Starting My Home Lab

Status

Done

Text

This is a continuation of Planning My Home Lab where I discussed my computer and plans for building out my network home lab.

The first step to getting this whole lab operational was going to be setting up my server. I wanted to be able to virtualize multiple machines on this server and, after doing some research, decided to use Proxmox Virtual Environment to do so. Proxmox VE is an open-source virtualization platform that can be used to create and manage virtual machines. It is a bare-metal or Type 1 hypervisor, meaning that the virtualized instances are running directly on the computer hardware as opposed to passing through a host operating system. This maximizes performance and is very commonly seen in enterprise virtualization solutions.

To set this up, I loaded the installer onto a flash drive and booted my server from the drive. The installer makes the process very simple and walks the user through each step. The only notable thing to mention here is configuring the IP address of the Proxmox server. Since I am setting this up on my apartment’s pre-existing network infrastructure, I am unable to log in to the router and assign this server a static IP. Relying on DHCP is not ideal. However, since I plan on leaving this server running 24/7, there is no reason that my lease should expire. For this reason, my server should continue to retain the address to which it was first assigned indefinitely. Luckily, if something goes wrong, it is only a minor inconvenience to fix.

Once Proxmox was installed, I was able to access it via the web portal from my laptop. This is done by pointing a web browser to the server’s IP address on port 8006 while on the same network. Proxmox provides a friendly GUI to manage all of a user’s servers. For me, I will only be using this single node, but it is clear how this implementation can be scaled to a large enterprise using dozens of virtualization servers. The first thing I did was ensure that all of my hardware was properly accounted for within Proxmox. This includes my 40GB of memory and my 2 x 1TB storage drives. After verifying this, I downloaded all my updates in the “Repositories” section.

Before I undertook the task of setting up my virtualized firewall/router, I first had to configure my networking settings in Proxmox. Connected to my NIC on the port enp1s0f0 was my WAN connection to my apartment’s router. On another NIC port, enp1s0f1, was wired to my TL-SG108E managed TP-Link 8 port switch. To connect these network devices to the virtual machines, Proxmox has the user create Linux Bridges. These bridges link the connection from the physical hardware to the virtual interfaces used by the machines. So, I created vmbr0 and vmbr1 and mapped them to enp1s0f0 (WAN) and enp1s0f1 (LAN), respectively. Additionally, I defined vmbr1’s CIDR field to 192.168.1.1/24. This allows the LAN to use IP addresses that start with 192.168.1.x. For more clarity, I have made all of this into a diagram.

Now, with all of the preparation work done, it was finally time to install and configure my router/firewall solution. I was between using PfSense and OPNsense for my lab but ultimately decided on OPNsense. OPNsense is a fork of the PfSense project by Netgate. In recent years, OPNsense has been more consistent with putting out updates and places a greater emphasis on the open-source aspect of the software. Additionally, nothing in OPNsense is locked behind a paywall and has a more modern GUI.

To install OPNsense, Proxmox allows the user to download ISO images directly onto the server’s drive and use that to stand up the virtual machines. All this requires is the link to the ISO download and the corresponding hash to verify the file’s integrity. From here, creating the VM is straightforward. I named this machine “opnsense” and gave it the VM ID of 100, which is the first possible value. I assigned this machine 4GB of memory, although Proxmox allows for ballooning, which can dynamically allocate the machine more memory if it is needed. After creating the machine, I needed to edit its hardware interfaces before I ever ran it. It was important that I add both vmbr0 and vmbr1 as network devices in order for this to work. This would give OPNsense the capability to communicate with both the WAN (Internet) and LAN (home network). Additionally, I configured this machine to boot automatically should the server ever be restarted. This could help prevent issues later because the whole network would be down if this machine is not running.

From here, I started the machine and began the installation process. The critical part of this process was assigning the LAN and WAN interfaces properly. As previously mentioned, I have to use DHCP for this project, which means that there is a possibility that the server’s address can change, which is far from ideal. Regardless, when connected to this new network, the OPNsense router or the default gateway would always be 192.168.1.1. I also configured the LAN to use DHCP for now. From here, I connected my laptop directly to the switch and was able to access the OPNsense web GUI. It takes the user through a quick setup wizard, although I purposefully left everything as the default settings because I plan to explore OPNsense more in a later project.

The final piece of setting up this basic infrastructure was adding a wireless access point. I purchased a TP-Link AC1200 wireless router and configured it to work in access point mode rather than routing. I connected the access point to the second port on my switch and configured my wireless settings. I made sure to utilize WPA3 and also split the 2.4 and 5ghz signals. This is a personal preference as I like to have the option to switch between the two manually, depending on factors like my proximity to the broadcast and how many walls are interrupting the signal. Now, I can connect to my new network from the comfort of my bed rather than hunched over the switch in the living room.

Here is an updated map of my current network:

At this point, the network is fully operational. I am able to access the Internet and communicate between devices on the network. Funnily enough, accessing the Internet through this network is faster than using the Wi-Fi provided by my apartment. This is likely because my access point produces a better signal than the old router provided in the unit. Next on the agenda is doing a deeper exploration of OPNsense. If by the time you read this, it is already out, here is the link.