I am a n00b to networking and I need help trying to figure out the steps I need to setup my topology. I have the following requirements:
(1) A Secure VPN which will be my Primary LAN network where all traffic which exits is encrypted via OpenVPN and exits to the internet via an AirVPN end point disguising my location.
(2) DMZ - Used to provide a de-restricted zone for servers and other devices which need to be accessed remotely. I wish to run Nextcloud on Debian behind my DMZ (accessible also to the secure VPN) and think it should be sufficient to get a free SSL/TLS certificate from Let's Encrypt and enforce MFA rather than putting it behind the VPN and forcing users to fire-up their VPN client before gaining access.
(3) A Guest network - Effectively this will expose my native unencrypted unsecured ISP line complete with their DNS servers. I would like to grant access primarily to visitors who require internet access but also have it act as a backup if AirVPN goes down for any reason. Its primary purpose is to prevent access to my all local resources such as file servers etc.
I have the following hardware / service: • A static IP address from my ISP and a VLAN capable switch (HP Procurve 2824). (I got as far as resetting it but realized I bought the wrong console cable. I’m waiting for the right one to arrive). • A Huawei ONT WIFI modem / router provided by my ISP • An ASUS ADSL WIFI router than I wish to use purely for my internal network. • An NUC8i5BEK mini PC for Hosting Nextcloud and anything else suggested
I would appreciate suggestions as to the feasible and wisdom of what I am attempting. I see that many others network configurations also include a Management VLAN. Am I right to dismiss this as overkill since individuals with access to the secure VLAN will most likely also have physical access to these server anyway?
Setting up the VLAN on the Procurve switch is what I find most daunting part and so any tips or keys steps I should ensure would be much appreciated.
The Nextcloud setup I assume to be simple but all other networking related technologies such as AirVPN and Open VPN are what I’ve been led by searches to assume are suitable for my needs and should not be taken to indicate that I am remotely competent to configure them. I would therefore welcome all advice, hints and pitfalls to avoid.