The Thread about Home Networks

Given I know we’ve got a few Unifi fans here… or just general tech fans (or even Meraki fans… :eyes: eyes: )

What’s your home network setup.

Currently using

  • UDM - gateway to the home network in my place
  • Unifi Switch 8
  • Unifi 8-150W
  • U6 Lite
  • CKGen2+ (this is purely to run Protect - cloud key functions are run on the UDM)

Storage wise it’s a WDPR4100. Storage and for PLEX, does transcoding apparently…

Hoping to add more stuff in the future… but only once prices start to come back down!

There’s also the Unifi cameras, which I’ve previously mentioned in Smart home topic… but arguably they aren’t smart gear without the Homebridge server running on a raspberry pi.

1 Like

Over here I have:

  • Community FIbre - 1GB up and Down
  • UDM - Gateway connected via ethernet
  • UniFi 8-150W
  • UniFi Redundant WAN PRO over LTE - Not needed so much now but comes from my days of being on Virgin Media
  • 2 x USW-Flex-XG (not installed yet)

I have an old Synology DS415+ backing up my Office365

My plan is to get the some CCTV on the front and backdoors via either unifi or H.View cameras running off the synology

  • AAISP 80/20 VSDL

  • BT OpenReach modem - probably needs replacing with something more modern, but it’s just what was installed when I first got VDSL so I’ve kept it.

  • Unifi Dream Machine - This sits behind the modem.

  • a few unifi nano APs on each side of the house (dream machine is right in the middle, was very particular about how my line was installed)

  • unifi switch lite in the entrance hall behind my Kentia palm. This powers one of my APs, and the next piece of equipment in my setup:

  • unifi LTE Pro - it’s been utilised maybe once, since I’ve got it. Nice redundancy to have though.

  • Mac Mini Home Server - this sites right next to the dream machine and is my only wired connection. This does a lot of stuff for me. Homebridge, plex, openVPN server (because dream machine can’t), little snitch keeps everything under control. Accessed via Screens and Terminal.

Ah yeah… forgot about Littlesnitch! Had used that years ago!

Recently installed NextDNS on the UDM, so playing around with that.

1 Like

Fascinating. Gonna need to read into this one! I’ve never toyed much with DNS. What are your impressions like so far?

UDM has a pretty decent firewall built in, but can certainly see a benefit to doing some stuff at the DNS level.

Two things I like most about NextDNS.

  1. You can install on the UDM. Which means no messing around with peoples DNS.
  2. You can add third party lists to it like Steve Black Host files
1 Like

I’m not totally clued up on DNS stuff… but so far it’s interesting, can see the logs being reported of what is calling home.

Also set up a few block lists (not the one that @Jimbo has mentioned, but it might be contained in the other ones I have).

1 Like

Yeah, I like it as a final line of defence against malvertising. Obviously ad blockers are better, but this is the final line for some devices were system wide as blocking isn’t easily possible (iOS and the kids android devices)

Although the blocker is sometimes a bit crazy: tried to follow the church service online on Sunday, and couldn’t connect. After a lot of trouble shooting it turns out that Next DNS’ adult content filter blocked the Church’s life stream :laughing::man_facepalming:

Realistically it’s part of the reason why I don’t like content blockers but I feel it’s overall a necessary evil in this day and age (less concerned about adult material [kids are still too young and adults are adults] but more about malware)

Big Brother Garth GIF by Big Brother Australia

@N26Throwaway so far… i can say it stops ads (particularly on the Edinburgh evening news), stops their stupid 5 article limit… but also stops their headlines opening in the same tab (on iPhone anyway) :joy:

So far, so good though

1 Like

I’ve been binge watching Grand Designs and one very nice thing about NextDNS is that it blocks the adverts on the All4 App

2 Likes

Been reading into it quite a bit. Sounds like Pihole as a service to me.

I’m having a play with this via apple profiles, but don’t, as of now, see me implementing it. It looks like a great thing, but feels a bit redundant for what I’d use it for.

I’m not one for censorship, and I leave things pretty bare bones at the network level. I like having an unfiltered, uncensored access to the internet.

The security tools are mostly redundant in a unifi environment. There’s no new protections here from a security stand point that my threat model requires protection against.

My opinions on ad blocking are conflicted, but I generally don’t do it. I have hush installed on my devices, that stops some, but that’s not the point of Hush. Hush gets rid of all the annoying pop ups. Cookie consents, tracker opt ins, privacy agreements, newsletter sign ups, etc…

Tracking I hate, but again, I’d rather do my filtering on the client device that needs it, where if it breaks something too fundamental, I can temporarily disable the filter. I don’t think that would be quite as straightforward when using this on my router.

I’m quite happy with the unifi defaults for DNS. If you leave the fields blank, it utilises a combination of those supplied by your ISP and Cloudflare’s 1.1.1.1 service. I’m pretty happy with that. Cloudflare is fast, and private, and I trust it. Apple use Cloudflare’s premium version as part of their iCloud relay service too.

I also trust my ISPs DNS too, though I know that’s not a privilege everyone has, but my ISP have an excellent stance towards privacy, encryption and censorship. They do DoH as well, so covered on that front too.

With all of that said, I’m still very interested in this service and I’ll keep toying with it. I’ve shown it to a few friends too, and there’s some interest there as well. Grateful for the networking folk on this community. Learned a thing or two I probably otherwise would have been oblivious to!

As a little side thought, NextDNS having an app on Unifi is very interesting indeed, and perhaps there’s scope here for DoH on the router itself, if it’s not already offered, in which case it changes everything! Though I’m aware unifi OS is still in its infancy, and I’m still not too familiar over what is possible with the command line. You used to be able to do quite a bit with the command line on the security gate away, but much of that is lost with Unifi OS.

I used to use Profiles but switched back to using the App… much easier to manage when you use NextDNS out and about. Very easy to accidentally make the profile undeletable.

I can see why you’d say that being on AA… I met RevK at a Starling event and he has some pretty decent principles when it comes to privacy and security.

They don’t really want you in the SSH anymore :thinking: Seems they’re merging the prosumer focused UniFi with consumer focused Amplifi to create something that really does suit the more technically minded like us and consumer who just wants it to work.

1 Like

Definitely the impression I get with UniFi of late as well. We deploy these for clients and I’ve always been a fan of their products, but they felt too overkill for the home. Then the dream machine happened, and now I’m firmly down this ecosystem in my home too! Prosumer is definitely how it feels, and perfect for me at home as a result.

That limbo between Apple discontinuing AirPort and UniFi launching the dream machine wasn’t easy. Fell tempted by Eero a few times, and almost bought an Amplifi Alien! Glad I waited though, because the dream machine was exactly what I’d been wanting!

And now I need the Dream Router! :grimacing:

1 Like

I was going to edit my post to say exactly this :rofl:

It’s defo going the route of Amplifi being phased out. The development speed of the 2 groups is telling.

Plus with the ability to setup a UDM (or the future UDR) with an app… that then opens up the Amplifi audience who just want a bit more.

1 Like

Interestingly Unifi was founded by engineers who where disinfranchised by Apple lack of interest in networking

I wouldn’t normally recommend any article written by Bradley Chambers but this one is reasonably interesting.

I do think UI need to get some focus though… we primarily deploy their Edge range to our clients because in the past we’ve had full control over the config but even that’s changing now.

1 Like

Interesting reading…

Hold up. $79!? That can’t be right. Surely?!

It’s right, been a whole topic of discussion on /r/ubiquiti about it.

Shame it’s not on the EU store

1 Like