Hello,
Just spent a good week installing my home server. Time to pause and lookback to what I’ve setup and ask your help/suggestions as I am wondering if my below configuration is a good approach or just a useless convoluted approach.
I have a Proxmox instance with 3 VLAN:
-
Management (192.168.1.x) : the one used by proxmox host and that can access all other VLANs
-
Servarr (192.168.100.x) : every arr related software + Jellyfin (all LXC). All outbound connectivity goes via VPN. Cant access any VLAN
-
myCloud (192.168.200.X): WIP, but basically planning to have things like Nextcloud, Immich, Paperless etc…
The original idea was to allow external access via Cloudlfare tunnel but finally decided to switch back to Tailscale for “myCloud” access (as I am expected to share this with less than 5 accounts). So:
- myCloud now has Tailscale running on it.
- myCloud can now access Servarr VLAN
Consequently to my choice of using tailscale, I had now to use a DNS server to resolve mydomain.com:
- Servarr now has pihole as DNS server reachable across all VLAN
On the top of all that I have yet another VLAN for my raspberry Pi running Vaultwarden reachable only via my personal tailscale account.
I’m open to restart things from scratch (it’s fun), so let me know.
Also wondering if using LXCs is better than docker especially when it comes to updates and longer term maintenance.
HOW WOULD YOU GET SHELL ACCESS TO HIS ROUTER FROM A FIREWALLED OFF VLAN THAT DOES NOT GAIN ACCESS TO THE MANAGEMENT VLAN THE ROUTER IS ON.
Holy crap dude.
BASIC networking.
Take your own advice: https://www.n-able.com/fr/blog/vlan-hopping-security
For some reason you think a home router can’t be gotten into because of a VLAN of all things🤣
You’re sitting here worrying about some packets from the internet being safe for some reason and not realizing the big picture. Go back to Innernette learning school, tough guy.