My Private Home

This post defines the architecture of a private home network that spans multiple locations. By using Site-to-Site VPNs (specifically WireGuard) and rigorous packet inspection with Wireshark, I can ensure that sensitive IoT traffic remains entirely within my controlled environment.

Hardware and Privacy Strategy

All routers are currently Ubiquity. While they offer a great balance of performance and ease of use, I maintain a strict egress-filtering policy to block any "phone-home" telemetry to Ubiquity's servers. Should any issues with unsolicited data sharing be discovered, these will be replaced with more privacy-focused alternatives like OPNsense or pfSense.

Key Components

• Local Mesh: A cluster of Raspberry Pi devices running Home Assistant and Homebridge to bridge Zigbee and Tasmota devices into HomeKit.
• Traffic Routing: Custom firewall rules ensure that IoT devices (VLAN 40) are completely isolated from the main network and have zero internet access unless explicitly whitelisted for firmware updates.
• Verification: Periodic Wireshark captures verify that no unauthorized traffic is leaking from the "Private Home" to external cloud providers.