 And we are live. I think I got the microphone in the right place me. Oh Bring it closer. There we go. Who's rate argue about firewall rules? Let's see. Hello everyone. Let's see off to a better year. Yes. Yes. Yes Hey, all hell Sweden to two different people from Sweden awesome The Ikea brothers There we go, let's see I Have no idea you PPS la Sala. Yeah. Oh, I can't say that. I mean, I probably could try but I don't want to I don't want to say it wrong. Oh Oh Sweden, Switzerland, Australia, Norway. All right I'm on low. I'm always on low latency mode. It just That I don't know it's not always low latency. So Yeah, it's my goal is to always be low latency No log for Jay's dying down The the this is this is something that you know, we were trying to reiterate the tech burnout that's created by everyone Oh my gosh, here's another thing and one those things aren't that big They need to be addressed as not that big. So the later Findings of log for Jay aren't near as bad. They're harder to exploit Yeah, so I'm not saying not to patch. I'm just saying world's not on fire Well, the world's on fire in completely different ways unrelated Ubiquity hasn't done any new patching because they don't need to that's just And that's here's one of those things this is one of those Even with the vote there's a 2.17. I think it's a dot one now but but it it takes You have to read all the specific conditions. It's not only non-default it requires These other things to be factors This is one of the reasons you don't necessarily see an update from Ubiquity because if they're not affected by it They're just gonna wait till the next several iterations of it come along And if any of those require a configuration that affects them, they do it. This is just how things are It's not like you need Something more and this is just where people I don't know why they have a hard time with it, but they do they I'm like you just don't need that. It's it's not is necessary to have A patch if you're not affected by it It's like yeah under these conditions But those conditions will never be met because like if for example an Apache is a great example of this People were upset because of the Apache Lua thing and I tweeted about it the CBS score was really high and I think it was a nine something but There's just so few now. This is where we have to add context to it Lua is a very popular language Apache is a very popular web server There is not much of a crossover though If you made this event diagram of things that use Apache things that are written in Lua that need the mod Lua enabled on Apache to create this vulnerability. So did I panic? No, I read the details I decided that as soon as the patch is available great because the other if there's no patch available for a system I have to turn it off to because off is better than hacked. So you make those type of decisions We talked about this last week when we were talking about threat modeling and you go, can I live without this thing? Yes, you can this is alright everything you can live without technically as long as it's not life support of some sort But you go do I leave this HTTP server up? Well, you start looking at the threats You're like, oh it has to have my Lua enabled in order to exploit this flaw found in my Lua under Apache But it starts as headlines from all the different cybersecurity news places of you know Hi CVS CV score in Apache and everyone goes. Oh my gosh Apache everyone uses Apache. This is terrible and then it's like Oh, by the way, it's only under this specific condition with this. So Yeah Anyways Does anyone use Lua to patchy? It took some googling. I found something that did but it's there's not a lot of there Nothing. I'm not seeing nothing but nothing that is major popular not like WordPress now if it was WordPress Yeah, that's hair on fire because if it was a flaw In a mod that was used in Apache that was required for WordPress now. Yes there you have concern But man, you can do some googling and go, huh? There's really not much other than some specific use cases where certain people like there's a mod Lua Enabler for certain wikis under certain plugins that need it like it's it. It's not a popular plugin at all but You know, so it's the thing Yeah, it's like someone said right here I never had an Apache with enable Lua. I haven't either. I double you know, I looked at all of our installs It's not it's not on by default and if everyone's practicing principles of least privilege You only enable the modules you need and not all of them just because they're there And uh away you go But fusion pbx uses Lua, but they're running engine x as the webserver But do they use Lua as the language or they are enabling Lua as a module in engine x? There's a difference there because lots of things can be web available But don't necessarily use Lua. That's it's a kind of a niche thing there. I just don't think it's a popular use case. So yeah, um We had a package in our steam appliance product. We could uh Find a couple days, but then and then no problems. Yeah, there's um That's another issue like a lot of some of the sim tools are based on well Some of the cyber security tools are based on elastic the reverse engineering tools Some of those that was the the hydra one that is offered up by the NSA that has that in there as well. So yeah, it's kind of fun that some of the uh, cyber security tools will literally Be that on there. Um Oh, let's see I'm gonna go with this one here. That's my that's the right answer Didn't realize a patchy had a lua module before the uh cve. Yep fair enough. That's uh Have you tested the net ali 10g network tester? Uh, nope, I have not Don't have one not on my Not a high thing on my list You know anytime we run cable we run the cat 6a plug it in 10g Great cool. I don't really need to test her Use good cable and um The problem kind of solves itself there. So it's not that big of a deal to me What was I going to log into? Mark all is right. There we go All right Uh I really want to use barrier uh j at learn linux tv uses it and it was just like randomly Okay, people talk about things like facebook and social media and your phones listening to you because you see something come up um, it's actually a mental bias if Jay and me we're having a discussion because he uses barrier for connecting a couple different computers thing is barriers when he's used And then I happened to notice Barrier showing up in there. It probably showed up many times But I didn't notice it But your brain connects it as a coincidence and then you go, ah My the youtube algorithm somehow heard me and popped this video up just when I was scrolling through youtube Um, or it could be because I watched linux videos on youtube So linux videos being suggested might be a thing And I seen it and I'm like, oh, you know this video and I ended up watching it And I was like I never seen this person on youtube before I like this person on youtube So now I have shared this person's video on youtube. Uh, it's really as simple as that It's not my to-do list. I have not tested it But I watched that video and said that looks like something I need Especially because as I build out my new studio, I want it to be simpler and I want to um Be able to go because I I make the motion this way because there's a keyboard over here So this keyboard right now controls the studio computer and I look that way to see the studio computer I look this way to see a camera attached to my computer, which is this way Which this is the keyboard for that one And so this keyboard, which is got a tail As far as it'll reach that's why whenever you watch me I'm kind of tilted a little bit because that my desk and my big monitor is this way So that's but it'd be cool if I had one keyboard to monitor and I could just take and Swing around in my spinny chair and control the other computer the studio computer With the one keyboard and mouse. This seems like pretty convenience Oh, let's see here Is it possible to port forward pa to say device forward one specific port device of pa network This is going to be not easy to do and let me explain why Everyone wants support pa would have to determine I think they actually have an option with their tool They would have to determine if someone else has also requested that port because you're sharing A paa ip address with many people. I think they do have some type of almost look it up I can't I don't feel like looking it up. You can google it google if they have the option I don't know of any way to do it in pf sense though because pf sense port forwards are Expecting to have some level of controlling you'd have to port forward at the firewall on the other side I don't know how to get how to tell paa to forward a port to you Um, and I think their tool their software I haven't looked in years because I've never used their software I should say with a minimal exception of a couple years ago for a review when I tested it I set up a demo vm and loaded their Their paa tool that's as much as I've ever used their software. I always use You know just not trusting. I don't trust the vpn companies And this is one of those things that people ask about vpn companies. I don't trust them Second, I really don't trust their proprietary software if they have any why would I use their software? How do I know what it's installing just give me your ovpn config file and I'll take it from there Thank you very much simple as that so if it would not be something native to open vpn to be able to make that work So hopefully that makes sense. Um Let's see Big fan from libya awesome Question regarding your pf sense firewall video. I saw a moment ago I if I have a server with only one network interface is it possible to block a lot of traffic between different vlands with that setup. Yes, so uh The the s in vlands stands for security Okay, if you didn't get the joke the vlan is just another subnet and whether it's a physical interface on the box or A series of vlands which are still going to be treated inside a pf sense as subnets So a subnet is either attached to a vlan to create the logical differences Or it's connected to an interface for the logical differences. So the answer is yes Matter of fact, it is uh, I did not cover because I did not want to get people confused But the video I did on the pf sense firewall Some of those are vlands and some of those are interfaces because pf sense treats every subnet as its own You know logical thing it it doesn't matter you just see them all as different rule sets But if I created one as a vlan no difference so absolutely yes if you have a Vlan in and then you have a land and you want to subdivide your land between that Then no problem. You can you can do that and it'll work. So hopefully I'd answer your question david I joined a telecoms company in here heavily invested in getting into it I need an RIT tech. What would you look for someone? Is an apprentice a bad idea? Um Right now the job market is terrible Well depends on your perspective terrible if you're trying to hire because there's a there's more demand than there is talent So be prepared to pay for good talent. It's really that simple Um In in some aspects. So what do you look for people who obviously are knowledgeable about it have a background in it But the more experienced and more well rounded you're going to pay substantially more for that particular person. So, uh, that's just Make sure they're confident. Make sure they understand tech. Uh, that's yeah I don't I don't require certifications But sometimes the nice thing about certifications is is if they pass some of the tests they put some effort in for one and It can be a qualifier if you have too many applicants I don't want to be a gatekeeper by saying only require people with certs But I know a few hiring managers I've talked to they put it up because when it well This is more so when the job market was the opposite when they got flooded I remember one hiring manager told me she's like I have 300 people apply in four days I'm not sure yet how to filter out to this position Like it becomes a burden. So it's not an easy task Hey, jordan. Thank you very much to stop by say. Thank you much appreciated I have a network that contains ip cams the network in the same land of different ip ranges But the local system speed is much slow is the ip cams data the reason behind a problem Hmm I have a network and it contains ip cams um It shouldn't you got to think about this ip this is a weirdly common question So let's throw it out there How much bandwidth do you think is actually needed to run these cameras? And if you think about how clear a netflix or amazon prime or any streaming youtube What you can watch youtube at 4k you don't have a 10 gig connection Well, maybe you do but it's not likely and it's not required by the way to watch a 4k beautifully rendered YouTube video or any type of streaming service that also means it does not take that much bandwidth for even a 4k camera Cumulatively though they add up But they really don't pull that much bandwidth and a lot of the cameras themselves only connect at 100 So it's an unlikely but not without knowing the details of your network I don't know it's unlikely that they are saturating the bandwidth But it's hard to say because there's a lot of factors in there Maybe you only have a hundred bag network and you you are saturating it So Yes, that's true too. Uh, I don't know if Where that question came up, but uh, sam Sheridan is absolutely correct And that was one of the rules I had was a rule to block the uh, any type of UI access on there Uh, if you mention pf censor you but pf sense denied by default and you just have to customize your egress policy specific to non-land, okay Don't trust companies at charge for paa huh See uh Let's see. What do we got here? Can I use pf sense? Can I use pf sense in a closed lab without affecting main isp router? Why not? That's actually something I do already Uh, I just realized I'm connected here. So let's uh share my screen So we're going to go here share screen chrome tab Think I'm sharing the right one. Let's look Yep, that looks like it. Uh, if you notice I have a let me zoom in a little bit make it probably a little bit more viewable If you can see right here, there's a 192 1683 for the dhcp You can double nat things if you want you just got to make sure when you double nat that you for those particular interfaces so interface when You don't want to block private network addresses and loop back. I make sure these aren't blocked because Um, you want rfc 1918 network work if you're double natting, but you can double nat Um, pf sense. I this is how I do all my lab videos is essentially double-natted like that. So yes Can you talk about building pf sense with one nick? I think it's a I think it's not a great idea I don't see anytime you start building one nick and divide it up with multiple vlands. Can it work? Sure Uh, is it a good idea? I it's a fun experiment I don't really feel like like I know how to do it just tedious and I don't have a real You look up for router on a stick if you want to know how to do it. It's a fun exercise I can't think of a good reason to do it. So Uh, feel free to dig up router on a stick if you want to know how because yes, you can make it work I think it's a good idea not really it seems too tedious but yes, if you have a switch that supports vlands you can actually use one port and Split them all up of vlands and create all these different cool separate networks on there And I don't know why you'd do it the with network interface cards are usually not the cost inhibiting part of the apfs that set up Uh upcoming video about making yeah, I want I'm actually I dragged my feet through the 2.5 version because I just had so many things going on I want to do a getting started but 2.5 has been out for a little while And if you followed christian mcdonald's video on 2.6 that he released and I tweeted it. I've shared it You can find him. I also shared out his recent video on how to do site to site Uh vpn christian mcdonald is a developer working at neck gate and he talked about something you can look at the preview Of course, you can switch things over uh to the 2.6 version if you change the train It's in beta. So I may wait till 2.6 or may till it gets to release candidate. So Um, yeah, if you go over to To do probably under updates, right? You can change to 2.6 version, but once the 2.6 is out is when I will go through and Uh, actually update to that. So yes, I am working on anyone We're out around a stick. There we go I I need to answer this one right here Larry zucker boasts using alexa to put ads on my u-face. Yes Raise right about this. This is a weird thing. I get a lot of comments on I don't know A better solution right now than youtube to put my videos out there that I would be able to do it at the scale I do and people go. Oh, I don't like youtube because of ads. Okay Buy youtube premium. That's what I did because I don't like the ads I don't like subscriptions either But I I dislike ads more than I dislike subscriptions And it does cost money for all the bandwidth So you either tolerate the ads on your u-face from the zucker bergs and the youtubers or you uh, yeah, just That's all there is uh to it. So that's that's a really common. That is a Really frequent question on uh lately as there's too many ads on youtube Can you put your content somewhere else? Would you want to buy a subscription to my content somewhere else? If there's no people that want to do it, sure I could do that I could set up a subscription service But then I think the same people that don't want to see an ad probably Would cross over to the world of I don't want to pay a subscription throwing it out there. Maybe Would you be able to port forward if I set up open vpn on a server on linode? There's probably better ways to do it, but um I would Probably if you're going to build something over on linode, I would build a wire guard one and build a bunch of routes Back and forth. I don't know if I'll do a video on that or not if you just want a quick and easy way to to get something port forwarded off a Public server look at eng rock and g are okay. If you're looking for something easy It's a it's a more advanced network engineering video that I We've done it for people. I it's it's just me taking the time to put it into a script to turn into a video Um, I don't know. There's enough demand on that video Uh I don't know if there's enough demand on that video for me to create it before I get some of the other ones That I think are higher priority Uh, why do you tag port sign it? I understand the firewall rules, but how does tagging come in with vlands? You tag the port to be the port you want so the port I have a couple if you look at my vlan explainer videos, and I'm going to do a new one soon. Um, just because There's some uh newer versions of software since I've created the other one I didn't realize the other one was almost four years ago now. It was in 2017 but the tagging of the port and You a port if it's untagged But also has all the vlands in it as in a trunk port just so we get the nomenclature right here Uh, the trunk port means that that has all the data coming out of it And when you tag it you let's say I want to tag it for a specific vlan We then swap that port to be tagged only to the network I want coming out of it So trunk means send all the data to the next piece because maybe it needs it if it's like a wi-fi or another switch Tagging the port is where you can tag it and only send or only pull out to one specific network out of that Well, let's see Uh, there's not a really a WAF, but you can use I prefer sericata just because I've been using it for a while But there's nothing wrong with snort. Um sericata works great on pfSense. It's not exactly a web application firewall Um, it it's loot. I mean sericata is going to look at incoming things But it's not near the same That you'll get with like a commercial web application firewall But it's a great place to start because it's free and built into pfSense Using pfSense. I'm a esxi with vmx3 adapters as I put a lot of traffic through pfSense I get a massive cpu on the host Yeah, when you virtualize it you're this is I don't recommend I someone will always argue with me about it We always recommend building everything with hardware not virtualized I only virtualize things for lab reasons not production It just solves all the little hiccups that you run into There was the hyper v kerfuffle when there was a big update because Something in bsd broke the drivers or was it the hyper v that updated the driver and it didn't work with bsd There was a conflict this conflict caused all these people to have problems and had to revert versions back and forth until they Sorted out where the problem was an updated driver was available These are not problems you generally run into with hardware And this one of the reasons we always install hardware and hardware to me is not incredibly expensive So you're going to run into weird issues. Uh, I just hate to say it that way But when you virtualize it you're going to run into problems sometimes Oh, and if you have a broad com, uh at all, I'm sorry That's all if you if you're using broad com in your stack for virtualization or just in general in life Just don't So avoid the broad com ones. There's a if you've looked me up on xcp and jeter's a post where That has been ranted about and some funny memes made about why you shouldn't use broad com Oh, let's see Question assuming the setup you have as isp or whatever router pf sense network is the isp router not a weak point for correctional harvesting um Why would the isp like generally? If things are ideal the isp router should be in bridge mode as in it doesn't do anything But bridge the ip information over to pf sense end of story. That's it So you're kind of taking it out of the mix because do I think comcast makes a great modem or do I think it was done by the lowest bidder the second one And therefore my comcast modem is not to me a big risk in my network because one it's on the other side of my pf sense Second it's in bridge mode. It's not handling routing functions at all Which means the admin interface is only accessible allegedly by comcast I don't know if there's some Hacking things people can do to get into my router. I doubt it But if they could once again if they took over my comcast router, which would not be good It would be kind of annoying. What would they get they're on the other side firewall of my pf sense So it's not really an issue Um, it would more be an annoyance because if someone got a hold of the router They would probably just troll me and be disruptive and reset it all the time Oh wait comcast does that on its own It only took us calling them twice to get one replaced and finally to actually our third Third cable modem. We got quit rebooting randomly once a week. They don't know why they couldn't find a problem with it But replacing it fixed it Well, let's see What do you think of force dns rules less necessary? I overrated. I don't worry about it that much. I matter of fact some of your this is So the consulting we do let's start there and how we get this insight into things A bunch of my iot stuff doesn't work. Please help. Okay. Here's our rate. That's a lot to pay to us to fix iot stuff Yeah, what'd you do? Well, I locked everything down super super tight. I restricted the internet. I egress filtered I redirected all the dns. Yeah, now your iot devices that expect certain responses from specific dns servers don't work It depends on how much troubleshooting you want to do if you want to force everything through there Absolutely, and I've talked about this. I don't remember what video I talked about it in There's a way to redirect your dns and actually it's documented in neck gates documentation You can redirect dns. You can grab the grab the dns Reloop it if it says it's going out 50 53 and wherever it thinks it's going you can Hijack it and tell it there I mean you can do that if you want just to lock things down a little bit more if you want to Do I think it's absolutely necessary for home users not as much for businesses? Yeah, lock things down more because you're really worrying about it iot is annoying but not usually the attack vector people think it is It's it's more of a privacy than it is anything else Oh, let's see um I'm looking to replace my nginx proxy manager running docker using ha proxy on my open sense ha proxy is proper use case Yeah, I have a few videos on ha proxy. Um The proper use case for this is you also need all yeah, I have a ha proxy and wildcard cert video that will hopefully help with that um The other question I've seen Here, uh, you can do nat reflection on there. I think that's maybe what you're looking for I'm not 100 on the question if you if you go through the documentation that they have that documented in there on that I think you're Is or you're asking about dynamic natting I'm not a not I'm not a hundred Yes, dnat is supporting. I don't think they call it dnat in pf sense. They call it something different though I use transmission at jail and true nas with open bpm with ip firewall rules I got my air vpn set up on pf sense using your video turned off vp in a jail transmission now that Oh, okay I don't know if that's a statement or a can or that so let's see What are my thoughts on zero tier and primary user for remote access including needs and data centers zero tears great I've done videos on it. I like it. I like overlay network solutions. I think there's a lot of Opportunity and growth in that particular market of the networking because it offers you a really interesting way to connect especially with more and more people doing work from home and there's some big advantages they have over Your traditional vpns so overlay networks zero tier being among them are popular And it's funny because you know zero tier came out tail scale is Using wire guard as a protocol But works similar in a way zero tier and then there's the nebula system Which actually is the back end for slack. Um, and that's pretty cool. I've reviewed all of these so Oh, the new studio is coming together. Yes. I'm gonna have all the computers in a separate room. Um I gotta matter of fact when i'm done today I gotta there's a few things that gotta we're starting to paint and things like that So all the drywalls getting there and everything is Slowly coming along with a new studio. It is yes What's new in 2.6 that people want to upgrade? Um, it's lots of under the hood things the way they are Looking at slicing things up with zfs differently. I don't remember the whole list It maybe you can pull it up. Let me see That's 2.6 Roadmap They have a nice list Let's see I'm just going to drop it in there. There's a bunch of Stuff so rather to me read it to you. I'll just throw it in the link down here for the roadmap for 2.6 New pfc for regarding question on 2.6. If the release sensor available on netgate site Does that mean the release is eminent? No, I mean it sometimes they just do progress updates It's like this is where we're at with this beta version and release candidate thing. We're working on so um, yeah How do I get my phillips hue bridge do different subnets? I have no idea No idea I I put all the iot on the same subnet as I described in my video Because getting these things to work on other subnets just is a headache And by the way This whether you like it or not this phone in my hand is an iot device and it's not like because it's a special phone It's like a it's a pixel six. They're all iot devices put them all on the same network That's my answer for those things Oh, let's see Let's see Any joy with a single ip and pf sense ha and using scripts to set interface down on the backup pf sense to make the interface active and I don't have any scripts for that Um, when I've done my ha videos on pf sense, uh, you I generally do them Let's do this while we're sitting here We're gonna we're gonna upgrade this by the way because you know, so we're watching it do something confirm Bye bye system. Oh, I better hope I got a backup of this Oh I should check first, right? That's how this works, right? See if there's a backup after you said yes, please tell me there's a backup of this I I say i'm joking the uh System update failed Oh Okay, try that again confirm Please wait while the system update initializes Let's see if it fails again No, I'm not using anything. Um Other than a defaults Oh, let's see Do you have any recommendation or pf sense to say get high cp load? I've uh, maybe you didn't hear me answer that question already Does it make any sense to have suricotta on the wan if you like lots of noise on it? Uh, what are your thoughts on snort? Yeah, I like suricotta because i'm used to it, but there's nothing wrong with nothing wrong with snort works fine Let's see what else Yeah, this is virtualization is definitely a problem because when you update your virtualization server or you're having a problem with it You don't have internet to troubleshoot it so Okay Wow, i'm going through a lot of here. Uh, let me catch up So ideal setup is isp router bridge pf sense. Yep. Uh, i'm using stream yard. That's how i'm doing this Oh, let's see Yes, you can um It is it is possible to uh Double nat People do it all the time because sometimes it just doesn't you can't do it Uh, when when you started doing youtube do you ever think you'd be where you are today? I don't know There's not really a plan. I didn't put as much thought as people might think I just kind of keep doing and it keeps happening. Uh, what is that from rick and morty? I just keep doing it and it just happens. So I keep I always like the the play and words that I just keep googling things and Things keep happening. That's how I feel mostly about it most all the time Tom doesn't really use docker. So he's not going to do docker tutorials. You'll probably find those are on jay's channel Uh, hoping christian does a site to site video with dynamic routing. Yeah I liked his video It's really good if you haven't watched it because he's he Does it in the way? I like the best which I don't just tell you what buttons to click I try to tell you why you should click those buttons and christ did an excellent job of that of telling me This is why you do it this way unless you have other use cases and you describe those different use cases pretty well which I'm update this thing's broken. I wanted to go to the new version Changes have been saved system update See if it works now If it fails again, I'm just going to reboot it and try again. I think I can do it from the command line. Maybe Oh, let's see. Does pf sense stop support software for neckate hardware? um No, it'll until it's you can run pf sense. They don't really stop sending you updates for it You can keep updating it until maybe it just doesn't work because it's so old or some requirement, but yeah Um, generally you can keep working out for a long time. Um, do you have any thoughts on sofos versus pf sense? Do you have any clients using sofos? The anyone i've talked to it's been a very limited number of people I see people that go I love it. I love it and I hear people going I loved it until I tried something different So I don't know. Uh, there's always people and have reasons for not liking something I don't have any specific reason not to like sofos, but I don't use sofos So I don't have a reason to like sofos either. So I have no opinions on it Is opening up essentially if you open yes anytime you open porch you're opening it to the world That's just one of those things It is a clear romulan ale. It's actually just water. Sometimes I have tea today. I'm I got water All right, you guys are sending I'm trying to answer all of them. There's so many of them here Uh, if you're following your tutorial So you're probably see it today. I lost access to my omvs and b shares Maybe I'm not sure what you changed That one's a tough one. Um What shouldn't be virtualized besides pf sense true and s that's another one Yes, there's ways you can do it. It's another for something. I'd run in production now Will my wire guard bork after upgrading to 2.6. I have no idea because it's beta Uh, I would say beta software all things are on the table. So take take that for what it's worth when When things are beta things are going to break when it's released. No, it shouldn't it should work fine But it's not released. So, um, I don't know what's gonna break. I'm curious. That's why I'm doing what I'm doing Because I'm curious what's gonna break. So we're gonna just Turn off the vpn Actually, we'll do this It doesn't even say why I was looking at the cons console messages. Yeah, whatever Actually want restart reboot submit that over there This over here so you guys can actually watch it reboot It's this is virtualized and running inside of xcpng. So now we can watch something on the screen. Well, let's make it bigger So, all right Uh putting off an all-day road trip to reconnect vtpn route location Ah, we got our friends from chew charts in here even releases are known to break things. Yeah, things happen Things happen all the time What would be the best hardware choice for pf sense? I yeah, that's going to depend on all your things on what you want, so Never heard of zen armor. So I don't know anything about them Have no opinions on it Sofa 6g is not bad a lot of software you can get with pf sense. Uh, but you have to pay licenses Okay, you need to set up your discord better and it's not looking so good. Probably it's probably full of garbage Um, did it get spammed again? If it gets spammed again, maybe I'll just delete it. I don't go there. I just don't do real-time chat very well so I don't know maybe if for something bad happens to my, um, uh Discord, I'll probably just purge it. That's kind of That's kind of my feelings on on it overall I don't really the problem with real-time chat is It's um, it's ephemeral and it just kind of leaves and then it requires me to be there at a certain time to answer questions and not only going back to try to sort out the 200 messages and like someone tagged me in it. That's why I run my forums The forums are really easy their forums are also indexed So when I'm spending time answering questions in forums when people search for I want to know how to do a thing They'll find the forum result that actually has a discussion and answer a write-up that I may have done on how to solve a problem because when I solve a problem for someone in a forum I don't have to answer the same question as many times. It's kind of a one of many problems. So uh ZFS is better, but writes this more often than ufs any reason to change five ufs good. No break. Um, they're They mentioned a lot of extra engineering that would go into pf sense using zfs So it'll be something I want to try. I'm gonna I'll probably reload my lab system with this so let me Go back into this Log back in We'll try this update thing again confirm See if it breaks this time It might I don't I got nothing on this Going going going Yeah, but threads Like the only thing I don't know it still doesn't look near as good. It's so messy in discord. It's like It's irc, but not wonderful um irc at least is nice and clean Yeah, I mean It's it's and also the other the disadvantages I stated with the discord is going to be right away the fact that Yeah, it's it's not indexed anywhere in google So you can't if someone says hey, tom How do I do this thing and I reply in the forum and a week later someone pops pops into my Or ask that same question in discord and then ask to get in a week later and ask to get a week later Now that information just keeps getting asked and I can copy and paste my previous responses. But yeah uh Let's see You're looking for a vpn. I have an affiliate code if you're just looking for a vpn provider for paa down below discord is much veteran threads, yeah You do not get to have someone's ip when you get ddost unless they're bad um That's yeah There's no, uh, there's no easy way and they have to You know have bad op sec to reveal their ip. You don't always know who's ddossing you It's unfortunate. It's the way of the internet and ddossing is is old ddossing people is as old as the internet That's for sure. It is it is not anything new Check the logs what we're just gonna guess You don't want to actually have the logs in here. Is there an update log on there? Is it under packages? um That's packages there It seems like it could be under system os and boot GUI services I don't know if we can do it from the command line over here Is there update from here? update from council This will give us an error. Uh, hey, yes well Sure, I think it says segmentation fault. I didn't I think I skipped right over that message Oh, that's not good PID 80928 terminated segmentation fault. So there's the error something's wrong with the updater so Don't worry. I'll reload it later if I care. I don't know if I even care right now Oh, there's a new version of wire guard out. That's cool Oh No, wait, there's not it's because we're On the wrong update version. So let's fix that first So update when you switch back to the other train Get the system back where it belongs See, uh, don't we take this off topic be easy and mount shrinkers gray log um Security onion has a bunch of their own videos on it. I haven't done any unsecurity onion, but security is pretty cool Gray log, I I dump everything into gray log. That's my monitoring solution all the firewall logs sericata logs Actually logs from unify logs from systems in the office and every all all the infrastructure we run Dumps into gray log. So that's I've got videos on gray log. I got I have a recent troubleshooting video. I did too Yeah, seg fault. Whoops. Yeah, I'm doing something stupid PF sense command line update work for me Yep Hey watching all the way from south africa cool Way on the other side Hello from scotland Yeah, um, something I didn't cover in a video because I didn't want to uh make the uh What do you call it? I didn't want to confuse that video on my pf sense and firewall rules But I am going to do is talking about when you design networks how you stick a leg Of each device in that network and what it means is for example, my synology has multiple network interfaces So my synology has a cable going to each one of the networks and by doing it like that. It's just Way easier uh to deal with because now you're not trying to route everything you're putting it in there And then there's ways and I'm going to do a video specific on synology because true nas makes it really easy True nas you just choose what interface to bind it to Synology doesn't have interface bindings, but it has firewall rules So the default firewall rules on synology unless you touch it are all open So you have to go in and create deny rules on the networks to deny things like access to dsm I will do a video maybe tomorrow on that I'll see how inspired I feel because I want to get a couple cyber security videos done I just you know, I bounce around between topics sometimes, but you know, that's the thing See What is your opinion on firewall and open hardware and open core? Sure Why not? That's my opinion um Do you alert on stuff from gray log? Yes You go in gray log. You can pick out different conditions like if someone were well Even for me It's any login Successes because I don't log into my servers unless I'm doing something And because I'm no one doing something or one of my staff and it's on a predetermined reason to log in Because most of my servers are all set to unattended upgrades things like that Um, I have alerts on failed or successful logins any login I want to I want to know failed logins are extremely concerning successful logins Depending on what time they are are also of concern So yes, you can just grab alerts out of there and because we there's so limited in scope Who's even allowed to log in or log into what and from where? Any login is basically it's always logged, but it's also then alerted if there's a reason to do so Uh, I've never tried to make zero tier work with pf sense. So Not on my not on my to-do list pf sense does not have I don't think any native support for vx lands Uh, why did I pick gray log rather than elastic? The problem is every elastic one I've looked at, um It it just doesn't seem as stable gray logs actually very stable Has a lot of extra features around logging alerting and I found it just easier to manage and set up like they They put a lot of engineering around elastic that I think makes it better, but If you just want to use elastic natively try go ahead. There's you know, it's still based There's you know elastic native. Um As I say bad thing, I know people that tell me they like it better use what makes you happy That's the wonderful world of having more than one product out there And also if I use one product, it doesn't mean I hate the other one. That is a Way Polarizing problem in tech that drives me a little bit crazy is the concept of If you do this it can only be this way type attitude like if tom likes this product. He has to hate product b so I don't just I don't use it. So If you're in tissues with ppoe and sensory link with pf sense, I simply have zero clients with ppoe So I don't think it much about ppoe at all because I just I never run into it It's not it's not that often that we have anyone outside of the us that's using it We see some people using it outside the us. It seems to be more popular in europe But it doesn't it doesn't come up too often Does it support ip sec? I'll assume you mean pf sense in the answers. Yes What tool to use update servers with windows and linux? Uh after get update for linux, um or unattended upgrades and windows, uh, that's a whole different topic We use an rmm tool to manage all of our updates Well syslog is just syslog. We send syslog to gray log Um failed login monitoring is sometimes very nice. We use ninja rmm. We're migrating over to it. They support it So failed logins are something you can that's fully supported in ninja rmm as well. So Thank you very much for the donation jsp. Hey, uh, say you did a video a while ago on vlands with unify. I want If I want each device on its own vlan Uh Does it have to be on its own wi-fi network? Well, here's the thing Each ssid. So if you if you want each wi-fi device on its own vlan You can do that. So you just would Set up so I want each wi-fi device on its own vlan Does it have to be on its own? I mean each ssid can be a vlan well usually is a subnet, but it can be a vlan and I I guess I'm not completely understanding your goal of what you're trying to do Like one access point per network you can do that or generally the the better way to do it In my opinion is you take and trunk all trunk all the vlands and everything to each ssid Or to each access point and then you break off the settings in the ssid. So hopefully that makes sense Um, I'm not sure if that answers it posted my farms for more better discussion on that Hopefully that makes sense It's about 15 minutes. Maybe it hasn't come up at a firmware update is that normal probably not it usually doesn't take that long Do you prefer rmm over w s us? I prefer w ss worked, but I live in the real world where sometimes it doesn't So we just use the rmm to monitor it And tell it to update and roll patches because w s us has been proven unreliable Someone's going to tell me i'm wrong and windows is the most wonderful thing ever and i'm fine with people who live in a Land and I apparently don't share that view I work with we have so many computers we know if you work with one computer and it works all the time That's not a good baseline statistic Um, once you've worked with lots of them. It's very different Uh, do you prefer one login for all that's a terrible idea? Uh, or each its own everything has separate logins That's in people have separate logins because that's how you track the different people That's that's very important Hey, grace and awesome that you thank you for the donation. Um, great that you're studying for your countia Good stuff Thank you very much for the donation Um, it's not hard troubleshooting things if they're blocked twice You can figure out who blocked what by doing a dig at the pf sense or a dig at the external dns to figure out who blocked what Yeah, when w s us works, it's great and when it doesn't It just decides it's not going to We can't rely on windows to patch itself It is it has proven really bad at patching itself Not only that microsoft has proven bad at patching it How long did it take them like a year of windows printer nightmare? Like there's so many things microsoft just been terrible about patching. So Definitely unify over That I am going to do a video on ninja pretty soon here. Um, so yeah That's uh, I mean, I don't know what I can really do a video how to set it up Everyone's sub's gonna be a little bit different, but I'll cover what we use ninja for maybe that'll help give you an idea Private vlan or dynamic. I'm gonna go private vlan. I'm not even sure what the question is other than like a yes or no here Sure, we'll go private vlan But I don't know what you're asking so Hopefully that makes sense. I should put something more interesting on the screen. This is kind of boring Oh, it didn't switch Oops Switch this back over update settings so we can Save make sure we're on the latest table here Let's go ahead and reboot this thing again I can always revert it back push up that day for a month and uh big features Yeah, you can do some of that Buy me a chat. Hey, throw all the money at you Yes, I'll be definitely be doing a video on ninja How do you say manage all the root logins and creds to make sure your employees you You make sure employees have their own ssh keys that you can monitor things from And then you set up a mean j did a video on bastion servers, but usually create something like a bastion server Um, I've actually looked at and there's a pretty cool product out there I don't use it, but it looks interesting called teleport which is a more advanced bastion server But that it has lots of logging features in it. It's popular in some of the enterprise use cases Uh, they actually reached out to me. I think it's a neat product Maybe one day I'll do a video on it not doing it anytime soon. There are videos on it now um that you can find by other people, but yeah the You you get everyone their own ssh keys and That's how you do it you if you narrow them down so they can only access their ssh keys and don't give them your keys They can't log in as you Does the cpu and ram manner much of pf sense on a 300 meg connection? Actually, it doesn't so pf sense is rather efficient um if you are dealing with Sub one gig and not too much in terms of like sericata and things like that Once you start doing a bunch of sericata or a bunch of more advanced features Or have lots and lots thousands of rules then it's going to take a little bit longer. So I do like ipa beers if you're asking about beers. I'm in on ipa beers uh x was present Oculus Oculus 2 or whatever that is. I'm playing with that I answer this question. I like unify over a tp link Uh, not much. Um, palo alto. I people seem to like them. I know a few people a few friends that use palo altos I think they make a nice product, but I don't particularly use them Um, there's nothing wrong with them that I've heard Your views of hardware offloading upon different hardware like quad port network cards and a new tanking network cards uh Generally because we're buying pf sense hardware most of the time. It's whatever the default is for those and it's works Do you do international consulting all the time? Uh, we have a lot of clients outside the us quite a few that buy consulting time from us. So absolutely Uh documentation inventory um wiki wiki and spreadsheets We don't have to manage About a net box is cool. If you're managing a data center with a bunch of ip addresses and managing large, uh racks awesome Great tool. Uh, I don't use it though because I don't manage data centers. So it's less It's less needed for me. I'm not managing pools of ip's uh on my day today. That's just not Not something we do a lot of I don't know. I need to pick. I haven't done a hot sauce to the day in a little while. So been a minute um You can get pf sense working virtualized, but I always recommend not virtualizing pf sense We had that discussion earlier. I avoid virtualized pf sense. That's uh, That's generally my solution, but you can you can definitely get it set up working on a virtualized port You just got it whatever port you have in proxmox attached to the wan You just have to get it bridged over to your cable modem. So Hopefully that makes sense Uh, I heard a message No, it's my staff It's nothing i'm working on so all right We just document them. I mean What do you mean you just I don't I don't understand maybe Um, I guess if you I don't have any customers that have like 10 000 computers at a single site So maybe that's why I don't need it. I guess if you have that many at a site, it may make sense, but I you know Some of the big clients we have you know several hundred computers at a site But that's not we're across their organization. I don't really need net box for that. So We use excel actually we use uh google sheets That's our that's our big thing I don't use tnsr. It's all command line driven and I just haven't taken the time to learn it So I mean knock yourself out if you want to use it. It's not on my um list I good news steven I have a video on how to do pf sense redundancy with failover I've actually got one or two maybe three videos on that topic of how to configure and set it up What do you think about 5g on a network router? Eh, don't care Um, I always like it as a separate device not attached to my router Uh, I like it just to be Here's a here's a box that we can stick a 5g card in or whatever your different sim cards are To support a cell backup And then we take that device and we plug it into a network port on our pf census done Um, I don't really want it built in but that's me I mean, I'm sure someone's going to say tom you're completely wrong The future is having them all built in and I don't know. I just used to it being separate Yeah, um, there is if for those of you looking Uh, where'd it go? We'll pull this up. I don't use it. I just think it's a neat looking product So someone will be happy that I dropped it in here because maybe you do lots of You know things and you need to say goodbye to spreadsheets and say hello to a user friendly asset management system Your team will love a snipe it open source management. So for those of you interested I've never used it. I don't plan on doing a video on it, but I'll mention this exists. So, uh, yeah There you go. There's the you were all for it For those of you looking for something Thank you very much Much appreciated michael You know, I did test hoodoo. I think hoodoo is great hoodoo makes a pretty cool product but my problem with hoodoo They pull up their website And that's this is the one we're talking about my problem with hoodoo is Once I get tied up in their licensing if they decide to increase the price then they increase the price And I guess I'm just I live with it and it's kind of the same mentality a lot of these companies have and I don't know specifically about them, but it's like, hey, here's my Here's my product. We're going to give it to you at a great price We're going to gain market share And then we're going to raise the price because we'll sell ourselves to an investor The investor will buy us and then just keep branching up the price until people complain But not quit like there's a balance the investors do it because who's going to buy this documentation platform someone And when they buy it, what's going to happen? They're just going to go I need a return on investment. I give these guys x dollars How do I get my x dollars back on my product investment? Well, we got x thousand people You know subscribe to it. What if we charged them, uh, 10 more dollars a month or 15? Oh, they bitched when we did it all the way at 25. I think the happy middle is 22 a month, right? This is one of the reasons i'm not big on Putting all my documentation into these wiki has been a way we do it for a while because It works and we just create spreadsheets for clients for documenting things and I know it's I don't know it works for me Sam, yeah This is in the uk ppoe is popular as well. I think people find it weird We don't authenticate our connections here via ppoe We just hand out ip addresses like your static ip addresses are just given like here. They are or Most of the consumer side stuff is dhcp You get the ip address you get our dhcp reservation said this one's yours for now. So Uh, I don't know if that helps and not or hinders. What is I mean, you know what their pricing is Product wise. I think it's pretty cool. Yeah, 31 dollars a month three years is included Then it's 15 dollars a month for additional users So that's what their pricing is right now It's a cool looking product Oh, canada. Am I the only one here? We're not using it. So PPS happening in canada with bell canada, okay Main distribution frame and intermediary distribution frame. I can't remember if I know I've covered it. I just can't remember what video off the top of my head. So The um, it's One of the things I thought about doing is another video explaining because we just put in a series of mds and idfs they're basically Your main, you know data center room your server room But then maybe your building is uh 400 000 square feet and you have a couple smaller distribution rooms So that's usually what the idfs and mds are Michigan's all the way up pretty close to canada still no ppe. Yeah I think the only reason I've ever heard of kemp virtual load balancer is because It's best I can tell because it said paid promotion on this video They paid network chuck to do a video and everyone says thumb. What about it? Why would I use a closed source proprietary system that's less popular than an open source alternative like hj proxy? I have no interest. I don't I've never heard of it before network chuck did a video and I didn't watch network trucks video on it I just had all these people asking me. Is it an alternative to hj proxy? I'm like, why would I use a closed source alternative when a popular open source alternative is there and it's well Documented so I I don't know I use it if you want. I don't know anything about it I'm an hj proxy kind of person Or other reverse proxies. I mean nginx is good if you want to set that up as a reverse proxy There's there's other tools out there. There's um That that digital life youtube channel, they've got a couple videos on different types of reverse proxies Fiber in hungry as well comes over ppoe interesting it's because they uh Multiple clients on fiber But then bell canada for those who use ppoe and the other ones are fiberfiber. Okay. There's a lot of it on here Uh, you can probably google redis and figure that one out. I'm not going to spend a lot of time on there Where is hungry? Kemp is the same as an f Similar to f5 Yeah f5 I've heard of so Uh, what we've put let me find something more interesting to put back on the screen. What should we put? This is It booted back up. It's not broken anymore My pa swiss is missing Actually, I should restore this system Back to its former glory So we'll go ahead Stop it I had a snapshot. This is what I did four days ago because I just did that video So we will revert this to before paa I don't really need pa set up on it anymore for what i'm doing Actually, I do I'll leave it. This is how I revert snapshots and things like that. These are this is uh zen orchestra I play with this a lot. This is where all my lab stuff exists. So if we whenever i'm building things in labs Even my wire guard labs firewall testing labs things like that. That's all done right in here great People ask, how do you upgrade linux just like this actually? Oh, I can't it's behind Oh, it's it's dead She's dead jim studio 200 is one of the labs. I actually have to turn the pf sense back on to make it work So we'll turn the pf sense back on to make it work Ah, we'll do that. All right enough playing with that. So Yes, my desktop still runs on pop o s. It's my favorite. It just works I have no idea. His sister's buying him pizza today. I know because his uh, my daughter came by and got money from me so Working on a home lab with nas built in torn between unraid and true nas a host on proxmox, maybe custom a bunch of um, I I'd like true nas, but For home users. I know a lot of people have told me that there's more flexibility and unraid But unraid also suffers from performance problems that you won't have with true nas So i'm true nas all the way. I don't plan on doing anything ununraid. It's not I sound something we use ever So I don't really want to take the time to learn something. I don't use true nas on the other hand We do lots of builds with builds with it. We do lots of consulting And uh, because i'm very actively using it all the time. I can speak to it not just from a hey Here's what it looks like but also from a here's our things that what you know when we use it in production Here's things that are Problems or ways we set it up or ways we optimize and it's coming from experience So that's one of the reasons there Hey, you can do nested virtualization. I think it's a fun academic learning opportunity so Yep, ha proxies and pf sense and I have three videos on the topic on my channel if you type in ha proxy My channel search you'll find three separate videos on that topic The what size you use for different types of business sizes Um, they actually it's listed right on pf sense's website if you go to the neck gate hardware listing They tell you uh those details Uh jay has done some testing with open media vault It's kind of cool because it uses It's like for some low resource situations, but once again, it comes back to I don't use it ever So I don't know much about it. I think jay did one or two videos at jay from learnlinux tv Um, there's a few other people have done videos on it. So I don't think it's a terrible product I just don't use it Probably not the only way to really do that is going to be creative series of rules So best approach to blocking vpn site to site without seeing each other lots of rules I never use edge routers either anymore. So Oh, yeah, as soon as it came out, I've graded to the latest version of pop o s. Yes Uh pf sense definitely all day every day in my home lab I think you can do rate limiting. I've never set up rate limiting in it Uh, just lots more videos. So 39 ham lab shows together. Um, at least 39 more but more likely just we we don't have any end game we're just gonna keep Keep as long as people want to and me and j are relevant. We're gonna keep making videos on it. So Ah, the preferable way to get a LAN cable from the back of rack amount of server to the front is connected Connect to a switch. So this is I showed this in my rack build video It looks nicer if you do the double ends But i'm not gonna lie. There's plenty of times when I've just left the punch out and pulled a wire through the punch out I mean you want it to look as nice as possible, but there comes diminishing returns But the double punch out ones is going to be the cleanest way to do it If you got the budget just keep buying double punch out or um, sorry double-ended You know joiners it works, but of course once you've added a joiner you've now added Potentially more problem. So pulling the cable through the hole Without anything in it and plugging into switch can still look pretty nice I think if you look at the photo in my thumbnail and let me see if I can Pull that up. So let me um See if this works So, yeah, you see how I'm pulling these through the hole here and they just go around like this That's another way you can do it where um It works so How come you recommend not to use ideas on whan unless you use open ports? Well, it's the reality is you're just going to get a lot of noise if you want the noise You know, here's the problem you turn it on you see the noise You're like, oh my gosh the internet is attacking me and then you have a bunch of false positives So it's up to you If you see a bunch of things in there and it kind of depends on the rule order Whether the block rule came before or after suricata Mostly you want to talk about the data flowing through not just what hits the whan uh I have no videos on open vpn as hctps like There's in caps. There's ways to encapsulate it. So it looks more like Standard tls traffic, but yeah I don't have any videos. I don't plan doing videos on it either Ken shurnass do h.a. filler replication syncing um They sell hardware that does so yes shurnass does ha with specific hardware from iac systems What sam said you can run ids on lan if you want If you want less noise than on whan simple as that Never try don't know the answer if you can load open sense on netgate hardware directory service i use for what? uh Most people are using active directory or azure ad pf sense on a pie. No You can't run it on a pie doesn't work I don't care for 40 gates. Um But I prefer pf sense Self-hosted vpn. I have a video on how to build your own wear guard server. That's that's the best I'm preparing to set up a vlan using pf sense and unify ap's. I'm on the latest controller version They've changed how vlan sift. Do you have a new vid? I do not Use the old interface and it's not that much different. Their new interface is terrible For setting up vlan's they they chose to do it in a less good way so um I would recommend Uh, just you can I'm going to make a new video eventually It's just not something I have time to do right now But my older videos work if you use the old interface and unify What's the hottest house also you can recall worth having rather than stunt sauce, you know The express sora I think uh, the last app's not bad. I liked it. Not everybody does the Expressa sora one of them. There's probably linked on my site. That one's pretty hot, but so flavor So there's a few of them out there I never used paleo alto never heard anything bad about them. So Any upcoming videos on shuna scale? Uh, I gotta do some more testing with it It's almost released. So probably pretty soon My last testing was just so disappointing in the performance side and because we're using it as a storage target for virtualization Performance matters in a lot of my use cases. So that was what really held me off of it Uh sg 2100 can you run l acp? I don't know and never tried Uh, don't open ports. That's what stops things going from wan to land If you don't open ports, you don't have to worry about bad things coming from wan to land Oh Yes, I wish ubiquity was sick with the classic ui Yes, me and kody both use a lot of ubiquity equipment and we will can agree on that along with many other people I have a video that breaks down. Um, how inter vlan routing works on switches Uh, if you type in like inter vlan routing on my channel, I have a explainer video So there are switches that support that that have the ability. So it's it's It's a lot more than I'll have time to explain right now Just watch that video and I break break that down on there Ah, we actually have the developer of wire guard in here. So it works at netgate. So I said nice things about you I don't know if you're here earlier christian, but we're just talking about your videos and uh, I told people they should go watch the wire guard video you did for site to site Which of course prompts people going but we need one now on site to site plus dynamic routing Which i'm sure you we're working on at some point. Maybe i'll work on one too Um, what are your go-to switching ap with pfcence probably yeah, unify just worked for most situations Aruba is not bad either. Uh, we've got some aruba stuff out there I know a few one of my friend runs an it company. They love aruba so I never played games on my tesla So I know they stop people from being able to play games while driving Which you had to say yes, you're a passenger and not all games were available, but whatever We'll add that to our list My tooks hot pepper sauce I think yes, I believe you I believe it does pass through Maybe this is a question christian's answer if he's still in here. Um, the rule order I think it hits seracada before it hits a j proxy um Does netgate have switches I haven't found any switch that doesn't work with netgate hardware. So all of them All the the switches I've tested work fine with demonstrating some of the comments here Does your true nas backup host need to be as beefy as the main if you just use for zfs snapshot? No, I mean you can have a slower system that you're replicating to Um, it's just going to be whatever speed it is Let's take a look at my face over here To at least have pfcence pulled up There we go Where your garden is rotted. I don't see osp. It should work. Um, once you have the routing setup I don't think it'd be hard to add the knowledge for those on there I just need to set up a lab that a lab setup to do a video on that I don't use ipv6. Sorry, maybe christian'll make a video on it, but i'm not an ipv6 person I love all the hate I get for it. It makes me amused. So Yes, layer three switches should do the intervlan routing. That's why I said I have a video on it Where I break it down and explain Because calling them a layer three switch. I mean it's yes, but it's more specifically a switch that supports it And I believe I've talked before if I have one on unify because they did it in a dumb way Their intervlan routing on unify is not great Do you plan to do a video about new ubiquity ai cameras? You know, I don't know I they're always out of stock. So it just becomes a talking point and it's uh, I don't know when any of this stuff will get in stock. So I don't know. I haven't seen what they are I haven't seen when they're going to be in stock. So I'm just kind of leaving that one alone for now I may do an update a ubiquity camera video at some point for now. I'm still using uh We've been selling more Synology systems and ubiquity systems Partly, you know, and these are a lot of small camera like four camera setups But the biggest reason why is the lack of availability of any of the ubiquity cameras? So it's been a challenge to get things in stock Can you control vlands through a microtik picture pf sense? um Yeah, you haven't had a microtik question pop up in a while microtik follows Standards for the most part for vlands and networking. So yeah, you should be able to use it perfectly fine Was it the tp link or the neck of your switches where you could vlan hop or was it just a switch? It was the someone told me they fixed it with a firmware. But yes, it was a tp link one where You could always get to the admin interface even when you tagged the port to a specific vlan There was no way to get it where you couldn't see The management interface if you knew the ip of the management interface you could simply stick You statically assign an ip in the same subnet and you could always get to it, which I thought was interesting They didn't filter this properly What's the best cable organizer between switch and patch panel? I don't know. I don't have an answer for that putting putting patch panel I don't have an easy answer. It's probably google the one that you like the best um Yeah, well, you can also vlan hop if you don't configure it, right? That's a different issue But there was no way I could find on that old switch. I had to configure it where you couldn't vlan hop. So Hey from the land down under I like, you know, I mean you have a bunch of australian hot sauces and I actually like them a lot. We've um Nigel runs uh What is that? a tech tribe and They're from australia as well. And uh, they were nice to send us a box of hot sauces. So Uh, definitely a big fan of hot sauces from the land down under Australia seems like a neat place that area of the world's kind of cool. It's very foreign to me. I've never traveled that far so Uh, let's see I prefer layer three for land stuff anything where you want to block traffic default is yeah I mean, there's there's exceptions of how you want to do everything it comes down to how you architect networks the size and scale of the network it's not like Too many people probably think they need it on a small network where they need a switch to handle some of the routing for offloading And there's circumstances in your architecture or maybe that makes sense But it's not always the case it comes down to what is the architecture? What are you trying to design? And how do you have your design? This is where That comes in All right Good evening. Uh, it's only 4 30 for me. I'm gonna wind this down pretty soon. I do have a few things to go do um, which Because of that if someone tagged me in something I heard my thing go off over here Okay, nothing nothing pretty so only 88 likes 220 watching. Yeah, I'll shill for um Let's uh go this here I don't know what youtube's doing with the like stuff, but Here we go people. Here's all of you on here. Now. We're gonna get all crazy looking go ahead and uh Smash the like button Oh, cool. Now. We're gonna get another one refreshing inside of here. It's gonna be turtles all the way down So I'll let you guys watch the like buttons go up at real time Uh Hey, it's we I like them the I can't remember the name of it, but uh, it's it's like a whole line of them from australia And I I like them all they have one that's kind of like a sweet chili sauce too. Um that it's great on french fries I think everything's I french fries are are really like my go-to for what i'm going to dip in hot sauce. So that's Oh, is there only I don't even know if people can see the likes and dislikes anymore I don't know what the status of that is it seems to be the status is always people argue about it online Done. I'm like, okay. I I just don't people say do you have an opinion on it? And uh, one of my superpowers is sometimes that I don't have opinions Um, because I just some things I'm like, uh, it's uh, my day didn't change any Is it gone? Is it back? Is it there? Does it go away again? I don't know Uh flashbang is just too hot. Yes, we've had flashbang hot sauce Yeah, the flashbang stuff. Did you ever get to try it? It's really hot Uh, I'm fine with it being discontinued I'm okay with that Yeah, I seen that youtube made the like it and go away and then people were making it come back with some plugin I I'm like whatever I generally um I I kind of get both arguments of the dislike campaigns I don't know. I I click the like button when I like something. I rarely click the dislike button And I don't even like it. I don't know if it's missing now or not But it was a pretty rare occasion. I clicked it mostly if I like something I'm like cool thumbs up I watched so much stuff in my chromecast with my remote. I never thumbs up that sorry so um How will I celebrate tomorrow? That's pretty easy. I'm going to probably make some Videos or something So that's Probably how I'll celebrate. I like it'll be quiet here. My staff have the day off. So there's nobody else here Oh Linus Linus tech tips it. Okay Yeah, it's just There's always controversy Stupid order wrong how-tos. Yeah There's some bad how-to videos out there as well. Wow, the the likes went up pretty far But we got rough to 150 likes Keep them coming There's well, there's a bunch of you probably watching this on some streaming device You know going what like button? I don't know how to press the like button or other people that are listening to it And it's like on the other side of the room They're listening me babble on about firewalls and going at the walk across the room to click the like button I ain't doing that and I don't blame you. I wouldn't do it either. I'm not gonna lie. I'm not a hypocrite at all I asked as much like button, but honestly if it was across the room, I wouldn't hit it Oh, what are we gonna do I was that I'm gonna close all these windows You can go back to what should I even just leave this up on the screen while we wind it down Final questions few more minutes final round or whatever Is there any more questions for this before I wander off and go do something else I always have fun. I like these q&a videos. I they seem to get You know, I like answering topics like this. Um, oh last pass You know, I was gonna put last pass in there because it's popular. I almost made some content on it and I'm like, why the credential stuffing and then the existential problem people seem to be running into of can you even trust a password manager? Oh my and I'm like, it was just credential stuffing. So I shared out the thing I shared out that video and people like, I don't know man I'm like, well, then use a different password manager and then there's the argument Well, maybe you shouldn't use password managers. I'm like, no, I think you're better off using password managers Um And then someone said it goes back into bit warden because that's my preferred password manager. We still like it. So Uh, yes Uh, other than selling and installing 45 drives. We haven't really done anything video wise with 45 drives. Not really had time to Um Have you tried the latest true nas rc? I have not I got to get back over to it and see if the performance is there So yep pressing like for your reference Just put it under the keyboard. That's yeah You're in luck Raymond. I have a video on how to make bit warden hosted locally got that video done already. So Um, there's not anything that I'm aware of different about the way you install it today versus the way you install it when I did the video so Can you recommend a benchmark tool for windows sql other than hammer db? I don't benchmark sequel. Um, so no I don't have any recommendations I do very little. I don't really do any windows sql stuff Yes, people really should use 2fa. Yep Nope, no no ubiquity cameras in stock I've debated like should I sell the ones on my building? Like I could get good money for them right now. They're worth a lot more than what I paid for which is weird I just did that video the pf sense video I did the other day should cover how to how to set up home subnets I mean, it's at least enough information on there I to do it if you know how to set up a sub next I didn't talk about how to set up a subnet Um, if you watch like a getting started so you know how to build subnets and firewall rules and pf sense If you watched a video that I posted yesterday, you'll actually find I linked to all the relevant videos who cover In spider off into all the aspects the playlist that is underneath that video in that description is enough to really, um Get you going on all of it When you set up open vpn connections on pf sense for some endpoints. Do you allow local traffic? Uh, is that just a matter? Yeah, I have a video on even how to do radius So you can get really specific with radius ip assignments and rules for users coming in on open vpn Um, I don't know those though. I think ubiquity will sell um Will sell them until people don't buy them anymore. So that Two f a on pf sense, uh open vpn technically it's going to be three f a if you have one. There's ways to do it. Um But you already have user pass certificate and you can set up per user certificate So those certificates are part of your factors of authentication. So technically it's two f a but you might be asking technically What would be three f a which would be like a rolling number? Um an ephemeral Number that changes like to tp. There's not an integration yet in pf sense for doing um That there is an untangle but not in pf sense Who bacon and onions pizza? Yes I'm working on a new video soon for the latest version of sonology surveillance station Thanks for all you do for community learned a lot for your content. Keep up videos. Thank you very much Roadation is greatly appreciated Oh, yes, they are pushing hard for their hardware. They're pushing hard for the dream machine. So trying to sell those turds It just I say turd I mean that with the best intentions because if you're a home user with very limited or very basic needs not limited A very basic needs. It's probably a great device, but for the price You can buy something else that has more features pineapple pizzas. Yes Maybe elder to win benchmarking for network storage not sequel but overall workloads I do most of my benching in linux if you look at my videos the majority of my done there So I don't there's only I can't remember the name of it. There's very there's um There's that one benchmarking utility and it alludes me but everyone uses it For windows benchmarking that has a drive utility. I think I've used it before it's Its name alludes me right now. Someone will probably throw it down here in the comments. Um When I'll just google it real quick windows benchmark test Passmark so Passmark I'll throw a link in here There you go Use passmark for benchmarking. It's popular. Let's see Not really I don't care much for the like 2.5 gig is in whatever I Why not go 10 if you're going to go 2.5 knock why not go 10? So um, I don't have any specific reviews for 2.5 on the roadmap Cinebench is the other one too. I think that's more for video, but passmark is one of them Yeah, a lot of this linux. I got covered Uh the windows portion I'm not a windows person. I employ a bunch of people that are That's if you're wondering how you run a business that manages You know lots of businesses and all their windows stuff I have a high level understanding of linux or of windows like of what's going on But some of the details and nuances. I don't deal with day-in-a-day out. So It's our way to unzip. Yeah, you can load these zip tools from the command line of linux. That's a google search 2.5 is next big I Yeah, I know 10 gig Definitely uses more power, but are we at a power deficit here? That's that's my question. Are we are we um That couple extra that extra watt it takes to make 10g work is that we're That's the big problem. I've had 10g in my computer for a few years It's never I never think about. Oh, no Do I have enough power to run my 10g card that I bought like three or four years ago now? It's the same one works perfectly fine. It's the I have the asus 10 gig rj 45, you know interface card It's been working fine for quite a few years So that's why I don't think much about it. I watch you from some time. I forgot you mainly do linux. Oh, that's okay lots of fun Linux is my I don't know. I'm more way more crumpled linux Don't use that many web application firewalls. So a little outside of my knowledge space So not something I have a lot of experience with All right, I will give it three more minutes Then I'll just quit at 450 because that's almost two hours of me babbling about stuff and answering questions Don't worry. I'll be back next week to do this again. I'm not complaining I will eventually run out of voice. I have to go visit. Um My daughter and my son go hang out with them Well, I gotta figure out where they're at So if they're messaging me or whatever they're doing Let's see Lots of people tagging me in things Where are my children? They message me. So I'll figure out where I'm going next. Would you Wife gonna be happy with the homeless studio so she can see you less She's just gonna find me in the basement. That's uh I'm just gonna live there That's that's what I'm thinking. All right. I know where my kids are now All right found them so I know where to go know where to drive to next Wife gonna happy. Let's see My wife's uh working from home as well. So we'll actually She'll be working in the upstairs office and I'll be working in the basement She already have an office upstairs, but it's not suited to be a studio I was going to remodel the upstairs office to be my studio. Um, but I wanted a bigger area of For I don't know whatever reason and I didn't want to have to share an office with my wife So that's why The pittsburgh toilet. Wife says it's not happening. I'm saying Let's just say if I plumbed the toilet, but didn't build the room around it. It may be a thing I like hey trash and you have them uh in your rack behind you In your basement. Um, yeah, there is a dream machine back here And uh, we we if you notice it's not on we we plug it in we want to be disappointed We we actually refer to it here and I'm going to put a stick around it to Reflect this it's called the unified disappointment machine and we turn it on because we want to be disappointed with whatever new feature it It still doesn't have so yes, we do have a unified disappointment machine behind me. So As soon as the new studio is finished, I will Rip all of this down There's lots of things around me and computers and everything and pack it all up and move there So I think it's going to take me probably an earth Uh 30 to 60 days to get out of here because I'm waiting on contractors to finish the ceiling because that takes time More time than I'd like they they uh when you order specific things it takes longer to get them it turns out so Ah, yes, I'll connect my unified disappointment machine to my unified aggravation switch and uh get my network put together Hey, I'm not joking any of my staff if you asked them, you know, why do you plug in the unified dream machine? They go to be disappointed. That's really that's You know, we do consulting and sometimes people want us to consult on something related to it So we're like doesn't even do that. We'll plug it in. We're like, yeah So it doesn't do the thing that they hope it did. So our answer becomes sorry. It doesn't do the thing You hope it did so Uh The 1100 500 fiverr and fiverr. Sure. I would say probably Um, it's gonna be on the edge of what and I can handle 500 500 fiverr But just straight up routing it could probably route that You're not gonna run sericada. I don't know if it should be all around it. All right. I think we've finally reached the end here Awesome. I'm glad all of you there Oh, why are you uh, why are you moving to the new studio? because the old studio is part of my Office and we need more office and the way we get more office and Everything is to take my studio and I want to move it to my house and then the office will be expanded with more people What are you going to turn your current studio into office space and uh, project space for projects we have going on here? So uh next homelab show video will be Wednesday next wednesday UAPs and everything else not from them. Um Yes, this is a point machine behind pf sense. I thought about putting Uh, I may do a video on this because I I get it people bought one and they're not sure what to do with it Or they want to use it as their controller But then get a pf sense and I may do a video on how to put a pf sense in front of it It's something that people seem confused by and literally it's like I said you put it in front of it I'll talk about the pros and cons of having it double-naded. But yeah, that's um It's if you already have it and you're using it Let's say for a doorbell or a protect camera like if it's two cameras and you don't want to buy something else There's a way to configure it make it work for those things. So Do you have a roadmap for the migration to the new studio? Yeah, as soon as the contractors are done It's all about the contractors. That's it's not up to me as much as I'm at their mercy Of uh, when they get things done. So that's that's the real challenge for that All right, I said it a few times now. I'm actually gonna make it happen. There's a button over here that says n broadcast I always hate pressing this button. I don't like hitting it. I don't like saying goodbye, but I will because I have to move on Um hit me up in the forums hit me up on twitter to reach out say hi Oh You know what before I leave let's let's share this with you Please follow me on twitter for This uh stream of stupid that I did Hold on where they go We'll leave you with a tweet um Well a series of them because I felt like Doing this yes for a little while I started a little thread here Uh that says what are some of your favorite tech jokes some of mine are favorite Some of my favorites are about udb because I don't care if you get them or not And the worst ones are about broadcast storms because everyone's already heard them so many times Also be careful sharing rfc 1918 jokes because they should only be told in private Jay came in here with uh a sequel curry walks in a bar sees two tables walks up to them and says May I join you? Uh crc jokes tend to get repeated often until you get them right, but serial jokes are done one done bit by bit Uh, oh I do like this one Uh like on that what kind of networking do they use in the shire? Token ring Hey, who's going to tell us a good domain name joke? Ah, this is uh, I'm going to keep this up as many as I can do it because it's all about the ntp jokes Ntp jokes are good as long as they're well timed But if anyone tells you a token ring joke remember that you need to wait your turn to laugh I'll throw this out there for any of you that are also following me around on twitter Um Oh away we go if you feel like contributing or following me on twitter Yes, absolutely feel free to contribute and Enjoying to my silliness So go ahead and uh, all right. I'm seeing anything else. Yes. So hopefully you enjoyed my jet Dad jokes and follow me on twitter connect with me on linkedin or wherever you may find me I'm all over the socials. I don't mind when people connect to me I do not do tech support for dms if you want to dms say hi I do respond But if you go tom, how do I do this? I may just respond with the forum link Because I don't do tech support over dms. Hopefully that makes it clear. So Nice, I like the token ring one. Thank you very much. So All right, now I can end broadcast I gave everyone something to go read and laugh about as well. So all right. Take care See you next year literally see you next year. Oh, I only get to say that once a year really