 And we are live number 344 vlog Thursday Let's see here. I didn't have everything pulled up because I was running up and down the stairs and Make sure the live stream is live. Usually you have a couple extra windows pulled up here and Says live now Okay, cool It's confusing because it said I had zero viewers and I'm like I thought they seen viewers over here So I refreshed and it's all working now. So cool. All right Let's see oh, let's talk about the network cables. Um, I actually have Drop a link or all of those thin cables What did that go there? They are cool. This link is going into right now I'll answer that question right away for the thin cables and you'll find this in the links down below All the time because the kit dot co link That I have in there has all the cables and doodads that I like especially these Well, there's two different types of thin cables that I like None are in reach for me to grab for you and show but The ones we have are the mono price ones like this Um, there's ones with the little spring on them. And then these are the ones. I think you probably see in the picture here You purchased this item on december of 2022 So I've definitely bought a lot of these. Uh, they work really well These are not the thin flat ones those ones. I don't care for these are just the thin Slim run mono price cables. They're they work really well. Um, haven't had a problem with them They do seem to do the work. Um A year. Oh, yeah, finally when europeans can watch because yes Yeah, I gotta do the night ones more though too because the night ones have more people Oh Been a while since you cut a live stream. Yeah, cool. Very cool. Good to see all of you here Does the u6 mesh have o f dma? I don't know I'm not sure Look at the specs on there. Oh, they're almost always out of them. The demand is probably high on those So you back in stock next month they get pushed back at least a month. Yeah, that's the problem Finding stock out all this stuff But before we jump to the unify things well, first we'll talk about a message And I can't remember if I read last week and it says Let me turn it this way. So it's easier to read Take this out. This is not what it's about Says Oh man Too many windows open today You've covered. Hey tom. Hope you're all doing well You've covered tail scale versus zero tier videos where you call side-by-side test heroes better performance Oh, yeah. Yeah. Yeah. Okay. This is me talking about tail scale And I am working on kind of an updated video on this again as a topic. I didn't get it done this week I did do some videos about tail scale and using it with truenas recently But I am working on a bigger picture video for Uh, just how much I like tail scale for its functionality And I know I talked about speed and it matters to an extent But mostly the majority of what I need when I travel is connectivity And that is one of the absolute things that are like the most important to me is that the Connectivity works really really well Because if I want to have access to the things I have at home Most of my limiting factor isn't the vpn It is the speed of the connection of the location. I'm at whatever bandwidth restrictions may apply So it's not like I need the ultimate in speed for vpn because usually Bandwidth is where they cap out not the actual Uh performance of the vpn Oh, allegedly, I shouldn't type while people are listening because there's a Uh that whole report about people being able to defer passwords based on Based on the uh Keyboard listening to the typing that was an interesting report. So Have you used those? Someone's in hostile emf environments? Yeah, that seems to be just less of an issue than people think it is It's not something we've ever run into as a problem. Um I should probably do a video on that at some point because people seem to think that the emf waves will really mess with things and they just don't near as much as people think they do It's like the out of spec cabling videos. So I'm done And maybe I should do new versions of those videos where I show that you can go beyond The spec of the cable now, which is not going to pass the sort of cable certifier, but it'll work Um any issues with the u6 lights randomly disconnecting and re-adapting nope never had that problem Other than writing rules in the tail scale dashboards are better way of creating access rules on pf sense itself with When using tail scale, I covered that in my video. Uh the details are all in the video for how to do that Um, I don't remember the exact I don't want to say anything wrong. So Um, I'll just say it's it's in my tail scale and pf sense video I covered the firewall rules for stuff But there's some things that you I believe there was some things that came to the conclusion that you have to do inside of tail scale Especially because the if you're talking about inner device communication pf sense has no control over that anyways Good enough to change the unify Here's my problem And I talked about this last night with my friends uh radar and two guys tech If you don't subscribe to their channels, you should I was on a live stream and I just don't have I mean cool product guys at altar labs, but you don't have a self-hosted controller. I can't trust setting it up And then having a potential like that they go out of business and then I have a bunch of bricks that I sold That's my problem with these companies Cool, you got a cloud lock-in because that's how you got funded because someone's like, hey As long as you lock them into our cloud, they can't leave us and you can charge subscriptions or whatever Whatever that long end run is they plan to do but It's hard for me to sell a product from a startup with a proprietary cloud That I can't do any self-hosting of and there's no way to go to local management on device. So I I just can't and they're not compelling enough to switch from unify They they don't offer features that make me go. Oh this this is the feature If if only I had this and oh look this company has that feature I can't name a feature that they have that is so killer that would make me want to risk potential reputation On a cloud locked-in device. That's kind of my attitude about most new things You know, you deal with it with companies like maraki and maraki charges you dearly for that subscription But you also know I I'm certainly and based on what they charge I have no fear that maraki will close up shop tomorrow because there's too much money flowing into that bucket That they just be they want to keep that company going because it's a it's just a money-making machine Uh, and that's just You know one of those things We can see the password and reflection in glasses. Yes Would sef be better than gluster for true nascale where to come down to configurations zfs versus sef in terms of resilience There you're not asking the question in a right way. So Sef doesn't work with true nascale. So I there's the first one Sef is completely different. So is sef better than gluster? I think so based on not my own experience but Talking to really smart people that are better suited for this. I gluster is good Um sef is better. But here's the people that are telling me that sef is better They're managing 10 plus petabytes of data They seem to have opinions that sef works better for their scenario I don't know how many home users have 10 petabytes of data where they're going to run into scalability problems so I I don't It's it's one of those questions like I I don't know what you're doing to give you a better contextual answer Gluster may be fine for what you need to do It starts with the use case You don't pick the tool you start with the use case and then you start looking around for the tools that fit I thought I'm putting that in a video because it seems so obvious But everyone comes at it from the other direction of will this tool fit this need? Well Does the need fit the tool it's it's kind of backwards sometimes if you just ask well We'll sef do it. I mean I could technically start and I use this as an example To kind of explain to people like I could start with I need to get to work I need a vehicle to get me there. Do I buy a large freight liner? It will definitely get me there But I probably don't need it, but it does the same thing as my dodge truck. It'll drive me to work So, you know, it's it's about use case first and then support ability a lot of people ask about sef and This is where the support ability comes in If you build a more complicated system and there's an update to it How are you going to fix it the nice thing about zfs is it does have complexities? But they're very well managed versus sef It's got complexities that are a little harder to manage because there's not like an easy UI Like there is in true nas for example to click update and solve the problem So it's a lot of those are a lot of thoughts that I I look at support ability not like will this work It's like when you build this over complicated kubernetes cluster to host maybe two things Maybe those two things are unless you just want to learn kubernetes. I mean if that's the goal That's a different goal. So it's it's not like an easy question to answer. It's not a black and white answer We love the converters switches over silver and cables to make things so much cleaner specks as comm spoke system x And then no, oh, uh I hate hotel internet totally chokes everything barely 360. Yeah Currently have union pro s usw light connected All ports use usw in the us should I upgrade to unify switch 24 pe for better network speed lower latency? You're not going to get a latency difference between switches The switches aren't going to cause you the latency difference 4k streaming devices around 15 other devices um That's for your where was your original question Well, you figure this 4k streaming devices and 15 devices you get a figure You can watch netflix and 4k without a 1 gig connection So think about what you're watching and how much bandwidth it needs and multiply it out We had issues with network drops near an x-ray machine Uh, you shield the cables to fix it. Well, not everybody has an x-ray machine. So that's definitely a more edge use case if you're running x-ray machines if you're running any type of Similar equipment you have a slightly different use case than the average person asking this question About what do you need to shield the cables? So I have a Unify enterprise 8 poe runs 75c and the fans still haven't kicked in this cannot be healthy for us to plead most afters Is point of fan at it? Hmm? Interesting Unify port aggregation reaches hp port trunking one or more ports. How are they different trunk ports and aggregation ports are different things trunk ports are where you're going to pass all the v-lands over to the next switch or incoming to that switch Uh aggregation is where you are going to aggregate switches switch together Let's go over though and I want to talk about this before we get far off topic And uh, let me Go to the unify network on my unify dream machine here Because this is one of the topics I had for today And the good and bad of unify I'll get this out of the way early here in a video because I usually wander around on all the other topics later. Let me drink water Now I am going to do a review Of the dream machine because I've you know, it's got the features that I complained about it not having before So when it comes to unify equipment, we sell a ton of unify access points and unify switches We have installed as many as I I mean, I think we spent two or three hundred thousand dollars on access points and switches last year maybe more Um, actually, I know more because we had one project that was like a few hundred thousand dollars So we're talking like thousands and thousands of switches and access points just Tons of these things and they just work they work really well And the firewalls are slowly catching up with being a better device Now I think these are now a good fit for home users They're a good fit for maybe a small business But there's still some real pain points with these and one of the pain points And I forgot how bad this was and this came up last night when we were discussing is just how bad the firewall rules are on this and how Just weird they are For example, if you want to make firewall rules first is how they spread them out into the different segments here with all rules and everything else is a little strange, but I Don't understand why when i'm trying to create firewall rules why they do certain things the way they do So if we want to create a port forward or even some of the rules here, let's like create a new entry I can't type for example network port Yeah port or ip group any okay, I guess I got to go and create a new group I'm granted. I only have to go to here and I can create a port group. So 10443 Create new port ip group ip address submit. Oh, okay. Uh, that's a profile name. Hold on And we'll call it a port group and then we'll put the port and he does have the ability to add multiple ports If I needed to so create a new port group This is just a more clunky way to do rules in my opinion Because one of the problems is after I create this rule and we'll apply the change Oh test Is there's not even a mouse over here to tell me what that rule and exactly Go back to all rules because over here. Where's it labeled? uh test Right there like except all internet in but what does that rule do now? I have to click on it and then I have to go figure out. Okay. It's got a port rule Like the way that you do firewall rules in here is just silly like here's the port group But where's the port? I know a port I typed in but like this is when I do my review I want to make sure I'm concise on this like yes It has the ability to do firewall rules In similar ways to pf sense with some exceptions because they don't have a good aliasing system They use their port group system But from a functional standpoint, this is way harder and way more confusing to sort out a bunch of rules in a unify versus a pf sense or say there's a very Usability difference between the way these firewalls work and also the inability for you to set for example I believe you can't build and these are the little details I got to make sure because they've been slowly fixing things But I don't think this is fixed if I want to filter the incoming on this I have to do it on a per rule basis to filter for certain incoming ips. I can't build a group or List of ips individual like hey, here's these fives completely separate ips I want to have access to this particular inbound filter rule and they don't seem to have an option for that This is where like great that they solved some of their problems But they haven't solved all their problems and that is just Yeah, that it's just so messy the way they do this um I don't really understand The uh, what do you call it? The logic if you to lack of another word so Just doesn't make a lot of sense Uh for new construction home, would you install cat 5e cat 6 cat 6 is fine for most new construction homes? so Yeah, the oh the ip6 sucks as well. Yeah Um, I wouldn't bother fiber in in a new home cat 6 is probably fine cat 6a is not much more Uh, but it's harder a little bit harder to terminate cat 6a How do you know if I switch uh do port groups because it's the same as how I would do it in hp? um I don't understand that as a question Yeah, they are making progress, uh, but udm firewall rules are not cool. Yeah, that's I see a lot of people agreeing with me here cat 6 is sufficient for the cable, but That it's just so confusing why they do it this way. Oh and by the way Let's go ahead and be even weirder by going down here and create a port forwarding rule Where you do get to type the port you can now if we did it here It lets us choose this by the way it lets us choose the interface like this Over at ip you can put this in there test and then I don't forget I forget the ip range is behind this but You got one sure But if we make it this way Actually, we'll put it in something. I know it's not valid 23.2 Here we go both apply And now this one shows me the port number. So that's fun Oh from Limited if we said limited we can list a source ip but not a bunch of them Like I said, it's just very basic on the firewall rules and inconsistent because down here We have this this was part of our discussion last night We had on the live stream though was like why do they make this weird and why do they make it not as good as it could be? And that matters especially if you have a lot of firewall rules to write so my recommendations for this device are Finally, they have vpn, but if you need a lot of firewall rules, probably don't go with the udm pro Because you're gonna have a headache dealing with them. Um, so it'll be kind of well those recommendations This is why but and they I always feel like they're on the precipice of greatness like you've got a cool all in one appliance to do all the things but You still missed the mark on a few spots here. So Any thoughts on this video showing dns to point to new unified devices to a cloud hosted controller? I covered that in my last video. So you're in luck. I've already did that video and I did it. Um When did I do that video? It's on my channel. It was posted within the last couple days. It was about setting a controller. I have two different videos on cloud controllers. Uh, so The term you're looking for is more specifically um The set and form command. I was going to see if I can pull it up real quick set space and form Unify and you'll find it but I have videos where I walk through all of that Uh I would use the latest available because it's hard to change cabling afterwards There's diminishing returns. I wouldn't waste my money on cat 7 cat 7's more money and harder to terminate and probably not necessary Do you use dns over tls and pf sense? Nope Although their product by the support community forum sucks. They have a user named ui glenn his customer service skills suck Uh demeaning people and doesn't respond to issues all the time. Well, yeah, their support's bad. That's That's a given But it's you give what you pay for Is it possible to set up radius profiling unify for nps off? I'm not sure it's not something I would do or recommend doing I wouldn't rely on it for that Is there something in the usa only firewalls that have a back door that can be sold? That's a rumor That's a rumor. Now it depends. I mean not that there's an official back door in Um 40 net but I've covered that 40 net's so bad They get back doored a lot. I don't think they officially want it there I think they just are really bad at coding and don't feel like refactoring the code to get rid of all the problems But no, there's no Back door. There's no back door. You can look through like pf sense. For example Um You know, but is there a back door in some us product? Probably not in there. Is there some firewall with a potential back door? Maybe I don't know of any major brand that would do it but plenty of Crappy brands are out there that might have things like that Uh, what have you made any progress in a three experts three hypervised video? Nope Nope. I always uh You know, I uh I say let me know when you want to do the video and getting the people together to the video is sometimes a little bit challenging Um, I seen someone ask the temperature. I don't know I I don't have a thermometer or something to measure the thermals on it So I don't know the temperature of the udm pro or are you talking about does the udm pro actually here's a question um Does the udm pro show that information? I don't think it shows its own temperature. Does it I'm gonna go and know I Don't see it. So I don't know what the temperature is on my udm pro If you're doing advanced firewall, don't use udm pro if you simplified your network You can use a udm and it'll be super happy with it. Yeah, it all depends if you I mean not everybody needs port forwarding so Can you disable net and wan without a hack? Uh, that was showstopper. Nope. Not that I know of For some reason you can only set up for ssd on unify Yes, you can only set up for ssd unless you turn off meshing and then you can Uh, I think you can go to eight without mesh. I don't know if that's true for all devices Um, but why do you need more than four? That that's the what are you doing that requires more than four ssid's I have two I we install large companies that you have sometimes three We have a medical facility with 300 access points and only three ssid's The I've did the web controller it reconfigured my site From oh and it broke. Hmm. Not sure why We didn't talk about true nas, uh, kobia I don't think it's available yet if i'm not mistaken It's not released. It's in beta. So we're getting closer And you see check for updates. Does it see it? Ooh, okay. It is released today then. All right All right Neat, well, I'll update that today. No, this is just a minor update. This is still bluefin Yeah, kobia is still beta So there's an incremental release But yeah, I'm not ready. I I'll sweat. I'll test the beta on something else. I'm not test. This is my recording machine Um, I'll test the beta on one of the other ones Uh, we're not using net box right now, but we plan to set up a net box system It's not a to-do list actually, uh, I've been wanting one because we have so much equipment between the two companies now We want we've been wanting to set up net box. It's been like just something I want to do Especially because there's really good integration with xcp and g and net box now To revise my earlier question, how does unify switches do port groups because I don't see this in the controller compared to other switches I don't understand the port group question Like what are what is the port you want to? group ports together I Is I guess tell me what the goal is Uh, because I'm not an hp expert. I do a lot of unify I know a lot about switches, but I'm trying to figure out exactly what is the goal you're trying to do Just go in here and aggregate different ports together Because I think like if you wanted to do Uh, where's it at? I'm not going to do this because it'll cause some drama But you can Put the port you want to take the ports and uh, What would it do here? Where'd they move that to? Oh, you had to you had to do under manual Huh, where'd they move that? Oh, here we go aggregate And then you choose which ports you want to have set to aggregate If that I think that's maybe what you're asking I don't know but you can do port aggregation right there If you go to the top on unify os page, it will show you See is in there about the council? 46c 46 centigrade Think system states attempts on the udm interface above the networking app cool Uh backup unify protect to another server. No, that's not a feature they have What is the largest unify deployment your team has ever done switches ap's included any lessons or as you can share Yes, I have a video called large access point deployments and talking about how to tune the controller for large access point deployments It's documented in unify as well. So the lesson learned is Follow my guide for large unify deployments There's not there's nothing special you have to do they scale really well Um, you just change a couple defaults. I believe in some of the java stuff and you're done uh, large is install has probably 40 or 50 switches and 300 and something 300 30 340 access points I think there's some bigger ones we did but that's the one that comes to mind because I worked on that one My staff has consulted on a lot of them. So I'd probably have to ask the staff if there's one bigger than that one I know we've done a couple roughly the same size that are in the two to 300 range. Um, so It supports a few thousand people on it How much ram and cpu unify controllers using and how many ap's are connected? Uh, we have about 80 sites connected I don't know exactly how many is in that. Um I don't have an ap count, but I can tell you that even with 80 sites it's using about, um 7.12 gigs of ram right now. So there you go 7 gigs of ram with about 80 sites the cpu is pretty much idled. Um It doesn't have here's some peak data that goes in here from time to time But it doesn't take much to run the controller The controllers are relatively efficient What do you do if you want to install cabling which is future proof wouldn't you invest in cat seven? Nope, I would not more times if people said cat size was efficient at times change Uh, cat six has been out for 15 years and It's a diminishing return problem. There's at some point We 10 gig has been out since 2006 and we're still not using it everywhere Because there's diminishing returns. There comes a point where you just don't need a bigger pipe coming in That's not where the bandwidth limitation is so You can move 10 gig, but even 25 gig is rare right now. So what would be the purpose of cat seven? Yeah, I see in the email about it being beta poor group Setting clan setting vlands. I'm assuming you mean vlands to the ports you select Port tagging I have a whole video on vlands. I need I do need to do a bit a new one because they changed the interface a little bit um But when you set a vlan on a port let me close I just want to choose a port that doesn't have anything on it. Here's where you set all the vlands for that port So it's on lts tom. We can also set it to this one these other vlands here or none And if you wanted to do it this way You can choose to block all or allow all and then you can put all of them on here And group them together or only select certain ones. Is this what you were looking for? How do you assign? Uh vlands to a port can you do a video on how to get certain devices such as phones to use a specific vlan through dhcp Um, I've done the video a long time ago on it the term you're looking for is lldp Lldp will do that for you and it's an option. You just you got to build your lldp network I guess there's you know the interface has changed so I could do a new version of it But that works on setting up lldp Where do you choose that in here? Ah right here You create a new network. Oh, where do they move it to? I have to look at where they move the lldp. There's an option. Maybe it's when you already have the network built Third party gateway. Oh wait, I think you have to create Uh somewhere where do they move that to? Create new Oh, you got to build a profile. That's why I just want to do a new video on this. There we go. And right there's that option I was looking for you have to build it as a profile For that port and then choose which network is the lldp I forgot where they moved a lot of this stuff in the new interface Let's see catch up in all this I watched a video in unify controller and we use the local controller and migrated is nice I'm looking into a set dns option for new unified devices to find a controller Set up a d uh DHCP option 43 is another way to do that There's undoubtedly some forum posts. This is what you're looking for though Is setting this right here And setting it so your dhcp actually will hand The system The right ip address Who is messaging me Let me send this one of my staff is looking for something I'll send him a link real quick So this is gonna use needs a link to the lab All right, cool And that's after you it's not safe for work. That's not where my work computer is I have lts tom in the not safe for work network Do did have concerns hosting the unify controller for customers We've for either customer local install or cloud service not just for unify. I don't have any concerns hosting it It's a lot easier when you have 80 site. I think it's like 80 something sites we have in there Um managing those remotely 80 sites would be harder than managing a controller with 80 sites in it How are you optimizing a unify setup? Just wi-fi man. I just do 5 gigahertz setups. What about the handovers? What are you optimizing? Uh, the defaults work really good I joke about how much am I consulting is setting back defaults from people who twiddle all the knobs And and mess up the systems the defaults work really well for doing handoffs and You can I mean if you need to because you run into a sticky connection problem where a device is right between two of them And too many devices are going to one you can turn the power down on one device So they go over there, but there's not a lot you need to do You can ask what brand my glasses are, but I literally have no idea They're whichever ones my client picked up for me and they don't have a name on them Oh, wait, they do I well, no, that's not that's a logo. I don't know the name of that company I know the logo. It's that logo that looks like an h so It's the can can we get a close up of that? Let me see the logo on my glasses Maybe It's not focusing very well Come on I don't know. I don't know if you can see the logo there since sidetracked squirrel Do you prefer brands of cat 6a bulk other than what do you look for purchasing boxes? Make sure that the boxes the cable are not Are not the copper clad aluminum Um, I have a video already on wi-fi roaming. It works by default inside the unify And this is absolutely correct roaming is function function of the client That's why I made a video on it because people keep thinking they're access points of the problem We did a very large bid that we want the reason we won the bid is because Two or three different companies came in and bid and didn't ask what the end points for they were having all kinds of roaming problems And the end points were the problem and I pointed out that the drivers that were running them were so old on these end points That's why they weren't handing off very well And that I could not sell him a better wi-fi in his warehouse to solve his problem And he says how did I have three other companies out here give me quotes and never bothered telling me that I said I don't know But it is a common misconception that wi-fi handoffs are a function That relies heavily on the Access point itself. It's actually a lot to do with the devices I don't know why you'd have a problem mixing the two I can't think of a reason why I worried my house from the outside. I chose cat seven had 150 feet of keyboard and salt seemed more solid shielded Uh, my knowledge would cat 6p enough. Yes cat 6 is enough. That should be the title of this particular vlog is cat 6 is enough Tom takes his glasses off And it gets funny under armor. That's who that logo is right? I don't know brands very well as someone may notice. I'm not particularly a style person Yep, and Cory's reiterating this on like uh, lte wi-fi roaming is a client function Yeah, it doesn't help much matter of fact. I have found um, I My mac is the only device that has this. I got that mac book air No, the device likes doing this besides the mac book It gets stuck and on the on the furthest wi-fi for not long But longer than it should that is a weird bug that my phone doesn't have my other laptops In the plural none of them do this only my mac book air will Keep hanging on to the further away wi-fi and I don't really understand why it does that Um, but it maybe mac is just not as aggressive at trying to switch to another wi-fi That is my guess, but I don't know it's it's completely a mac problem It is not no other device does it basically when I go outside and I was doing my live stream from the gazebo um When I first get out to the gazebo sometimes it goes I'm going to stick with that real the one on the other side of the house We're just going to stay connected to that one and I'm like why I get in the simple solution is uh, Disconnect and reconnect wi-fi and it'll connect right away to the right one But this is exclusive to my mac doing it. None of my other devices seem to have that issue You have well real tech is where your problems began with that whole sentence Classes work so that is the most I that's how I am they work and It's simple as that I have a school full of mac books that have the same issue. Okay, so people are chiming in it's a problem Just want to say hello, uh, I hope you're doing well. We'll still Still living along here. Well, thank you Why does my windows pc have a mac address? Oh, yeah, yeah, yeah I didn't want a mac I'll go with that's pretty funny because my mac has a mac address And so does my pc Yeah, the mac is weird I I had a mac book air laying around the office. So I started using it I kind of like I just like the keyboard and the battery life in the screen I there's the ecosystem. I'm not a fan of but I send emails from it I send emails using a browser and I have slack open where I also communicate with people to me. It's a uh, It's an inexpensive. Well, it's not inexpensive. It's actually kind of pricey But it's just it's an m1 mac the battery life is amazing and it's a communications device It works wonderful as a communications device. That's all I'm really using it for I read on it and I communicate with people I don't do any work on it. Well, I guess that's work communications is part of my job. I guess I do comms 20 years ago cat 5e the whole house haven't even replaced it. I agree. I don't I have cat 5 and Because we had a box of it and I didn't know it's we have just a couple connections I ran with cat 5 because I was trying to get everything done And I was like, ah, let's pull this cat 5 for these short runs. There's nothing wrong with using cat 5 in the house Even today, but if you are going to buy it, I don't you know if you can buy cat 5 because between cat 5e Well, I should say cat 5e cat 5e and cat 6 are Pretty much similar in price now. I don't think there's really any price savings for cat 5e. It could be wrong There's always something on clearance, but generally speaking I'll see But I feel was half-baked still finding myself going back to legacy also changing multiple ports at once. Yeah It's a little bit of that, but it's not too much of that Um Fast roaming is as long as your clients support a more enhanced roaming is the fast roaming I believe I covered that in my video the differences between it I have a video called wi-fi roaming. It's easy to find on my channel We have a non-rout of storage between nas servers. How does the desktop access the shares on nas? Since it's on another network or routing generally you put your storage and for example, sonology There's a reason sonology in the true nas boxes the ones from my ex systems like this as well They have multiple network cards. This allows you to put the device into multiple networks to avoid routing your storage Yes, you could adjust the rssi on the access points in order to Fix the roaming it. Well, it can help with the roaming issues Apple has a hard time with roaming. They want to hold on already. Yep. Don't know why I have an hpz book, which is the real tech chip. Well, I wish it was intel. Yeah Uh hard blocking ports 80 and 443 even though port forwarded. I haven't really tried that I don't know there's a problem there Our Apple devices do that too, even if it swaps from the better signal to the worst one I have a feeling we want to swap to a different ap. Hmm. Yeah, you can run 10 gig over um Cat 5e for short distances. Now, it's unofficial It's not a guarantee to the work But if you've got a good quality cat 5e cable, you'll probably find you can get 10 gig working over it Not a guarantee I keep reading goods and bads about unifying. I'm confused. We have house and an airbnb. I just need a guest not working three ap's um Yeah, for you know, and this is an ideal use case for something like the dream machine You want something basic, you know, you know, if you're setting up an airbnb with some guest wi-fi You're not likely that you're setting up a bunch of port forwarding. You probably don't need vpn You just need wi-fi that works and a router that will work and I think those two Checkboxes are easy to meet with the unified dream machine. Like it works doing that. That's a decent configuration The house that I see we cat 6a Uh, never intermine at the ends give up people think the whole process of terminating and then yeah the termination And installing it properly is a much bigger deal than the cable frequently Single nick of my true max boxy and my router could handle 10 g. I'd want to send the traffic there. Yeah put more nicks in um You know even my This is an old one. I have let me pull it up But this device here is several years old. I think I've had it for four or five years But even even this it came with four interfaces on it. I only need one for what I'm using it for but Yeah, it's got four interfaces And then my Synology log into that real quick control panel network Strology for I'm using the interface is more so on the Synology But this is generally how you solve your storage problems as you put the interface into each network that it's on I have engine exit up behind the udm and forwarding 84 for 3 outside So no go about to put pf sense back in this afternoon double check gets me out of the firewall I I think you can forward those but I honestly don't know I I don't know what to hang up would be for it because we do so well I do no consulting on unify dream machines Um, I know my staff does some I have I have at least one person who's got enough experience to do consulting on them I'm just not that person. I do unify consulting. I just don't do unify dream machine myself the company does it Are the support logs on udm? Pro encrypted. I don't know Um, probably maybe I'm not sure What cameras did you recommend for a home user? I like the amcrest ones. I did a video on the amcrest I like it unless you're looking for some type of cloud camera. I'm not a big fan of those I'm not the expert on the cloud cameras, but I do like the amcrest cameras Amcrest with Synology works really well Do you have any experience with setups where you've had multiple connections like, uh, starlink which are all wireless And where the connection I mean, I usually don't usually have anyone with multiple star links. I We've got people with starlink just not multiple star links But I have videos on setting up pf sense with, uh Load balancing and things like that. So it doesn't really matter what the connection is The other benefits connecting udm pro poe with a deck cable and sfp considering home cat 6a 1 gig internet Um, it's just a form factor Dack is a different form factor than your standard rj45 type cables, but they are not a speed difference If you have a one gig connection with a deck, you still have the same one gig connection with the rj45 Most home runs are under 50 feet 50 meters consensus good quality cat 5e can do up to 10 gigs over that yeah This is generally I in this I believe that video I have is called like out of spec cabling Ever been to nordics. No I've got mixed feelings on the real link. I've had they they're the ones I've had a lot of failures on they may be better Uh, but in the past I had a lot of failures in them I have not we we don't have enough unified dream machines because we don't manage them for anyone So we don't have enough unified dream machines. Well, we do Maybe I got to hook one more up because I do have one more Dream machine I can get set up to do it. So I I haven't really had a chance to test it because I don't have anywhere to test it I also don't like that. It's cloud dependent I know that once it's set up as long as there's no ip changes. It'll keep working without their cloud dependency, but I don't know I'm not big on the cloud dependency, but I guess it makes it easier. So that's a nice thing Set up air bnb with unify ap sg 1100. Thanks so much for all the tutorials for both products rewifi networks different units tail scale for the update ability awesome I am doing well Magic site works surprisingly well when I test it last week It's I mean all that's doing is coordinating where to connect wire guard. It's cool I I think it's a cool feature. I just would like to know That they're gonna keep supporting it over time like that's the big thing I have on it Yeah, once you go tail scale works really well. So um, that's a pretty cool one Benefit of using multiple nicks with true nas is having you don't want to route your storage You want to put your storage in each network where it belongs? Hoping unify ad support for wire guard site to site So you dm pro os ad blocker effective. Um, it's not going to be as effective as a pie hole Just saw your video by arc size glad my question last time was able to inspire a video on the topic Or maybe I'm being presumptuous. Um You are among the people who have inspired the video So I will definitely give you credit for that. Um, lots of people ask and I don't understand why this isn't like a built-in feature But I they didn't have to make this that hard. You've seen how easy it was to set the arc size Why not just give us a knob and Let's say like let's just turn the knob up to where we want it. Leave it at default. That's fine But give us an option just you know make Why just comment to make a video because it's not by the way I didn't refer back to their documentation on it because there's not any documentation on it I don't understand that part like this is not a hard piece of documentation to create or unless i'm wrong I just couldn't find it because google certainly didn't land on the documentation Uh, it's not off-brand tail scale because it's different than tail scale tail scale is a lot more advanced and in their Magic vpn as they call it just connects a couple unified dream machines together And you have experience connections, uh, which are changing with their reliability So changing priority and pfc startling so on be great to change priority on demand You can set this up to track latency per connection, but All that does is mark that member down The the way to make that work is to an sd-wan solution So if you wanted to work really seamlessly You'll need an sd-wan solution Uh pep link I think makes one that's pretty popular. There's a couple other companies out there that make it They're all commercial paid solutions by the way Um, the solutions exist. They're just I mean, I don't know about how pricey they are. That's a very relative term. They have a cost There is no sd-wan solution It doesn't have a cost because to make sd-wan work, which I did a whole video breaking down the different types of sd-wan Because a lot of people misunderstand this to get multiple wan connections together You need an sd-wan that works with the Connection on each side of all the devices to bond them together Can you secure the storage to each connection? I have a video called securing your nas so you're in luck I explain how that works. Yes, you can there's rules and parameters and it's all to find out in my video What software tools you've been playing with lately? The same as usual mostly xcp and g Um, because I've been doing a lot more consulting on it Which I think of what else lots of true nas Oh, I've I still have a lot more to go on my true nas because I'm having to rebuild Some of my true nas and because I'm having to rebuild things on it I How I just while I'm doing the rebuild on it. It's an explainer because it broke things for clients. It's breaking things for me It's the unencrypted. Well, I don't know if I have any clients that use this right at the moment But I know at least one of them might need it There's a lot of changes they made to the way zfs encryption rules are Well, it's one big change where you can't nest unencrypted data sets with encrypted base data sets So I need to do a new explainer video and talk about why And how that works and how you get around it I've had this as a puzzle I don't know what would cause it But I have noticed without rebooting The system has unset that and I don't know why because I can't make it happen But since I've been on the latest version, it doesn't seem to happen anymore But I agree with you completely. I seen it happen on a previous version But I can't repeat it and it would go weeks without doing it So but since I moved to the latest version, the problem hasn't occurred pf sense win Being able to use dual isps with dynamic addresses on both ends dynamic dns ip6 tunnels to the dynamic VIPs at cloud fair was super impressive. It works. Yeah that's uh That's a solution to work. Sorry. I'm yawning a little bit You can run headscale one of those sites eliminate the cloud dependency that is correct So magic is more like your Uh tail scale on wish well, I mean it just works for their devices tell work with um W10 and wsl a bunch you I don't know. I don't have any problems with mixing linux and windows Well, I don't have that many went out right now. I have none, but I know clients that have windows machines attached Most important pros and cons that unify Uh rewind the video and all it's there the pros are the good access points and switches The cons are the firewalls Does not handshake a lot of ip's are set but works when it's limited to internal ip's No, I'm not really sure Flexi wan I in didn't that's was that company I think that's the name of one of them. There's a lot of I never used it and there's their pricing Paid monthly 40 dollars per month played nearly 33 dollars a month There's more to it because it has to go There there's more to setting it up because you're so of having the end point set up But yeah, all these have if you want these sd wan solutions, they all have Prices they're none of them are free and Because you have to host them somewhere as well The arm is doing much better For those you don't don't know back in 341. That's so I can tell that was three weeks ago I was in a sling. I I am only in a sling if I'm going for too long I can pick up this arm and move it but I have to rest it on something after a while Yeah, and this is the problem You have to have an end point So if you look at using your diy sd wan to create seamless failover using ec2 incis In grasino so the bandwidth costs are as much as the isp charges you that is correct Because that's the next problem you run into when you build an sd wan solution And you have to put it somewhere now. You're going to be paying for the bandwidth of that System out there too. So it is there's always a cost There is no balance pool button You have to move the data around move the data off the drives and back onto the drives if you expanded a vdev That will rebalance the pool. I have a whole video on expanding vdevs as well I think it's better to use Uh pf sensors of firewall way more options if you don't need those options, then maybe it doesn't matter to you Have you done any networking between Kubernetes or docker instances on individual vlands? It's pretty seems pretty complex I don't know if it would be in scope for an msp msp Have I done it? Yeah, I thought it was cumbersome. Um, it's definitely I'm just not an expert at it. I think techno tim has done some videos on it It's not I figured it out because I wanted to see if I could get something working I was building out a system and I wanted it to attach to several other vlands And I just wanted to sit down to learn it. So I sat down to learn it I'm not an expert at it. I don't use it every day And you pretty much don't use it at all among clients So I usually want to do a video on something. It's because I have Done it so often or I'm doing consulting on it so much that I think it's a worthwhile video that I have A expertise in to share with people There's other people out there explaining how mac vlan And all the different ways docker and kubernetes do that and they're better at it than me So I leave it to them. Um, it's not something I use as much I do not understand the patchbox rack hail management. It seems overpriced They reached out to me and I just looked at it and said I don't get it. Uh It looks expensive. So that's why I don't have, um, one of those devices Let's see here. All right I have an event I'm going to so I'm gonna have to wind this down shortly here I need to reinstall open vpn over ssh. How can I get a machine if if I use a tunnel to connect to it? Uh, you're gonna have to use ssh instead of vpn I don't understand. I don't really know what solution you are. You're hoping I'll provide for that. Um, Set up another server on it set up wire guard on it open up ssh and filter to your ip address Pure ssd m2 server thoughts on that sure Sounds fun That's my thoughts Uh, do you have advice on running sir kata or box support mirror? Well, if you run it on the firewall Then you are going to be able to action on the rules if you use as a port mirror It's just it's passive all the time. So do you want it to be active or passive? Are you using uh, zoros? Yeah, we use zoros for our clients If you want options use meeker tick a router ruster files Can wire guard split tunnel be set up between traffic between websites or vpn like it does with subnets? Uh, vpn is set up to route. Well, not it's not wire guard function. It's policy routing So you can do policy routing in pf sense to get your traffic to go where you want it to I don't use vio. So I'll let other people talk about it Let's see here Anyone else going to gercan? I will be at gercan My thoughts are will tune us to a lot of writing to the ssds example for data scrubbing I guess that also depends on what I mean Scrubs are definitely right intensive when you do a scrub. Does it do a lot of it? How often do you set it to run how much data is on there? Um anything new coming on blumera videos? Yeah, I'm hoping to get that done maybe another week I'm caught up on all the other things I wanted to get done. So Hopefully I'll get a blumera video done too. They were asking me about it too Uh, do you think tnsr is at a place to video compare to other firewalls? I don't use it. So I don't really have an opinion on it So that and I just don't use it or have a use case for it Um scrubs are data integrity checks that zfs does to validate all the data in the pool 20 times 4 terabit. Well, it's not the number of drives and also don't make a 20 wide vdev Hopefully you're splitting it up into two 10 uh units for the vdev Gercan where everybody's angry all the time Well, yeah, when you're mostly doing read when you're doing that You're splitting up into three raids e3 That doesn't 100% make sense And the reason why is three doesn't go into 20 So you're doing three so you're doing Nine drives per what are you doing with the two extra drives? 20 wide vdev though could have a right hole problem That's why I suggested that so yes Hopefully that makes sense No, I watched my video on zf expanding zfs. I did a video Uh On as a topic Seems like I mean, I guess having spares is a good thing. So as long as you're fine with Um, having a couple spares you already have read z3 So you have a pretty good level of resiliency, but having two spares I mean if that works for you So it's all about it's all about what works for you. That's all to me what this comes down to I agree with the opinion of altar labs as I'm replacing google wi-fi google nest I tried altar labs running using unify it performs well in a home lab. Yeah and that's Definitely where the challenges come in like it's cool for a home lab But my problem really is how am I supposed to use a You know something like that from altar labs with a cloud lock in Because if the cloud goes down or they go out of business, I have bricks my problem I have is These different third party managers is what if What if those third party managers? How good are they at security? What if something happens? How are they going to handle an incident? They have access to all your firewalls if they have a security incident You have a security incident and because you've got all your clients connected to it Your clients have a security incident I don't know that i've seen any of these companies that I have the faith in to manage my firewalls Um, I get it from the hey, let's build this out But I less get it in terms of my thoughts on their security Like I need to be confident in the security before I tie all my firewalls and access to them to some company That's my thought on that Tom how are you using pi for wake on land to start servers? Do you use sh command with ether wake? Uh, nope. Nope. We'll show you exactly how I do it Because it's easy I click this button right here and it sends a wake on land packet Nope, let me show the screen This button right here For example, it's programmed to send a wake on land It says turn studio computer on so we click button and it sends wake on land I'm using home assistant to send it What about maraki? Oh, you're asking who we're talking about altos who you're talking about for the uh Um, what do you call it the wi-fi maraki's the same. They're completely cloud Less cloud the better for us all yep, you're right CFS raid for pf sense a good idea unnecessary. I'm gonna say unnecessary Um, but I mean how mission critical is it? You can you can set up mirrors inside of pf sense. It does it does support it I think it supports raid z1 or two But mirror would be adequate because you're not really worried about speed, but it's more of a why It's not a I mean, I guess it's nice having redundant driving system So if you're if you have a mission critical system redundant drives, I'm not gonna knock it Usually people go for a fully redundant firewalls with ha setups And top ng that is the tool that will break down all the traffic for you on a per client basis I need to do a video on home assistant because um, I don't just have this embedded There's actually all kinds of stuff going on here in home assistant. So I have these embedded I can control these are uh synology cameras and I even have um webhooks that Trigger when the synology has a certain action it can turn things on and off inside my studio Please send that rain and cool temperature here in central texas 111 amiral. Yeah Yeah, it's it's a lot milder here in michigan for sure Would you consider tail scale cloud probably the only cloud service I use in my homeland? I mean, yeah, it is You can also I always mention you can use head scale with it as well What is easier to handle on a wi-fi network sip or skype teams In case of handovers, which do you like more for firewalling and wi-fi? Well sip doesn't hand over very well unless you have an sd-wan solution Skype and teams will probably hand over better, but I don't know both Since microsoft bought skype, they ruined it and teams is hot garbage with a perfect connection. So none of them are great Yeah, I'll do the whole um Home assistant video soon You should do a video on n-top png try set a few times never get to actually see useful data I have a video on it for pfSense I'm not doing a standalone video because I don't use it standalone and I don't plan to So I do have a video on how to use n-top png in pfSense But it is 444. I am going to wind us down. Thank you everyone Yeah teams is just rebranded skype and they ruined skype But thank you everyone for joining. This was a lot of fun Always appreciate all the people that come and join me for this I will possibly do some more late night streams or maybe some morning streams too I did that sunday stream outside, which I think was pretty fun So hopefully I'll be doing some more live but check out. I've got a lot of videos I've been posting lately and if you want to go back and watch I was over on craft computing Just the other day on their live stream. Uh, jeff is awesome I was also with my friends radowl and two guys tech and you'll find I did some sharing of Being on their live stream as well. So thank you everyone. I have an event to go to and I do have to leave now Or it won't make it. Thanks