# Home Network Infrastructure Documentation ## Overview This documentation covers the complete home network setup including IP allocation scheme, DHCP reservations, VLANs, and device inventory for a 192.168.0.0/24 network managed by OPNsense. **Network:** 192.168.0.0/24 **Router:** OPNsense at 192.168.0.1 **Last Updated:** December 27, 2025 ## Network Architecture ### Core Infrastructure - **Router/Firewall:** OPNsense (192.168.0.1) - **DNS/Ad Blocking:** AdGuard Home (192.168.0.11) - **Reverse Proxy:** Nginx Proxy Manager (192.168.0.10) - **VPN:** Tailscale integration ### IP Allocation Scheme ``` 192.168.0.1 - OPNsense Router 192.168.0.2-9 - Reserved for future infrastructure 192.168.0.10-29 - Core Services (VMs/Containers) 192.168.0.30-49 - User Computers & Laptops 192.168.0.50-69 - Mobile Devices & Tablets 192.168.0.70-79 - TVs & Media Devices 192.168.0.80-99 - Smart Home IoT 192.168.0.100-119 - Network Infrastructure (APs, switches, extenders) 192.168.0.120-139 - Hypervisors & Storage 192.168.0.140-149 - Reserved for expansion 192.168.0.150-200 - DHCP Pool (Guest devices only) 192.168.0.201-254 - Future expansion ``` ## Infrastructure - Core Services (10-29) | Hostname | Service | IP | MAC Address | Type | Status | |----------|---------|-----|-------------|------|--------| | npm | Nginx Proxy Manager | 192.168.0.10 | bc:24:11:5b:1d:a2 | Docker | ✅ Active | | adguard | AdGuard Home | 192.168.0.11 | BC:24:11:47:27:43 | LXC | ✅ Active | | vaultwarden | Vaultwarden | 192.168.0.12 | BC:24:11:A8:44:A1 | LXC | ✅ Active | | crafty | Crafty Controller | 192.168.0.13 | BC:24:11:70:10:E5 | LXC | ✅ Active | | nextcloud | Nextcloud | 192.168.0.14 | 02:99:5b:4c:b3:e6 | VM | ✅ Active | | homeassistant | Home Assistant | 192.168.0.15 | 02:46:0b:d8:35:7c | VM | ✅ Active | | foundryvtt | FoundryVTT | 192.168.0.16 | bc:24:11:ad:cb:f6 | VM | ✅ Active | | openmediavault | OpenMediaVault (NAS) | 192.168.0.17 | bc:24:11:2c:68:58 | VM | ✅ Active | | wordpress-irodori | WordPress - Irodori | 192.168.0.18 | bc:24:11:42:70:2a | VM | ✅ Active | | wordpress-dustin | WordPress - Dustin | 192.168.0.19 | bc:24:11:7e:fc:ff | VM | ✅ Active | ## User Devices - Computers (30-49) | Hostname | Device | IP | MAC Address | Notes | |----------|--------|-----|-------------|-------| | jamiepc | Jamie's PC | 192.168.0.30 | 50:eb:f6:5a:71:f2 | Primary workstation | | jamie-gaming-vm | Linux Gaming VM | 192.168.0.31 | bc:24:11:b2:20:b0 | Gaming VM | | 3d-printer | 3D Printer (Bambu A1) | 192.168.0.32 | 10:b4:1d:d7:02:2c | Network printer | | haruka-laptop | Haruka's Laptop | 192.168.0.33 | a8:41:f4:8d:b9:5b | Laptop | | hp-printer | HP Printer | 192.168.0.34 | a8:b1:3b:01:c2:ce | Network printer | ## Mobile Devices (50-69) | Hostname | Device | IP | MAC Address | Notes | |----------|--------|-----|-------------|-------| | jamie-phone | Jamie's Mobile (S23) | 192.168.0.50 | 1a:de:e8:f1:a5:d3 | Samsung Galaxy S23 | | haruka-phone | Haruka's Mobile (S25) | 192.168.0.51 | 4e:c7:f7:bc:f1:c5 | Samsung Galaxy S25 | | samsung-tablet | Samsung Galaxy Tablet | 192.168.0.52 | ee:a1:23:9f:1e:c5 | Tablet | ## TVs & Media Devices (70-79) | Hostname | Device | IP | MAC Address | Notes | |----------|--------|-----|-------------|-------| | unknown-media-1 | Unknown Media Device | 192.168.0.70 | e8:ca:c8:6d:b0:7f | Likely TV or streaming | | unknown-media-2 | Unknown Media Device | 192.168.0.71 | a0:d0:5b:c7:13:28 | Likely TV or streaming | | unknown-media-3 | Unknown Media Device | 192.168.0.72 | 20:23:51:08:19:76 | Likely TV or streaming | ## Smart Home / IoT (80-99) | Hostname | Device | IP | MAC Address | Notes | |----------|--------|-----|-------------|-------| | tapo-hub-h100 | Tapo Hub/Chime H100 | 192.168.0.80 | a8:29:48:88:84:d6 | Smart home hub | | tapo-leak-t300 | Tapo Water Leak Sensor T300 | 192.168.0.81 | 20:23:51:d0:b1:7d | Battery powered | | tapo-bedside-l530 | Tapo Smart Bulb L530 - Bedside | 192.168.0.82 | 20:23:51:08:19:76 | Smart bulb | | tapo-bedroom-l530 | Tapo Smart Bulb L530 - Bedroom | 192.168.0.83 | b0:19:21:17:a7:c3 | Smart bulb | | tapo-hallway-a-l530 | Tapo Smart Bulb L530 - Hallway A | 192.168.0.84 | f0:09:0d:b6:4a:8d | Smart bulb | | tapo-hallway-b-l530 | Tapo Smart Bulb L530 - Hallway B | 192.168.0.85 | 40:ae:30:67:a2:46 | Smart bulb | | tapo-porch-l530 | Tapo Smart Bulb L530 - Porch | 192.168.0.86 | 3c:64:cf:63:58:da | Smart bulb | | tapo-plug-jamiepc-p110 | Tapo P110 Smart Plug - Jamie PC | 192.168.0.87 | 40:ae:30:50:c8:62 | PC power monitoring | | tapo-plug-3dprinter-p110 | Tapo P110 Smart Plug - 3D Printer | 192.168.0.88 | b0:19:21:17:a5:7e | 3D printer power | | yeelight-plug | Yeelight Smart Plug | 192.168.0.89 | 58:b6:23:41:e1:ff | Smart plug | | reolink-kitchen | Reolink E1 Camera - Kitchen | 192.168.0.90 | 54:ef:33:bd:be:e0 | Security camera | | reolink-outdoor | Reolink Camera - Outdoor | 192.168.0.91 | e8:ca:c8:6d:b0:7f | Security camera | | tuya-unknown-1 | Tuya Device - Unknown | 192.168.0.92 | a8:b1:3b:01:c2:ce | Dehumidifier/lights/IR | ## Network Infrastructure (100-119) | Hostname | Device | IP | MAC Address | Notes | |----------|--------|-----|-------------|-------| | tplink-ax55 | TP-Link AX55 Router/AP | 192.168.0.100 | 40:ae:30:f8:27:f0 | WiFi Access Point | | tplink-re450 | TP-Link RE450 Range Extender | 192.168.0.101 | 5c:62:8b:8d:cb:d6 | WiFi Extender | ## Hypervisors & Storage (120-139) | Hostname | Device | IP | MAC Address | Notes | |----------|--------|-----|-------------|-------| | proxmox-1 | Proxmox Server 1 | 192.168.0.120 | 10:ff:e0:11:46:9f | Primary hypervisor | | proxmox-2 | Proxmox Server 2 | 192.168.0.121 | 74:d4:35:97:f4:9d | Secondary hypervisor | ## DHCP Configuration ### Current Settings - **DHCP Pool:** 192.168.0.150 - 192.168.0.200 (51 addresses) - **Purpose:** Guest devices and temporary connections - **Static Reservations:** 33 devices with confirmed MACs ### DNS Settings - **Primary DNS:** 192.168.0.11 (AdGuard Home) - **Secondary DNS:** 192.168.0.1 (OPNsense fallback) ## VPN / Tailscale | IP | MAC Address | Purpose | |----|-------------|---------| | 100.65.128.1 | e0:cb:19:60:87:70 | Tailscale VLAN device | | 100.65.159.134 | bc:24:11:be:cf:af | Tailscale VLAN device (permanent) | ## Unknown/Unidentified Devices | Current IP | MAC Address | Hostname | Notes | |------------|-------------|----------|-------| | 192.168.0.110 | 5e:81:ec:77:6b:73 | sm-l305f | Unknown Samsung device | | 192.168.0.153 | d4:54:8b:29:2a:07 | kansaigaijinpc | Jamie's PC (secondary/ignore) | | 192.168.0.155 | 76:13:3f:a1:13:74 | harukasan-notab-a8 | Unknown - possibly old tablet | ## Network Statistics - **Total Active Devices:** 35 - **VMs/Containers:** 10 - **User Computers:** 5 (3 PCs + 2 printers) - **Mobile Devices:** 3 (2 phones + 1 tablet) - **TVs & Media:** 3 - **Smart Home/IoT:** 13 (9 Tapo + 1 Yeelight + 2 Reolink + 1 Tuya) - **Network Infrastructure:** 2 (AP + Extender) - **Hypervisors:** 2 - **Static Assignments:** 33 devices - **DHCP Pool Size:** 51 addresses - **Unknown Devices:** 3 ## Known Issues ### Tapo App Issues - **Bedroom light** (192.168.0.83): Showing incorrect info in app - **3D printer plug** (192.168.0.88): App showing wrong MAC, verify after print finishes - **Resolution:** Use ARP table MACs as source of truth ### Devices Needing Attention - Factory reset recommended for Tapo devices showing app glitches after migration - Unknown devices at .110, .153, .155 need identification ## Maintenance Tasks ### Regular Tasks - [ ] Monthly: Review DHCP leases for new unknown devices - [ ] Quarterly: Audit static IP assignments - [ ] Quarterly: Update device firmware (routers, APs, cameras) - [ ] Yearly: Review and optimize IP allocation scheme ### Pending Tasks - [ ] Identify unknown Samsung device at 192.168.0.110 - [ ] Review secondary PC at 192.168.0.153 - [ ] Identify/remove old tablet lease at 192.168.0.155 - [ ] Factory reset Tapo devices with app issues ## Security Considerations 1. **Network Segmentation:** Consider VLANs for IoT devices 2. **Guest Network:** DHCP pool isolated from static devices 3. **Firewall Rules:** OPNsense manages inter-VLAN traffic 4. **DNS Filtering:** AdGuard Home provides ad/tracker blocking 5. **Remote Access:** Tailscale VPN for secure remote access ## Backup Strategy ### What to Backup 1. **OPNsense Configuration:** XML backup from web interface 2. **DHCP Reservations:** CSV export (included in this repo) 3. **Network Documentation:** This README and related files 4. **AdGuard Home Config:** Settings and filter lists ### Restoration Process See `NETWORK-RESTORE.md` for detailed restoration procedures. ## Migration Notes ### Completed Migrations ✅ - Jamie's PC (192.168.0.30) - Jamie Gaming VM (192.168.0.31) - 3D Printer (192.168.0.32) - Jamie's Phone (192.168.0.50) - Haruka's Phone (192.168.0.51) ### Pending Migrations 🔄 - Haruka's Laptop → 192.168.0.33 - HP Printer → 192.168.0.34 - Samsung Tablet → 192.168.0.52 ### Waiting for DHCP Renewal ⏳ - Samsung Tablet (will get .52 on next renewal) ## Troubleshooting ### Device Not Getting Reserved IP 1. Check MAC address in router's ARP table 2. Verify DHCP reservation exists 3. Release/renew DHCP lease on device 4. Check for MAC address conflicts ### Cannot Access Device 1. Verify device is online (ping IP) 2. Check if device changed MAC (WiFi vs Ethernet) 3. Review firewall rules in OPNsense 4. Check DNS resolution in AdGuard Home ### IoT Device Issues 1. Tapo devices: Check app vs ARP table for correct MAC 2. Battery devices (water sensor): Won't always appear in ARP 3. For offline devices: Power cycle or factory reset ## Tools & Commands ### Identify Device by MAC ```bash # Online MAC lookup curl -s "https://api.macvendors.com/5c:62:8b:8d:cb:d6" # Or use OUI lookup # First 6 characters (3 octets) identify manufacturer ``` ### Scan Network ```bash # Using nmap nmap -sn 192.168.0.0/24 # Using arp-scan (more reliable) sudo arp-scan --interface=eth0 192.168.0.0/24 ``` ### Check Current IP/MAC ```bash # View ARP table arp -a # Or on OPNsense arp -an | grep 192.168.0 ``` --- **Configuration Files:** - `dhcp-reservations.csv` - DHCP static assignments export - `Network Inventory.docx` - Human-readable network map - `opnsense-config.xml` - OPNsense configuration backup (not in repo) **Last Updated:** December 28, 2025