New user here. Much of this is a repost from my intro post on ubnt’s forum, but is relevant to what I’m asking here as well, and part of the discussion may need to move to the VPN category.
I'm in the process of updating my home network - actually nearly every wire in the house (low voltage and electrical). My home was built in the 1860s and is 3800 SF, with another 800 SF of unfinished, but finishable, attic and a 600 SF garage on 1.5 acres in the middle of town where most yards are 1/2 acre or less. I've been into home automation since 2001, back when I only had two computers connected with a crossover cable.
Right now, my current router, an ASUS RTN66U shows 38 clients connected - a mix of wired and wireless clients, there are probably another 5-7 clients that are actually sleeping or otherwise disconnected because of the remodel, so let’s say 45. My goal is to get nearly everything wired except laptops and things without wired connections (tablets, phones, WiiU, etc.).
The size and construction of the house (still several plaster and wood and/or metal lath walls and ceilings, some multiple layers) really sucks up wifi signal, and the size of the yard (~250' x 250') make reception not so good. I'm currently using the router's wifi plus another router configured as an AP only to cover most of the house, but of course, I have to use different SSIDs since they can't do zero handoff , and there are still fringe areas. When I tried same SSIDs, I had clients connected to the more distant AP with bad connections instead of the nearer... my Squeezeboxes were notorious for this and would buffer like crazy.
Right now I'm in the middle of a major remodel, the second phase of probably 4 that I've been doing over the past 5 years as time and money has allowed. This phase had a lot of walls come down, tons of rot and termite damage be repaired, replacement of windows and doors that were not replaced in phase 2 and spray foam insulation of all exterior walls (also done during phase 1).
I've been running flexible conduit (Carlon Riser guard, 1.5" and 1", depending on location) as homeruns to a 4' x 8' space we discovered between walls, which is now the server room/ wiring closet. The conduit will carry all my CAT6, RG6 and other low voltage wire to locations in each room.
I recently received 3 x Unify APs to replace my router’s wireless and get rid of the second AP. I also have a cloud key due in anytime. Everything is currently on the test bench, which is my 22U wall mount rack temporarily mounted to some 2x4s on the floor in one of the rooms.
The test rack currently has a Dell Powerconnect 2748 48-port gigabit switch and a Powerconnect 3424 10/100 POE switch with gigabit uplink. Both switches are working perfectly with the ASUS router, and the gigabit uplinks are working between the two switches (just using cat6, as I have not figured out how to use the SFP ports yet, and assume I don't need to use them). I got the Powerconnects for about $70 each on ebay. I was worried about power draw when I first got these, but right now the whole rack (2 switches and an LTS LTN8816 NVR) only draw 1.6 amps (measured where the UPS they’re connected to connects to power), though I’m sure it will go up a bit as I only have 4 POE devices connected at the moment.
The LTN8816 NVR with 12 LTS IP cameras (16 camera capacity, will expand later) on the bench as well (4 connected for testing at the moment). I'm installing them as part of my rewire. The cameras and the UAPs are being powered by the POE switch (UAPs with 80211AF adapters) and the cloud key will be powered by it as well.
The POE switch will have:
16 x IP cameras
3 x UAPs w/ 80211af adapters
1 x outdoor UAP, (still need to get, not sure if unsheilded CAT5e I ran to yard 2 years ago is still OK, won’t know if I actually need it until the UAPs are up)
1 x Unifi Cloud key
2 or 3 x in/on wall touchscreen PC/tablet (still trying to find good value in POEable tablets)
1 x uplink to 48-port switch (or router, whichever is more efficient, need advice on this)
The 48-port gigabit switch will have:
2 x R Pi Minecraft Servers
8 x Logitech Squeezebox
1 x Plex Server PC
1 x Logitech Music Server PC
1 x Windows Home Server
1 x Homeseer Z-Net
1 x Homeseeer Hometroller
1 x Quatech Serial Device Server
4 x Tivo (might add 2 more later)
1 x Tivo Stream
2 x Roku
1 x LTS LTN8816 NVR
7 x smart TVs
1 x uplink to POE switch (or router if that's more efficient)
All remaining ports as extra runs (1 or 2 to each room) for expansion
Wireless connections
4 x laptops
2 x phones
2 x tablets
1 x WiiU
2 x Squeezebox Duet controllers
2 x Roku sticks
1 x Chromecast
The router will be connected to my DSL modem and either both switches or to one switch, whichever is supposed to work better (could use advice on this). Two UAPs will be on opposite ends of the 1st floor with the third in the center of the attic (3rd floor, unfinished but insulated and conditioned, so no heat issues).
Now, given all this equipment I have some questions.
- Will my ASUS RTN66U handle all of this OK. It's been doing great so far. I've never had to reboot it - it always just works and has for ~3 years. I also installed one at my in-laws after they were having problems, and it's never missed a beat there either. So my assumption is yes, it will be fine.
- Right now I'm forwarding ports, using non-standard private ports to make it a bit more difficult to mess with my network, but I know that's not anywhere near the safest thing in the world. I'm interested in setting up VPN. I’m considering 3 courses of action:
1. Use VPN built into the router (I’m using one of the Merlin Builds) or load OpenVPN on the router. Is the router robust enough to do this? How will I generate keys? I’m new to VPN so fuzzy on the term... does the router take care of all authentication or does a RADIUS or other authentication server have to be running.
2. Set up another Raspberry Pi 2 as per this tutorial: http://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing which seems to cover everything including install, key gen and authentication
3. Get a more security oriented router that has robust VPN support. So far, other than old ebay stuff I don’t have a clue about, some of the routers listed in the router ranker and Ubiquiti’s Unify Security Gateway and EdgeMax routers, I haven’t looked at much. Are these any better than my RTN66U for achieving my goals? I was leaning towards the Ubiquiti products, especially the USG because of being able to use the controller software to view my whole network, but it appears that most of the real settings in these items are done by CLI and – for now – the controller software (USG) or EdgeOS interface (Edgemax) seem more of a novelty.
My ISP is going to be a bottleneck. I have DSL that’s stuck at 3M down and 768K up becuase of line issues in the neighborhood (people down the street get 10M down). Getting cable will require some excavation in the yard that I’m not ready to deal with yet, but I will eventually get it installed unless CenturyLink gets off their backside and gets the DSL improved.
Based on the above, any advice on where to go with router and/or VPN setup?
I'm in the process of updating my home network - actually nearly every wire in the house (low voltage and electrical). My home was built in the 1860s and is 3800 SF, with another 800 SF of unfinished, but finishable, attic and a 600 SF garage on 1.5 acres in the middle of town where most yards are 1/2 acre or less. I've been into home automation since 2001, back when I only had two computers connected with a crossover cable.
Right now, my current router, an ASUS RTN66U shows 38 clients connected - a mix of wired and wireless clients, there are probably another 5-7 clients that are actually sleeping or otherwise disconnected because of the remodel, so let’s say 45. My goal is to get nearly everything wired except laptops and things without wired connections (tablets, phones, WiiU, etc.).
The size and construction of the house (still several plaster and wood and/or metal lath walls and ceilings, some multiple layers) really sucks up wifi signal, and the size of the yard (~250' x 250') make reception not so good. I'm currently using the router's wifi plus another router configured as an AP only to cover most of the house, but of course, I have to use different SSIDs since they can't do zero handoff , and there are still fringe areas. When I tried same SSIDs, I had clients connected to the more distant AP with bad connections instead of the nearer... my Squeezeboxes were notorious for this and would buffer like crazy.
Right now I'm in the middle of a major remodel, the second phase of probably 4 that I've been doing over the past 5 years as time and money has allowed. This phase had a lot of walls come down, tons of rot and termite damage be repaired, replacement of windows and doors that were not replaced in phase 2 and spray foam insulation of all exterior walls (also done during phase 1).
I've been running flexible conduit (Carlon Riser guard, 1.5" and 1", depending on location) as homeruns to a 4' x 8' space we discovered between walls, which is now the server room/ wiring closet. The conduit will carry all my CAT6, RG6 and other low voltage wire to locations in each room.
I recently received 3 x Unify APs to replace my router’s wireless and get rid of the second AP. I also have a cloud key due in anytime. Everything is currently on the test bench, which is my 22U wall mount rack temporarily mounted to some 2x4s on the floor in one of the rooms.
The test rack currently has a Dell Powerconnect 2748 48-port gigabit switch and a Powerconnect 3424 10/100 POE switch with gigabit uplink. Both switches are working perfectly with the ASUS router, and the gigabit uplinks are working between the two switches (just using cat6, as I have not figured out how to use the SFP ports yet, and assume I don't need to use them). I got the Powerconnects for about $70 each on ebay. I was worried about power draw when I first got these, but right now the whole rack (2 switches and an LTS LTN8816 NVR) only draw 1.6 amps (measured where the UPS they’re connected to connects to power), though I’m sure it will go up a bit as I only have 4 POE devices connected at the moment.
The LTN8816 NVR with 12 LTS IP cameras (16 camera capacity, will expand later) on the bench as well (4 connected for testing at the moment). I'm installing them as part of my rewire. The cameras and the UAPs are being powered by the POE switch (UAPs with 80211AF adapters) and the cloud key will be powered by it as well.
The POE switch will have:
16 x IP cameras
3 x UAPs w/ 80211af adapters
1 x outdoor UAP, (still need to get, not sure if unsheilded CAT5e I ran to yard 2 years ago is still OK, won’t know if I actually need it until the UAPs are up)
1 x Unifi Cloud key
2 or 3 x in/on wall touchscreen PC/tablet (still trying to find good value in POEable tablets)
1 x uplink to 48-port switch (or router, whichever is more efficient, need advice on this)
The 48-port gigabit switch will have:
2 x R Pi Minecraft Servers
8 x Logitech Squeezebox
1 x Plex Server PC
1 x Logitech Music Server PC
1 x Windows Home Server
1 x Homeseer Z-Net
1 x Homeseeer Hometroller
1 x Quatech Serial Device Server
4 x Tivo (might add 2 more later)
1 x Tivo Stream
2 x Roku
1 x LTS LTN8816 NVR
7 x smart TVs
1 x uplink to POE switch (or router if that's more efficient)
All remaining ports as extra runs (1 or 2 to each room) for expansion
Wireless connections
4 x laptops
2 x phones
2 x tablets
1 x WiiU
2 x Squeezebox Duet controllers
2 x Roku sticks
1 x Chromecast
The router will be connected to my DSL modem and either both switches or to one switch, whichever is supposed to work better (could use advice on this). Two UAPs will be on opposite ends of the 1st floor with the third in the center of the attic (3rd floor, unfinished but insulated and conditioned, so no heat issues).
Now, given all this equipment I have some questions.
- Will my ASUS RTN66U handle all of this OK. It's been doing great so far. I've never had to reboot it - it always just works and has for ~3 years. I also installed one at my in-laws after they were having problems, and it's never missed a beat there either. So my assumption is yes, it will be fine.
- Right now I'm forwarding ports, using non-standard private ports to make it a bit more difficult to mess with my network, but I know that's not anywhere near the safest thing in the world. I'm interested in setting up VPN. I’m considering 3 courses of action:
1. Use VPN built into the router (I’m using one of the Merlin Builds) or load OpenVPN on the router. Is the router robust enough to do this? How will I generate keys? I’m new to VPN so fuzzy on the term... does the router take care of all authentication or does a RADIUS or other authentication server have to be running.
2. Set up another Raspberry Pi 2 as per this tutorial: http://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing which seems to cover everything including install, key gen and authentication
3. Get a more security oriented router that has robust VPN support. So far, other than old ebay stuff I don’t have a clue about, some of the routers listed in the router ranker and Ubiquiti’s Unify Security Gateway and EdgeMax routers, I haven’t looked at much. Are these any better than my RTN66U for achieving my goals? I was leaning towards the Ubiquiti products, especially the USG because of being able to use the controller software to view my whole network, but it appears that most of the real settings in these items are done by CLI and – for now – the controller software (USG) or EdgeOS interface (Edgemax) seem more of a novelty.
My ISP is going to be a bottleneck. I have DSL that’s stuck at 3M down and 768K up becuase of line issues in the neighborhood (people down the street get 10M down). Getting cable will require some excavation in the yard that I’m not ready to deal with yet, but I will eventually get it installed unless CenturyLink gets off their backside and gets the DSL improved.
Based on the above, any advice on where to go with router and/or VPN setup?
