---
owner: gmikcon
status: active
last_reviewed: 2026-05-09
review_interval: 90d
confidence: medium
source_of_truth: owner-confirmed
---

# pfSense Router

Central router and firewall for the local network.

## Access

- Web UI: `https://192.168.1.1/`
- Secret values are not stored in this repository.

## Role

- Local network edge.
- Firewall and routing point for internal infrastructure.
- Part of the path between local infrastructure and services reachable through trusted network paths.

## Local Network Topology

The home network currently consists of two local networks implemented through one custom router with multiple network interfaces.

Each local network goes from the router into a switch and then is distributed through the home. The access layer includes wired TVs, PCs, servers, and Wi-Fi access points.

### Home LAN

- Inventory id: `home-lan`.
- CIDR: `192.168.1.0/24`.
- Gateway: `192.168.1.1`.
- Main Wi-Fi SSID: `home`.
- Wi-Fi mode: access points, not a separate routed Wi-Fi network.
- Access points: 2 nodes.
- Mesh mode: enabled for the main Wi-Fi nodes.

### Home IoT LAN

- Inventory id: `home-iot-lan`.
- CIDR: `192.168.2.0/24`.
- Gateway: `192.168.2.1`.
- Purpose: service network for smart-home and IoT devices.
- Wi-Fi mode: access points.
- Mesh mode: intentionally disabled.
- IoT Wi-Fi nodes:
  - `home_iot_0`
  - `home_iot_1`
  - `home_iot_2`

### Current And Planned Policy

Current policy:

- full access between `home-lan` and `home-iot-lan`;
- IoT internet access is currently allowed.

Possible future policy:

- isolate the two networks from each other;
- cut off the IoT network from the internet.

## Dual-Homed Smart Home Server

The smart-home server is present in both networks:

- `192.168.1.101` on `home-lan`;
- `192.168.2.101` on `home-iot-lan`.

Further details still need to be documented: exact router OS/configuration, interface names, firewall rules, port forwards, VPN routes, and DNS behavior.