Your WG network is a separate subnet. Add it to PAPERLESS_ALLOWED_HOSTS to allow access.

not that any of this is doable in the near future, since i’m behind cgnat and won’t get my colocated bounce server up until spring.

Doesn’t IPV6 allow direct external access even when cgnat is in use for IPV4?

When I was running a mesh topology I often had the same issue. Switching to a star topology fixed pretty much everything.

I’ve been using Syncthing for years and it’s been almost flawless with only rare file sync errors that are clearly shown in the UI. Was going to switch to Nextcloud for everything. Looks like I’ll be sticking with Syncthing for the foreseeable future.

Thanks for posting this.

Google Safe Browsing looks to be have been built without consideration for open-source or self-hosted software.

IMO Google Save Browsing was built with consideration for open-source and self-hosted software, but it has nothing to do with user safety, just like blocking Android apps from 3rd party sites has nothing to do with user safety. The harder they make it to move away from their products by making using alternatives difficult, the more money they make and money is now the only objective. Even if this only adds a fraction of a fraction of a percent to their profit it’s something Google will implement.

The old social contract of businesses being of benefit to the community as a whole in addition to making a profit is long gone.

Yes. I had them blocked via my firewall because of the constant traffic they generated and blocking Internet access causes constant bulb resets. The resets are known to TP-Link and according to a couple of sources they created a private firmware release that fixed it. TP-Link failed to publically release that firmware, and last time I checked deny it ever existed. I replaced the bulbs with 3rd Reality Zigbee bulbs that work perfectly.

I didn’t get that far. When they demanded I log in I just removed it. Jellyfin is working OK without having to figure out how to bypass defaults.

When I was in the market for bulbs Hue was just starting that BS. They lost that sale and I’ve been in the process of removing network access for everything possible and severely restricting it when not. My old Honeywell wifi thermostat is gone, smart appliances are disconnected from wifi, and TVs are blocked by my firewall when they aren’t actually being used. Next up, Graphene OS.

Sometimes I’d like to move to a tropical island with no news or Internet at all.

Scalzi - both The Kaiju Preservation Society and Starter Villain are terrific.

This is why it’s a great idea to refuse to install everything that’s possible, including smart switches, cameras, lights etc. that rely on the good will of some company to keep running.

Honeywell wifi thermostats worked great until they didn’t. Now their servers are often slow or down. TCP-Link smart bulbs reset regularly if their Internet access is blocked because TCP-Link desperately needs to keep track of when everyone’s lights are on and off. Plex wants us to log into their servers to watch content we’re hosting ourselves. Too bad if their servers are down. Security camera companies have been disabling local storage options without warning for years.

Logitech actually planned to introduce a subscription mouse. Hopefully at some point people will get sick of this shit, refuse to put up with it and their sales will tank.

I had something similar happen with Google a few years ago. Even though I had my password and access to my email they decided I was trying to hack my own account and locked me out. Like you I immediately started to look for other solutions.

Syncthing file sharing is really easy to install and use. There are no ports to configure on your router and everything is encrypted in transit. I have my phone’s DCIM directory set up to sync to my home server and PC so new photos are backed up and available everywhere in a few seconds. I installed Syncthing intending to move to another solution eventually, but it works so well (aside from one or two files that occasionally don’t sync) that I’ve just stuck with it.

For passwords Keepass & KeepassXC work really well on just about every platform. I share the password file using Syncthing and in years of doing this I’ve never had a problem that I didn’t cause myself and those were minor.

You can get both of these up and running with very little effort and quickly limit your reliance on Google, then move to other solutions if you find they’d work better for you.

I have them installed in 2 houses, one 120V and one 127V. Electrical panels in NA are pretty simple (although not as simple as the UK) and have the 2 phases split on the 2 sides of the box. The breakers for 120V or 127V circuits on the right are on one phase and those on the left are on the other.

The panel wiring wasn’t something I thought about when I put the power line adapters in and they were plug and play in both locations. I’m guessing some brands work much better than others and these Netgear adapters have worked flawlessly. Or maybe I got lucky.

That said, I’d have Cat6 cables installed if it didn’t require tearing apart the walls and ceiling.

My experience has been different. Wifi extenders were not very reliable. Wifi devices were better, but powerline extenders have been rock solid. Ping times are right in line with wired Ethernet too.

In my experience powerline extenders are a reasonable alternative to Ethernet for home users in places where running a cable isn’t an option.

There can be a period after graceful shutdown where the UPS is still running and the server will not restart if mains power comes back on. Not a likely scenario, but for apps you can’t afford to have down it’s something to consider.

Every wifi device we own that’s connected to wifi and the Internet can be precisely located by the companies involved even when using a VPN.

If you have an Android phone you’ve probably noticed a prompt at some point asking for your permission to transmit precise location information and enable wifi scanning. Those wifi SSIDs and MAC addresses along with its GPS location is sent back to Google. The combination of all that information is almost as unique as a fingerprint. They can use that along with signal strength of each AP in the area to determine your device’s location with precision. (Google used to allow apps like Maps to be used with wifi scanning turned off, but no more.)

Your Google stick can’t tell it’s on a VPN directly, but even without GPS Google can still pinpoint its physical location using their database of SSIDs and MAC addresses, and if they want to they can determine you’re using a VPN by comparing that to the expected location of your IP address. There probably aren’t enough people doing this right now to make it worth the trouble to detect your VPN, but IMO it’s just a matter of time before they decide it is.

I also expect that Google sells that information to every company willing to pay for it, so almost every single wifi enabled device can be precisely located if it can transmit data to the Internet.

We live in a scary time.

Thanks for that list. No need here for more advanced hardware so I’ll have to put off networking upgrades until I can come up with a reason to justify it.

As a home user, what additional features have you found useful on enterprise networking equipment? Just because what I’m doing is already ridiculously complex doesn’t mean it can’t be more so.

OpenWRT is amazingly flexible and would be a great place to start.

I switched from DD-WRT last year and have been amazed how good OpenWRT is. There are thousands of software packages that allow you to do pretty much anything you can think of on inexpensive hardware. Used Netgear R7800s are available for less than $50 on ebay or there are plenty of newer hardware options if you want to spend more. Those thousands of downloadable software packages include Wireguard and Adguard Home, plus there are OpenWRT integrations for Home Assistant. The forum is full of people who are happy to help newcomers.

I started by running OpenWRT in a virtual machine to get familiar with the UI and moved on to a live installation. Highly recommended, especially if you enjoy learning.

4gb isn’t much ram, but it can be surprisingly useful if you configure Zswap. Lots of guides out there. Here’s one of them.

A single Opteron 6272 is somewhat faster than the N200, but the Opteron’s TDP is 115 watts while the N200’s is only 6 watts. OP’s server with 2 processors is more than 2x as fast as my single processor laptop, but can require nearly 40x the electricity. For a home server it’s major overkill.