How we built our DIY Home Security Camera System

How we built our DIY Home Security Camera System - 2022 Network Map - VueVille
Our DIY Smart Home Network Map in 2022

A few years ago, my wife and I decided to get a CCTV security system. We didn’t know much about home security or security cameras at that point. But we wanted to be check in on our home while we were away.

If we were not DIY-crazy, we would have probably gone the Easy-DIY route and bought an all-in-one home security kit from Ring or Simplisafe.

But we felt deep unease about these brands storing our video footage on the cloud, especially indoor videos. Cloud-reliant security cameras were getting hacked left, right and center. Some even offered them up to cops without warrants! Moreover, many useful features of these cameras such as advanced motion detection were locked behind monthly paid subscription plans. Even basic things like being able to review recorded clips, which you would expect is a given.

So while the upfront costs looked low, ongoing costs would quickly balloon. This is the downside of the subscription-based model of business that most security camera companies are turning to these days. Don’t get me wrong, cloud backup is fine and serves as off-site backup. But having it shoved down our throats and having to pay for it is simply unacceptable.

But being the DIY and tech-crazy people we are, we decided to do it ourself – the ProDIY way, learning by doing, using excellent stand-alone IP cameras (like the Reolink E1 Pro), and high-quality yet affordable prosumer networking gear (like Ubiquiti’s Unifi range).

Today, we have a DIY CCTV home security camera system that we chose and set up ourselves based on months of research. It is ultra-reliable and has highly useful features such as interfacing fully with our Home Assistant and HomeSeer HS4 home automation system, yet is very affordable.

We often get questions about our DIY CCTV setup, such as how we are able to view our home security cameras securely from anywhere in the world. So we thought we would share our journey with you, our readers.

We will list our complete security camera setup and how we are able to safely and securely connect to our home from just about anywhere. Also we will go into not just a list of the different devices that form the system, but also how they all come together to help us achieve our specific security goals.

A quick note: As an Amazon Associate I earn from qualifying purchases. This post contains affiliate link(s). An affiliate link means I may earn advertising or referral fees if you make a purchase through my link, at no extra cost to you.

Our DIY Home Security Camera System goals were:

  1. Be able to simultaneously view multiple cameras on a single screen. This could be from a tablet while indoors and from our mobile phones and laptops remotely.
  2. Be able to record motion-detection clips and have the option to at record at least 2 weeks worth of 24/7 video footage.
  3. Be able to inform my home automation system whenever motion was detected so that I could take action such as turning on lights
  4. Get motion detection alerts by email with snapshots within seconds of the intrusion.
  5. High enough resolution to get a clear picture at day or night.
  6. Our privacy is paramount. All camera footage needs to be stored locally. No cloud-reliant stuff for us! We do not want to port forward cameras leaving the entire network vulnerable to hackers and botnets.
  7. Push notifications – a nice to have if it doesn’t compromise network security.
  8. The system should be flexible enough to grow and change according to our evolving needs.
  9. All of this should not break the bank! No monthly fees, no ongoing cloud subscriptions.

The End Result:
Here is a screenshot of how we live-view our IP cameras from our laptops and on the TV:

Monitor - How to set up your own DIY NAS NVR using QNAP Surveillance Station - VueVille
Our DIY Home Security System – QNAP QVR Client for Surveillance Station

We can also access the cameras from our smartphones using either the tinyCAM Monitor Pro app or QNAP’s VMobile app to access the NAS (Network Attached Storage) NVR’s clips archives.

How to access your DIY security cameras remotely using a NAS VPN server - tinyCAM Monitor Pro - VueVille

Whenever motion is detected by any of the IP cameras, the QNAP NAS informs our Home Assistant home automation system which can then turn on lights, play a siren alarm, send me video clips, anything I can think of really.

In the past I used only HomeSeer HS3 and so I connected QNAP Surveillance Station directly to my Homeseer HS3 system. QNAP QVR Pro had not yet been released.

But I have since then largely switched from Homeseer to Home Assistant. I use Homeseer only for some legacy Z-Wave door sensors that don’t work with Home Assistant. Moreover both QNAP QVR Pro and Home Assistant support advanced motion detection methods of IP cameras natively. Eventually I plan to write how-to guides to replicate my entire smart home system setup.

Now let’s see what the security camera system part of our smart home network looks like (also see how we built our DIY Smart Home Automation system)

Our DIY Home Security System Network Setup

A topology is a representation of how a system is connected together. Network topologies may be either physical or logical. A physical network topology shows the actual physical layout and the connections between different elements. A logical network topology shows how they are functionally linked to each other.

Here’s a physical map of our entire smart home network. For a reliable and scalable surveillance system, you got to have the right network set up to support it. So let’s begin there.

How we built our DIY home security camera CCTV system - 2022 Network Map - VueVille
Our DIY Smart Home Network Map in 2022

The first thing you will notice is that there are a lot of different network components, and that devices are nicely siloed off into neat compartments (LAN, VLAN1, VLAN2…etc.).

Most people just connect a Wi-Fi router to the ISP modem and call it a day. If you are just using a couple of wireless cameras, that will probably do.

But for our Pro-DIY system that is security and privacy-focused, we need to go further. We need to be able to defend our network from hackers and botnets. For this we need a strong and powerful hardware firewall.

We need to be able to isolate security cameras so that they cannot ‘dial home’ or leak data outside our network. Any device in our network we do not trust (like most Chinese security cameras) shouldn’t be able to access sensitive personal devices like laptops and mobile phones of its own volition. For this we need the ability to create Virtual LAN (VLAN) networks.

Every consumer Wi-Fi router has a built-in firewall that offers basic protection. But they are often not very customizable. For example, in most cases you can’t create your own firewall rules. And most of them cannot create VLANs. So after dabbling with overpriced ‘prosumer’ ASUS router for some time and failing to get what I need, I switched to enterprise standard networking gear. I went with Ubiquiti’s Unifi range.

We have a large home and getting reliable Wi-Fi throughout has been an issue. I had realized we needed multiple Wi-Fi access points. But the house is already wired for gigabit Ethernet. So this was another reason to skip the consumer-grade mesh networks and just go with a reliable established enterprise brand.

Also when your network gets large and you have multiple devices (router, switches, Access points), it becomes difficult and time-consuming to configure and manage multiple devices.

Here are the advantage of the Ubiquiti Unifi line of enterprise class networking gear:

  1. Enterprise-grade hardware with higher reliability
  2. Central management dashboard
  3. Seamless Wi-Fi mesh network with Ethernet back-haul
  4. Affordably priced
  5. Ability to create VLANs

The easiest way to understand Unifi’s product line is this: a typical Wi-Fi router like Asus or Netgear is an all-in-one device.

There’s a router, a firewall, and Wi-Fi access point all rolled into one device for convenience. However this means that if you want advanced features, you have to shell out a lot of money.

Also if one function (like the wireless radios or the router part) fails, the entire network fails and you have to junk the whole device. Not great for redundancy or your wallet.

Full equipment description

How we built our DIY home security camera CCTV system - 2022 Network Map - VueVille
Our DIY Smart Home Network Map in 2022

The Networking Gear

Starting from the top left of the network map, we have a symmetric 1 Gbps up/down fibre broadband connection. So the first device is the ISP modem which we cannot avoid. However, everything after that point is of our design.

After the ISP modem, comes the Unifi Security Gateway (or USG). This is our hardware firewall, serves as the DHCP router for the whole network and manages all the VLANs. The USG has a Dual-Core 500 MHz processor with 512MB RAM. It can handle up to 1,000,000 packets per second. It can handle our 1 Gbps fibre broadband connection at full speed, but only without extra security features turned on like Deep Packet Inspection (DPI), Intrusion Detection System (IDS) or Intrusion Prevention System (IPS). If you turn these on throughput drops to a measly 85 Mbps.

That’s why I don’t recommend the Unifi USG any more. Unifi has since released the UDM Special Edition (SE) / Pro which combine the USG, a network switch and cloud management software into a single device. It is rack-mountable and so may be a better fit if you plan to use a server rack or cabinet.

Unifi Dream Machine Special Edition (UDM-SE)

Check Amazon price

The UDM SE/Pro can perform Intrusion Detection and Prevention at up to 3.5 Gbps line speed, which is far superior to that of the USG’s 85 Mbps. But for home users, these features are not essential so the USG may suffice if you are on a budget.

One key difference between the UDM SE and UDM Pro models is that the SE has PoE support. This removes the need to get a separate PoE switch.

The ISP modem plugs into the USG’s WAN1 port (WAN port in the UDM SE/Pro). The USG has only two physical LAN ports – LAN1 and LAN2 (the UDM SE/Pro have 8). Each port can be used to create a unique sub-net. I use only the USG’s LAN1 port for my network – I will refer to this as LAN. The Unifi system uses a central management portal for all device configuration and logging. The UDM SE/Pro have this built-in, but the USG doesn’t. So you will have to run it off a computer but only when you need to configure devices.

So you can see why its better to go with the UDM SE. If you still want to use the USG (it is cheaper), you can get a Cloud Key, a small PoE device that hosts the controller software and logs network statistics locally 24/7. I don’t want a computer running all the time, but I like to log all the data I can. So I went for the Cloud Key.

As mentioned in our goals earlier, we didn’t want to forward ports from the cameras to the Internet. The alternative to forwarding ports from the camera to the router and exposing them to the Internet, is to create a VPN connection to your home network so that you can dial in securely. For this you need an Internet-facing device in your home network that can act as a VPN server.

The Unifi product range does not natively support OpenVPN or Wireguard, like it does the L2TP or PPTP protocols. But L2TP and PP2P have been compromised either by the government or by hackers.

So what’s the solution? Now QNAP has built into their NAS a VPN server app that supports all the major VPN protocols. In the beginning I used our QNAP TS-253A NAS as the VPN server for the entire home network. But again I quickly learnt that exposing a NAS server to the Internet is risky.

So I have the excellent open-source free PiVPN running on an Orange Pi Zero that also runs PiHole on my network. I chose the Wireguard protocol as it requires less resources than the OpenVPN protocol.

The Pi Zero’s Wireguard port is forwarded to the Unifi USG. No other port forwarding is present. The USG is configured with Dynamic DNS (DDNS) and so is always accessible from the internet using a friendly name, instead of the public dynamic IP address which ISPs change every so often. I use the excellent and free Afraid.org service.

We use the official Wireguard VPN client on our Android phones or laptops to connect to our home network, the Orange Pi Zero acting as the Wireguard server for the entire home network. This lets us access all our network resources as if we never left home, live-viewing and reviewing recorded footage is so easy.

Let’s explore LAN first. If you just want to create VLANs for WI-FI devices you don’t need a managed Ethernet switch – the Unifi wireless access points (WAP) can do that. But to create Ethernet-based VLANs, you need a managed switch.

I created separate VLANs for Home Automation gear (Raspberry Pi4 running Home Assistant, Home Automation laptop running HomeSeer HS4), and IP cameras using the excellent Unifi firewall rules feature. See the links below to learn how to do this. Yes you can have both wired and wireless devices in the same VLAN!

Related: How to create VLAN for wired Ethernet devices

Related: How to create VLAN for Wi-Fi devices

If you get the Unifi USG or the UDM Pro, you will need a separate PoE switch. This is because the USG and UDM Pro don’t have PoE support.

With the UDM SE/Pro you get 8 managed ports, so one of them can be connected to a PoE switch. If you want to further managed each port of the PoE switch you will need to go for a managed option like the Unifi US-8-60W I got (image below). This is an 8-Port fully managed 802.3af PoE Gigabit switch. It has a fan-less design and thus is silent in operation.

Check Amazon

The switching capacity is up to 8 Gbps total, and it can provide up to 15W output per PoE port. I use one of the PoE ports to power the Unifi Cloud Key.

If you do not mind all the ports of your PoE switch being unmanaged and ending up in a single VLAN, you just need an unmanaged PoE switch like the TP-Link SG1008 I have detailed below.

The Unifi Wi-Fi Access Points are widely acclaimed for solid wireless performance. I went for the cheapest AP in their latest product range – the Unifi 6 Lite. Described as an 802.11ax Dual Radio Access Point, it can do up to 300 Mbps in the 2.4GHz band and up to 1.2 Gbps in the 5GHz band simultaneously.

Ubiquiti UniFi 6 Lite Access Point (U6-Lite-US)

Check Amazon price

You can power it via standard 802.3af PoE (the UDM-SE has 8 such ports) or Ubiuiti’s proprietary 24V PoE (if you are already invested in their older equipment).

I am able to create separate Wi-Fi VLANs for my personal devices (VLAN6), media devices (VLAN4) and indoor Wi-Fi cameras (VLAN5) because the AP supports VLANs. I am very happy with this Access Point as a single AP covers my entire home.

I no longer experience dropped frames on my Wi-Fi cameras and overall responsiveness while browsing on my Samsung Galaxy S20 has improved noticeably.

The DIY Security Camera System

Outdoor IP Cameras

We use mostly Reolink cameras and a few Hikvision cameras, all recording on motion detection to a Network Attached Storage (NAS) system from QNAP. They are connected to the TP-Link PoE switch which in turn is connected to the Unifi Managed Switch.

I created a VLAN (numbered as VLAN3) to group these IP cameras together. The Unifi USG firewall allows me to then set up strict firewall rules on what these cameras can and cannot do in my network.

For example, the Hikvisions cannot phone home to their Chinese manufacturers, they cannot access the Internet, they cannot even initiate any connection outside of the VLAN they are in. They can only respond to ONVIF and RTSP connection requests (using port number access controls on the Unifi USG). That’s what an advanced enterprise-grade firewall like the Unifi USG can do.

Please note that Hikvision and Dahua along with their associated brands are now banned from the USA. Brands like Lorex which are white-labelled Dahuas are also banned. So I do not recommend buying these brands.

So check out my current recommendations for the best outdoor IP cameras without a paid subscription or ongoing fees:

BUDGET 4K PICK
Reolink RLC-820A
BEST OVERALL 4K
Amcrest IP8M-T2669EW
BEST 4K PTZ
Reolink RLC-823A

Indoor IP Cameras

We have quite a few indoor security cameras, the latest being the Reolink E1 Pro. This is a Wi-Fi only camera, and we use it as our baby monitor camera.

Check out my current recommendations for the best indoor IP cameras without a paid subscription or ongoing fees:

BEST BUDGET
Amcrest ASH21
1080p (2MP) sensor
Wi-Fi / Ethernet
Person Detection
Pan-Tilt, Auto-tracking
BEST OVERALL
Amcrest IP4M-1041
4MP sensor
Wi-Fi / Ethernet
Object detection
Pan-Tilt, Auto-tracking
BEST PREMIUM
Reolink E1 Zoom
5 MP sensor
Dual-band Wi-Fi
Optical zoom

Other Switches I use

If you get the UDM SE model, you only need to consider the below section if its onboard 8 managed PoE ports are not sufficient.

With the UDM Pro or USG, you will need a separate PoE switch like the Unifi US-8-60W I mentioned above or the ones below.

TP-Link TL-SG1008P – 8 Port Gigabit Unmanaged PoE Switch

Check Amazon price

The TP-Link TL-SG1008P Gigabit PoE switch powers the PoE cameras, and is connected to the Unifi Managed Switch. Note that this is an unmanaged switch. Read our review of this capable little switch.

Netgear 8-port Gigabit Unmanaged Switch

NETGEAR GS308 – 8 Port Gigabit Unmanaged Switch

Check Amazon price

You can never have enough Ethernet ports! The Netgear GS-308 8-port gigabit switch is an unmanaged switch. This means there are no settings to configure, it is truly plug and play. It has a sturdy metal chassis, auto-sensing 10/100/1000 Mbps port support and excellent real-world performance.

It also has LED activity, link speed and status LEDs per port. I have been using it for over 6 months now and it has been super reliable. Highly recommended plug and play switch for setting up your home surveillance network!

DIY Network Attached Storage (NAS) NVR

QNAP NAS TS-253A with 2x 8TB WD Red hard drives

Now let’s move on to the NVR where the camera footage is recorded. You could take one of 3 Pro-DIY routes for recording video streams from your cameras:

  1. use an IP camera and NVR kit
  2. use a NAS as the NVR.
  3. use a PC as your NVR using NVR software like BlueIris

The main reason we went for the NAS is because it allows us to integrate the security cameras with our Home Assistant / HomeSeer HS4 home automation system without needing a powerful energy-guzzling computer to run BlueIris software 24/7.

Read: EasyDIY or ProDIY – The VueVille Smart Home DIY Framework

NAS devices today are much more than just network storage, they are more like mini-servers. Generally they run their own Linux-based operating system that is accessed through a web browser.

Common uses for a NAS are centralized network storage, as a backup target, as a VPN client/server, and as a DLNA server for streaming your media across the house to multiple devices.

Synology and QNAP make NAS models that have powerful software running on them which makes them more like computers than dumb hard drives. But since they use Linux and specialized software, they can do a lot of things far more efficiently. So we use the NAS as the NVR, a VPN server, backing up our laptops, phones, and as a DLNA server. All for a few watts of energy usage.

The QNAP TS-253A we chose is an affordable yet powerful NAS that is the hub of our surveillance system and an integral part of our home automation system.

We settled on the QNAP because it had more powerful hardware, more features such as HDMI out ports, and 2 extra camera licenses over the nearest comparable Synology model. Both Synology and QNAP are great brands though.

My TS-253A has been discontinued, so check out my latest recommendations for the best NAS models to use as NVRs:

BEST VALUE 2-BAY
QNAP TS-251D
4 GB RAM
8 channel NVR, max 16
Advanced motion detection
HDMI port

BEST VALUE 4-BAY
QNAP TS-453D
4/8GB RAM
8 channel NVR, max 24
Advanced motion detection
HDMI, HW transcoding

BEST VALUE 8-BAY
QNAP TS-873
8GB RAM
8 channel NVR, max 60
Advanced motion detection
HDMI, HW transcoding

The QNAP NAS has a built-in NVR software called Surveillance Station. So the QNAP records full resolution video streams from my IP cameras to its internal hard drives. You could get a dedicated NVR but as I said, we had other uses for the NAS.

QNAP now also have an alternative free NAS NVR app called QNAP QVR Pro which grants you 8 IP camera channels regardless of how many channels your NAS originally came with. Here’s a rundown of QVR Pro and how it compares to QNAP’s standard Surveillance Station software. This is incredible value and I highly recommend trying it out.

Related: QNAP TS-253A Hands-on Review
Related: How to set up your own DIY NAS NVR using QNAP Surveillance Station

I have set up my NAS hard drives with RAID-1 drive mirroring. This gives me peace of mind in case a hard drive fails. If 1 of the hard drives fail, the system will carry on working as usual, and I just need to replace the failed drive with a new one. Zero interruptions because my NAS supports hot-swapping of disks.

For the hard drives, I currently use 8TB WD NAS drives (model WD80EFAX). When I got my drives 2 years ago, life was simple, there were only two choices in the WD NAS range – WD Red and Red Pro. Both were CMR based drives so I went for the cheaper Red drives.

After the SMR-CMR scandal, WD made the Red line SMR-only, spun off the CMR Red drives into a new product line called Red Plus, and Red Pro remained a CMR-only line.

Strangely in doing this, WD renamed my 8TB drives from Red to Red Plus, but without changing the model number WD80EFAX. So the next time I replace my drives, I will be extra careful to buy CMR drives only.

So check out my recommended surveillance hard drives for both NAS NVRs and dedicated NVRs.

BEST NAS NVR DRIVE
Seagate IronWolf & IronWolf Pro
5400-7200 rpm
Uses only CMR tech
180-550 TB/year rating

RUNNER-UP NAS NVR DRIVE
WD Red Plus & Pro NAS Hard Drive
5400-7200 rpm
Uses only CMR tech
180-300 TB/year rating

BEST DEDICATED NVR DRIVE
WD Purple and Purple Pro
5400-7200 rpm
Uses only CMR tech
180-550 TB/year rating

Accessing the security camera system while at home

The QNAP NAS Surveillance Station can be accessed either via the web interface or the Windows QNAP QVR client software that you saw above in the screenshot.

The tinyCAM Monitor Pro app on our smartphones are all configured using the local IP address of the QNAP NAS and Hikvision cameras. At home, we just open the app and it simply works. No fuss. No hassles.

Accessing the security camera system from outside the home

Outside our home network, I simply need to connect to the VPN server (running on the the Orange Pi Zero as mentioned earlier), and all the apps and the QVR client on the laptop simply continue to work. This is the detailed process: So I use the Wireguard client on my laptop or phone to connect to the Wireguard server on the Pi Zero. Once connected, my PC is virtually part of our home network.

So none of our IP cameras are exposed to the Internet. The Pi Zero running Wireguard server is though, but this is a far better option because the Wireguard server is built for this purpose and has attack defeat measures such as IP exclusion, automatic IP bans based on rules etc. which the IP cameras simply don’t have.

Also the VPN server allows me to access the data on my QNAP NAS without hassle – my laptop or smartphone will think that they are in the local network. So all network drives automatically re-connect and the experience is seamless in terms of recently used files etc.

External IR Illuminators

Check Amazon price

Two basic IR illuminators for the backyard and 12V power adaptors that have lasted nearly a year now and are still going strong. These are of the 60 degree coverage variety, and you can also get wide-angle illuminators.

Ethernet Cables

Check Amazon price

For Ethernet cables that run outside the home, I recommend using cables that are designed specially for this purpose – outdoor heavy-duty burial-grade CAT-5e or CAT-6 Ethernet cables.

This will ensure that you do not face issues with the cables such as breakage, little animals chewing the cables etc. Ensure that the cables are 100% pure copper and not the cheaper and inferior Copper Clad Aluminium(CCA) variety.

UPS

Check Amazon price

A CyberPower BRICs BR650ELCD (Line-interactive UPS – 390W/650 VA) to protect and power the entire system (13% load for all the above kit + a couple of other devices). I got a cheap yet reliable UPS which is officially compatible with the QNAP NAS.

If the power fails or supply voltage is outside the tolerance, it informs the NAS which is programmed to shut down gracefully. I also have a schedule to turn it on automatically every morning, which ensures the NAS will turn itself on the next morning if the power fails and it shuts down.

I believe the UPS has paid for itself. On several occasions, the NAS has informed me that it had shut down as instructed by the UPS.

Miscellaneous

Check Amazon price

64GB SD cards for all the cameras. 128 GB SD cards should also work but some cameras are a bit picky about which 128GB cards they will accept.

Make sure you use at least a Class 10 speed card so that you don’t suffer from dropped frames in the recordings. I use the SD cards to record motion detection alert clips. This is then yet another location where the clips are backed up.

Software

The QNAP NAS comes with the free QVR Pro app. It supports all the features a good NVR has and it works very well.

We use tinyCam Monitor PRO app on Samsung Galaxy S9, Samsung Galaxy A5, Samsung Galaxy M10S and a Nexus 7 tablet. The tablet is our dedicated IP camera monitoring screen running the Imperihome Android app.

Storage capacity needed for QNAP Surveillance Station

Initially I recorded all my 3 external IP cameras 24/7 at 6Mbps bitrate and 10fps. This meant that the 1.5TB that I had set aside was good for 8-10 days of CCTV footage for all 3 cameras put together.

But I have since realized I don’t really need 24/7 recording and that replacing hard drives every year or so is no fun. Modern surveillance hard drives are rated for no more than 1 year of continuous operation. So now I just use alarm recording which places markers on the QVR Pro timeline so that I can jump directly to motion events.

The amount of storage you need depends on the quality and frame per second settings. After 3 years of experimenting with various quality settings, I have settled at 2Mbps and 6fps as we couldn’t see any improvement with higher settings.

I have also set the QVR Pro app on the QNAP to use only 1.5 TB (out of the 3TB available). So it automatically overwrites older recordings to maintain the 1.5TB quota. You can also specify number of days instead.

Conclusion

We hope this article gives you an insight into how you can set up your own DIY home security camera system. If you have any questions at all, please do not hesitate to get in touch through the comments field below.

A quick note: As an Amazon Associate I earn from qualifying purchases. This post contains affiliate link(s). An affiliate link means I may earn advertising or referral fees if you make a purchase through my link, at no extra cost to you.

Daniel Ross

Daniel Ross

I am Daniel and VueVille is where I document my DIY smart home journey. I focus on 100% local-processing and local-storage because that’s the only way to secure my family’s safety and privacy. Oh and I don’t like monthly subscriptions!

181 Comments
  1. Hi Daniel,

    Just curious why you chose to set up a separate VPN server using the Pi Orange rather than setting VPN on your USG router. I use very similar equipment but use the Edgerouter X with my Unifi access points instead.

    Thanks,

    Colin

    • Hey Colin, the USG doesn’t support OpenVPN or Wireguard protocols. It only supports the older and weaker L2TP & PPTP protocols which I don’t want to use. L2TP is closed-source and widely believed to be compromised. PPTP is outdated and easily hacked. Hence the OrangePi running PiVPN which allows me to use both OpenVPN and Wireguard. Also I already have the OrangePi running PiHole ad blocking and the PiVPN software neatly integrates with PiHole.

      There’s a great infographic on various VPN protocols here: https://www.top10vpn.com/what-is-a-vpn/vpn-protocols/

  2. Hey Daniel, I am just getting started in trying to figure out how to secure my home and looking for an alternative to the Unifi US-8-60W (they are either sold out or marked up significantly in price on Amazon). I’m going to start smaller and not setup up any wifi devices, nor connect to the internet yet. I imagine that I might just stick to the NAS (VLAN2), IP cameras (VLAN3), and switch for just post-incident review with no deterrence alarms/lights. Any issues you see with that? Any recommendations for a different switch?

    • I have clarified the article to point out that the USM SE has PoE support on all its ports, so you don’t need a separate PoE switch. If you still need a managed PoE switch, the US-8-60W and the US-8-150W are both in stock at Amazon US.

  3. Hi Daniel,

    I’ve just purchased a UDM pro to combine the USG, Cloud Key and Managed Switch into one unit. I am also wanting to run a Raspberry Pi to setup the Wireguard VPN. Just trying to get my head around the Topology of the network.

    I understand my Modem will go to Port 9 on the UDM Pro. I understand that my hard wired devices (or group of VLANS) will be directly connected in Ports 1-8.

    Where exactly is the Raspberry PI going to be plugged into in order to run the Wireguard VPN like you have?

    • Joey, I have placed my Wireguard server Pi in the same VLAN as my home automation gear (VLAN1). I have just updated the network map to show this also. So I have the all the Unifi Ethernet ports with HA gear on it tagged with the same ‘port profile’ – see this tutorial on how to do this.

      I then created firewall rules to forward the Wireguard port to the Pi’s IP address, and to allow the Pi to reach the devices I want to access remotely (like my NAS NVR).

      • Awesome, thank you so much!

        I just noticed that you mention if buying the UDM Pro, then the below switches are not needed.

        However, the UDM pro does not have any pOE ports on it so you’d still need a pOE Switch to power the Poe cameras, no?

        Or were you just referring to the Netgear switch? Both were pictured below that sentence is all.

        • Sorry for the confusion, the UDM SE has PoE support included – so then separate PoE switches are not needed. But the UDM Pro doesn’t support PoE, and a separate PoE switch is needed. I have clarified this now in the article.

  4. Hi Again Daniel,

    Thank you for all of your detailed posts and replies.

    May I ask exactly which devices you have plugged into your UPS in order to keep the Security System up and running in the event of a power out or an intruder cutting power to the house?

1 2 3 22

    Leave a reply

    VueVille
    Logo