Project #35 - Adding VLANS to the FLINT1 and FLINT2 routers

I have finally come to the point where I need to setup VLANs on the FLINT routers in my network.  I have noted for some time that people have problems with setting up VLANs on GL-iNet routers in general.  I mainly want to do this so that I can have some vlans that are outside of my normal Edgerouter-12 controlled space.  This would also enable me to get more into the fine tuning of these routers.  I can see having a couple of guest vlans on each router which would connect over iBGP.  I am currently reading a book on the ins and outs of GL-iNet that might give me some better information on how to do this, however at the moment it seems to be more of a word salad than a how to book.

I also need to be careful to document the entire process so that I can reproduce it.  To that end I will document the process in the RedNotebook app.  I intend on noting differences between the FLINT1 and FLINT2 setups. The main changes should be limited to one or two vlans on each router:

• On FLINT1 I will add two VLANs; Guest1 and Arbitrary1 that will not have access to the basic vlan
• On FLINT2 I will add two VLANs; Guest2 and Arbitrary2 that will not have access to the basic vlan
• The setup should be able to be altered to accommodate iBGP or VXLAN in the future (or any other items I might want to experiment with)

State of the Network in June 2025

I just recently changed my connections between the living room and the back bedroom.  Now I have a flat cable going between the FLINT 1 router in the living room to a switch in the back bedroom where I have connected both the PiHole Raspberry Pi and the switch originally in the living room to my rack.  In this way, I now do not have any vlans accessible in the living room.  I basically decided that all of my activities should be done in the back bedroom where I have my rack equipment.  I also now have the TCL TV connected directly to the FLINT 1 router.  I may still try to do a BGP from the FLINT 2 router in the back bedroom to the FLINT 1 router in the living room, but I have plenty of time to tinker before that happens. I do have some thoughts about how I might change things in the future:

• Complete the task of setting up a Certificate Authority in the HomeLab=
• Add VLANs to the FLINT2 router
• Arrange the power so that the FLINT2 router can remain on if I shutdown the Rack
• Alter the way that I connect my laptop to the network so that it remains connected at all times on the correct VLAN
• Implement the PiHole to give out DNS and DHCP IPs within the HomeLab
• Work up some 3D printed components to stage the remaining Raspberry Pis external to the Rack, but still be present within the HomeLab
• Work up the use of my STREAM deck to issue MQTT messages for HomeLab control
• Spin up a file server on the HomeLab
• Finish setting up the Raspberry Pi display/controller; connected via Tailscale

Project #34 - Creating a Certificate Authority for the HomeLab Infrastructure

I have been needing for a long time to create a Certificate Authority so that I will not be using self signed certificates and simply avoiding the checks on various equipment.  This needs to change so that it provides a measure of security in the HomeLab that makes sense.

There have been a number of articles about creation of a Certificate Authority, however one in particular seems to be the one that I could use best.  The reason is that it provides intermediate certificate authorities. That article is at https://jamielinux.com/docs/openssl-certificate-authority/index.html.  I have made a pdf of that site to work its magic.

Obviously, this will require me to make some modifications to make it easier to accomplish, such as using some scripts for the process.  I might also make use of an ACME like internal Certificate Authority to automatically update the certificates. Note that this is in addition to the certificates already created in the Tailscale VPN implementation.

Trying to Get Back into the Groove of HomeLab

I admit it, I have been relaxed in updating this blog.  Lately it's been because of the death of an immediate member of my family and the birth of another. So, I have been experiencing the lows and highs of emotion.  However, I intend on getting back on task since I need to have a focus area.

I intend on revisiting the projects that I have not completed; dropping some, attacking the remainder, and coming up with new projects to keep the entry into HomeLab fully up to date.  I think that I will focus on three things:

• Setting up a certificate authority/creation process so that all infrastructure is encrypted
• Setting up a NAS for my HomeLab
• Setting up PiHole so that I can use its features to start removing ads

Since I have the PiHole located in the Living Room, I will start there by connecting the PiHole to the FLINT router.  I am still going to use the DHCP server on the FLINT but may cause the DNS to come from the PiHole.

Project #33 - Moving the DHCP and DNS over to PiHole

This is one project that has stuck in my craw for a number of years.  I am now in a situation where I am about to change out my network to be in two pieces.  I have enough computers to think about a centralized DHCP/DNS server for the network.  I have used PiHole in the past but now I want to make that the default for all of the routers in my network.  The rub is, I have all of these vlans that need attention when I am giving out IP addresses.  This will be an effort to consolidate the IP gathering and DNS entries into one location that is easier to control.  Some specifics of what I want to do are:

• setup my Netgear switches to force certain IP ranges to certain vlans
• use PiHole to issue DHCP IP addresses tied to their MAC addresses
• if the MAC address is unknown, push it to a guest network
• include both the FLINT1 and FLINT2 routers in the mix
• modify my FLINT2 setup to have one guest network vlan that is passthrough

Altering the rack connection so that floor work can be done

Well this is the first time that this has happened, fortunately I have enough time to respond. I am having some flooring replaced under my desk/table that is next to my rack.  My roll around chair evidently has caused the flooring to buckle since I did not have a carpet under my chair.  So I went looking for ways to change the connections between the rack, the desk/table, and the power strip across the back window sill.  I want to be able to disassemble everything in case the flooring installers need more room for their work.

I have USB cables, HDMI cables, and Ethernet cables going between the rack and the desk/table.  I also have a power connection and ethernet cables going to the walls and back window sill power strip.

State of the Network in December 2024

So I have not been blogging about my network for some time.  I have been busy at the end of the year with other things including family and my newfound hobby of genealogy,  I am also adding some WoodShop activity in there as well. So, my time with my network has taken a sideline.  However, now that I find that my Retirement Community is going over to a different way of doing things, I find myself coming back to the rack for some more experiments.

• I have changed the configuration of the rack and have removed the switch for the xPod, and removed both of the special purpose Edgerouter-X boxes
• I added a 24 port 1U keystone panel at the bottom to use for projects in the future
• I removed the SLATE router from the living room, since I was not using it very much
• I am first going to start by modifying a test RPi to have two or more namespaces using OpenVSwitch to provide a NAT router function between the NS
• I will also setup the routing tables to make the two NS get their IPs from different DHCP servers
• I am also going to setup a set of Docker containers that lie on either side of the NAT router
• I want to test the idea that normal flow across the NAT is controlled
• I want to test the setup being done via Ansible
• I am going to print a rack panel to mount a GS108T and ER-X at the bottom of the rack for future projects