A production-grade home network built on OpenWrt with full VLAN segmentation, dual WireGuard instances, NordVPN routing, Policy Based Routing, and a portable RaspAP travel router.
The core router runs OpenWrt with multiple VLANs segmenting traffic by purpose — trusted devices, IoT, servers, and guests each sit in their own subnet with defined inter-VLAN routing rules. All internet-bound traffic routes through a WireGuard tunnel to NordVPN for privacy.
| VLAN | Purpose | Internet Route |
|---|---|---|
| VLAN10 | Trusted devices | Via NordVPN (wg0) |
| VLAN20 | IoT / smart devices | Via NordVPN (wg0) |
| VLAN30 | Guest network | Direct WAN |
| VLAN40 | Servers / media stack | Via NordVPN (wg0) |
| VLAN99 | Management / laptop | Via NordVPN (wg0) |
Two WireGuard instances run simultaneously: wg0 tunnels outbound internet traffic through NordVPN, and wg_home provides remote access to home services from external devices. Policy Based Routing ensures each VLAN's traffic uses the correct path without leaking.
The RaspAP travel router extends this setup on the road — connecting to hotel or public WiFi, routing all traffic through NordVPN, and maintaining a WireGuard tunnel back home for media server access.
A Raspberry Pi running RaspAP serves as a portable travel router. It creates a local WiFi hotspot, tunnels all traffic through NordVPN, and keeps a persistent WireGuard connection back to the home network — giving full access to Jellyfin, Sonarr, and Radarr from anywhere.
← Back to portfolio