User Guide

Complete reference guide for Pimeleon users covering daily operations, configuration, monitoring, and troubleshooting

User Guide

Murphy's Law of Complex Systems: "If you can't understand it, it's intuitively obvious." — Arthur Bloch, Murphy's Law

Welcome to the comprehensive Pimeleon user guide. This reference covers everything you need to know for daily operations, from basic connectivity to advanced troubleshooting. Whether you're a new user or power user, you'll find the information you need organized by topic for easy reference.

The beauty of Pimeleon is that it makes complex networking simple - everything is configured to work automatically, so you can focus on using your network instead of managing it.

Quick Start

Just Want to Get Online?

Connect to the network: Plug in Ethernet cable or connect to WiFi
Get online automatically: Your device receives automatic configuration via DHCP
Browse securely: Ad blocking, DNS filtering, and firewall protection work automatically

That's it! Everything else happens in the background. The rest of this guide covers what's happening behind the scenes and how to customize your experience.

Network Connectivity

Wired Network (LAN)

Network Details:

Speed: Up to 100Mbps (Raspberry Pi 3B+ hardware limit)
Best for: Desktop computers, NAS devices, printers, smart TVs
Priority: High-speed, trusted network for primary devices
Connection: Plug in Ethernet cable and you're online

When to use wired:

Maximum speed and reliability needed
Streaming 4K video
Large file transfers
Gaming with low latency requirements
Devices that don't move (desktops, printers, NAS)

Wireless Network (WiFi)

Network Details:

Speed: Up to ~50Mbps (Raspberry Pi 3B+ WiFi limit)
Best for: Laptops, smartphones, tablets, IoT devices
Priority: Convenient wireless access for mobile devices
Connection: Select WiFi network and enter password

When to use wireless:

Mobile devices (laptops, phones, tablets)
Devices without Ethernet ports
Temporary connections
Devices that move around

iOS Device Compatibility: Your router includes special optimizations for iOS devices (iPhone, iPad) to maintain connectivity when the screen locks. If you experience disconnections, contact your network administrator.

Network Performance

Speed Expectations:

Connection Type	Typical Speed	Use Case
Wired (LAN)	50-100 Mbps	Streaming, downloads, gaming
Wireless (WiFi)	20-50 Mbps	Web browsing, streaming, mobile
Tor Network	1-5 Mbps	Anonymous browsing only

What affects speed:

Distance from router (WiFi only)
Number of connected devices
Your internet service provider speed
Network filtering (minimal impact ~10-20ms)

Automatic Configuration (DHCP)

Zero Configuration Setup

When you connect a device, it automatically receives:

Network Settings:

Unique IP address
Network gateway (router address)
DNS servers (with ad blocking)
Subnet and routing information

Additional Services:

Time synchronization servers
Network discovery (file sharing, printers)
Local domain name
Firewall protection

No manual configuration needed - just connect and everything works!

Understanding IP Addresses

Your device's IP address:

Automatically assigned when you connect
Valid for up to 7 days
Automatically renewed every 30 minutes while connected
May change if you disconnect for more than 7 days

Network Capacity:

Wired network: ~150 available addresses
Wireless network: ~150 available addresses
Typical usage: 10-30 devices (home), 30-100 devices (office)
Maximum recommended: 130 total devices

Need the same IP address always? Contact your network administrator for a "static DHCP reservation" - your device will always get the same IP address based on its MAC address.

Troubleshooting Connection Issues

Device won't get online:

Forget network and reconnect: Triggers fresh DHCP request
Restart your device: Clears stuck network state
Try other network: Switch between wired/wireless to isolate issue
Check router status: Verify router is powered and functioning

"Limited connectivity" error:

Windows:

Open Command Prompt as Administrator
ipconfig /release
ipconfig /renew

macOS:

System Preferences → Network → Advanced → TCP/IP
Click "Renew DHCP Lease"

Linux:

sudo dhclient -r
sudo dhclient

iOS/Android:

Forget WiFi network
Reconnect and enter password

Security and Filtering

Automatic Protection

Every device on your network receives automatic protection:

DNS Filtering (Layer 1):

Blocks millions of known ad and tracking domains
Prevents malware and phishing sites from loading
Faster page loads without downloading ads
Encrypted DNS queries (ISP can't see your browsing)

Proxy Filtering (Layer 2):

Additional HTTP content filtering
Removes tracking scripts and pixels
Privacy protection
Bandwidth optimization

Firewall Protection (Layer 3):

Blocks unauthorized access from internet
Prevents port scanning and intrusion attempts
Protects all devices automatically
Logs security events

What Gets Blocked

Advertising domains:

Ad servers and ad networks
Tracking pixels and beacons
Analytics and user tracking
Third-party advertising scripts

Security threats:

Known malware distribution sites
Phishing domains
Malicious scripts
Fake websites

What doesn't get blocked:

Regular websites (news, shopping, social media)
Streaming services (Netflix, YouTube, Spotify)
Work and school websites
Email and cloud storage
Banking websites

DNS Filtering

How it works:

You type "example.com"
    ↓
Router checks: Is this safe?
    ✓ Safe → Returns correct address → Website loads
    ✗ Blocked → Returns nothing → Site won't load

Signs DNS filtering is working:

Fewer ads on websites
Faster page loading
Cleaner website layouts
Occasional "This site is blocked" messages

Testing DNS filtering: Try visiting known ad-serving domains - they should be blocked:

doubleclick.net - Should not load
googlesyndication.com - Should not load
adserver.com - Should not load

These are ad servers, not regular websites, so blocking them is expected.

Performance:

First lookup: 20-50ms (checking filters and cache)
Cached lookups: <1ms (instant from cache)
Average: So fast you won't notice

Firewall Protection

Automatic security:

All incoming connections from internet blocked by default
Internal devices can freely access internet
Inter-device communication allowed
Port scanning detection and blocking
Brute force attack protection (fail2ban)

Security zones:

Zone	Protection Level	Access	Typical Devices
LAN (Wired)	High trust	Full internet access	Desktops, servers, NAS
Wireless (WiFi)	Medium trust	Full internet access	Laptops, phones, tablets
Internet	Untrusted	Strictly controlled	External networks

Intrusion detection: Your router automatically bans suspicious IP addresses:

5 failed SSH logins → 10 minute ban
10 failed web admin logins → 1 hour ban
Port scan detected → 24 hour ban

Performance impact:

CPU usage: <5% under normal load
Added latency: <1ms
Throughput: No reduction
Memory: ~50MB RAM

Privacy Features

Tor Anonymous Browsing

What is Tor? Routes your traffic through multiple encrypted relays worldwide, making it virtually untraceable.

Normal browsing:

You → ISP → Website
(Website sees your real IP)

Tor browsing:

You → Tor Relay 1 → Tor Relay 2 → Tor Relay 3 → Website
(Website sees Tor exit node IP, not yours)

When to use Tor:

Privacy-sensitive research
Avoiding surveillance
Bypassing censorship
Accessing .onion sites
Anonymous communication

When NOT to use Tor:

Banking or shopping (too slow, often blocked)
Streaming video (very slow)
Large downloads (extremely slow)
Regular browsing (unnecessarily slow)

How to use Tor:

Configure your browser with SOCKS5 proxy:

Proxy Type: SOCKS5
Proxy Address: Your router's address
Proxy Port: 9100

Alternative HTTP tunnel proxy:

Proxy Type: HTTP
Proxy Address: Your router's address
Proxy Port: 9111

Expected performance:

Speed: 1-5 Mbps (very slow)
Latency: +500-2000ms additional delay
More CAPTCHAs and access challenges
Some websites may block Tor

Privacy best practices:

Use HTTPS websites (https://)
Clear cookies and browsing history
Don't login to personal accounts
Use privacy-focused search engines
Don't download large files

Encrypted DNS

DNSCrypt protection:

Encrypts DNS queries between router and upstream servers
ISP cannot see which websites you look up
Uses privacy-respecting DNS providers (Cloudflare, Quad9)
DNSSEC security validation
No logging of your queries

Multi-layer DNS protection:

Your Request
    ↓
DNS Filtering (Ad Blocking)
    ↓
Encrypted DNS (Privacy)
    ↓
Internet

Cross-Network Communication

Devices can communicate across wired and wireless networks:

Print from phone to wired printer
Stream from laptop to wired smart TV
Access wired NAS from wireless tablet
All automatic - no special configuration

Hostname Resolution

Access devices by name instead of IP:

Devices automatically register when connecting
Use friendly names: mynas, myprinter, myserver
Works from both wired and wireless networks
No IP addresses to remember

Example:

Instead of: http://192.168.76.100
Use: http://mynas

System Monitoring

Temperature Monitoring

Why it matters: Routers run 24/7 and generate constant heat. Proper cooling ensures reliable operation.

Temperature ranges:

35-50°C: Excellent - cool and efficient
50-65°C: Normal - good operating range
65-75°C: Warm - acceptable but monitor
75-80°C: Hot - improve cooling soon
80°C+: Throttling - immediate action needed

Check temperature:

vcgencmd measure_temp

Overheating symptoms:

Slower network performance
Increased latency
Dropped connections
Random reboots
Service crashes

Cooling requirements by model:

Model	Power	Cooling Needed	Recommended Solution
Pi 3B+	~7.5W	Passive sufficient	Good heatsink or aluminum case
Pi 4	~15W	Active recommended	Case with integrated fan
Pi 5	~25W	Active required	Official active cooler minimum

Maintenance:

Check temperature readings monthly
Clean dust from heatsinks/fans
Verify fan operation
Ensure adequate ventilation

Network Health

Connection monitoring: Monitor your network performance:

Active connections by device
Recently blocked attempts
Top bandwidth users
Connection protocols breakdown

Performance indicators:

DNS resolution time
Cache hit rates
Blocked query percentage
Firewall throughput

Common Tasks

Connecting New Devices

Wired devices:

Plug in Ethernet cable
Device automatically gets configuration
You're online

Wireless devices:

Select WiFi network
Enter password
Device automatically gets configuration
You're online

Verification:

Can you browse websites?
Can you ping other devices?
Did you receive an IP address?

Accessing Network Shares

File sharing services: Your router may provide network file shares (Samba/NFS) depending on configuration.

Access methods:

Windows:

\\[router-address]\share-name

macOS:

smb://[router-address]/share-name

Linux:

smb://[router-address]/share-name
# or
mount -t cifs //[router-address]/share-name /mnt/point

Port Forwarding

When you need it:

Running a web server
Hosting game servers
Remote access applications
Security cameras with remote viewing

How to set up: Contact your network administrator to configure port forwarding rules. For security reasons, port forwarding requires administrative access.

Security considerations:

Only forward ports you actively use
Use non-standard external ports when possible
Keep forwarded services up to date
Monitor logs for unauthorized access attempts

Troubleshooting

Connection Issues

Can't connect to network:

Check:

Router is powered on
Ethernet cable is properly connected (wired)
WiFi password is correct (wireless)
Network name (SSID) is correct (wireless)
Device WiFi/network adapter is enabled

Try:

Restart your device
Forget network and reconnect
Try other network (wired ↔ wireless)
Restart router (last resort)

Slow connection speeds:

Diagnose:

Run speed test to establish baseline
Check distance from router (WiFi)
Verify internet service is working
Check number of connected devices
Monitor for throttling (temperature)

Improve:

Move closer to router (WiFi)
Switch to wired connection
Reduce number of active devices
Check router temperature
Upgrade to better hardware (Pi 4/5)

Website Access Issues

Specific website won't load:

Possible causes:

Website is on blocklist (DNS filtering)
Website is actually down
Old DNS entry cached
Firewall rule blocking

Troubleshooting:

Try accessing from mobile data to verify site is up
Wait a few minutes and try again (cache)
Try accessing by IP address (bypass DNS)
Contact network administrator to check blocklist

All websites failing:

This indicates DNS service is down:

Check router is powered on and connected
Restart network connection on your device
Restart router
Contact network administrator

DNS and Filtering Issues

Too many ads getting through:

Some ads are served from same domain as content (YouTube, Facebook). DNS filtering only blocks separate ad domains. For these, use browser-based ad blocking.

Legitimate site is blocked:

Symptoms:

Website won't load or gives error
Works on mobile data but not home network
Site worked before but doesn't now

Solutions:

Verify website is legitimate
Contact network administrator to whitelist domain
Document the full URL and error message
Wait 24 hours (blocklists update regularly)

Slow DNS lookups:

Symptoms:

Websites take long time to start loading
First connection is very slow
Subsequent connections are fast

Solutions:

Check router is not under heavy load
Restart network connection on your device
Clear DNS cache on your device
Contact network administrator

Firewall and Access Issues

Can't access a service:

Symptoms:

Application says "connection refused" or "timeout"
Port forwarding not working
Remote access fails

Troubleshooting:

Check firewall logs for blocked connections
Verify service is actually running
Test from internal network first
Check port numbers are correct
Contact administrator for firewall rules

Getting locked out (fail2ban):

Symptoms:

Can't access SSH or web admin
Connection times out
Works from different location/IP

Cause: Too many failed login attempts triggered automatic IP ban.

Solution: Wait for ban to expire (10 minutes to 24 hours) or contact administrator to manually unban your IP address.

Tor Issues

Tor connection not working:

Solutions:

Verify proxy settings (address and port)
Try HTTP tunnel (port 9111) instead of SOCKS5 (port 9100)
Wait 30-60 seconds for Tor to bootstrap
Check with administrator that Tor service is running

Tor extremely slow:

This is normal, but if it's worse than usual:

Check regular internet connection speed
Try again later (Tor network might be congested)
Close and reopen connection (new circuit)

Website blocks Tor:

This is common - many websites block Tor exit nodes.

Use different website
Access without Tor (if privacy isn't critical)
Use VPN instead of Tor

Hardware Issues

Router overheating:

Immediate actions:

Check current temperature
Improve ventilation (move to cooler location)
Clean dust from heatsink/fan
Reduce ambient temperature

Short-term:

Add desk fan nearby
Open case for better airflow
Limit concurrent connections

Long-term:

Install proper heatsink (Pi 3B+)
Add or upgrade fan (Pi 4)
Install active cooler (Pi 5 - required)
Relocate to cooler spot

Random reboots:

Possible causes:

Overheating (check temperature)
Power supply issues (use official power supply)
SD card corruption (run filesystem check)
Software crash (check logs)

Solutions:

Monitor temperature
Replace power supply with official one
Test with different SD card
Contact administrator for log analysis

WiFi-Specific Issues

iOS device disconnects when screen locks:

This should not happen - your router has iOS power management optimizations. If you experience this:

Forget WiFi network and reconnect
Restart your iOS device
Update to latest iOS version
Contact administrator (may need configuration adjustment)

Wireless range is poor:

Raspberry Pi 3B+ has limited WiFi range:

Move router to central location
Reduce obstacles (walls, furniture)
Change WiFi channel (avoid interference)
Consider WiFi extender
Upgrade to Pi 4/5 (better WiFi)

Frequent WiFi disconnections:

Troubleshooting:

Check distance from router
Check for interference (microwave, cordless phones)
Monitor signal strength
Try different WiFi channel
Update device WiFi drivers

Best Practices

Daily Operations

Connect and forget:

Network is designed to "just work"
No daily maintenance required
Automatic updates and filtering
Monitoring happens in background

When to restart router:

Performance degradation
After major network changes
Monthly maintenance (optional)
Troubleshooting last resort

Security Practices

Password management:

Use strong WiFi password
Don't share WiFi password publicly
Change password if compromised
Use WPA2/WPA3 encryption

Network safety:

Keep devices updated
Use HTTPS websites (https://)
Don't disable firewall
Monitor for unusual activity

Privacy protection:

Use encrypted DNS (automatic)
Enable Tor for sensitive activities
Clear browser cookies regularly
Use privacy-focused services

Performance Optimization

Network performance:

Use wired connection when possible
Keep devices close to router (WiFi)
Limit bandwidth-heavy activities
Monitor connected device count
Regular temperature monitoring

Cooling maintenance:

Check temperature monthly
Clean dust from cooling system
Verify fan operation (if equipped)
Ensure adequate ventilation
Monitor for throttling

When to Contact Administrator

Immediate contact needed:

Router completely offline
Security incident suspected
Multiple devices having issues
Persistent overheating
Firewall blocking legitimate traffic

Can wait for regular support:

Single device connection issues
Minor performance degradation
Feature requests
Configuration changes
Usage questions

Advanced Features

Static IP Reservations

What it does: Ensures a device always gets the same IP address based on its MAC address.

When you need it:

Servers and NAS devices
Network printers
Smart home hubs
Port forwarding destinations
Monitoring systems

How to request: Contact network administrator with:

Device name and purpose
Desired IP address
Device MAC address

Custom DNS Records

What it does: Creates custom hostname-to-IP mappings for internal services.

Use cases:

Internal web servers
Custom service names
Service aliases
Development environments

How to request: Contact administrator with desired hostname and target IP.

Network Monitoring

Available metrics: Depending on configuration, you may have access to:

Real-time connection statistics
Bandwidth usage by device
DNS query logs (if enabled)
Firewall activity
System health metrics

Access: Contact administrator for monitoring dashboard access if available.

Understanding Network Architecture

Network Segments

Your network consists of two separate segments:

LAN (Wired) - 192.168.76.0/24:

Gateway: 192.168.76.1
Available IPs: 192.168.76.100 - 192.168.76.254
DHCP lease: 24 hours
Best for: Stationary devices

WiFi (Wireless) - 192.168.77.0/24:

Gateway: 192.168.77.1
Available IPs: 192.168.77.100 - 192.168.77.254
DHCP lease: 15 minutes (optimized for mobile devices)
Best for: Mobile devices

Cross-network routing: Devices on different networks can communicate automatically. No special configuration needed.

Service Ports

Standard services:

HTTP: Port 80
HTTPS: Port 443
SSH: Port 22 (admin access only)
DNS: Port 53 (automatic)

Proxy services:

Tor SOCKS5: Port 9100
Tor HTTP Tunnel: Port 9111
Squid Proxy: Port 3128 (if enabled)
Privoxy: Port 8118 (if enabled)

Admin interfaces: Contact administrator for access to management interfaces.

DNS Resolution Chain

How your DNS requests are processed:

Client query: Your device asks router for website address
Local zones: Router checks internal network domains first
DNS filtering: External domains checked against blocklists
Encrypted upstream: Clean queries sent to encrypted DNS servers
Response: Address returned to your device

Result:

Ads and malware blocked
Your privacy protected (encrypted queries)
Fast response (local caching)
Reliable resolution (multiple upstream servers)

Appendix

Quick Reference

Network Details:

Wired LAN: 192.168.76.0/24, Gateway: 192.168.76.1
Wireless: 192.168.77.0/24, Gateway: 192.168.77.1
DNS: Automatic (router address)
DHCP: Automatic configuration

Tor Proxy:

SOCKS5: Port 9100 (preferred)
HTTP Tunnel: Port 9111 (alternative)

Common Commands:

Check temperature:

vcgencmd measure_temp

Renew DHCP (Linux):

sudo dhclient -r && sudo dhclient

Renew DHCP (Windows):

ipconfig /release
ipconfig /renew

Test DNS:

nslookup example.com

Temperature Guidelines:

Normal: 35-65°C
Warm: 65-75°C
Hot: 75-80°C
Critical: 80°C+ (throttling)

Common Error Messages

"Limited connectivity":

Cause: DHCP configuration incomplete
Fix: Renew DHCP lease

"DNS resolution failed":

Cause: DNS service unavailable
Fix: Check router status, restart device

"Connection refused":

Cause: Firewall blocking or service down
Fix: Check firewall logs, verify service running

"This site can't be reached":

Cause: DNS filtering or network issue
Fix: Verify site is up, check DNS filtering

"Too many authentication failures":

Cause: Fail2ban temporary IP ban
Fix: Wait for ban expiration or contact administrator

Getting Help

Self-service troubleshooting:

Restart your device
Renew DHCP lease
Check this guide
Test from different device
Check router status (powered, connected)

When to contact administrator:

Router offline or unresponsive
Multiple devices affected
Persistent issues after troubleshooting
Security concerns
Configuration changes needed

What to include in support request:

Detailed description of issue
What you've tried already
Error messages (exact text)
Affected device(s)
When issue started

Installation Pimeleon - Initial setup and installation
Network Architecture - Technical network details
DNS Filtering - Ad blocking and privacy
Firewall Protection - Security features
Hardware Pimeleon - Cooling and hardware recommendations
Tor Anonymity - Anonymous browsing
DHCP Service - Automatic configuration details

Remember: Your Pimeleon router is designed to "just work" with automatic security, filtering, and configuration. Most users will never need to think about network settings - just connect and enjoy a faster, safer internet experience!