Hey All - can someone help me understand setting up my home network on a VPN (ie via OpenVPN or Tailscale, or similar) vs. subscribing to commerical VPN (ie Nord or similar).
I’m basically setting up my Home network and looking for a way to be a little more secure/cyber safe.
I will be using: PCs that are always on, IP Cameras, IoT devices (zwave), Home Assistant.
I’m fairly tech saavy, but not super (ie don’t really want to set up VLANs, but want some security)
A VPN is a way to establish a secure connection between different endpoints, so it isn’t some sort of firwall that you can install to be more secure.
Like people set up a VPN like openvpn or Tailscale because they need to connect back to their network while outside, or connect multiple sites/houses/locations together for whatever needs.
The primary use for commercial VPN is to obscure your location for services that are behind geoblocking, or to obscure traffic from local authorities if they happen to be very invasive.
Don’t buy the bs Youtubers peddle about “cybersecurity” because you happen to pay for NordVPN. It’s not quite like that.
So what would your recommendation be in setting up home network (running IP Cams, IoT, Home Assistant) to be secure. With the caveat of something in the moderate difficult/tech part.
I don’t know how much you trust your IP cam manufacturer, but a common thing is putting them on a separate network that doesn’t have internet access.
Same thing for IOT stuff. If they can be controlled by just HA without any cloud access, you can restrict that network to local access only.
All this requires router+switch+access point that can do VLANs.
I usually would go for something like opnsense + a few managed switches and either TP Link EAP or Unifi APs.
Thanks… was hoping to avoid VLANs… I was going to put the IP cams on sep network (NIC card) not so much worried about folks tapping into the cameras to watch per say but more as way of getting into homenetwork. That’s I feel comfortable doing. Was also debating on doing HA on separate network similar to cameras but not sure how they would all talk to each other or if it will work.
For Example: Home Network 192.168.1.1
Stand-alone PC1 - NIC 1 192.168.1.1 (Home Network)
Stand-alone PC1 - NIC 2 192.168.2.1 (POE IP Cameras and Blue Iris/DVR)
Stand-alone PC2 - NIC 1 192.168.1.1 (Home Network)
Stand-alone PC2 - NIC2 192.168.3.1 (IoT Home Assistant)
Wi-Fi - was just planning to use the current router/modem (Verizon Fios) and setup two SSID
Wi-Fi - SSID: Main (192.168.1.1) Full access
Wi-Fi - SSID: Guests (192.168.1.1) Limited per router
Will this all work to talk to each other? I guess what I don’t understand is if I’m on my laptop/wifi on Main (Full Access) and want to logon to my Blue Iris or IP cams (192.168.2.1) I won’t be able too, same with IoT/Home Assistant, correct?
Stan
This will require you to set static IPs for all those devices in different networks, and your routing will not be possible between them, cuz if you’re on 192.168.1.0/24 asking to be routed to 192.168.2.1, the Verizon box won’t know that and nothing will happen.