Introduction
In this project, I built an advanced home lab that focuses on security, high availability, and full control over my infrastructure. The goal was to create an environment similar to enterprise networks, but fully self-hosted and managed by me.
The lab combines networking, virtualization, monitoring, and Zero Trust access into one consistent system.
Network Overview
The core of my network is based on pfSense, which acts as the main router and firewall.
The network is divided into two main segments:
- LAN_1 (10.0.0.0/24) – servers and storage
- LAN_2 (172.16.8.0/24) – infrastructure and UniFi ecosystem
Additionally, I use VLANs for WiFi segmentation:
- VLAN10 – main WiFi network
- VLAN20 – guest network
- VLAN30 – IoT devices
- VLAN40 – management network (secured with 802.1X)
This segmentation improves security and allows better control over traffic between devices.
Core Networking and Security
The firewall is configured with several important services:
- Intrusion detection and prevention using Snort
- IP and geo-blocking with pfBlockerNG
- WireGuard VPN for secure remote access
- DHCP, DNS, and SNMP services
- Monitoring agents for infrastructure visibility
This setup creates a strong security layer at the edge of the network.
Server Infrastructure (LAN_1)
In the server network, I run a three-node Proxmox cluster with high availability and Ceph storage.
The cluster hosts:
- Linux containers (LXC) for core services
- Virtual machines including:
- Windows Server 2019 (Active Directory)
- Windows 10 clients
Key services include:
- Zabbix monitoring (frontend and backend cluster)
- Grafana for data visualization
- Wazuh SIEM for security monitoring
For storage, I use a TrueNAS server that provides:
- NFS for Proxmox backups
- SMB shares for general usage
Infrastructure Network (LAN_2)
The second network segment is focused on infrastructure and network management.
It includes:
- UniFi switch and access point
- A mini PC running Debian Linux
- Multiple services in containers (Docker and Podman)
On this host, I run:
- Pangolin client for Zero Trust connectivity
- FreeRADIUS server for 802.1X authentication
- UniFi controller (Podman)
- Docker services such as Portainer and AdGuard Home
This network acts as a control layer for WiFi and internal services.
Zero Trust Access
For secure remote access, I use Pangolin.
The idea is simple:
- No services are exposed directly to the internet
- All access goes through a central gateway
- Authentication (including 2FA) is required before access is granted
This approach is similar to cloud-based Zero Trust solutions, but fully self-hosted.
Monitoring and Observability
Monitoring is a key part of the system.
I use:
- Zabbix for infrastructure monitoring
- Grafana for dashboards and visualization
- Uptime Kuma for service availability checks
This combination allows me to detect problems quickly and understand system behavior in real time.
Key Features of the Project
- Strong network segmentation (LAN + VLANs)
- High availability with Proxmox cluster and Ceph
- Secure remote access using Zero Trust model
- Advanced monitoring and logging
- Enterprise-style WiFi management with UniFi
- Centralized authentication using FreeRADIUS
Conclusion
This home lab is designed as a realistic simulation of a modern IT infrastructure. It focuses on security, scalability, and reliability.
By combining networking, virtualization, and Zero Trust access, I created an environment that is both powerful and secure.
This project helped me improve my skills in system administration and networking practices, while also giving me a stable platform for testing new technologies.
