 And we are live Only a few minutes late just a few minutes here really two minutes late that streamed reasonable for vlog There's a number 277 and there are things to talk about stuff to do the final countdown You know, you can't say that because it doesn't just now. It's in my head. I didn't even have a chance to change I go here change it to the LTS logo up at the top there Streamy are pretty handy. This is how I do some of these still people ask occasionally I I've I do debate about looking at different Software for it, but right now this is one we've been using for a little while so it works really well for handling my live streams I still need better ways to share screens. I'm slowly getting better at that You know only two hundred and seventy seven episodes in eventually I'll figure this out Excuse me. I just had a quick lunch I had to hammer out and reply to emails and Do a lot of the life thinking that I have to do I asked to have an event to go to so I do have a hard Stop at four o'clock so I can get to my next thing. I have to go do today But we're gonna be talking about stuff Oh, isn't Rochester just outside of Detroit someone said Yeah, Rochester, New York now, Michigan, and yes, there is a Rochester, Michigan as well So we do have that that's about 30 minutes or so north of me roughly depends on traffic It's a it's a traffic trip to get to Rochester, Michigan for me there's Lots of things Lots of things here Anyone knows that it with that users with minimal privileges can't change most settings or install remote software and an AD environment can click Upgrade Windows 11, but it works. Oh, I'm positive. There's some way to pivot from that So there's you're probably right You're probably right. There's a there's a lot of security things to think about all around that so Zachary Brown is in Rochester Hills now. So Rochester Hills, Michigan whoo local people But Um among the things we're gonna talk about today because I have it in here So I'll actually jump right into the talking points. I was gonna I actually started making a video on this I just I have had a week of really really busy stuff that has not allowed me to Get any videos racked out. So Live streams are easy because I can just make goof ups and you're like, oh, he's doing it live So he goofed up. He was doing it live. So that's That's why I like doing these sometimes it can be kind of fun But we will talk about the PS sense beta. I wanted to jump into that cuz this is actually pretty cool Maybe even really cool Because make it make it bigger, right This right here is gonna be something people get excited about well people in the business world who Have the VPNs pushed to the limit are going do we have to upgrade our firewalls? Well interesting you will be doing software upgrades when this is released that will give you some more performance And I think that's a really cool thing to think about is that you're going to be able to get a Performance boost with software with the data channel off load without having to replace the firewall I Mean just pull up the page on it You know, why isn't there a shortcut that just lets me switch pages I've been saying that for a little while, but one day we'll have it but let's talk about what data channel off load is because this is actually one of those exciting things that's coming to open VPN and Security is one of the most important things considering you're online your online communications are secured with encryption The more your online Communications are secure encryption the better dead encryption has slowed down computing speeds in the past Which is improved with modern CPUs, but we can do more. I like the you know the encouragement from a VPN Now really what we want to go down here, too. There's lots of technical details This is easy to find for those of you that want to read Technical details that maybe will be covered later when it's all hashed out in a video but this is the part we care about right here is What does client on server DCO? Look like what are some of these speed changes so client DCO server ton client DCO here standard tunnel versus Open VPN DCO on both. Yes data channel off load is a Substantial bump in speed when it's integrated. So these are going to be some interesting Performance numbers that you're talking to say open VPN is Comparative in speed to some of the other stuff. Why is it? Hold on. Why did it not do the right page? There we go Now I can scroll to there. There we go. We wanted numbers because stats. That's what we need to know Well DCO require AES and I for offloading You know right now you need to have I don't I don't think that's required for offloading But pretty much any processor most processors made since like 2013 or 2014 have AES and I but the challenges What cipher supported because AES and I is good for AES ciphers But you don't need AES and I and it doesn't help with other ciphers such as the cha-cha Polly cipher So it doesn't necessarily it's probably I don't think it's necessary to make this work because it supports other ciphers So whether or not it will Whether or not it will actually make a big difference, I don't know There's certain circumstances or maybe it will that's kind of kind of be up in the air I don't think it's gonna be required if that's the question there Have I heard of RZA VPN You got me to Google it and Unfortunately, that doesn't really yield any information. So what is I don't know what that is The Z of EPN. Oh, that doesn't find it either. So I don't know what it is and neither does Google So it's so new no one's heard of it We're maybe I'm typing it wrong. Is it RIZ ZIA or LA. It looks like an LA RIZ ZE La I read it is I Nope that didn't help either So I don't know what it is. So I haven't heard of it neither as Google Google did not even yield a result for that so But back to open VPN which has been code audited and vetted and really Welly embedded within many systems not just this is not just a PF sensing. This is actually open VPN having the DCO Where the PF sense comes in is by the way, you notice how open VPN says Linux Linux That's because this was all written in Linux and now this is coming to The free BSD world courtesy of PF sense. So that's a That's where a really big difference is like the PF sense did the engine or neck gate did the engineering for this and This is going to be a great upgrade when this comes in a release and no don't ask me when it's gonna be released because I don't know but this is going to be a Nice boost in performance for open VPN on the same existing hardware you have now I will comment on this because someone will ask the question That highlight right there open VPN DCO will be available exclusively on PF sense plus so I will address that and That is going to be an issue. So People that are concerned about it. Yes, but they also have a free upgrade path to PF sense plus It isn't they're still developing and there's still a beta release of the new PF sense the new community edition, but there's certain functions such as DCO and ZFS boot environments Which we'll talk about next that will only be available in PF sense plus. So just so people know yes, that's That is a fact. I will address it right away and I won't hide it so to speak so people say but Tom It requires PF sense plus. Yes, it's right in their documentation. They're very clear on that. So Tap performance improvement that I don't know I Don't know if there's anything you can do with tap. I probably would guess no But let's look and I say let's look because I do have You find it is it one dot 41 Let's log into the PF sense There we go, and we're gonna go VPN open VPN. Let's add a server real quick Your TLS Hey, the the option box is there on both So I'm gonna say it works I'm Pretty cool. It's not disabling the option box. So There's that We can probably walk through the wizards cuz wizard it next Gotta add a CA insert when Descript Best I think I should be able to click next. Oh I miss something when I miss Data tunnel network. I think I missed that. There should be all I need to put in here Firewall roll open VPN roll next finish edit enable If we enable these two things will they contradict each other and not allow me to save let's find out save Well, it didn't air so it looks like yes, that's something we can do at least I don't know how I'm in this isn't a full test But this is at least a test that says it works. It doesn't fail. It doesn't fail to start For a remote access VPN, would you recommend going with IP sec open VPN or where guard also? How do you onboard users without mainly exporting per client search? This is why people use open VPN open VPN allows for things like local user database or Open VPN also allows for things like external authentication against radius or tying it in Through a series of steps to like an active directory server That's pretty common. This is why open VPN isn't going away It's just one of those things where when you're dealing with a lot of users The user management tools within open VPN make it a really popular choice and why it's not going away And why I care about DCO, you know This is already embedded and integrated across a huge number of our clients in a lot of consulting projects We do because it's a good solution and works as simple as that so In wire guard is cool, but wire guard is more about the protocol and less about the user management That's like that's not where they went That's why we thought it was silly when people were telling me but wire guards code is so much smaller And I'm like, of course it is it doesn't have the same functionality of open VPN Granted it also doesn't have that the legacy cipher support But it doesn't have all that extra functionality for things So there's that Let's see. Yeah, open VPN is best for that. I have tried 80 server for authentication Yep, I actually for site to site VPN do I really I really do like wire guard The simplicity in low complexity and speed of wire guard is good for site to site So I will say that But you can use you can also use open VPN and IP sack as well So there's definitely those are all there Would you recommend multi gigabit WAN three gig? I mean if you have multiple things you can tie them all together But having three separate one gig connections does not give you a three gig connection I think I have some I have some SD what I have an SD WAN video where I kind of explain how you actually bonding versus individual ports Open VPN you can connect to phone forget about it six months later still connected. Yeah, how do you do AD with open VPN? I think there's actually a write-up There you go There's the write-up. So if you Google it, it's the first result There's the net gate documentation on how to set it up. So net gate actually has a whole setup on this I don't have a video on it, but I have a video how to do radius I don't have a video on how to do AD, but it's pretty much you're close to it once you get it radius You just have the radius server somewhere else So, yeah, it's a it is supported Is there any good way to output the certain solar opium like access server has a web server where people can log in get to it? Oh, yeah, absolutely Let's go ahead and install it. We go over here to the package manager available packages Open VPN client export. We're gonna click install Actually, let me go into the server here because we have to have the server connect properly. So we do this It's got to be tunnel mode save There you go Now I set it up as authentication only no cert because I don't feel like setting up search for each client If you turn it on it will list each person's in here But there there's the installer current windows installer and it has all the search wrapped right in there So it's a windows installer with all the certifications So it works That's uh, yeah, that's how we do ours You know, we use the open VPN tool and then we can just set it up. It makes it a lot easier Under's user manager authentication servers P of sense as your AD server is LDAP directory and then it becomes authentication Yes, you can do it as LDAP or radius both are supported Watching it to X speed to catch up. So yeah, P of sense for multi gig bit Yeah, you can the you don't bonding as an SD WAN thing. That's where some people get a little bit confused I think I've got a whole video where I talk about the difference between bonding and SD WAN Yeah, there's there's a lot to it So let's go back over To well, let's just show it This is the other new feature. Yes, by the way, fold disclosure, this is a pf sense plus feature But let's talk about how fast we can create a new boot environment. So let's Have you ever considered Docker creating dashboards of pf sensing any sense? No, I don't do Docker It's just really not my thing. There are other youtubers who do J is among them J from learn Linux TV You can watch this Docker series. I think techno Tim has a few Docker ones There's there's a few other people that have Docker videos. I do not I'm not really a big Docker user But the boot environments so let's go ahead and purge a couple of these we don't really need these ones or This one, but I want to do an update So let's create a new boot environment doing it live on Who did live on YouTube? Oh It says no spaces So doing it live there we go oops I hit the caps lock Yes It's happening earlier. It's my my shift keys messing up. That's weird Why is my shift key not working? Here we go So now we have this boot environment and there's probably more updates. Let's go ahead and update this system Is there an update? Hey, why not? Go ahead and hit this update here now This is also going to create a boot environment. What these are and we're gonna download the latest live here So confirm Let it go ahead and get the update We're gonna go from the 513 to the 519 base and also I'm gonna open up another window There we go If this doesn't boot, well, actually, I mean share this window right here So we'll stop sharing that because we want to share screen Window That looks like the right window. There we go. All right Now you're gonna see how the boot environments look because what it did was it use the FS snapshots to create these boot environments So this is really cool because it's gonna be rebooting here in 10 seconds And I'm serial counseled into a netgate 4100 Sinking this There we go. I'm gonna go one more menu space Then we're gonna go to option 8. Oh I do it wrong. Yes. I didn't press 8. I pressed enter Nonetheless, if it doesn't boot we'll have to do this again. We'll have to reboot it So but you seen there's an option for boot environments and those boot environments lets you go through and Switch back to previous known good states This is a really handy feature and this is part of the integration. I have was ZFS to make all this work So I really like how this works Yeah, the boot environments feature is really cool. So yes, absolutely Oh For open VPN is TCP more secure stable than UDP. I highly recommend you use UDP for performance Security-wise are the same. I don't think there's any difference in security If setting up privacy VPN Nord or PIA, would you use open VPN or wire guard if available? I've been doing it with open VPN because I'm used to doing it that way I Think it's supposed to be a little faster with wire guard I mean, it's not my to-do list to redo one of my VPNs and set it up that way But it's also low on my priority list but some of my staff have switched to using they do some privacy VPN stuff with the Wire guard said as far as I know it works. Well There's less documentation on it So it's going to test your skills and your knowledge more than an open VPN is I have videos detailing how to do an open VPN I have not made any videos detailing how to do it in wire guard Had an issue my own VPN would work on a Linux computer but not on any connect app it would connect other traffic But no other traffic a route any thoughts Somewhere you got a parameter wrong on there So it's hard to say without seeing it That's a good post for the forums because then you can detail out the parameters on there and someone can look at what's wrong on there What analysis or test do you do to determine if a client would benefit from creating a local network beyond one gig? You just look at the saturation on the network of what they're moving it pretty much is One gig network upgrades are pretty much exclusive to clients doing video editing Clients doing some type of large data movement. That's really what it is and Majority the ones that we work with our video editors, but there's a few data scientists type people They definitely benefit from more than one gig as well But yeah, it's not There's not really a test. You just kind of look like oh you're editing videos now Even people who we have some companies that are very big graphic design companies, but they're editing Photoshop and design type files It doesn't even seem to be a big deal to them. So the If you just look at the saturation on a per port basis and see if anyone's ever really saturating it But most of your offices just are not. Oh You don't accept Nord VPN spot. Yes, I'm the own. I'm the only vlogger blogger who does not yeah, that's true That's true So just like having PF sense in a VM and get snapshots Yeah, except you don't have any of the problems you run into having a PF sense in a VM And we have very few clients a PF sense is in a VM and lots and lots and lots of PF senses out in the field That we have to manage that are not in a VM. So Other advantages here are going to be using ZFS. You don't have to deal with Corrupted files. So if I randomly power cycle a PF sense, there's not really going to be an issue there So let's go ahead and log back into PF sense We'll share that screen again once it's logged in share Screen Yeah, that one cool. Hey, look, I'm on the latest version again now What's the build on this one? built Quick blah blah blah bio system. It just says latest. It's today's build Till last night. So I guess today. There's a little ZFS widget I think that's all that really says doesn't do much else and saw package There's our disk usage pretty slick system boot environments Which one? So this is our active boot environment doing it live on YouTube. We can revert back to this if we want Activate one one time and reboot. It's just really slick. Also when you're doing a reboot diagnostics reboot They've also integrated it here. So if we wanted to go back to the previous one We could go here and reboot into that environment So select an inactive boot environment to activate on next boot only So you could do this And we can go back to the doing it live and we revert it back but then we can go back to our other one and Yeah, it's just really slick how all this works I'm really happy all this integration they had in here Iperf can't hang with 100 gig. I don't have a hundred gig to test that right now Is it bad to run pf sense in a virtual machine? It's not bad. It's problematic What happens is there's certain updates or certain changes that make that have problems in virtual machines And you wouldn't believe the number of consulting calls we do See a lot of the knowledge I have is not based on random opinion it's based on a lot of consulting work we do with people and the troubleshooting if you if you're good at it and you understand all the pros and cons of running things in a vm awesome but if you start having all these performance issues and hardware offload issues and All the other things that you have to understand how to Manage is the same reason chris from cross talk solutions doesn't recommend running free pbx virtually unless you know what you're doing Because you've now added a layer of complexity onto your phone system It's not that that's necessarily bad But now you have two places to troubleshoot and people don't always set up their vms right therefore Are you troubleshooting a pf sense issue or are you troubleshooting a virtual machine issue? It just adds some layers of complexity. I also like the fact that when I have to update my virtual System which there's a patch and I have to reboot it. I don't lose internet when I do so So that's another reason for me, but then someone will point out. We'll just do everything in ha Well, that's not always everybody's home lab has ha maybe yours does So there's a lot more consideration and hardware is generally cheap It doesn't cost a lot of money to run a pf sense. It does not need to run on a high wattage device I can't use pf says to ease your hackers hack into look to articles configure pf sense It's still get hacked. So I moved to untangle. Hey do whatever works for you It's not easy for hackers to get into pf sense It is easy to misconfigure any firewall and a firewall with more options Gives you more options of things you can misconfigure. So there's there is a uh Things that if there's a lot of knobs and buttons sometimes people touch all the knobs and buttons. I won't lie Do you have any inside knowledge if neck it will do up a way to integrate ad with pf sense create firewall rules? Uh with users in mind not ip not likely I don't I don't foresee that as being something they work on Any plan to do a full suit video on sure nascale? Um, eventually. Yes, I will um I got I'm going to do one on core first because core is what we do the most amount of work on Uh, and we have the most amount of servers the other problem and we're literally working on this as we speak is the uh doing performance testing Uh, and we're going to be doing performance testing with scale so Sneak peek at some of the preview tests, but we're doing a whole series of benchmarks and uh We're going to be benchmarking core and scale and uh 12 and 13 and Analyzing all these numbers. So see if there's any differences in them But one of the things we did notice from my previous testing is uh scale did not have the performance So it's going to be a little that's why I want to do that one second and just based on most of our Uh consulting cores where we do most of the business consulting work. So I do more videos on that Um, not that I don't like scale. It's just you know comes down to performance is what matters even for myself um, I I tried scale on my system and I couldn't get the performance out of it So I went back to core Uh, because that's something I really need for all the workloads we have Uh, nick order naming is a huge pain in the butt on the pf sense vms. It can be Nick gate 6100 max pf sense plus security. We took me three months to get invest investment ever um Happen to be attending rsa in june be my first to see a network engineer moving to net second engineer I will not be at rsa. I actually laughed someone In the security community said they too many people had asked so they changed their linkedin name to their name Not it not will not be at rsa in their last name. So I don't have as I will be at black cap, but I won't be at rsa Are you going to do a tnsr pf sense plus video feature not likely? I don't use tnsr So I don't think I'm going to do a video on it anytime soon Um, I don't really have uh the impetus to learn it because we're just not using it Um, I mean if we had use cases for it We would use we would do videos on it, but we really don't and so not really a big thing True dance in a vm. I always say no I'm that that is I've watched people lose Entire data sets that way because of bugs in the vm Setups not that it can't be done. There'll be someone who he says but mine works fine Yeah, and the the people that contact us for consulting who have big messes and can you recover my zfs pool? Yeah So nonetheless I'll see I would look into ad for dhcp and see if there's ways to sign ip's and user I don't know why you would do that. So but I'm Hey, it's it's open source. You can start writing code and try to make that happen I'm not sure why you want it to happen, but you probably could Let's see Tune s vm in a home at work now. Yeah, I would never run it in a production workload But then the home users generally are worse off Um, because they end up building these bigger pools and don't have anywhere to put the data when it's Failing and has a problem So that it's some of the home users have had like the more desperate calls for help And I'm like, I don't know what to tell you like you need to offload the data somewhere to reload it to a regular machine But I I put all my money and all the drives in this device and I don't have anywhere to put the data in the meantime I'm like, yeah What about vmware? We I'll be using my lab practice work. We'd love to see how um What about vmware for virtualizing it? I don't I don't care what virtualization you use I don't recommend any of them for true nas Use whichever one makes you happy, but I none of them are on my recommendation list um I don't know because I never test p o ppoe. We don't have I'm not saying we have zero But we have very little ppoe here in the united states ppoe is really a european thing Uh, I European in other areas. I know it's not just europe It just seems like most of the people asking are in europe I know it's used elsewhere and in small pockets. It's used here in the united states I don't really do much testing with it. So I that's a forum post over at netgate not really something I have an answer to um True nas on a vm if you can redirect the hba that's the only way to do it But even then um, that's where the data corruption comes in I've seen where I don't know what it is There was just error messages on a couple people's uh systems Xavier had this problem He may remember seeing him. He's one of my hacker friends has been on a channel a few times and Xavier lost a bunch of data Even though he had his hba passed through it just kept crashing We don't know why the machine worked fine reloaded it raw with true nas. It had no errors at all so pass through random Uh, crc errors once in a while eventually it caused a bunch of corruption And it was a headache to get the data off before all the corruptions then reloaded it bare metal Work fine. No errors and That's like and he's not the only one that's had this problem Uh, have you looked at the rock store yet any initial thoughts? Um, it looks novel I don't have really a use case that makes me want to use it There's nothing compelling about it like it was novel and the reason we brought up rock store and we pull it up Real quick the reason rock store got brought up store Um nas Because it uses butter fs but zfs being better than butter fs Uh, is there now if I was going to build a pi 4 Uh server For nas This is probably what I would go with but that's low on my priorities list and last I checked. Um There we go. Uh, last I checked they're not pies are I I got to watch jeff girling's video on it. Uh, there's ways to make it work But I don't know how well pies were they're nice low powered nases. I mean, um But outside of building a pi nas which is low on my priority list right now. It's pretty cool I think it's novel. I like that it exists. Uh, but I don't really have any solid use case for using it Is it necessary to change default ip login pf sense to a 10 dot or 172? They have no bearing at all on protection Uh, whether using a 10 dot Or a 172 network as long as you're using an rfc 1918 network, you're good What are your consulting clients using the route 10 and uh 20 40 gigahertz you talking about like the data center stuff? Um Everything from juniper to sysco stuff. I think I'm seeing more juniper in some of that so You thought rock store was dead. I don't really know when's the last Downloads when's the last image? You know, it'd be great if we had dates on this They have a blog so I could see shop downloads open sussy community resources solutions I hate when people don't have blogs. Let's go to their github when some of the Rock store core when's the last updates for it six months ago four months four months So there's still updates. I don't know so six months ago. So it's not Oh, january 11th is the latest There we go So four one one zero was released on january 11. So yeah, there's I mean that's four months ago So I guess that's reasonably active You can buy a celeron nut. You can cheaper and buy a pie. That's one of the bigger reasons I'm not working on a lot of pie projects right now. They're definitely, um Yeah, pies are overpriced right now. I don't know. I don't test much microtik stuff I think that's a microtik model number and I don't do much testing on microtik You've been using rdm on vmware your charger. This wasn't really built to work like a virtual assault Your results will vary data core, for example, is built from the ground up for virtual install With zfs does the hardware raid need to be in the chip centers all all os controlled Zfs should have direct access to the hard drives. That's really important willy how How much Wood could a wood chuck chuck if a wood chuck could chuck wood I don't know how many see we were talking about zfs and cows not wood checks Ah Open suce 1513, which is latest table. Okay, so you got to get on the zfs as a cow. That's uh Where can I find that link I think I have the Zfs co w Up that in there There we go zfs as a cow. I have a couple videos matter of fact if you just type in this I also have one that says true now zfs dev pool design raid z raid z2 raid z3 capacity integrity and performance I have a couple explainer videos that break down these details on how zfs works these top three results On on my channel, you can find it break down a lot of the zfs concept I have five cords of wood Never heard of clavister so I have no opinions on it Don't know who they are So don't know who clavister is so I have no thoughts Let's see If a drive fails, how do I rebuild the zfs raid? Um for the most part with zfs And let's uh, I think we can log into this one here Let me get it logged in There are options to replace drives So if you're in here actually it's the wrong spot. We need to go to Here here's all my drives and uh, there's options with these three dots over here to do things like Replace a drive now. I don't have an extra drive to replace actually. Yes. I do on another system Let's log into this one So if I wanted to replace this drive Nope, they're not none of this one. I think we took the hot spares out, but it um It'll show the spare disc and I can replace them uh There I've got videos on how to replace drives in in there You can do it from the command line too, but I'm not going to walk you through the command line right now Uh z true nast makes that really easy to do. Hey, Lawrence. Do you know candice? Uh I don't know. I don't know. I'm trying to think I probably know someone named candice, but I'm not the best with names So it sounds like someone has had good luck with virtualizing it. So yes King Is it possible to hide the pf sense id name if you rename it from pf sense, can you hide Its name. I don't know what id name you're trying to hide Do you ever migrate on premise? I'm exchange the g-suite. Um, I don't know that it'd make compelling content or video There's a tool that g-suite has um exchange migration Um I think Yeah, there's a Right up on it So there's a migration tool for it But I don't I don't know that it's going to make compelling content I don't there's there's so few people that asked for that. Um, and I don't really think it's that popular Ryan you do not understand how pf sense works. I'm sorry But that is not how they do not come through your wan and mess with your pf sense unless You have to open your wan for them to come in by default pf sense closes The goal that it closes keeps close the wan does not expose it. So, uh, if someone came in through your wan they came in Uh, because you opened it because you actively went in pf sense and made a change So it's as simple as that So don't do not open your wan admin interface simple as that the, uh pf sense wan interface matter of fact, we can do this right here. Let's go to 141 firewall rules Wan I added this rule and it says allow external firewall access tom implicitly added this rule And because you can see created by admin That is what allows me to remotely through the wan interface access this firewall by default that rule does not exist so Yes, it requires um You do not want to open up your wan port if you're opening that then you are opening up for the potential for someone to log in Yeah, no good firewall walls wan direct access. That is a user mistake. Um, well, no Unfortunately, there have been many firewalls not good firewalls But many firewalls that defaulted to this pf sense is not among them though pf sense does not by default have wan open. So yes uh, usually the best is um None So that's uh, that's my answer is don't don't change settings. Generally, it works fine without messing with qos settings start there Uh, people optimize things without testing and generally find, you know I've kind of joked a couple times that a lot of the consulting work we do Is people hiring us to reset things to default That's and then I here's the bill and they're like, well, I thought I had to change all these settings I'm like, I'm not sure why you thought you had to change them Uh to quote I think this was jim at pf sense who said this if there were better default settings We would make them the default settings So the default settings actually are really good in pf sense for gaming or whatever now There may be some exceptions and we can actually um Hold on. This is the decade blog of note This is something that I don't have an easy solution for but this is something you'll run into if you have this scenario And um This is a new feature that's coming to this one. I can say it's coming to both Uh, but fix u p and p for multiple game systems Sometimes the only way to make an xbox or a playstation work Maybe to turn on u p and p because you don't want to go through all the details of port forwarding They're doing some more fix when you're running multiple gaming systems on there There may be something you have to do for that. Maybe like for me though. I didn't Uh, well, I take that back. I did have to uh destiny had a port forward that makes it work better I do play destiny. Um Destiny 2 so I guess that's kind of a not default settings Have you experienced with netcloud? Yes, uh some I don't use it much. Um Someone asked me about it again I I tell people who want me to set it up. No problem one Here's the price to set it up And then they don't like the price to maintain it because they're trying to save money And i'm like if you don't maintain it You have a problem, uh Next cloud Let's see, um Where was it Somewhere, uh next cloud hack I think it was in a php This is a little while ago, but I just want to bring this up because we Software is insecure It's there's two states of software. We know about the vulnerability We don't know about the vulnerability. We know about the vulnerability. There's a patch We don't know about the vulnerability. We know there's always going to be another vulnerability That's just a given So what happens is if you decide to use next cloud and you want to have it publicly exposed You have to have a plan One to back it up in case it gets hacked two to patch it Immediately if there's a big bug found in it now any software with increasing complexity is the more likely to have bugs in it Therefore you need a plan and what people don't like is when they go well I want next cloud and they're like but I don't want to pay for all these patches that I was hoping to get it for free The software is free, but if you're going to publicly expose it make sure you have a plan to address If a issue comes up, um, that's just something you really have to think about PfSense multiple zones any way to get them to auto DMZ instead of auto lame meaning when you create rules out of a zone For them to reach they will be able to reach other zones uh You can create and name them anything you want So you just have to create the rules on how you want each section set up. Um, so i'm not exactly sure Not exactly sure what your question is other people saying next cloud is great I like it's good, uh titan How do you back up the psense fleet you have deployed we download the config for anyone we manage, um We don't always manage all of them. So sometimes we just help internal it team set it up We encourage them to use the auto backup feature. Um, because they yeah Next cloud needs to be updated monthly Yeah, there's a lot of updates, uh that need to be done. So yes This is my answer don't expose it to the internet. There you go Yeah, I don't understand your firewall rule question Uh, you can create 10 zones vlan interface of subnet when you set an address to A rule say op 2 can see op 3 as well So you need to block all of them No, it it doesn't so you you have to when you create a new interface in pf sense, um We'll do this right now. There's no rules on it. So if we firewall matter of fact, um, actually Let me see what interface assignments we have So here's like land for Firewall rules, I bet there are Hey, look no rules anything I plug in here won't work and can't talk to any other interface um land 2 3 and 4 are all created here with No rules so there's nothing it doesn't you can plug into it. It's not going to talk to the other interfaces That's why I don't understand your question because this is the default if I add an interface and or Like a vlan we can do that We'll add a vlan There's vlan test We go to firewalls interface assignment add cool Enable it give it an ip address Actually, we got to set it to uh static zero 24 Save whoop That one can't be used. So let's do it this way. Let's do uh 2168 I had a doubt zero in there, didn't I doing it live man All right, we've now created a whole new interface called it opt five. We'll let it apply the changes Hey, look no rules that I'm not clear yeah It default this is actually usually what gets people in trouble it default doesn't have any rules So people create the interface and go the interface doesn't work And uh when the interface doesn't work, then You know, they're like, I don't know what I did wrong I'm like, well, you have to at least create one rule to start allowing But this is probably maybe what you're talking about allow all so if we say Any any any well now I can access all the other interfaces, you know because I that's Source destination everything can be accessed. So that's um, it's just the way the rules work There's an a whole section in the pf sense documentation on how the rules are created and how they work. So We're going to delete this rule apply interfaces assignment Let's go ahead and disable the interface Save apply we're winding it all back You know what I should have did Created a boot environment. So I don't have to unwind all of this assignments Actually, that's a fun one Oh, no, I won't even bother. I I've come this far delete delete Then delete the vlan And we've unwound it, but I should have did a boot environment because I could just snapshot it Reboot it and those features won't be there. So In pf sense, I have ports to find the ali system in ps4 and allow them out for games work the games like cod Published that info so you can keep your firewall locked down. Yes, this is an option as well You can use I have a video on how to do aliases and it's well documented in the neck eight documentation True nas open storage. Are they in here? I see you're tagging and at them uh With zfs special device increase performance container stored on the server over nfs It really depends. I have a video on how the caching works in zfs. So So the caching is going to be It will be per it'll help performance overall if you're doing caching on it As long as it's caching that is relevant to the workload you have so it's not like automatically add it and get uh It's not like you automatically get performance by doing it. It's it's depends on your workload Oh, let's see What else was on my list of things to talk about What's in mind i'm looking at my list again. Where did I put the live stream itself? There it is 181 people and 44 likes smashed out like button That's always appreciated. Uh, let's see Unrelated question. Have you thought about doing a video on backplane? What's backplane? I don't know what backplane is so Lots of small files that run k3 workloads. So the caching in zfs As i'll show you here I log into this one this one's running a workload now. I don't know what workload it's running Hey, look at the cache usage. So what you'll notice is um When you go over here to the reporting zfs and if You'll see all these hits right here for the different Like arc request demand metadata arc request demand data Demand data here arc hit ratio these the way the arc size how it starts out here. It goes up and down We're actually running active benchmarks on this particular system So It will make a big difference like right now The more cash you have is really the huge Performance factor. So having lots of cash is going to help you a lot as in ram lots of memory because that's where most of the caching is and That makes a big difference in performance. This is actually uh, go back over to their reporting We have There you go here, we're doing it all in nfs. So the cache and enfs and you notice this Line for the different read and write performance tests we're doing line up perfectly with When we look at zfs and the caching hits So Absolutely, you can benefit from cash Specifically, this is all just ram cash on there, but it makes a big difference Oh, let's see Any 10 gig or two and a half gig network will one gig LAN port on the router slowdown traffic? Or between vlands no nope, it's um The between vlands if it has if the router only has one gig ports then yes, it can't go faster than the port For inter vlan routing unless you have a switch that supports inter vlan routing My country blocks cpns is a way to make pf sense bypass a block not really There's there's mitigations to when vpm blocking Has been employed. You have to know what kind they did and work around it. It's not a pf sense solution It's a how are they blocking it? How do you get around it type problem? I don't think there's any way to get the unvr installed on true nas Uh, I would ask how well pf send hardware might mean to you in failures one two years Oh, we have a lot of the pf sense hardware. We pull out of um We've pulled some of the really old hardware out of service because it was old not because it failed We're not seeing A big failure rate on the true nas hardware If you till if youtube still had the five star thing, you know, we give tom five stars. It is much appreciated Do you think true nas will support lxc in the future? I have no idea Ah people notice the pool name. They like the ll pool j Is zfs good for vm storage, uh over iscazi or nfs. It's good for both You can use it for either one. It comes down to your use case. You can use zfs. You can use iscaz I'm sorry nfs or iscazi either one. Oh, let's see Oh get true nas installed in unv hardware. I don't think so Uh, I think all the unv hardware is arm true nas doesn't work on arm rancher Removed iscazi is an option in the ui Hmm. I'm not sure then not sure So nonetheless, uh Back to uh, what was the other testing we're doing? I got a few a couple more minutes and I got to take off So let's see how the testing's going You can actually show the other side of the benchmarks Doing it on a rise in system. There we go. The tests are still running. Whoo Show these on here These are the other benchmarks for running so you can see what they look like on the other side of This is an xcp and g With my ll pool j This is part of the fun we get me and my staff play around Everything has a silly name for all of our lab stuff because I want to laugh every time I see it so I want to you know, uh I'm trying to figure out a good song to play on words because mama said knock you out worth ll cool j I don't know if that's a great one for an ass, but at least like ll pool j has a name What's better? Uh, Synology Trinastropa media vault. Um It's all about use cases kind of like asking the question of what's better a pickup truck or a very large truck Well, what are you going to do like with a uh, what would they call them in England like a lorry the the very large, uh You know, they're not the same device. They're not the same use case. They have very different features So it's not a matter. There's not a binary answer for that I do have a comparison though of true nas versus analogy. So I have a video where I break down all the details Would l2 arcs sort of the cash files of my main pool drives are spun down to lower energy use to us No, I don't think so. I don't think that would work I've never tried it, but I don't think spinning down the drives It still sometimes may request the data. So I don't know if it would even let the drive spin down Since you've been promoting pio since I said I bring my old Mac mini from storage and try it been flaws for six months Total overkill. Hey, it's at least it's fun Good old days and data center name servers after constellations qnap. Yes Uh, I'm not a big fan of qnap because of their poor security practices. They are really bad about keeping up a security Oh, there's someone's got it. Mama said nas you out You know, here's how we're gonna fix this True nas here we go. It has been named So now I'm going to Send this to my staff real quick. I I actually like this. So I'm I'm cool with this I uh, thank you for that that pun made my day That's now been sent to the group chat at the office so they can see that I changed the name of it Uh, yes, that's huge. I'm I'm happy with that one Um, how are the buffalo drive solutions as far? I think and I don't know this for certain So someone can correct me as a few a few people said it is now based on uh The qnap stuff. I don't know that to be certain Um, but it's been a long time since I looked at them. So Don't you just love renaming everything in xo? Oh, it's they make it so easy just to change the names of stuff Um and move things around zen orchestra makes my life easy. There is no doubt. It just works It just works Being able to pivot to all the different systems really quickly and see which running This is the benchmarks over we're running for onyx on it But nonetheless a couple more minutes any final questions I'll give it five more minutes because after that I got to get going and reply to some emails and do some fun stuff Well replied emails and I got an event to go to physical in person event. Um, those are always fun So we'll we'll cut it at 415. It is currently 410 So Oh, I like this too we can keep playing on words with this stuff because mama said rack you out is actually pretty funny too. So I love all this fun stuff Um, have you used pi kvm? What's your favorite ip kvm? We have um Used it and uh, I gave it away. So I haven't used it recently I thought they were pretty cool right now the raspberry pi is being expensive make them a less affordable choice But they're pretty cool Uh, how is the fs performance the next cpng? I would see it works. Well, um, I Definitely built a couple machines with it for some testing. I did a super micro super server with it And uh, I was really impressed with how well it performed Did it cost else is ripping replacing all cameras right at $4500. Yeah Yeah, the camera replacing is definitely thing Uh, where is the tester rec regional studio? It's still there. Uh, I was at my Office today. So we built a bigger lab at the office. Um, I moved my studio to my house My office is within Half a mile or less. So when I go to the office, that's where we still set up all that testing you're seeing Uh, that's even this right here is all running inside the that same while there's this is a second rack We have an entire second rack of lab stuff and that's where all this is running So I'm remoteed in all the time, uh, to see all the tests and uh, see everything else. So It's been fun. You last livestream starting a new job. Well, congrats on your new job. Hopefully it goes all really really well Anyway to fall back to tier one, uh, Wan and pf sense had some troubles with flopping wan over failover back and forth every minute. Um Yeah, there's tuning options if you go in there There's ways to tune and set thresholds for when and why it fails over Actually, I picked up pizza just before the stream. So yes Be switching to amcrest That's what I have is all these amcrest cameras. So I'm happy with I like the amcrest cameras They've been happy these are Does it tell me where's this say? Does it say here? Yeah, there we go amcrest I have a video on how these on which model cameras for those of you that want to know See what's on camera today Nothing interesting. Well, there's actually something interesting happening in my neighbor's yard. Uh, he's digging a big hole So I don't think there's any way to see my yeah, you can't see my neighbor Nope, because it cuts off before you see my neighbor. There's my front air though I cut the grass. I did that Well, tune a scale ever get performant I'm doing gluster on a bunch of with great performance and it's easier Uh with the help of anspaul Then true command. I don't know. I mean, I can't see it not getting there. I just don't know when it will get there So that's it's it's taken a long time. You got to remember like trueness core been around forever been tuned forever. So It's it's going to get there eventually Is there any way pf sense to see each interface how much they use daily weekly, etc? Uh, yeah, there's actually some plugins and pf sense that give you uh Per interface uh breakdowns for data usage Green screen the test rack into my live stream background. Yes Uh, we just haven't been um We just haven't really been doing any hot sauce videos. So not really high on the list Dig a big hole like Bart Simpson. Uh, yeah, he's fixing. There's a water main problem in in his front yard. So Uh, that's yeah, so the way it works at least in my city um I don't have a huge front yard, but the city has a connection in the front by the sidewalk here and uh That's where the city stops. So where the water pipe comes in the The homeowner is responsible. So his broke after the city. So now he's digging a big hole to fix it To to find out where the water break is. We just know all the water is coming out of the ground If interface fails on pf sense harbour, can we move all the configuration interface to a sphere interface So we can get replacement hardware. Yes Uh, that is something that can be done Hey, awesome. Glad we can help Glad I can help we I say we because I still consider all my staff and all of us a big team of people that help so to hold by wild rose Yeah All right, well When I'm trying to figure out what is oh, that's a scooter Motorcycles going by lots of stuff I got my motorcycle back too. I just had uh the motorcycle in the shop for some repair But I got to leave I got to go do some stuff and go uh to an event Thank you everyone for joining awesome Hit me up on the forums. Hit me up on twitter. Say hi connect on linkedin check out business technicalities We got more videos. We're publishing over there So lots going on lots to do and uh, I got to get back to it and yes, some of those bigger videos are coming Once I kind of get unburied from a few things. So Awesome. Thanks everyone for joining and uh, hey, hello from the land down under unfortunately I I got to take off now. You reached it. We reached the very end of this So but thanks everyone for joining. See you next time