A project to construct a reliable, low-cost, secure, IPv6 gigabit intranet. At home.

Servers

By Name

• Azathoth - Phase I general purpose gateway
• Byatis
• Niggurath - general purpose app server
• Hastur - media processor and storage
• Cyclops - new media server
• Yuggoth - publicly accessible services
• Pixie - home automation controller

By Service

• Perimeter Router
• Log Server
• Storage Server
• DNS1
• DNS2
• VoIP Gateway
• Mobile Router
• Automation Hub - for Home Automation
• Authentication
• Monitoring
• Power distribution

Network Hardware

• TP-Link WDR3600 x2 - wireless N600 routers (4-port gigabit switch)
• Ricoh 213W mono laser printer
• Eaton Ellipse Eco 1200 - UPS
• Eaton 5S 1500 - UPS
• CliMate CM-2 - climate monitor

Switches

• Extreme Networks Summit X450e-24p Gigabit PoE switch
• Dell PowerConnect 2716 - 16-port gigabit rackmount switch
• Zyxel GS108 - 8-port gigabit "media" switch
• Netgear FS105 - 5-port 100Mbit desktop switch
• On-Networks DSG005 - 5-port gigabit desktop switch

Access Points

• Ubiquiti Unifi AP x3
• Ubiquiti Unifi AC Lite x2

Other Network Hardware

• Thomson Speedtouch 516v6 ADSL Modem
• Cisco WAP4410N - 802.11n wireless access point
• Zyxel PLA5205 - powerline adapters
• Linksys WRT54GL - 802.11g wireless router
• D-Link DGS-1008D - 8-port gigabit desktop switch
• Netgear DG834GT - Sky router

Services

• Routing
• Name resolution
• Mail
• Web
• Logging
• VoIP
• LDAP
• Network Storage
• Video Surveillance
• Home Automation
• VPN and Geolocation Tunneling
• Indoor Positioning

Features

• Security
• Gigabit ethernet
• Bandwidth Management
• IPv6
• Public Wireless
• Wan Bonding

Clients

• Omenbook laptop
• Nixie netbook
• Archix laptop
• Shochu laptop
• Mobile clients

Troubleshooting

• Proto41Filtering
• PPTP
• Reboot - power failures, etc

Upgrades

• Upgrade 2016

---

Planned Features

• Perimeter Subnet, Private Subnet and Wireless Subnet
• Public Wireless
• IPv6 tunnelled to public internet via IPv6-over-IPv4 tunnel
• Gigabit ethernet
• Public and local DNS
• Web, Mail, VPN servers
• Remote logging / SNMP
• OpenBSD Perimeter/Wireless Router on embedded hardware
• Private Router with Gigabit throughput
• Network Storage Server
• SAN
• Media transcoding system
• Thin-client Home-Theatre PC using MythTV

Implementation

Network is implemented in three phases:

Phase I - Single subnet

In this phase a single privately addressed (NATted) subnet is created.

• Single general purpose gateway (Azathoth)
• Public systems are accessible via DNAT on the gateway.
• One DNS server provides local cacheing and authoritative for public systems.
• Private DNS info is kept in /etc/hosts on each system.
• Single Mail server for secure submission and retrieval
• Azathoth is replaced with embedded/SBC system
• Public domain name registered
  • Update /etc files, mail config, LDAP database, certificates

Phase II - Perimeter and Private subnets

In this phase the subnet is split in to perimeter (non-NAT) and private (NAT) and IPv6 migration begins.

• Second switch is added and Azathoth assumes the role of private router.
• Attempt Gigabit routing throughput on Azathoth.
• Private net migrates to pure IPv6, router provides IPv6-to-IPv4
• Second DNS is added and provides cacheing and DNS for all systems
• Perimeter router provides Bandwith Management
• VPN gateway provides two-factor authenticated access to private network.

Phase III - Perimeter, Private, Wireless

A wireless IPv6 network is created on the internet side of the perimeter firewall

• Wireless adapter is added to perimeter router
• Pure IPv6 wireless network is created with router running radvd on wireless interface
• Aside from radvd, no systems exist on the wireless network

---

Notes