A guide to my home network

Posted on Jan 24, 2026
tl;dr: UniFi Express and FTTP, with Teleport and Site Magic doing the remote access heavy lifting

Home networking is one of those hobbies where you start by wanting “better Wi-Fi” and end up reading forum posts about VLAN tagging at 1am like it’s bedtime fiction.

Mine is deliberately not that.

This is a guide to my home network as it exists today: practical, stable, and only lightly cursed.

The ingredients

  • Internet: FTTP broadband (actual fibre, not “fibre” that turns into copper the moment it gets bored), from a small independent ISP who shall remain nameless.
  • Router / controller / Wi-Fi: UniFi Express
  • Remote access / VPN-ish things: Ubiquiti Teleport and Site Magic

The goal is simple:

  1. The internet should work.
  2. Wi-Fi should work everywhere I care about.
  3. I should be able to get back into my network from the outside world without doing anything heroic.

The shape of the network

Think of it like a small plumbing diagram:

FTTP ONT → UniFi Express → Everything else

The ONT is the fibre termination box doing “internet in, ethernet out”. The UniFi Express takes it from there and handles:

  • routing/NAT
  • firewalling
  • Wi-Fi
  • UniFi management

Which is why I like it: one box, minimal faff, and a UI that doesn’t look like it was designed in 2003 by someone who hates you personally.

UniFi Express: why it’s here

The UniFi Express is basically my “I want UniFi without deploying a whole UniFi ecosystem” device.

It gives me:

  • a single place to manage the network
  • decent Wi-Fi coverage (for my space)
  • visibility into what’s connected and what’s misbehaving
  • easy guest network support if I want it

It’s also the right level of serious. I can do nerd things if I feel like it, but I don’t have to.

Wi-Fi: the invisible utility

Wi-Fi is judged like plumbing. You only think about it when it fails.

My setup is the boring ideal:

  • one SSID for my normal devices
  • one SSID for guests (optional, but nice to have)
  • everything gets a decent signal and stays quiet

If you want to be fancy, UniFi makes it easy to split things up later (IoT network, separate VLANs, etc), but I’m intentionally not building a network cathedral unless I have a reason.

Remote access without the usual pain

This is where my setup gets more interesting, mostly because I have a strong preference for “I want remote access” without the traditional ritual sacrifice of:

  • port forwards
  • dynamic DNS
  • “why is SSH open to the internet”
  • and that one evening where you accidentally lock yourself out

So instead, I use two Ubiquiti features that cover most of what I need.

Teleport: my “get me home” button

Teleport is what I use when I’m out and about and want my phone or laptop to behave as if it’s on my home network.

It’s the “I’m on café Wi-Fi but I’d like my traffic to stop doing that” option, and it’s also the “I want to access things at home without exposing them publicly” option.

The big win is that it’s simple:

  • enable it in UniFi
  • connect from the client
  • you’re effectively back on your home network

No fiddling with certificates. No manual profile juggling. No fragile VPN config that stops working because you looked at it funny.

Site Magic: the “two places, one network” trick

Site Magic is what I use when I want to link networks together. Think “site-to-site VPN” but without me spending a weekend in a configuration trench.

This is useful if you have:

  • a second location
  • a friend’s network you trust
  • a remote UniFi site
  • or a future plan where your homelab lives somewhere else

The idea is that each site remains its own place, but they can talk to each other securely like they’re on the same broader network.

It’s tidy. It’s manageable. And crucially it avoids the classic home network trap of building something complicated enough that you become on-call for your own house.

Security posture: sensible paranoia

My home network security strategy is basically:

  • Don’t expose services to the public internet unless I have a very good reason
  • Use built-in remote access where it makes sense (Teleport / Site Magic)
  • Keep the router firmware updated
  • Have a guest network if guests are likely
  • Know what’s connected and remove mystery devices before they become lore

It’s not a bunker. It’s not “trusting vibes” either. It’s a normal network that tries not to do silly things.

Monitoring and maintenance

UniFi’s UI makes it easy to spot the usual problems:

  • a device with a weak signal
  • something constantly disconnecting
  • a client that’s chewing bandwidth like it’s a competitive sport

I don’t obsess over graphs, but I like having the ability to check what’s going on when something feels off. The trick is to use monitoring as a tool, not a hobby (says the person writing guides about their home network).

What’s next?

I’m keeping this setup intentionally simple, but the obvious upgrades if I ever feel the itch are:

  • separate SSIDs/VLANs for IoT and “real devices”
  • a dedicated AP if I ever need better coverage
  • tighter firewall rules between segments once I actually have segments worth isolating

For now, it does what I want: fast internet from FTTP, a UniFi box that keeps everything organised, and remote access that doesn’t require opening portals to the public internet.

Which is basically the dream.

If you need me, I’ll be watching The Traitors because I am two episodes behind and the finale was yesterday. I have managed to dodge spoilers for now.