Eero Networking
šŸ“¶

Eero Networking

Tags
Software Development
Projects
security
Published
October 4, 2024
Author
URL
Ever since the middle of the pandemic, Iā€™ve been using Eero Mesh Networking products in my home. I switched from a single Nighthawk router to the Eero Pro products (pre-Eero 6) and it was a huge upgrade in bandwidth and stability. Unfortunately, it was a huge step backwards in features and monitoring. Ever since I found out they want $$ just to get basic bandwidth monitoring features, which are only available in their mobile app and not via any website, Iā€™ve been searching for alternatives.
After years of searching, I finally gave up. And starting building my own.

DHCP And Hostnames

I let Eero do my DHCP, and it does a good job. It has basic reservations support, but a few things (like the Eero themselves) keep changing IPā€™s. As far as I can tell, thereā€™s no good way to assign hostnames in a traditional DNS-style way with Eero, so itā€™s hard to setup any kind of network monitoring while things keep moving around.
I previously maintained a dnsmasq system on a raspberry pi to service up local names, but it was a constant headache as things moved around. Thanks to some amazing work from 343max on github, I was able to build a python tool that generates a hostfile from my configured Device Nicknames and share it across my network. This is the beginning of my ā€œeero-toolsā€ project.
eero_tools
Yeraze ā€¢ Updated Oct 4, 2024
Still in itā€™s infancy, the only function it has right now is a simple script that will export your eeroā€™s and all named devices into an /etc/hosts syntax file. I donā€™t actually use it as my /etc/hosts file, but instead use features of dnsmasq to load it as an alternative, and apply my local domain name ( .yeraze.online ) to it. I recently added support for aliases so that services proxied behind my Synology Reverse Proxy or a Nagios Reverse proxy are all available as well, and adjust to any changing IPā€™s.
Simply tweak the run.sh to your use case, add this to a cron job to run regularly, and voila everything works.

DNS with AdGuard and dnsmasq

My actual network DNS is served up by AdGuard Home running in a docker container on my Synology NAS. This gives me lots of nice features like multiple parallel lookups, failover, ad and malware blocking, monitoring, and more. However, I needed it to also handle my local network names.
To do this, I took a nearby raspberry pi and set it up with dnsmasq. This is a very lightweight DNS, DHCP, and tftp system that Iā€™ve stripped down to just run DNS for me.
In AdGuard, I setup the following configuration:
notion image
This runs most DNS queries thru adguardā€™s DNS-over-quic system or Googleā€™s DNS, and routes everything on the *.yeraze.online domain over to my raspberry pi at 192.168.4.165 ..
On the raspberry pi, I have a /etc/dnsmasq.conf that contains the following
port=5353 no-resolv no-poll no-hosts server=0.0.0.0 local=/yeraze.online/ addn-hosts=/etc/dnsmasq-hosts.conf expand-hosts domain=yeraze.online
The top few lines set the port for the service, and disable use of the /etc/resolv.conf and /etc/hosts files. I then configure any DNS lookups it doesnā€™t recognize to die at 0.0.0.0, and to route everything *.yeraze.online to the /etc/dnsmasq-hosts.conf file (generated by the eero-tools scripts above, run on an hourly cron). The expand-hosts and domain lines tell dnsmasq to effectively add that domain to every entry in the file.

Conclusion

And voila! I now have working DNS names across my network! Iā€™ll post more in the future, but this was the first step for me to get working SSL up across various services on my network in a reliable way. Iā€™ve recently setup Zabbix, OpenVas, FileBrowser, and a few other services that all really needed SSL but I couldnā€™t get a valid certificate before. With this in place, I was able to register the domain and get a wildcard cert from LetsEncrypt, and now have everything working.
In additional, now that I have valid working hostnames for everything, I can configure Zabbix to monitor devices via DNS names and it will handle the few cases where an Eero IP changes.