 And it's live allegedly According to the little thing that's not spending anymore. So I see a good evening. Those are people on the European side of the world, I'll assume It would be good evening there. It's good afternoon for those of you in the eastern standard time And good morning for my friends from the land down under in the Australian area of the world So always good to be here. I do have kind of a hard stop So I can't go too long At about 4 30 ish because I have an event I'm going to those of you that are local to Detroit I mean I've met some of you that were bent on my live stream and follow my channel the it in the d events So go shout out to them my friend runs that so if you're in Detroit and you're bored and would like to hang out And have a beer with some IT people. Oh, that's at 5 o'clock today 5 o'clock eastern standard time at Nancy whiskey So I don't know how many of you are local nonetheless, that's that's where I'm gonna be and It's a night. I think it's hot out. I haven't really been outside today. I was outside for a minute. So Okay One of my employees just messaged me so had to reply to that I was trying to stay responsive to all of them. That's The important part is making sure, you know, you got to be responsible to customers But it's it's an odd thing to me because I've run into this with Several people who work in IT when they have a owner or someone who's in charge and responsible for things especially when they hold a lot of keys to the kingdom and Lock things down to where they're not responsive to their employees It's always a head scratcher for me because it often brings them to a stop of getting things done or moving a project forward Yeah, so nonetheless Uh We are going to talk a little bit about PF sense tail scale unify and some rata. So nonetheless Hello Tom and chat we got a greetings from Ireland Hey Travis, he's he'll be stopping in because he wants to pick something up. It's on the shelf for you So that's there Can't make it. You'll be in bed by the time I get there from the UK. Yes, that would be quite the hike from the UK Denmark think I said Ireland already Netherlands. There's the other one greetings from another lens So I love that people are just from all over the place. It just makes the conversation That much more interesting. Such a diverse group of people here to talk about technology Um, you know, I we and Jay did the video and I still haven't had a chance I kind of lazied on a little bit of it of headscale because I wasn't sure how let's encrypt integrated with headscale That's I brought up because of the tail scale thing head scale is pretty cool looking and I have the demo But I did not set up the let's encrypt and I want to make sure if I do the video on head scale I cover the entirety of the features. So Jay says, hey, I'll look at it This is actually behind the scenes of what actually goes on Jay says, hey, I'll take a look at this and then Jay got just like me sidetracked and um, he got stood up and he didn't look at the let's encrypt thing. So That's why reason I haven't done the video on it because I was like, oh, maybe Jay will look at it Oh, I guess I got to look at it, but You know, it's pretty cool. Nonetheless Something else is kind of cool. I think it's worth noting here and bringing up I don't see any problem with mentioning this because it's public if you had nowhere to look We'll drop a link here in a second So let's go ahead and bring this over here As the head scale team and I mentioned this before even with head scale um You have the there's all the doc. This is because it's all open source is all development documents But let's go over here to the bottom the part that matters Hey, look currently making wire guard easier more magical at tail scale. So The people from the tail scale team actually want to contribute or offer their Expertise to make sure that this package works well in pf sense, which I thought that's kind of a cool thing And back to the head scale thing one of the neat things that was mentioned was the fact that they Have this was a reddit forum post. I didn't dig through the github comments But apparently they helped contribute and help out the code. Um, even though head scale, you know is Basically allows you to tell scale without using a tail scale web server, but it's still pretty cool They seem to be committed to the community on everything. So I think that's a really cool feature That they were doing on there. So excited about their participation in all of it. Um, I just like seeing companies that are, you know, doing Good for the open source community. So contributing back You know, you have the netgate team sponsoring this for it's going to pf sense And then you have the tail scale team going. Hey, what can we do to help? What can we do to make this transition easier? So that's awesome Elbert curkey. I just like saying that word. That's just a cool word. So I honestly don't know where elbert curkey is. I guess I could look it up, but I don't I'm curious enough to look at elbert curkey new mexico so Imagine it's a little warmer there. It's a it's a good word though. It's elbert curkey. I don't know Oh, the silliness nonetheless Yep, new mexico. All right Hello from the other ends. How was your day going so far? It's going well. I have um Had a lot of conversations. I have like so many things going I talked to and I've done a couple videos before with david boomal Those videos are doing well where I did some interviews with him and uh, we're probably, you know, we just collaborating on a couple more ideas I'm still testing all the cisco stuff that he connected me with because I wanted to do a longer term test of switching my unify out for cisco to make sure it works well And that is you know, I don't want to ever test a product of hey, look it works out of the box guys Because that just to me doesn't provide a lot of value to the audience now I'm not going to sell a large-scale cisco deployment to see if things work. But you know it's uh Important aspect at least have done some level of lab testing extensively and things like that. So that's an important That Haven't I seen breaking bad? Yes, I've seen breaking bad but I um I don't know. I'm not good with I'm not good with city names because I haven't been there. I need to travel more That's not my to-do list. I was actually Unfortunately, a big part of my day was sucked up with trying to do itinerary for all my travels because I'm you know Trying to figure out where I'm going to be when I'm going to be there. I'm going to be at comtia chicago Um, I'm still working out a few details but I'll be there for at least two days in chicago then vegas then Miami then orlando all these are different tech events I'm going to be at and there's also a linux one somewhere in between I gotta make sure I get the day for uh that me and jay will be attending. So there's a lot going on and uh, hello from australia that's um A place far far away from me. That's a that's a really long flight. I it's not anytime soon. I think that'll be uh Going out to australia, but pretty cool Have you managed to get auto channel optimization work on unify? I haven't had a problem turning them on auto. It seems to work Uh, it hasn't been problematic a lot of times we just leave things at the default and they seem to work We don't start monkeying with stuff and this is kind of my joke about consulting of how much time you spend in consulting setting things to default Because people go around and go look at all the knobs. Let me change all the defaults and uh, then we spend time undoing all the defaults and That's that's sometimes the reality of it. Uh at some of the fun, uh Consulting i'm gonna i'm gonna pull something up because they always Throw this out there because this is funny, but it's so true on a lot of stuff I put it there 100 dollars if you watch 150 if you help and 200 on and if you worked on it first I kind of You know, it's kind of the joke and it's um just so Much that people poke poke poke at everything and we're like, why why did you change all of the default settings? What did you do? I don't know. I just kept clicking and now it doesn't work. Well that's a problem and That's where the issues come from. I was making sure something was turned off over there but yeah, so don't Uh, the defaults work pretty good for unify Looking at linode recently for a sign pf sets interesting to have to create and start it as first but by booting it's recovery environment um, and then adding, you know, I've never tried setting it up in linode that probably would work, um Yeah, I I haven't tested it. It's been like something once in a while. That sounds like a fun idea and then I kind of fall off of that fun idea. So it's a matter of, uh I don't know. I don't have a solid use case for it Uh, so I haven't tested it. So it's not it's not something I've spent much time on It should work. I guess just gotta figure out what their process is Oh hot sauce talk them some let's go ahead and get that out of the way because That is the um, let me pull it up A paint apple I gotta find the link for it Throw this up here. I should probably mention at the beginning. Um, we did do some hot sauce. This is just um Paint apple hot sauce. It tastes like regret. I'm not gonna put it on my record render list. So Uh, but I'll put it on ones I've tried now I don't know if it was amazing or not. It was definitely really hot way hotter than I expected. So Um, that's just paint apple by burns mccoy. Now in generally speaking Uh burns mccoy They just make a lot of good hot sauces. I will recommend. There's uh, this one is really hot But there are other ones like their verde sauces roasted habanero are really good. Um The hot sauces are good when they're hot the mango habanero. I think I like that one too um But yeah the burns mccoy in general. I uh, they they make a good set of sauces. We'll go with that So there's the hot sauce talk You have a question I'm looking at upgrading my current mesh uh neckier orby for a more advanced network of vlan Any good tips for equipment sadly wireless uplink rental on the flat for unified, you know, a question comes up a lot I got DMs someone DM me again. Someone tagged me in twitter. This happens almost almost weekly Um and sometimes a forum post. Hey, tom. I want a unify alternative that has better support and no license fees I don't really have a solution for you at that point, but I will say unify makes a solid product I think they're reasonably priced Uh, it works, you know in if you can't do because it's in a place that you can't run wires They do offer mesh networking Uh Matter of fact I think I have one I am going to review this but not at this exact moment. You guys reminded me that this was a box behind me I have a tube A tube of unify. So we're going to review the unify tube And I really this is a solid tube. It's actually really heavy. Um, it's got a good feel to it But nonetheless, I will be reviewing some more unify stuff. I kind of got off track and I there's a lot of other people Reviewing it, but a lot of people see don't want my opinion on it as well So I got a bunch of unify stuff that I bought, you know, completely I bought it. So I'll be doing the review and offering my opinion But yeah, you know, if it's not a bad way to go with it. So good stuff Does a stronger password of your pf sent positively affect how secure it is from outside intruders Um, you shouldn't have your pf sense open to outside people end of story I don't care how strong the password is Don't open it to the outside world is a better experience. So don't open your pf sense Uh, strong pastors are encouraged. They're great, but not opening it to the outside world You eliminated the place where they're coming in. That's the best, you know deal Why not unify wi-fi only or everything? Um, the unify like for the wi-fi is great I'm not their firewalls. I've done some reviews and maybe I need to do another one It's doesn't have a lot of in-depth features, but it may have the features you want So do you need vpn access? That's the biggest question with unify. Their vpn is mediocre at best It's not great. So if you are going to want a lot of vpn integration Unify is probably not for you. Uh, that's one of the reasons I reckon pf sense so much because it's so diverse It's so feature rich. They added tail scale for people who are behind cgnat, which is amazing But it's really comes down to, you know, what features that you need. It's nice having everything integrated in one platform I agree with that completely I just wish they did a better job on things like vpn and failover and you know Better vpn features overall not just checking the box that they have it with p with the unify stuff Do you recommend to try out pf sense instead of unify udm? Uh to increase the learning curve. Oh, you're going to increase the learning curve of it That's you know, unify's goal is to set it and forget it and make it really easy Which is nice. But if you want something more in depth, yeah, pf sense has a steeper learning curve. There is no doubt. So um All right, cool. I'll see you with these messages. We're in if they were anyone's are important. It's not employees Um nonetheless The learning curve for sure. You're gonna learn a lot more about pf sense Looking to move uh from make your tick does pf sense do vrf's uh in an understandable way I don't Think that's even support. I don't think you can do vrf in in pf sense the uh Yeah, I don't think that's something Yeah, there's not any uh native support that i'm aware of for it. So I just double checked and googled real quick So nope You should be logging in directly your pf sense. Uh, you shouldn't be yeah, you should not be logging in Anyways, correct Have you ever used drt just found an old router through it back? I threw it back on 2008 I probably haven't used drt since 2008. I know the project's still going. I just don't use it Do you have any idea why if I ask this point keeps dropping ss ad's and restarting them sometimes two times a day bad cabling Bad power those are the two most common reasons Check the log files. That's the most helpful Or set up logging so you can centrally log everything as you're going through it Have you encountered juniper mist line of products? If no, which thoughts on it. Nope, haven't used I mean, I'm aware of a lot of the juniper products, but I haven't really used them The problem with not just unify but many many companies is a lack of availability Access pf sense from a vpn. Yes Tail scale is another option because that's uh one of the things I threw in the title here today Don't open anything you don't have to the outside world look at the apc hack that a lot of people shut down ups Is over remote management? Oh, yeah, that's a whole another one too Yep, yep There's another I tweeted out today because there's another incident from Uh, what's that place called? Um at lasty and Hard-coded credentials who would have thought anyone would ever figure those out Yeah, those are fun times On a project we need to use a neck gear m4300 switches to unify any suggestion for wi-fi apc from them I've never used neck gear Uh any of the neck gear stuff. I can't I don't think even reviewed it ever so not I don't really have a suggestion on neck gear things I have three asus wi-fi Wired together to increase my wi-fi rancher house, but it keeps dropping out quick turn on off phone fixes it anything to check Uh, not really those consumer ones are sometimes not always the best and I don't test them very often So I don't know their current status of how good they are once I moved over to you know years ago 10 years ago more or yeah, like 12 years ago. I started using unify I quit using all the consumer stuff and I quit even testing it It was just so much better to get into that now I've tested other stuff like aruba and things like that But the consumer wi-fi market just it's lowest how cheap can we make it and it's just not good That's generally my my feelings on it. Maybe I'm wrong. Maybe some of the products have gotten better But the overall feeling I have is it's not great Does the device on my network Uh, we'll count against a tail scale device limit. They do not and this is one of the things I pointed out in the video as well Uh, you're limited if you for example when you're using tail scale, um, we'll pull up their pricing so the tail scale has a uh free tier And they're free tier You know up to 20 devices PF sense is only one device a device is any computer phone server with tail scale installed connected to your network Device limits are pulled across your network. It's a Um device running tail scale. So if you just have PF sense, you've only got one device PF sense, uh, is a build as firewall so it can come with routing features maker ticker develop routers who can Do some fire rolling. Yeah, that's very true in The in micro tick is also a little confusing to use. Uh, sometimes there's no doubt Any idea if they're planning on for sd-wan? Glad you ask because tail scale is an sd-wan I I you have to be more specific sd-wan is a great marketing term Um that encompasses many many technologies What is the specific use case you're having because technically tail scale is an sd-wan product? So I can now say that they include What falls in the category of sd-wan? I have a whole video if you look at my channel about sd-wan because I talk about what it means across a lot of different venues so Already running p.sense and loving it now. I want to get control of everything else vlan wi-fi separate ssd. Thanks for the amazing videos Awesome. I'm glad they were helpful Regarding optimization the option doesn't work on our controllers wondered if you know how to get it start working It worked a day to stop the support haven't been helpful either. I don't know I haven't seen it stop working when you turn it on so that I don't have an answer for um Check the logs look for errors in them. That's often where we start with everything For a couple vlands, uh, are you suggesting later two or later three? You don't need a switch You need to switch to supports vlands. You don't need to switch to supports routing Uh, most of the time You know people ask for it more often than they need it I have a video explaining how uh switch routing works as well that dives into those details No supply chain shortages with a unified tube. I don't know I I my staff ordered it and said tom review this so that's where the tube came from I mean, I bought it, but more specifically my staff bought it Uh, let's see your edgy opinion of xxl, which has mesh and uh My xxl opinion, let's go ahead and pull up. Uh xxl opinions yxl hard coded passwords so, um This not not once But at least a couple times We they decided to do things like this. Um I don't know why but this is you know xxl, let me pull it up here and their hard coded password problem I don't understand why companies think to do this. Um, that just proves to me. They don't care as much about you know passwords uh, so Yeah, that's just silliness so according to xxl the Z y fp account was designed to deliver automatic firmware updates to access point v ftp We're guessing the plans for wireless access point in the network to call home regular basis to local router and check for updates That sounds harmless assuming anything down will be up to be digital signature given ftp connections themselves are unencrypted and therefore easily tampered with But it's just silly like they I don't think they were malicious. They were it's either you're a malicious or you're inept Neither one of those answers being yes makes me think I should use your networking gear products It just happened a couple times as xxl so I kind of like don't like their I didn't like your products begin with I play with an in care form and uh, yeah them having hard coded credentials and things like that. Yeah There's an issue Uh, let's see Do you have recommendation for Uh, to have a better view on unify logs instead of the clip. Um, yeah, we use gray log so gray log pipes all the, um We pipe all of our logs via syslog to gray log out of unify This gives us visibility into all the little details on there So gray log because it supports, you know sending things as this log server send it to your gray log server um That's kind of the go-to solution for a lot of that Anyway, you know as the devices, you know do their thing You're able to track and log it and when you have disconnects when you have errors You have a nice journal of all the things you can track down within there to determine what went wrong Centralized logging man. That's where it's at Any recommendations on a local print server sharing windows love is proving a giant pain. Uh, usually windows server That's what we use for a print server Hmm Well windows servers will be used for our clients We don't have a central print server at my office because we don't really print anything We have a network attached brother printer. I think it's a brother. I don't know probably it's a brother could be I don't remember. I don't print very often. I have a brother printer network attached it here in my house Mostly for my wife to print and about once a month I print things Is there a way to put more than one ip in a unify switch No, not that I know of I don't know why you would need to either I don't understand the need for that Not sure if that's still a thing in unify where it disables sd. You've lost the internet. Just something you remember it does do that Um, I think it still does that when it can't ping out it will disable I don't remember what models do that I wanted to dig into that because that was I thought the feature was supposed to be fixed And I realized when we were resetting stuff one of our unifies Uh went blinky Uh when it didn't have internet and I'm like that's interesting. So Yeah, consumer mesh ap can fix such a nightmare. Yes, absolutely So I don't do them. They're harder. They're literally harder to do it on the consumer devices compared to the commercial ones Do I think unify will integrate in a tail scale in the future? No I don't think they plan on any integrations for it matter of fact I got to dive into the way they're doing their vpn because it confuses me You know, you have your new what is that product called the um The the unify product that's for accessing things Uh, they're like their secure cloud thing like they're pushing it. I looked at it and I said It you have to sign up for a cloud to have it talk to your unify to have it kick out a vpn file Why don't I get the vpn file right out of unify? Well, because they designed it in a more complicated way to try to make it easier for doing things But I don't know so I don't expect them to go to tail scale that would make things too easy Not I mean Hacking support on there versus official support are very different things Really hate the fact that they assume that you want jps go down and you lose internet seems like you've really done my idea to me I'll go with y'all in on that one That's why I want to Revisit that topic and play with it and figure out which I have a bunch of them in my office I want to figure out which ones do it and which ones don't Hello from the netherlands and thank you for the donation benjamin. Awesome. Thank you for the content Very much. Thank you for your donation very much I know I can have multiply p's on my arista switches, but I don't know why you want them That's like because you can we got us is one thing, but what's the use case? That's the part i'm missing. I don't understand why I would want that Was a really good cctv sub news currently using blue iris. It's just a really good linux based one a while back I completely forgot the name I use synology for everything does other linux open source ones exist. Yes um I can't remember the name of either surveillance The island is hard to spell It is right now at least Zone minder was one of them, but there's another one besides zone minder that has a weird name I can't remember the name of it. Um Zone minder is one of them out there. None of them are good though I wouldn't put them in the category of good. Synology is what I like. That's good So synology makes a really good one the other ones where yeah Unified wireless uh theoreticals are great, but what about the max number of devices you've been able to safely and reliably connect to the unified ap um I'd have to go digging and look I don't recommend I mean if they say you can put 200 devices on it cool I don't know that I would recommend hitting the maximum because can do and Works well are going to be two different things once you get to that level of device density If you don't have one of their high density models that claim to support 500 We try not to exceed even the 50 percent mark of those like we spread them out more Um, because I just know you're gonna get a better experience. It's kind of like saying could my truck Drag some incredible amount of weight or should my truck drag some incredible amount of weight. Could it do it? Yes, could it do it? Well probably not. I don't you know, I know what my truck is rated for like how big of Something I can tow is the maximum rated weight is not what I would recommend The connectivity part sd-wan Is not the main selling part the safe story Is what vendors are focusing on right now the overlay technology of sd-wan is commoditized and security is what matters Yeah, and I haven't really been uh I've not seen any sd-wan vendor that blew me away with their security offering Uh and and actually wowed me with it. A lot of them are even the claim. I think it's oversold PF sense are open since I'm all day on PF sense, but use what makes you happy as I say switches that are vlan aware Not enough memes about xxl. You're right. I should work on that I should work on more memes Yesterday during the homelab show u and j's tear me towards tail scale. I absolutely love it As someone who uses mobile data wi-fi is terrible uh on phone, but now still access my homelab. That's good And it took you less than 24 hours to get it set up Uh, do you have a video on how to uh configure unify your unified report gray log? I don't but I started signing in and then I started answering more questions. Uh, it's actually I think I gotta switch to the other network. Hold on switch to the right network for this I think it's under system. It's just an entry in the system. Let me just find it and bring it up There we go We'll share the screen And there you go You just put the syslog host in and the syslog port You're done. That's it. So I don't think it needs a video Um, it's just a matter of piping it to the port now inside a gray log I had to set it up to receive the unify stuff But it's just a system setting and uh, you just set the syslog host. That's it There's there's nothing else to do and this goes the same for most devices. You just punch in the syslog host and uh They collect data make sure you have the port ready and set up. I put it on port 1517 That was pre defined and predetermined by me. Um, so yes Synology yes I see people answering I'm get Shinobi was the other one shinobi is a uh I know I'll just give a shout out because it looked cool. I don't remember it working very well But it's been a while since I tested it I'll just drop a link here for that for those looking but shinobi was one of them. We had a cool website So I don't know how good it works So that's what it really comes down to right How does it actually work? Are any benefits using two and a half gig at home usually not people get excited about it But unless you actually have the need for that extra speed then no I love to see info on wire guard, uh, in true nascale custom docker images. I can get it to function on scale But it's a but it's a docker. Um I don't really know because I never run a fire a vpn on my storage server I mean it doesn't make the most sense to me as the best way I could describe it I run it on my firewall and not my storage server So I haven't spent a lot of time on it because it's just not something I use And uh, maybe I don't understand the use case for it as well Do you have a plan for the next homelab show? Yes I have a good plan too. I I'm waiting to confirm. I don't want to say it in case I curse it But I'm waiting to confirm um two guests at the same time On one topic. So yes Uh best service to backup office 365 I don't know what the best one is but uh, you can do it with synology and it works pretty well So synology is definitely an option for it. But there's also Off a msp 360 is another popular one I don't want some layer three switches so I can offset traffic and offload heavy load to file server Doesn't have to go back to core. Uh, you don't want unify then to unify in layer three routing is terrible I say that repeatedly by a different switch Um, also don't route your and let I mean, maybe you have a scenario you just have to do it But don't route your file system traffic I never run net data on pfSense. I don't really see the reason to do that. So My storage is array of multiple servers Create subnets and each thing talks directly is usually the better way to do that. So So Zone minder does his job on a raspberry pi 4 ssd plus a bunch of interesting If you need 2g at home, you probably can benefit from 10g. Yeah, I mean it really comes down to your connectivity The 2 and a half g people always see more excited about than I do It's because 2 and a half g comes kind of after 10g the real need for 2 and a half g comes from Hey, guess what you can reuse this existing wire Such as cat 5 and get 2 and a half gigs out of it It's it's kind of a Stop gap because not everyone's willing at the scale enterprise works at to rewire the building But they'd like a little more speed. So it's a fit For home use 10 gig is not that pricey. So if you need something fast connect at 10 gig. So Could you run pfSense on eify dream machine on the same network? Yes, I have a video Put in unify pfSense or udm and pfSense. I have a video It's a dumb idea But I did the video because a lot of people ask like I get it you bought one You don't want to get rid of it that makes sense. So there is a you don't want to just throw it up on ebay and sell it so uh But what I recommend buying both of them not particularly not not for the there's not like a solid use case But it's usually the use case of I already have one but now I want to pfSense I started running where you got on a firewall two tunnels and subnets to figure it It would be more granular if I put each on a docker image to minimize privileges You can I don't know how well that performs. Um It's a different approach to doing it But I'm generally doing it through the firewall because well it has to go through the firewall anyways You do video comparing issues with layer three from unify versus a better layer three such I don't know that that's really much of a video like unify just does it stupid and other companies do it normal Um, that would be the best way I can describe it Like it's just unify has a weird way of doing it and not a common sense way of doing it They create like if i'm not it's been a while since I looked at it. Um, but they they basically create Some intermediary networks Um to route through versus the other ones like other people said hey, I might risk the switch I can just add ip addresses and routes. That's correct. You can just add ip addresses and set up static routes on your switches But then unify decided to do something completely different like they didn't follow what any other switch company does So I don't know if it's really a video. I'll do or not thoughts on vulnerability manager tools That don't cost an arm and a leg That's tough. Nessus is really popular. A few of my friends use it. Um, I don't know they're They're all expensive, you know, all the companies doing it are all expensive and uh, I don't really have an easy answer So I I have not set down and tried to compare all of them. Yeah, it's a pain I have a VPN running on trueness core install at my mom's house. They use it for off-site backups I've not seen it can't be done. It's just not a common use case for me I have all my rules. So my pf sense Handles all the vpn and then my trueness based on those rules within there are allowed to talk to each other based on Granging or permissions. I've granted them So that's just where I like all my rules all of my rules in one place Which is my pf sense handles everything one place. That's just mentally easier for me But yes, you could get granular Um and set all the rules inside of docker images on trueness scale As a new home networking hobbyist, what network knowledge would you Would be good to first learn that's a hard one. Um, but yeah, there's To start with a goal and that usually leads you to what you need to learn to get that goal achieved So figure out a project that you want to do Start with the goal is the project being completed and working and then start working backwards going What do I need to know how to get that project going? That's usually my my way of learning In the case I recommend a dedicated, uh nix Even more one for storage sink net one nick for client facing storage. Yeah, that's how we do it We have separate nix for the different storage connectivities. Um, that way The nix for storage are also separate from the nix on our vms Where the vms provide data So we have a storage network on some and we have a data network on the other that way we're Not trying to route traffic because that's As a matter of fact, even 10 gig layer 3 routing is going to require a switch Fast enough to do 10 gig layer 3 routing meger takes an example of this. I talked about this when I reviewed it Can it do layer 3? How slow is it at layer 3 and I referenced the serve the home who actually answered that question That showed how slow the layer 3 is on it a switch that can mount that can route a layer 3 and I switch You can do it fast. There's a price difference. Um, that's something to consider That's why generally you don't route storage Sericata block tail scale. Yeah, sericata. Um in tail scale, they're not friends It does things and tail scale goes look look at what I'm going to Look around and make this work and sericata goes. That's a suspicious behavior. So yes, you're right If you have tails, if you have sericata turned up, it'll detect tail scale It's weird that it doesn't detect it as tail scale tail scale's been around a while I figured to be a rule that goes I know what this is It's tail scale and it should have that in her. I didn't see it flag that rule Just followed your udm udm pf sense video. Great. Awesome. Glad that helped A layer switch configuration with pf sense is a bit confusing um Maybe I don't know. I don't see I maybe I'll do a video on it. It's setting one up grab a switch It's just a lot to set up for a demo And for something that's not used that often really The goal worked. It also dreamed a bank account. Yes Uh, what surveillance camera is your favorite? Um, we've been really happy with the Um Which ones am I using? I always why the name is on tip of my tongue. I'm going to pull it up One in doubt pull it up I did a video on these you can find it on here. They're the Uh mcrest So The mcrest cameras work rather well. This is my serinology surveillance station Actually while i'm here in case anyone's wondering we're counting cars That's still a thing we're doing that's been kind of fun. Uh Detection results report car counting we've been doing Uh Almost a month Yeah, here's a month of counting cars in front of that drive by tom's house every day So it's they don't just work. They got some cool features in these analogies Because my friend didn't understand it. I have a non tech friend. We were talking about it He's like you counted the cars on your camera Like did you have nothing better to do is how he replied and i'm like no not really and I said Oh, you think I actually counted them like on the camera. He's like, yeah, I said the machine does it. He goes. Oh, okay Uh Fun stuff Yep, amcrest. That's the ones And uh, I have my video on some of the advanced surveillance features that come with Synology, I'm doing another video on the deep video analytics that's come with Synology including this feature here Um, but yeah, yeah, the the sounds you works great. I'm really happy with it works great with the cameras Um, it occasionally gets things wrong Uh, but all of them do and it's actually the camera is getting this particular thing wrong Synology is a little better than the cameras, but if I go through my recordings And I filter them for We're gonna go drive way Event type is What would it be? I think it's just advanced event. Nope. I got the wrong filters Just advanced event There we go Like last night something set it off. Whatever this video is. Let me look at it. I bet it's a spider. Yeah Now It thought the spider was a person. So please note this it flagged this as a person when that spider came in I don't know why it shouldn't have So it decided to and I don't know But it does that once in a while. It did that last night and then this morning My guess is is it detected my wife driving off? Yeah, so this time it flagged it properly because it's seen the car leaving the driveway So once in a while it gets things wrong, but the overall I'm really happy with it There's very there's very few detections where it gets false positives What do you recommend for threat management for home security alongside pfSense? They're all in one solutions like untangled surface that seem to be some fly things. Are they worth the dollars? I mean for home, I don't use anything. Uh, I The problem is and people realize if you're running something like suricotta or snort You now have a job of managing all of that yourself and dealing with all the false positives and investigating all the false positives Honestly, the microsoft defender software works really well for an endpoint security if you're running windows um, but the threat management stuff on Your home is probably pretty minimal And uh separate your network, you know separate the ability for lateral movement for devices If you have someone on your network like a kid upstairs playing games He should do that on a separate network that's separate from things that I I find important that have logins Uh, and then I don't worry about it too much It's just generally not the way the attacks happen most time you're you're most likely to be attacked Via a phishing email you clicking on a site a flaw in a tool you're using those are the most likely scenarios Not your firewall the firewall is blind to most of the things that are happening because there so many of them are encrypted So many have said the other day of oh you got to block all the outgoing ports I'm like you realize modern malware Not the amateur stuff, but the modern real malware out there generally beacons out to Uh, let's encrypt certificate all encrypted over 443 They wrap all their cobalt strike being a popular beacon system That's all wrapped in security and looks like any other transaction. So yeah Do you recommend analogy or true nast? I'm a computer engineer I do like the challenge of building a true nast But worried about the power consumption versus analogy you can build a true nast It doesn't consume a lot of power. It's just not going to be cheap Bugs love the ire light. Yes, and therefore spiders like the ire light because it attracts the bugs and the cycle of life continues the the web of life there The nvr surveillance pro software leaves a lot to be desired. Well, I mean Do you have I seen more advanced ones? Yes. Have I seen the fees that come with some of the more advanced ones? Yes I think Synology meets a good middle of good features and uh Not being crazy expensive Unified cameras like to flag spiders as people too also birds if they sit in front of the camera. Yes Spider qc tester, we'll go with that. It's weird that does not detect it. Thank you time for doing that very awesome Um, what would you say is someone calling unify apps pro servers sort of actually Something business ready with the router you sysco rubo watch card or something enterprise. I don't I just don't split those hairs I generally I mean people call it what they want There's I actually had a conversation not that long ago Where someone was a pretty much a smart ass to me I was at a school board meeting that I was a paid advisor for by the way Not like a board meeting like open forum, but I had suggested A pf sense of the solution and they had made the comment We don't have time for your open source toys tom because the guy was pushing sysco By the way, there's still my client and they're now using more of our stuff But you just kind of Some people have it in their head. That's fine. We've had people that get it in their head They want a certain thing and we'll quote it out for them with the thing they want and sometimes they go I can't believe it's that much more expensive. I said Then buy it which one do you want? I can do it with the unify for x you can do it with the sysco for y You decide he wanted to go muraki because you think muraki's got better support muraki does have better support Here's the license. Here's your commitment for it. You know, that's what you want to go with awesome This is what it costs One simple way to help protect your pc is to give your general user account admin access set up a separate account account Yeah, practicing principles leave privilege on your computer. Good idea as well Uh, what is the technology up to you? Look at they have their own app for um, they have their own phone app So it's nothing really you have to do To sound you have some way to custom order and ask they make boxes designed how you want them designed so you uh You know you get the ones you want they have a whole list of them you buy them You're not really customizing them You'd pick the thing that fits your use case or the workload and they have like a surveillance station finder They have a what apps are you going to use to narrow it down? They have a nas finder on your website to help narrow that choice down You can put well and deep as a cell but it's going to be seen and might get blocked Uh You know That's what everyone thinks the the salespeople will tell you that deep ssl will discover it If you want to watch all The proof you need Look what happened with solar winds and their orion product All those companies that got hit Including mandion Mandion especially had some of the most advanced deep ssl inspection ever They didn't know until someone told them what it was Until they found it on their network. This has been my argument about these things You only can know absolute knowns if they're not known It passes through these firewalls and does nothing it goes through and owns 400 fights uh fortune 500 companies that all have sock teams every one of them and every one of them missed it Because they didn't know what to look for so the deep ssl works as long as they're using a known ip address Of a known threat actor of a known system and we absolutely know the pattern That's it if they don't know all those things It's just something that passes through the firewall like every other website that uses a let's encrypt cert Which is a pretty substantial number of them. So yeah So the salespeople uh don't win over very well on me on that Correct me if i'm wrong but isn't synology span station free after the price of the hardware cameras and the per camera license Yes, they do not have recurring licenses on their surveillance system or the device itself Uh, yes sysco and their deprecated cryptography. Yep Your gifts are awesome. Help me novice set up their system. Awesome. Good to hear Have any good resources for running a layer two tunnel over existing layer three vpns can find a good resource I don't have a resource for that. Sorry Um, I haven't looked at blue iris in a long time. I just don't have an interest in it It's to me a very consumer product that doesn't excite me um It it's novel it runs on windows is pretty much why I don't even have an interest in it if it ran on linux I might consider it but the fact that it Last I checked it only supports windows And uh, it it's wasn't that interesting to me. Some people seem to like it It's kind of neat because there's so many things you can configure with it I've seen people integrate it into home automation. It's got a lot of expandability It takes a lot to get that work. It's not like out of the box. It has that it takes some time and effort to put into it It's not a horrible product to my understanding, but I don't I don't feel as though as it's professional or good as uh sonology I wouldn't do it commercially as a home user. Yeah, maybe play with it. Maybe it fits your need really well um, but sonology happens to just be very turnkey And we've sold these a lot to businesses and even a lot of some of the home users Uh go wow, this is easy. Matter of fact, my wife likes the sonology. It's simple to her It just works. My wife is not a technical person and that kind of my joke it passed the wife test or just generally anyone who is not Technical using it. So my wife not being a technical person. She has no problem understanding how the sonology works And looking at the cameras it works when she's here. It works when she's not here when she's external So, yeah, it's just simplicity Do you have any videos on device pass through? Nope And I don't really it's not really high. Am I to do this to do any pass through videos for xcp and g Tom I've used several your videos to set up my pfs. That's very well. Thanks for putting those out awesome Can you integrate pfs sensitive to home assistant? Actually, yes. Um, probably it's not native integration But you can Do things like that. There's probably a way to do it So I yeah Maybe um, I don't know I am going to wind this down a little 10 minutes because I have that event to go to so 10 more minutes of questions Yeah, the um, I think jay has an integration in there There's some trickery he did by creating a user And an ssh key I think and then having the home assistant ssh and a pf sense to Trigger an event jay was playing with it. I was kind of I don't really have a use case for that But I think jay was using it to trip firewall rules Um At certain Based on something that happens in home assistant like it was a proof of concept. Uh jay from learnlinx tv talked about We have no documentation on this. We're just saying there's probably a way to make that work so yeah, I It might be kind of fun to play with Is it nice outside? I'm gonna look now My wife's not home still the car is still gone empty garage What do you think of my garage is the motorcycles? so Hey, why not? You know for the last few minutes. I'll jump off topic because Do that occasionally so the uh I did manage to hammer out with a friend of mine Did some mileage so I uh Commented on this before though the we just I hammered out another 700 miles with one of my friends on uh Motorcycles and off-roading so that's what I do on a weekend sometimes And that's actually 700 miles and that's with the trip getting cut short. So We had to reboot my friend's motorcycle, you know So there was still some tech things to do on on the road the uh the computer got The computer had an error and we had to restart the computer to get the You know the motorcycle computer to get the bike started again. So it would go down the road Uh, do you think you'll be uh Yes, it will be back in stock. I just can't predict stock Are you an wife in the gardening not at all not really my thing um, I've never been big into that You know, it's just not not really me. I actually I brought before I grew up doing a lot of that stuff, but um You know the closest we do is uh, we like our backyard being nice and stuff, but not actually gardening The only thing I've done with layer two uh over layer three was able to use dcp from D sure instead of uh It's own block for the open vpn There is an integration you created. Okay, that's neat that there's some on error created Buttons to activate vpn rules for the tv so they can change vpn country on netflix. That's a very clever use case I'm not gonna lie. Um, I like that. That's that's neat. I don't really have anything internationally that I watch That's why I probably it's not a use case for me, but it's pretty cool I finally have a start date seven eight weeks. Uh, awesome Thanks for answering all the questions. Uh, and thanks for all the videos since found your channel I purchased my first unified equipment out pf cents. Great glad you got started on there. That is awesome Our oh, there are some open vpn clients. Yeah, I think that's Probably true Probably true. Well, I'm going to get going to the event We have what just a couple more minutes five more minutes of questions and stuff like that Oh, yeah, motorcycle road trips to the back roads absolutely that is um That's a lot of what I end up doing is uh Just doing these out a lot of off-roading, you know hammering out a lot of miles of my uh My adventure bike. That's that's my disconnect from all this tech that I do all the time. So Uh, there are limits to how much time they take off. It's not unlimited, but it's it's generous. Um, above average, I don't know. Uh, it's They they usually don't want to use it all Uh So far, I don't think anyone is even halfway through all of their Uh, paid time off. So I try to keep it rational. Well, I'm you got to try to keep the workplace nice and a happy place to work Thanks for all the pf sense fits. Yeah, I got more coming more coming on this, you know more I don't know that'll do in our tail scale video because I think I covered it. It works great. Um, but the The definitely the um the head scale video is coming where I will be covering that Hardly ever take time off spoken like a true american. We're americans. We never take times off But every time I have a friend in europe, they're like i'm on holiday this month It's so much different over there. It's just this weird I'm trying to because I never take time off myself and um, I'm trying to Schedule time because I do intense vacations like I did, you know Three day weekend or two day matter of fact, that was 24 hours 700 miles and lots of off-roading I did so I usually do a more intense vacation I I need to do like a real I and it's not to relax because I don't really relax a vacation I need something that I'm doing intensely. Um, that's still a vacation to me. It's just a a Vacation, I guess I would define myself as some time away from tech, but I love my job so much It's really hard to take a vacation I think my time off right now is working at this end of your two decades as assistant. Yeah Okay, you're time off. You don't take the time. Yeah Yeah, I don't know. It's it's a it's a tricky balance. Um I don't like even when I go to events like my travel events are business related and It's just I don't know. I don't I like the Schedule I keep and the rituals I do there of you know what I mean? It's always I I'm in a process. I do this. I do this. I do this and when they get disrupted I don't get aggravated, but I feel lost a little bit. So always trust that process you've created for yourself has been in my head I'm European barely do any vacations these days. I have due to laws. I get board networking. I like yeah Yeah, I Have you been to spice works? No So nonetheless, all right now we've reached the end because I know Brett's gonna be here soon because we're riding together to go to the event So thanks everyone for joining. See you next time head over to my forums for a more in-depth discussion I think I mentioned before I'm like Amazing how many people into forums it's becoming a very active group That's where I spend a lot more of my time or acting with people because the youtube comment system is hot garbage As everyone knows I do enjoy these live streams a little better, but yeah Definitely the forums are where I will give you in we can have an interactive discussion with screenshots and where We can discuss a product and actually you post all the links and everything else all the things you can't easily do with youtube So that's definitely fun not to mention. There's a good audience here. There's I believe right now There's over 7 000 people on my forums. So yes plenty of people to interact with Many of them taking that some take time to do some nice write-ups as well, which is awesome I love when people, uh, you know Put together some of the answers to questions with an in-depth awesome. Thank you Please never go and say I don't be that person who says I solved it But don't say how we need to know how this is you bumped it like two years later problem solved But wait, how did you solve it because we all keep landing on the same question? So that's why I always encourage forums. I try to even answer the questions You know if someone didn't have how to solve some of the problems, but thanks again everyone and take care