From 411f9848ed0e5f3e82b18a8a75ef99d77d59ac55 Mon Sep 17 00:00:00 2001 From: Jamie Date: Mon, 22 Jun 2026 06:39:42 +0000 Subject: [PATCH] Update README.md --- README.md | 225 +++++++++++++++++++++++------------------------------- 1 file changed, 95 insertions(+), 130 deletions(-) diff --git a/README.md b/README.md index 8a1a1e4..a7ee0ef 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ This documentation covers the complete home network setup including IP allocatio **Network:** 192.168.0.0/24 **Router:** OPNsense at 192.168.0.1 -**Last Updated:** June 1, 2026 +**Last Updated:** June 2026 ## Network Architecture @@ -25,7 +25,7 @@ This documentation covers the complete home network setup including IP allocatio 192.168.0.30-49 - User Computers & Laptops 192.168.0.50-69 - Mobile Devices & Tablets 192.168.0.70-79 - TVs & Media Devices -192.168.0.80-99 - Available (IoT devices migrated to VLAN 20) +192.168.0.80-99 - Temporary holding (pending IoT VLAN migration) 192.168.0.100-119 - Network Infrastructure (APs, switches) 192.168.0.120-139 - Hypervisors & Storage 192.168.0.140-149 - Reserved for expansion @@ -39,7 +39,7 @@ This documentation covers the complete home network setup including IP allocatio |---------|--------|------|------|---------| | **Main LAN** | 192.168.0.0/24 | (none) | TeePee | General devices, VMs, servers | | **IoT Devices** | 10.10.3.0/24 | 20 | IoTeePee | Smart home, bulbs, plugs, sensors | -| **Security Cameras** | 10.10.2.0/24 | 30 | Cameras | IP cameras (wired, pending migration) | +| **Security Cameras** | 10.10.2.0/24 | 30 | Cameras | IP cameras | ### Firewall Rules @@ -51,70 +51,60 @@ This documentation covers the complete home network setup including IP allocatio | Hostname | Service | IP | MAC Address | Type | Status | |----------|---------|-----|-------------|------|--------| -| npm | Nginx Proxy Manager | 192.168.0.10 | bc:24:11:5b:1d:a2 | Docker | ✅ Active | +| docker | Docker LXC (NPM + services) | 192.168.0.10 | BC:24:11:5b:1d:a2 | LXC | ✅ Active | | adguard | AdGuard Home | 192.168.0.11 | BC:24:11:47:27:43 | LXC | ✅ Active | | vaultwarden | Vaultwarden | 192.168.0.12 | BC:24:11:A8:44:A1 | LXC | ✅ Active | -| nextcloud | Nextcloud | 192.168.0.14 | 02:99:5b:4c:b3:e6 | VM | ✅ Active | -| homeassistant | Home Assistant | 192.168.0.15 | 02:46:0b:d8:35:7c | VM | ✅ Active | -| foundryvtt-frigate | Frigate (NVR) + FoundryVTT | 192.168.0.16 | bc:24:11:ad:cb:f6 | Pop!_OS VM | ✅ Active | -| openmediavault | OpenMediaVault (NAS) | 192.168.0.17 | bc:24:11:2c:68:58 | VM | ✅ Active | -| wordpress-irodori | WordPress - Irodori | 192.168.0.18 | bc:24:11:42:70:2a | VM | ✅ Active | -| wordpress-dustin | WordPress - Dustin | 192.168.0.19 | bc:24:11:7e:fc:ff | VM | ✅ Active | +| crafty-controller | Crafty Controller | 192.168.0.13 | BC:24:11:70:10:ff | LXC | ✅ Active | +| nextcloud | Nextcloud | 192.168.0.14 | 02:13:c9:35:9e:5d | VM | ✅ Active | +| home-assistant | Home Assistant | 192.168.0.15 | 02:46:0b:d8:35:7c | VM | ✅ Active | +| foundryvtt-frigate | Frigate NVR + FoundryVTT | 192.168.0.16 | bc:24:11:8a:bf:4d | Pop!_OS VM | ✅ Active | +| omv | OpenMediaVault (NAS) | 192.168.0.17 | bc:24:11:51:5a:a0 | VM | ✅ Active | +| irodori-wp | WordPress - Irodori | 192.168.0.18 | bc:24:11:42:70:2a | LXC | ✅ Active | +| dustin-wp | WordPress - Dustin | 192.168.0.19 | bc:24:11:7e:fc:ff | LXC | ✅ Active | ## User Devices - Computers (30-49) | Hostname | Device | IP | MAC Address | Notes | |----------|--------|-----|-------------|-------| -| jamiepc | Jamie's PC | 192.168.0.30 | 50:eb:f6:5a:71:f2 | Primary workstation | -| 3d-printer | 3D Printer (Bambu A1) | 192.168.0.32 | 10:b4:1d:d7:02:2c | Network printer | -| haruka-laptop | Haruka's Laptop | 192.168.0.33 | a8:41:f4:8d:b9:5b | Laptop | -| hp-printer | HP Printer | 192.168.0.34 | a8:b1:3b:01:c2:ce | Network printer | +| jamie-pc | Jamie's PC | 192.168.0.30 | 50:EB:F6:5A:71:F2 | Primary workstation | +| pop_os | Linux Gaming VM | 192.168.0.31 | bc:24:11:b2:20:b0 | | +| bambu-a1 | 3D Printer (Bambu A1) | 192.168.0.32 | 10:b4:1d:d7:02:2c | | +| harukas-laptop | Haruka's Laptop | 192.168.0.33 | a8:41:f4:8d:b9:5b | | +| printer | HP Printer | 192.168.0.34 | a8:b1:3b:01:c2:ce | | ## Mobile Devices (50-69) | Hostname | Device | IP | MAC Address | Notes | |----------|--------|-----|-------------|-------| -| jamie-phone | Jamie's Mobile (S23) | 192.168.0.50 | 1a:de:e8:f1:a5:d3 | Samsung Galaxy S23 | -| haruka-phone | Haruka's Mobile (S25) | 192.168.0.51 | 4e:c7:f7:bc:f1:c5 | Samsung Galaxy S25 | -| samsung-tablet | Samsung Galaxy Tablet | 192.168.0.52 | ee:a1:23:9f:1e:c5 | Tablet | +| jamies-s23 | Jamie's Phone (S23) | 192.168.0.50 | 1a:de:e8:f1:a5:d3 | | +| harukas-s25 | Haruka's Phone (S25) | 192.168.0.51 | 4e:c7:f7:bc:f1:c5 | | +| tablet-a8 | Samsung Galaxy Tablet A8 | 192.168.0.52 | ee:a1:23:9f:1e:c5 | | +| lacey-ipad | Lacey's iPad | 192.168.0.53 | c6:5a:8c:6c:d6:cf | | ## TVs & Media Devices (70-79) | Hostname | Device | IP | MAC Address | Notes | |----------|--------|-----|-------------|-------| -| unknown-media | Unknown Media Device | 192.168.0.71 | a0:d0:5b:c7:13:28 | Likely TV or streaming | +| livingroom-tv | Samsung TV | 192.168.0.70 | a0:d0:5b:c7:13:28 | | +| samsung-soundbar | Samsung Soundbar | 192.168.0.71 | b0:e4:5c:9e:ad:ca | Unconfirmed MAC | -## IoT Devices (VLAN 20 — 10.10.3.0/24) +## Temporary Holding — Pending IoT VLAN Migration (80-99) -All smart home devices have been migrated from the main LAN (192.168.0.80-94) to the IoT network (10.10.3.0/24, VLAN 20, SSID: IoTeePee). They now receive dynamic IPs via DHCP on the IoT interface. Static IPs are no longer assigned. +These devices are on the main LAN but should be migrated to VLAN 20 (10.10.3.0/24). Parked in the 80-83 range for easy identification. -| Hostname | Device | MAC Address | Notes | -|----------|--------|-------------|-------| -| tapo-hub-h100 | Tapo Hub/Chime H100 | a8:29:48:88:84:d6 | Smart home hub | -| tapo-leak-t300 | Tapo Water Leak Sensor T300 | 20:23:51:d0:b1:7d | Battery powered | -| tapo-bedside-l530 | Tapo Smart Bulb L530 - Bedside | 20:23:51:08:19:76 | Smart bulb | -| tapo-bedroom-l530 | Tapo Smart Bulb L530 - Bedroom | b0:19:21:17:a7:c3 | Smart bulb | -| tapo-hallway-a-l530 | Tapo Smart Bulb L530 - Hallway A | f0:09:0d:b6:4a:8d | Smart bulb | -| tapo-hallway-b-l530 | Tapo Smart Bulb L530 - Hallway B | 40:ae:30:67:a2:46 | Smart bulb | -| tapo-porch-l530 | Tapo Smart Bulb L530 - Porch | 3c:64:cf:63:58:da | Smart bulb | -| tapo-plug-a-p110 | Tapo P110 Smart Plug | 40:ae:30:50:c8:62 | Power monitoring | -| tapo-plug-b-p110 | Tapo P110 Smart Plug | b0:19:21:17:a5:7e | Power monitoring | -| yeelight-color4 | Yeelight Smart Bulb | 58:b6:23:41:e1:ff | Smart bulb | -| reolink-kitchen | Reolink E1 Camera - Kitchen | 54:ef:33:bd:be:e0 | Security camera | -| reolink-outdoor | Reolink Camera - Outdoor | e8:ca:c8:6d:b0:7f | Security camera | -| TPC100 | Tuya Backyard Camera | a8:b1:3b:01:c2:ce | Backyard Camera | -| TPC100 | Tuya Living Room Camera | 58-04-4F-4A-D1-E1 | Living Room Camera | -| TPC120 | Tuya Garden Camera | B8-FB-B3-7A-68-81 | Garden Camera | - -### Pending Camera Migration (VLAN 30 — 10.10.2.0/24) - -The three IP cameras (TPC100 backyard, TPC100 living room, TPC120 garden — formerly 192.168.0.92, .93, .94) will be migrated to the Camera network (10.10.2.0/24, VLAN 30) once physically reconnected. Until then, they remain on the IoT network (VLAN 20). +| Hostname | IP | MAC Address | Notes | +|----------|----|-------------|-------| +| tuya-unknown-a | 192.168.0.80 | c4:82:e1:b4:fd:a3 | Tuya device — identity unknown | +| tuya-unknown-b | 192.168.0.81 | 18:de:50:eb:27:30 | Tuya device — identity unknown | +| tuya-unknown-c | 192.168.0.82 | c4:82:e1:b4:f6:1d | Tuya device — identity unknown | +| tuya-unknown-d | 192.168.0.83 | b8:06:0d:96:d9:a4 | Tuya device — identity unknown | ## Network Infrastructure (100-119) | Hostname | Device | IP | MAC Address | Notes | |----------|--------|-----|-------------|-------| -| u7-lite | UniFi U7 Lite AP | 192.168.0.159 | — | Managed by UniFi OS controller; pending static DHCP reservation | +| unifi-os | UniFi OS Server | 192.168.0.100 | bc:24:11:8f:4d:4d | | +| u7-lite | UniFi U7 Lite AP | 192.168.0.159 | — | Pending static reservation | ## Hypervisors & Storage (120-139) @@ -123,12 +113,41 @@ The three IP cameras (TPC100 backyard, TPC100 living room, TPC120 garden — for | proxmox-1 | Proxmox Server 1 | 192.168.0.120 | 10:ff:e0:11:46:9f | Primary hypervisor | | proxmox-2 | Proxmox Server 2 | 192.168.0.121 | 74:d4:35:97:f4:9d | Secondary hypervisor | +## IoT Devices (VLAN 20 — 10.10.3.0/24) + +All smart home devices are on the IoT network (SSID: IoTeePee). IPs are reserved via Kea DHCP on the IoT interface. + +| Hostname | Device | IP | MAC Address | Notes | +|----------|--------|-----|-------------|-------| +| tapo-plug-a-p110 | Tapo P110 Smart Plug A | 10.10.3.2 | 40:ae:30:50:c8:62 | | +| tapo-bedside-l530 | Tapo Smart Bulb L530 - Bedside | 10.10.3.3 | 20:23:51:08:19:76 | | +| tapo-hub-h100 | Tapo Hub/Chime H100 | 10.10.3.4 | a8:29:48:88:84:d6 | Leak sensor connected directly to hub (no IP) | +| tapo-plug-b-p110 | Tapo P110 Smart Plug B | 10.10.3.6 | 40:ae:30:50:ce:78 | | +| tapo-porch-l530 | Tapo Smart Bulb L530 - Porch | 10.10.3.8 | 3c:64:cf:63:58:da | | +| tapo-hallway-b-l530 | Tapo Smart Bulb L530 - Hallway B | 10.10.3.9 | 40:ae:30:67:a2:46 | | +| yeelight-color4 | Yeelight Smart Bulb | 10.10.3.10 | 58:b6:23:41:e1:ff | | +| tapo-hallway-a-l530 | Tapo Smart Bulb L530 - Hallway A | 10.10.3.13 | f0:09:0d:b6:4a:8d | | +| tapo-bedroom-l530 | Tapo Smart Bulb L530 - Bedroom | 10.10.3.36 | b0:19:21:17:a7:c3 | | + +**No IP — hub-connected:** +- Tapo Water Leak Sensor T300 (MAC: 20:23:51:d0:b1:7d) — wired to hub, no WiFi + +## Security Cameras (VLAN 30 — 10.10.2.0/24) + +| Hostname | Device | IP | MAC Address | Notes | +|----------|--------|-----|-------------|-------| +| camera-garden | Tuya Camera - Garden | 10.10.2.2 | b8:fb:b3:7a:68:81 | | +| camera-backyard | Tuya Camera - Backyard | 10.10.2.3 | a8:b1:3b:01:c2:ce | | +| camera-living-room | Tuya Camera - Living Room | 10.10.2.4 | 58:04:4f:4a:d1:e1 | | +| camera-kitchen | Reolink Camera - Kitchen | 10.10.2.8 | 54:ef:33:bd:be:e0 | | +| camera-driveway | Reolink Camera - Driveway | 10.10.2.9 | e8:ca:c8:6d:b0:7f | | + ## DHCP Configuration ### Current Settings -- **DHCP Pool:** 192.168.0.150 - 192.168.0.200 (51 addresses) -- **Purpose:** Guest devices and temporary connections -- **Static Reservations:** 20 devices with confirmed MACs +- **LAN DHCP Pool:** 192.168.0.150 - 192.168.0.200 (guest/unknown devices) +- **IoT DHCP Pool:** 10.10.3.0/24 (dynamic for non-reserved devices) +- **Camera DHCP Pool:** 10.10.2.0/24 (dynamic for non-reserved devices) ### DNS Settings - **Primary DNS:** 192.168.0.11 (AdGuard Home) @@ -141,111 +160,57 @@ The three IP cameras (TPC100 backyard, TPC100 living room, TPC120 garden — for | 100.65.128.1 | e0:cb:19:60:87:70 | Tailscale VLAN device | | 100.65.159.134 | bc:24:11:be:cf:af | Tailscale VLAN device (permanent) | -## Network Statistics +## Known Issues / Pending -- **Total Active Devices:** 33 -- **VMs/Containers:** 10 -- **User Computers:** 5 (3 PCs + 2 printers) -- **Mobile Devices:** 3 (2 phones + 1 tablet) -- **TVs & Media:** 3 -- **Smart Home/IoT:** 15 (9 Tapo + 1 Yeelight + 2 Reolink + 3 Tuya) — all on VLAN 20 -- **Network Infrastructure:** 1 (UniFi U7 Lite AP) -- **Hypervisors:** 2 -- **Static Assignments:** 20 devices -- **DHCP Pool Size:** 51 addresses - -## Known Issues - -### Tapo App Issues -- Some Tapo devices may show incorrect info in app after VLAN migration -- **3D printer plug:** App showing wrong MAC, verify after print finishes -- **Resolution:** Use OPNsense ARP table MACs as source of truth - -### Devices Needing Attention -- Factory reset recommended for Tapo devices showing app glitches after VLAN migration +- **u7-lite:** MAC address not yet confirmed — reservation at .159 has no MAC +- **Samsung Soundbar (.71):** MAC unconfirmed +- **Tuya devices (.80-.83):** On main LAN, need factory reset and migration to VLAN 20 +- **Tapo app glitches:** Some devices may show incorrect info after VLAN migration — use OPNsense ARP table as source of truth ## Maintenance Tasks -### Regular Tasks -- [ ] Monthly: Review DHCP leases for new unknown devices -- [ ] Quarterly: Audit static IP assignments -- [ ] Quarterly: Update device firmware (routers, APs, cameras) -- [ ] Yearly: Review and optimize IP allocation scheme - -### Pending Tasks -- [ ] Factory reset Tapo devices with app issues +- [ ] Identify and migrate tuya-unknown-a through -d to IoT VLAN 20 +- [ ] Confirm UniFi U7 Lite MAC and update reservation +- [ ] Confirm Samsung Soundbar MAC +- [ ] Monthly: Review DHCP leases for unknown devices +- [ ] Quarterly: Audit static IP assignments and firmware ## Security Considerations -1. **Network Segmentation:** VLAN 20 (IoT) and VLAN 30 (Cameras) isolate untrusted devices from the main LAN +1. **Network Segmentation:** VLAN 20 (IoT) and VLAN 30 (Cameras) isolate untrusted devices 2. **Guest Network:** DHCP pool isolated from static devices -3. **Firewall Rules:** OPNsense enforces strict inter-VLAN rules — IoT can only reach HA; Cameras can only reach HA and Frigate/FoundryVTT -4. **DNS Filtering:** AdGuard Home provides ad/tracker blocking -5. **Remote Access:** Tailscale VPN for secure remote access +3. **Firewall Rules:** OPNsense enforces strict inter-VLAN rules +4. **DNS Filtering:** AdGuard Home with ad/tracker blocking +5. **Remote Access:** Tailscale VPN + Cloudflare Tunnel ## Backup Strategy -### What to Backup 1. **OPNsense Configuration:** XML backup from web interface -2. **DHCP Reservations:** CSV export (included in this repo) -3. **Network Documentation:** This README and related files -4. **AdGuard Home Config:** Settings and filter lists - -## Migration Notes - -## Troubleshooting - -### Device Not Getting Reserved IP -1. Check MAC address in router's ARP table -2. Verify DHCP reservation exists -3. Release/renew DHCP lease on device -4. Check for MAC address conflicts - -### Cannot Access Device -1. Verify device is online (ping IP) -2. Check if device changed MAC (WiFi vs Ethernet) -3. Review firewall rules in OPNsense -4. Check DNS resolution in AdGuard Home - -### IoT Device Issues -1. Tapo devices: Check app vs ARP table for correct MAC -2. Battery devices (water sensor): Won't always appear in ARP -3. For offline devices: Power cycle or factory reset +2. **DHCP Reservations:** CSV exports (reservations_lan.csv, reservations_iot.csv, reservations_cameras.csv) +3. **Network Documentation:** This README ## Tools & Commands -### Identify Device by MAC ```bash -# Online MAC lookup -curl -s "https://api.macvendors.com/5c:62:8b:8d:cb:d6" +# Verify subnet IDs before running import script +curl -s -u "apikey:apisecret" -k https://192.168.0.1/api/kea/dhcpv4/searchSubnet -# Or use OUI lookup -# First 6 characters (3 octets) identify manufacturer -``` - -### Scan Network -```bash -# Using nmap +# Scan network nmap -sn 192.168.0.0/24 +nmap -sn 10.10.3.0/24 +nmap -sn 10.10.2.0/24 -# Using arp-scan (more reliable) -sudo arp-scan --interface=eth0 192.168.0.0/24 -``` - -### Check Current IP/MAC -```bash -# View ARP table +# Check ARP table arp -a - -# Or on OPNsense -arp -an | grep 192.168.0 ``` +## Configuration Files + +- `reservations_lan.csv` — Main LAN (192.168.0.0/24) DHCP reservations +- `reservations_iot.csv` — IoT VLAN (10.10.3.0/24) DHCP reservations +- `reservations_cameras.csv` — Camera VLAN (10.10.2.0/24) DHCP reservations +- `import_reservations.sh` — Bulk import script for OPNsense Kea DHCP API +- `opnsense-config.xml` — OPNsense configuration backup (not in repo) + --- - -**Configuration Files:** -- `dhcp-reservations.csv` - DHCP static assignments export -- `Network Inventory.docx` - Human-readable network map -- `opnsense-config.xml` - OPNsense configuration backup (not in repo) - -**Last Updated:** June 1, 2026 +**Last Updated:** June 2026 \ No newline at end of file