Crosstalk Solutions has a couple of videos on similar setups: Log Cabin Property and Greek Port. Good tips on how to design it using Ubiquiti’s free tools too.
You’ll need a point-to-multipoint setup with APs as rebroadcasters. Just having a powerful central antenna is no good because the antennas in the client devices are your limiting factor.
I have used Ubiquiti for my home network for years, and it has always worked great at what it promised to do for me. People’s frustrations with it—in my experience—usually revolve around things they want it to do that it doesn’t, and the fact that it is very unfriendly to hacks or jury-rigging. So you have to be very sure going in that it matches your requirements. It’s like Apple gear.
Another option you could look at is TP-Link’s Omada system, which is basically their clone of Unifi but has a wider variety of hardware options.
I also often see people using Ubiquiti switches and APs in combination with a pfSense firewall if they want more sophistication and configurability. If you’re coming from Sophos and want to do sophisticated routing and filtering, you’ll probably find the Unifi firewall lacking in features (but it works great for people who don’t want to do that).
That is a connection to a roof-mounted TV aerial from back in the days when that was a thing. No, you can’t use it for internet.
Some scoping questions:
Don’t buy Cat8 cable, the router doesn’t have the hardware to benefit from it. Save a buck and get this Cat6 cable instead.
What router are you replacing?
You’re going to have trouble finding a new, up-to-date wifi router for $50. If you can afford to spend a bit more than that, look at the GL.inet Flint, which comes with OpenWrt out of the box. Otherwise look for previous-generation routers on Amazon.
Unifi APs can do wireless backhaul and the system has good VLAN support. I would assume Omada is the same but I don’t know it well enough. I’d suggest a central U6-LR, wired if you can, and one or two of the UAP-AC-Mesh (which despite the name has no special meshing features) for infill.
I have nothing to add to the comments about double NAT, but I wanted to chime in to ask if you’d considered something like a GL.inet travel router? It’s OpenWrt instead of pfSense but I think it can do anything you want, and it’s cheaper than a Vault.
Would it be easy to set up an AP with the same SSID as my router?
Yes, definitely. u/leewhat’s comment explains why you had trouble with the Mikrotik; a dedicated AP doesn’t have a router mode you need to disable, so all you have to do is specify the same SSID and your devices will take care of connecting to the one with the strongest signal.
Since you have a 3-level house you may find you need two APs. As you have discovered with your existing router, wifi signals are usually shaped like a squashed dome; they have a better range horizontally than vertically.
LWT will sell you an AP11 for $163 ex GST. Anything cheaper than that, you’ll have to trawl eBay or Gumtree. But why Aruba in particular? There’s no shortage of second-hand Unifi AP-ACs (e.g.), you can find the U6+ on staticice.com.au for around $170 (e.g.), and the Omada EAP610 goes for $140.
As other commenters have said, this is what a wireless access point (AP) does. You’ll put the AP in the attic, connect it back to your router with one of the Ethernet cables, and it will broadcast a wifi network throughout your house. Examples that suit most cases are the TP-Link Omada EAP670 or the Ubiquiti Unifi U6 Professional.
How big is your house, and how many levels? This will affect the best option for you.
I reckon it’s B. Green is the second pair in A, and orange is the second pair in B. If blue is on pins 1-2, as it seems to be going by the numbers moulded in the plastic, and orange is on pins 3-4, orange is pair 2.
(Not an expert, might be wrong, would love to have it explained to me why I’m wrong if I am wrong)
If you only have one coax jack, unfortunately, you can’t use MoCA. The connection needs to get into the router and then out over Ethernet before a MoCA adapter can work its magic.
However, if I’m understanding your diagram correctly you don’t need MoCA to do what you want. All you need to do is connect one of the mesh units to your existing router with Ethernet. Then you can put the other ones wherever you want them, and it’ll work like your second diagram. Optimally, you would want to put your existing router in bridge mode, but it may not support that if it’s ISP-provided gear (many don’t).
You’ve gotten tangled up because there is a marketing use of the term "VPN” and a technical use and what Norton/ExpressVPN/etc sell is the marketing version.
Instead, look at Tailscale. You install a small client on each machine, and once those are running the two machines can see each other and you can use remote desktop.
ETA: for clarity, with Tailscale you don’t need to do anything on the router. It’s strictly a computer-to-computer connection.
What you’re describing will work, but the Mikrotik will be taking over from your Netgear as the router. The two PCs connected to the Mikrotik will not be able to see anything connected to the Netgear unless you change the Netgear settings to put it in AP mode (or whatever Netgear calls it).
However, Mikrotik routers are a long way up the learning curve from consumer gear. Have you looked into what’s involved in using one of them to run a network? Are you comfortable you can deal with it?
If your router supports Wireguard you can use wgcf to configure CloudFlare Warp as a network-level ‘VPN’ and either use that tunnel just for streaming services, or push everything out over it depending on what your VPN needs are. Streaming services don’t seem to object to it, because it doesn’t conceal your country-level location.
Most likely his computer still has the IPv6 addresses of those sites in its DNS cache. If it doesn’t go away by itself in a few hours, a reboot should fix it.
It would be useful to have some idea of what specific problem you’re trying to solve with multi-WAN. Your options 1, 2 and 4 solve for reliability. Option 3 solves for throughput. Is your 300Mbps connection too slow? Too flaky? Actually completely fine?
Yeah, this sounds like a classic from the “total bullshit L1 tech support will say with absolute confidence” files.
There is an outside possibility that there is some specific config setting on their bundled router that they don’t tell you about which causes traffic shaping to get applied to your connection if it’s not present, but that would be insane and illogical. If the new ISP-issued router actually improves your performance, that’ll probably be why. But like you, I bet it won’t.
Return it. Buy a Cat6 cable and an unmanaged switch. Ethernet splitters are a scam, and Cat 8 is a cable for special applications in big data centres and nothing you own can take advantage of the ways it differs from regular Cat 6 unless you’re Bill Gates.