Hi,
I'm planning to build a homelab, and first and foremost, my own network (within another network).
My internet comes from a TP-Link Deco S7, so unfortunately, I think that's a double NAT?
Since I'm a complete beginner I ask for your advice and patience ;)
The entire network/homelab should be as mobile as possible - which is why I thought about all-in-one solution.
Will something like this work:
Deco7 > via WiFi > GMKtec NucBox M7 Ultra PRO 6850U (WiFi + 2x 2.5G LAN)
GMKtec: Proxmox (OPNsense + NAS + HA + ... ) and LAN1 > AP (which one do you recommend for a few phones/tablets), LAN2 > main desktop
Do I need a switch for this setup?
Will OPNsense in Proxmox handle the double NAT?
What will be needed to have access to the network from the outside?
Or maybe you recommend some other solutions?
Can you recommend any websites about networks?
The GMKtec has 2x I226, so that is better than Realtek NICs (although you will want to use the NICs as virtio interfaces).
I see a problem with the WiFi uplink, though. You want that to be the WAN of your OpnSense, yet WiFi chipsets are badly supported under FreeBSD and OpnSense. You cannot set it up under Proxmox, either, because that should be connected only to your OpnSense's LAN side.
That was less of a problem if the WAN uplink were through one of the RJ45 interfaces and the other one was used for the LAN - but that would mean you need a switch to conenct both your main desktop and an AP.
Do not underestimate the setup, because OpnSense on Proxmox is special (https://forum.opnsense.org/index.php?topic=44159.0).
I personally do not like Router-behind-Router scenarios, because they tend to give all kinds of problems, see https://forum.opnsense.org/index.php?topic=42985.0, point 4. For one, you will have to do port forwards on both OpnSense and your outer router in order to give access from outside.
Also, if you need IPv6, this might get difficult to set up (if it works at all).
I do not really understand why you would want to keep the TP-Link in the loop, because that is a standard router without any ONT/modem inside, so OpnSense can do its jobs all on its own, so it is not needed (unless you must extend the reach via WiFi, which is problematic anyway).
It would make way more sense to connect the wired WAN directly to OPNsense and the TP-Link device (in AP mode) to the OPNsense LAN port. You then could also use the TP-Link's additional Ethernet ports as a switch for your LAN.
If this is purely experimental and you can't get a wired WAN connection, I'd explore setting up the WiFi connection in Proxmox. WiFi support in FreeBSD / OPNsense is very limited.
For IPv4, you would indeed end up with (at least) double NAT.
For IPv6, it depends on whether the TP-Link device supports prefix delegation.
That's quite a challenge for a complete beginner. I'd recommend a simpler setup for your first steps with OPNsense.
Cheers
Maurice
@meyergru, @Maurice - thanks for the answers.
Unfortunately, I don't have access to the Deco S7, so there's nothing I can do (it's a dormitory and I'm an end user).
If the WiFi (on PCIE) doesn't work with Proxmox+OPNsense - will it work on a separate miniPC with only OPNsense (Intel N100/N150 and 4x 2.5G)?
What are some other solutions for building my own network with internet 'from WiFi' (Deco S7)?
How do people solve the problem of having 'their own' network in hotels or on vacation?
-----------------------
Deco has 3x LAN ports and there's a chance I'll be able to connect via cable - so in that case: Deco > cable > GMKtec LAN1 and LAN2 > switch. And then from the switch to the AP, desktop, and the rest - will this improve the situation?
Quote from: kernew on Today at 07:50:43 PMIf the WiFi (on PCIE) doesn't work with Proxmox+OPNsense - will it work on a separate miniPC with only OPNsense (Intel N100/N150 and 4x 2.5G)?
The primary issues are WiFi in general and WiFi support in OPNsense, not Proxmox. WiFi just isn't very widely used in FreeBSD / OPNsense, even the docs say "results may vary" (https://docs.opnsense.org/manual/wireless.html). 802.11ac support for selected Intel adapters has recently been introduced with FreeBSD 14.3, but no idea whether it can be configured in OPNsense. Feel free to experiment, but documentation is limited, you won't get a lot of support in the forum and shouldn't expect things to "just work".
Quote from: kernew on Today at 07:50:43 PMWhat are some other solutions for building my own network with internet 'from WiFi' (Deco S7)?
Depends on your requirements. OpenWrt generally is a good choice if WiFi support is a priority.
Quote from: kernew on Today at 07:50:43 PMHow do people solve the problem of having 'their own' network in hotels or on vacation?
OPNsense seems overkill for that.
Quote from: kernew on Today at 07:50:43 PMDeco has 3x LAN ports and there's a chance I'll be able to connect via cable - so in that case: Deco > cable > GMKtec LAN1 and LAN2 > switch. And then from the switch to the AP, desktop, and the rest - will this improve the situation?
Definitely yes. You'll still be stuck with double NAT for IPv4 and questionable IPv6 support, but that'll always be the case if you're behind some other consumer router. If you need to allow incoming connections for remote access / VPN, you'll need to make configuration changes to the TP-Link (firewall rules / port forwardings).
Quote from: Maurice on Today at 10:09:06 PMWiFi just isn't very widely used in FreeBSD
Minor nitpick: WiFi client mode is very actively being worked on so people can run current laptops with FreeBSD as their day to day OS. WiFi infrastructure mode (creating an AP) is what is not well supported and not going to be any time soon.
Buy a dedicated AP for WiFi.