|
Thanatosian posted:I have an Archer C9 router, CenturyLink Gigabit Fiber, and a bullshit garbage router they gave me that is the MAC address registered to the account (the connection is wall -> their router -> my router -> my devices, wireless is disabled on their router). I'm looking into getting a VPN for privacy reasons; is there a good implementation of split tunnel for home networking? I'd like to stick Netflix/HBO/Steam on the regular network for the gigabit speeds, and everything else through the VPN. Huh - at least with my CLink Gigabit, I was able to get rid of their router. I just needed the PPPoE credentials and a router that supports VLAN tagging (they use VLAN 201). That said, the EdgeRouters are always a crowd favorite for more complex stuff like that. You could also get a cheaper NUC-style computer that has two ports and run something like pfSense on it.
|
# ? Jun 5, 2020 23:20 |
|
|
# ? Apr 27, 2024 17:28 |
|
Thanatosian posted:I have an Archer C9 router, CenturyLink Gigabit Fiber, and a bullshit garbage router they gave me that is the MAC address registered to the account (the connection is wall -> their router -> my router -> my devices, wireless is disabled on their router). I'm looking into getting a VPN for privacy reasons; is there a good implementation of split tunnel for home networking? I'd like to stick Netflix/HBO/Steam on the regular network for the gigabit speeds, and everything else through the VPN. We're in the same city so I believe should have the same configuration: 1. An ONT converting the fiber to ethernet. This is not a router. It probably has a sticker saying it's the property of CenturyLink. You should never need to touch it. Don't change what position the wire is in, if it's one of the units that has 4 plugs. 2. A router. Probably C3000Z or something. It is NOT special. Here is what they do to make it seem like you need their device: a. Use PPPOE to login. You'll have a username and password. You have to call for the password, but you can find the username in the router config (username@qwest.net) b. Have the connection on vlan 201. This one is a little tricky but all modern routers can do it. 3. You devices connected via wire or wifi to the router.
|
# ? Jun 6, 2020 02:45 |
|
Deploying Wifi 6 APs at work and OFDMA is the biggest advancement to wifi in at least a decade. Problem is you really need either 100% wifi 6 devices, which will take years for most houses with IOT devices, or dual/tri-radio APs to segregate AX from legacy clients, which is cost prohibitive for home. Don't think it's a feature worth waiting for at this point.
|
# ? Jun 6, 2020 03:49 |
KS posted:Deploying Wifi 6 APs at work and OFDMA is the biggest advancement to wifi in at least a decade. Problem is you really need either 100% wifi 6 devices, which will take years for most houses with IOT devices, or dual/tri-radio APs to segregate AX from legacy clients, which is cost prohibitive for home. I had never heard of OFDMA but reading about it was very interesting
|
|
# ? Jun 6, 2020 04:44 |
|
My current home network consists of a Surfboard modem connected to an EdgeRouter-X both inside a structured wiring enclosure (On-Q) that came with the house. The ER-X feeds 3 wired ethernet drops in different rooms in my house, one of which is connected to an AirPort Extreme in bridge mode acting as my WiFi access point. The whole thing works pretty well except that the WiFi signal in the rooms farthest from the AP is weak. I'm thinking of getting a couple of Eero units and operating them in bridge mode to replace my AirPort, utilizing ethernet backhaul on them placed in the two opposite ends of the house where I have ethernet drops. Will they still work as a mesh unit with ethernet backhaul and letting my ER-X do the DHCP/routing activities like it does now? Also, it looks like each Eero has two ports in the back so I'm assuming if one is for backhaul I can attach an unmanged switch to the other for more hardwire ethernet ports at those locations? Anything wrong with this setup that I'm missing?
|
# ? Jun 6, 2020 18:04 |
|
Connect the switches to the ER-X and have whatever APs you buy connected to the switches instead of the ER-X.
|
# ? Jun 6, 2020 18:53 |
|
WarMECH posted:My current home network consists of a Surfboard modem connected to an EdgeRouter-X both inside a structured wiring enclosure (On-Q) that came with the house. The ER-X feeds 3 wired ethernet drops in different rooms in my house, one of which is connected to an AirPort Extreme in bridge mode acting as my WiFi access point. The whole thing works pretty well except that the WiFi signal in the rooms farthest from the AP is weak. If you already have the router and wired backhaul, consider some non-mesh APs, like Unifi. I'm sure Eero will work but you're not getting anything out of the mesh at that point.
|
# ? Jun 6, 2020 20:20 |
|
I guess I was thinking that a mesh product like Eero or Orbi would handle handoff between devices better than multiple standalone APs, but maybe I'm over thinking this.
|
# ? Jun 6, 2020 21:49 |
|
It’s up to the client to decide which one it wants to connect to, isn’t it?
|
# ? Jun 6, 2020 21:53 |
|
WarMECH posted:I guess I was thinking that a mesh product like Eero or Orbi would handle handoff between devices better than multiple standalone APs, but maybe I'm over thinking this. Definitely overthinking it. Mesh wifi is less about seamless handoff between access points and more about extending your network when you don't have the ability to run a hard wire. I know I spent two posts earlier on the page ranting about my love for Orbi. If I had the choice, I'd run Cat6a through the house and setup Ubiquiti AP's everywhere. Unfortunately, I do not have that so picking the best wireless backhaul at the time was my best option. If you have Cat5e/Cat6/Cat6a running through the house and providing points of hardwired access, absolutely get yourself some Ubiquiti AP's and hook them up. Use the same SSID and WPA2 key and probably try and spread your channels a bit. Handoff won't be instant, may take a second or two but in general devices are pretty smart about connecting to a stronger signal if they know how to connect to it.
|
# ? Jun 6, 2020 21:55 |
|
For the APs, for most home users are the lites good enough or should I grab a few pros instead?
|
# ? Jun 6, 2020 22:20 |
|
You are not giving enough information. I think it's pretty safe to say that Unifi Lites are fine.
|
# ? Jun 6, 2020 22:21 |
|
TraderStav posted:For the APs, for most home users are the lites good enough or should I grab a few pros instead? LRADIKAL posted:You are not giving enough information. I think it's pretty safe to say that Unifi Lites are fine. What LRADIKAL said. But for the sake of argument, please have a look at Exhibit A: The max rated speed for the Lite is 867mbps for 5GHz (AC). In general, even standing next to an access point, your devices aren't going to break 400mbps over WiFi. There are exceptions, but most of the time if you're lucky, you're in the 300mbps area at the most. So ya - the Lites are probably fine. Also remember, you're probably not sitting there with sustained usage at those speeds either except if you're copying large files. Streaming 4K is still well below 100mbps (want to say 30ish mbps). And for web browsing or email or even gaming, you care more about latency than raw speed after a certain point. EDIT: some words. rufius fucked around with this message at 22:41 on Jun 6, 2020 |
# ? Jun 6, 2020 22:39 |
|
Dick Nipples posted:Definitely overthinking it. My Ethernet ports are wall units, which is why I was thinking mesh with Ethernet backhaul. Ubiquiti AP need to be ceiling mounted and then I'd lose the ability to add a switch at that location. Right?
|
# ? Jun 6, 2020 23:16 |
|
Unifi can be mounted anywhere. They also have Ethernet out usually. It's not a mesh network with wired back haul.
|
# ? Jun 6, 2020 23:28 |
|
WarMECH posted:My Ethernet ports are wall units, which is why I was thinking mesh with Ethernet backhaul. Ubiquiti AP need to be ceiling mounted and then I'd lose the ability to add a switch at that location. Right? If you want to add a switch, go wall > switch > AP + other devices. Edit: Lites are probably fine. I have two to cover 3400 sq ft, but one covers all of it except one pesky corner. thiazi fucked around with this message at 00:43 on Jun 7, 2020 |
# ? Jun 7, 2020 00:37 |
|
WarMECH posted:My Ethernet ports are wall units, which is why I was thinking mesh with Ethernet backhaul. Ubiquiti AP need to be ceiling mounted and then I'd lose the ability to add a switch at that location. Right? Ah. Ya you don’t want mesh I’d you have Ethernet to act as backhaul. The only time mesh makes sense IMO is when there’s no wired backhaul available. Otherwise, always prefer Ethernet backhaul. There’s no magic on the mesh systems for making the WiFi look like one network. It’s the same tricks, AFAIK, as how you build out a multi-AP WiFi network.
|
# ? Jun 7, 2020 00:47 |
|
WarMECH posted:My Ethernet ports are wall units, which is why I was thinking mesh with Ethernet backhaul. Ubiquiti AP need to be ceiling mounted and then I'd lose the ability to add a switch at that location. Right? Mine is mounted via gravity on top of my tivo or ER-X depending on which cables my 10 month old has pulled on lately. It's under the TV in a corner. Mesh is for people who don't have wired ethernet going across their house, you do.
|
# ? Jun 7, 2020 00:54 |
|
To add on to Ubiquiti mounting and orientation the RF pattern looks like a big giant donut mostly. Their signal is weakest from the back. You can always fool with orientation later, but when you first set up just set them on the floor or a shelf or something, no point mounting them before you know they are working correctly and you generally have better coverage. Here's a bunch of over-detailed pictures. https://help.ui.com/hc/en-us/articles/115005212927-UniFi
|
# ? Jun 7, 2020 01:31 |
|
I spent half of today trying to setup a PiVPN (so I can connect back through my home connection when I'm travelling) only to find out that my ISP is most likely using CGNAT (they won't confirm this for sure which is annoying though). Do I have any other options here? I'm using an ER-X if that factors. EDIT: Chatting to some of my networking buddies and apparently https hides nearly all traffic when using unsecured networks, is a VPN really necessary now? Red_Fred fucked around with this message at 10:00 on Jun 7, 2020 |
# ? Jun 7, 2020 09:47 |
|
WarMECH posted:My Ethernet ports are wall units, which is why I was thinking mesh with Ethernet backhaul. Ubiquiti AP need to be ceiling mounted and then I'd lose the ability to add a switch at that location. Right? If you have wall outlets and also need a switch then consider the in-wall version of the UAPs
|
# ? Jun 7, 2020 11:03 |
|
Red_Fred posted:EDIT: Chatting to some of my networking buddies and apparently https hides nearly all traffic when using unsecured networks, is a VPN really necessary now? So it depends on what your goal is. If you need to ensure encrypted comms, HTTPS is sufficient to achieve that goal. However it won’t stop the (hostile) network from knowing who you’re talking to. This mostly matters for folks trying to evade location detection like in China. If anyone has the tech to crack HTTPS (nation states), they could also crack VPN encryption. So ya, it is sufficient for your encryption needs. If you’re trying to obfuscate where you come from, you’ll need to setup a VPN. There’s usually three options here - host off your home network, pay a service, or use something like Algo VPN to provision your own in AWS/Azure/Google Cloud. If you your own it’s the most flexible. You can do things like Netflix and they’re none the wiser. If you use a service, you have to accept that they can see everyone you’re talking to an any unencrypted traffic you might send. If you provision one in AWS, you own the logging to a point - that is AWS could still conceivably snoop your logs though I don’t know why they would unless you were doing sketchy poo poo. Netflix and other streaming services know the major cloud provider IP ranges and can detect if that’s one you’re connecting to them. I use an Algo VPN setup for when I’m out and about and don’t want to be on untrusted WiFi. TL;DR: if you just care it’s encrypted, HTTPS is fine. If you care about location or connection obfuscation on the network, then you need a VPN.
|
# ? Jun 7, 2020 13:56 |
|
VPN's also guarantee there aren't unencrypted parts of the internet that sneak through. It's becoming a minority but it still exists. This solves for "open wifi (hotel, coffee shop, other business)" is snooping on whatever wierd sites you visit threat model. A aws free tier instance will get you enough juice to handle this but remember that you pay by the byte there, don't watch streaming video through it. An unmetered vps somewhere would get you the ability to connect through to your home if that is your goal. Home connects to the vps VPN, you connect to it, and you configure routing appropriately.
|
# ? Jun 7, 2020 16:36 |
|
Red_Fred posted:I spent half of today trying to setup a PiVPN (so I can connect back through my home connection when I'm travelling) only to find out that my ISP is most likely using CGNAT (they won't confirm this for sure which is annoying though). Do I have any other options here? If you run services on your home network and want access to them from outside the network, a VPN is a reasonable way to do that.
|
# ? Jun 7, 2020 18:57 |
|
astral posted:If you run services on your home network and want access to them from outside the network, a VPN is a reasonable way to do that. More accurately running unhardened services without a VPN is a recipe for disaster on home connections.
|
# ? Jun 7, 2020 20:16 |
|
Thanks for all the responses. Sounds like I probably don’t need my own VPN now. They only thing I need to access my network when out is for my security camera but that all runs through my Synology NAS.
|
# ? Jun 8, 2020 00:04 |
|
I would be absolutely terrified to expose my NAS to the internet at large. This is one of those 'Set up a VPN' cases.
|
# ? Jun 8, 2020 00:17 |
|
astral posted:I would be absolutely terrified to expose my NAS to the internet at large. Well it’s not the NAS itself but it’s a thing that runs on the NAS called Synology Surveillance Station. I can only get to the cameras from an app on my phone. Nothing else on the NAS can be reached from the Internet.
|
# ? Jun 8, 2020 00:59 |
|
Red_Fred posted:Well it’s not the NAS itself but it’s a thing that runs on the NAS called Synology Surveillance Station. I can only get to the cameras from an app on my phone. Nothing else on the NAS can be reached from the Internet. Yeah that's no better. I have one of those, you're exposing whatever you can connect to on your phone either to the internet, proxying it through synology, or both. It's still "a process running on the synology" that you're exposing and I would strongly discourage you from doing that. It's a dumb idea. They run as "root" which means it can almost certainly access literally everything on your synology, and I'm going to go out on a limb and say that Synology is definitely not doing any kind of cgroup isolation. My Synology posted:root@nas:~# ps aux | grep -i sur
|
# ? Jun 8, 2020 01:06 |
|
Ok so what’s my best practise here? Presumably I need to pay the one off fee to my ISP for a static IP to start with as they confirmed they use CGNAT so port forwarding is out. But then do use the VPN from Synology? Or PiVPN? Or can I even use my ER-X? I’m clearly a noob so I would like the one that’s easiest to setup and deal with even if that’s at the expense of some security.
|
# ? Jun 8, 2020 06:13 |
|
Hey thread- Ive been using an C7 AC1750 for a few years now with good success, but ever since moving my home office and router to the far corner of the house to be able to work from home, I've been having reduced signal strength on the opposite end of the house...obviously. That's going through four walls- I'm honestly surprised it's doing as well as it has. No brainer, right? Get an AP and run it to a central location of the house- and I was just about to pull the trigger and do so as my place of work gave us all a $200 technology stipend to facilitate working from home for the foreseeable. However, now the C7 is losing upstream network connectivity intermittently. Once or twice a day it just stops being able to get an outside network until it is restarted. I figure now is as good a time as any to upgrade the router- I see lots of good things about the C9, but that info is a few years old and that might not be the best option for me anymore. If I can use my budget to get something a bit more reliable and better signal strength it would be ideal. Also, I will probably run an ethernet through my home office wall so it's out in the loft area so that should help the wifi too. Thank you. Edit: Looking into it further- I didn't even consider doing a wifi range extender through powerline- which would take care of the wifi problem at least. Anyone have good experiences with the TP-Link AV1300? Seems like it might be a bit overkill for my needs. Just Offscreen fucked around with this message at 17:47 on Jun 8, 2020 |
# ? Jun 8, 2020 17:24 |
|
Red_Fred posted:Ok so what’s my best practise here? Presumably I need to pay the one off fee to my ISP for a static IP to start with as they confirmed they use CGNAT so port forwarding is out. You could pay for a static IP (kinda cool that it's a one time cost, it's usually recurring) and VPN to your router or a machine behind it. If the static IP is cost prohibitive, another option is to get a cloud instance, VPN your phone to that, and VPN your home network to that as well. Traffic between your phone and your home would route through the VPN endpoint. Something like this. As someone else said you're better off on an unmetered VPS endpoint instead of an AWS instance if you're going to put significant data through it. This is not completely trivial stuff if you're foreign to networking concepts.
|
# ? Jun 8, 2020 17:49 |
|
Red_Fred posted:Ok so what’s my best practise here? Presumably I need to pay the one off fee to my ISP for a static IP to start with as they confirmed they use CGNAT so port forwarding is out. Getting out of the CGNAT pool would help. You'd want to set up a VPN server on either your Pi or your ER-X. I can't speak to how good the throughput is on these devices but a quick search suggests you might be able to expect around ~25 Mbps on the ER-X, which is hopefully enough for the security camera's bitrate. Loooks like there's an article for it: https://help.ui.com/hc/en-us/articles/115015971688-EdgeRouter-OpenVPN-Server Make sure to backup your edgerouter config before starting if you go that route. Just Offscreen posted:Hey thread- Ive been using an C7 AC1750 for a few years now with good success, but ever since moving my home office and router to the far corner of the house to be able to work from home, I've been having reduced signal strength on the opposite end of the house...obviously. That's going through four walls- I'm honestly surprised it's doing as well as it has. AV1200 or better should be fine (depending on your house's wiring setup, of course, so make sure you buy from somewhere with a good return policy). However, if you're going to 'wire' it then just get an AP for the other side instead of a potentially dubious 'range extender'.
|
# ? Jun 8, 2020 18:29 |
|
If the one-off fee to remove CGNAT and move to a static IP isn't stupidly high then do that first, it will make your life easier later.
|
# ? Jun 8, 2020 22:20 |
|
Thanks Ants posted:If the one-off fee to remove CGNAT and move to a static IP isn't stupidly high then do that first, it will make your life easier later. KS posted:You could pay for a static IP (kinda cool that it's a one time cost, it's usually recurring) and VPN to your router or a machine behind it. astral posted:Getting out of the CGNAT pool would help. Thanks. I'll get my ISP to set a static IP for me. I think I'll give PiVPN a go as it's easier to just wipe and start again if I gently caress it up and PiVPN has a semi GUI setup which is quite easy to use. 25 Mbps should be heaps for the camera as I think it's only 720p and 10fps or something.
|
# ? Jun 9, 2020 09:06 |
|
will one megabit be enough for MS teams with voice and screen share and using a web browser on a virtual machine over citirix workspace? i found a plan in the country that i am moving to (malawi) that has 2 gigs a day at blazing 3 megabits and if i exhaust that the rest of the day will be at 1 megabits.
|
# ? Jun 9, 2020 10:59 |
|
I think it adjusts video bandwidth based on your connection quality. You can usually dial down both incoming and outgoing video as needed Audio doesn't use hardly any bandwidth at all Screen sharing, for normal office productivity BS is usually pretty static, doesn't need much bandwidth at all. If you're editing a feature length action movie via screen share, it might not work so well I give it greater than 50% odds it works, maybe even 90% Some cell companies gently caress with your connection if you try and use a lot of bandwidth continuously. I was in Grenada (off the coast of Venezuela, south of the Bahamas) and we had 10mbps burst, but as soon as you got on Skype for more than 30 seconds they would just drop your data for 5 minutes. Your data plan might be 3mbps but only burst, and otherwise like 0.5 for continuous up/down. Check and see how long you can sustain 2mbps, or if you can at all
|
# ? Jun 9, 2020 16:55 |
|
Brief trip report on new networking hardware. Mostly because I was pleasantly surprised. Old Setup - ONT from CenturyLink for Gigabit - Asus Router RT-AC68U - not using the WiFi - Netgear Orbi setup (RBR50) - Netgear Gig switch (unmanaged) - QNAP TVS-471 NAS serving Plex both on intranet and to family over WAN via 4 gigabit links Interesting Connection Paths: code:
code:
- Overall, pretty good speeds but it was spikier than I'd have liked. If I started a big file copy from my desktop to the NAS, video playback would stutter occasionally. - Max speeds internally were for a big file copy from Desktop to NAS were around 45-50MB/s though very spiky. Lots of peaks and valleys. - Occasionally latency spikes on the intranet depending on load. New Setup - ONT from CenturyLink for Gigabit - EdgeRouter 4 - EdgeSwitch 10 XP - Netgear Orbi setup (RBR50) - QNAP TVS-471 NAS serving Plex both on intranet and to family over WAN via 4 gigabit links with 802.3ad link aggregation to the EdgeSwitch Interesting Connection Paths: code:
code:
- Max speeds consistent with old max speeds - around 45-50MB/s on big file copy. Not super surprising. Speeds are a lot more consistent though - no more peaks and valleys like before. - Latencies have leveled out a lot. Pretty consistently <7ms pings whereas it used to sometimes spike to 50ms. - No more stuttering in video playback during big file copies. - Speeds from the Apple TV running Infuse to the NAS have increased - from ~180mbps to > 350mbps. This was probably the most surprising to me. - It probably helps that the Router is out of the scheme as well. TL;DR: Got some nicer networking hardware, internal network is more stable and handling additional load in a more consistent manner. Big surprise. EDIT: Note: Max copy speeds for Desktop->NAS are 45-50MB/s due to the Orbis being in play. So no hard wire.
|
# ? Jun 9, 2020 18:35 |
|
RoboBoogie posted:will one megabit be enough for MS teams with voice and screen share and using a web browser on a virtual machine over citirix workspace? i found a plan in the country that i am moving to (malawi) that has 2 gigs a day at blazing 3 megabits and if i exhaust that the rest of the day will be at 1 megabits. The MS Teams screen share is sent as video so you might struggle at 1Mbps. If it was just voice and RDP traffic I'd have said you would be OK.
|
# ? Jun 9, 2020 18:36 |
|
|
# ? Apr 27, 2024 17:28 |
|
OP posted:CAT5e vs CAT6 The OP was last updated in 2018. Should I just go with CAT7? Like this one on MonoPrice?
|
# ? Jun 12, 2020 23:40 |