the LAN ports on the Omnia and connect them to a 2 port LAG on the Netgear Switch in order to have 2Gbps of logical capacity (with no single traffic flow exceeding 1Gbps). This port channel will be a trunk which will pass all 20 VLANs to the Omnia router. I’ll need to apply acl’s/firewalling between these inside vlans at the Omnia router. Most of them will need to be completely firewalled off from each other, but some of the vlans will need a port or 2 allowed for things like printing. I’ll need the Omnia to act as a DHCP server for multiple scopes for some vlans. Connectivity to the internet will be using PAT with the same single IPV4 address for all VLANs. Additional downstream switches will uplink to the other ports on the netgear switch which connect to other switches throughout the house that support 802.1Q tagging so that vlans can stretch all around the house. I’d also like to hang some Openwrt Access Points off of these switches with multiple SSIDs in different VLANs. I will also need to put an acl in place on one vlan to only allow outbound to the internet to one IP address and port and block everything else in and out (just for that VLAN). This would need to be a stateful connection and allow the return traffic.
Does anyone see anything wrong with this scenario and could someone confirm that the Omnia would be able to do everything it would need to in this scenario? Will this work or do I need to be looking into an enterprise solution at this point? If anyone has any suggestions I’m open to hearing them.
Thanks