PFSense Router
Built a pfSense router to replace to replace the router provided by my ISP. This enables better firewall controls, subnet segmentation and VPN access while away from home.
The network is segmented into multiple subnets to isolate device categories and reduce risk between systems. Separate networks are used for gaming devices, home business systems, IoT devices, infrastructure equipment (such as wireless access points and cameras), and the home lab. Firewall rules control traffic between these networks, allowing only the required services while keeping less-trusted devices isolated.
Tailscale Exit Node
Configured a Tailscale exit node on my router to provide remote access to my home lab. This allows devices to reach my home network over WireGuard and enables remote monitoring and administration. Currently testing a DERP relay in a container to improve connectivity when using mobile internet connections behind CGNAT.
DNS over TLS (DoT)
Configured Network-wide DoT to encrypt DNS queries between the router and the upstream resolver (Quad9). This prevents DNS requests from being transmitted in plaintext and keeps query data from being visible to the ISP.
PFBlockerNG
Deployed pfBlockerNG on my pfSense router to implement network-wide DNS filtering and domain blocklists. This blocks malicious domains, phishing websites and advertising/tracking networks before they reach family devices.
DNS Caching
Configured a large DNS cache on the router to reduce upstream queries and improve internet latency. The resolver also uses domain filtering lists such as the top 1 million domains to prioritize DNS records and improve cache hit rates.