Since my girlfriend and I had moved from Bavaria to Konstanz in October 2024, I had to start planning how to set up our Home Network.
Initially, we bought a 5G Router running a partner card of my mobile contract with an unlimited data plan. This was significantly cheaper than a internet and landline contract, especially since we only use our cellphones for calls anyways. This worked well and turned out to be the right decision, but when we started to integrate more and more smart home devices into our network, I was beginning to get concerned with this setup.

I started looking for a solution to separate the IoT devices from our personal network for better privacy and security. Since this was around the time I had finished my IT Administrator course (Dec. 2024), I decided to build a Home Lab to be able to set up separated VLANs. I figured, this would be the perfect opportunity for me to take some of the theory into practice and thus help me understand the freshly learned Networking concepts.

I bought a used ThinkCentre M720q, which fitted my needs perfectly with its low energy consumption and sufficient intel i5 power. I upgraded the 8gb RAM to 32gb, added a 2tb SSD and set up a Proxmox environment (picture above). This was all very new for me and equally exciting. My first priority was, to replace my 5G router with a virtualised pfsense router/firewall running on my new Proxmox homeserver, which turned out to be more complicated than I had anticipated, since my server only has one NIC which had to serve as well as a WAN and LAN interface. After some virtualisation trial and error I got the pfsense router running and configured with firewall rules, DHCP scopes and DNS servers. After this was done, I could switch my 5G router to bridge mode, which meant it would loose its router functions and from now on only serve as a modem.
The only thing missing now was a separate access point for my wireless devices. I chose a Tp-Link Omada device, since I needed to segment my wifi into separate VLANs. In the sketch above you can take a look how the network looks right now.
What I have not added to the logical diagram are the VMs running on the Proxmox server. Next to my pfsense router and firewall, I have a Windows Server 2022, two Windows 11 clients, a Kali Linux machine and some Linux containers running for testing the setup.

This is just the first of my Proxmox projects, I have many plans for future implementations, like a VPN for external access, a file- and photo server (probably Nextcloud), a Mediaserver for streaming media locally, a local password manager and many more.
Initially, I wanted to host this website locally as well but I ran into multiple issues regarding my mobile internet contract. It turns out, the German Telekom does neither assign separate public IPv4 addresses nor a IPv6 dynamic prefix, which would have made it very hard to make the site accessible from the public internet while maintaning security standards. I learned this after I had set up my webserver with Apache, PHP, Mariadb and Wordpress and wanted to make it accessible over NAT on a DMZ on my local server. My only option would have been a workaround with NAT66 or a third party tunnelbroker, which I opted against. So in the end, I am not hosting this webiste myself, which probably is better for overall performance considering high avaliability and the existing content delivery networks of hosting providers.