 Welcome to vlog Thursday number 310 management VLAN. Do you need it? Let's argue about that That seems like a fun idea, right? Pfsense lab testing a rata and some Q&A. I like the Q&A part. It's always fun We'll get to that. I'll cover a couple topics here and this is gonna be one that I'm gonna do a video on it dedicated. It's gonna be about the unify system and I didn't put unify in here I want to mix up the tagging on this video I just figured this is management VLAN's question mark But I'm gonna do a dedicated video on how to move your unify to a management VLAN Which is arbitrarily easy, but infinitely confusing and the people that are doing it are often Overly concerned about the wrong thing when it comes to security. So I figured that makes it a good discussion topic because that means there's gonna be heated debates of opinions and just opinions and Me being a snarky a bit on Twitter about it That's where some of this started by the way was my snark on Twitter related to it Let's go ahead and what did Tom post on Twitter? actually You can pull it up on this tab. There we go. I was dragging all the tabs closing all the tabs Hearing all the tabs in real time Fun thing to do Gotta make sure I don't share the wrong tabs the best way to do that is close all of them Don't don't have anything on the screen. You don't want people to see and you can't accidentally share it At least that's the theory Share a chrome tab it's gonna be the Where's my Twitter? There we go. I Don't have the right tweet pulled up yet There we go. There's the me being kind of snarky and My point was this about this. This is where this topic is going to start if you will is Besides because Cisco said so which is a lot of times people like well, it's best practice But why is it best practice? I want people to understand why they do things. I'm not saying it's a bad idea I want people to understand the why so they understand that hey, I suck on a manager Vlan But you suck out of Vlan with everything else or what you labeled as management and that's actually That came up the other day and friends where they had a there It's a co-managed deal and they're helping out the internal IT team and everything's in the DMZ Everything is in the DMZ, but it's secure because it's in the DMZ because every single thing got put in one giant network So even though they have segmentation the one label DMZ is where everything is so Let's talk about the why you do things Is that the part that really matters when it comes to laws The weakest point is always the people we can strengthen that the people can be a strength Yeah, it's not a DMZ if everything's in the DMZ. That's that was kind of the conclusion It's still labeled that in their firewall, but I but whatever That's the thing Cisco now I will admit especially Cisco They need to have management Vlan's David Bumble covered this most recently I'm sure there's other people that he just comes to mind Because if you type in Cisco Vlan hopping and how to get in the middle of some of the Cisco stuff Yeah, definitely Cisco's got some very different security ideas. So the Security ideas that they have around it are some of the problem that the way Cisco handles it There's ways to get in the middle of it. And that's one things David Bumble pop You know point it out in his video on it with unify It's very different because of the way unify manages things. That's part of the problem of Context it really comes down to the context of how that thing is managed. So let's actually remove this and Present share screen Can I share this as a window? Well, that's interesting Well, I can the way unify works and I thought I had another Video on that or another slide as I pulled this one up just before we started But The way unify works the unify app the remotely hosted unify network controller app So even if you have something on a management Vlan here, let me zoom this out a little bit it If you're using a cloud hosted version the app management Vlan kind of doesn't matter now at all other than Someone pointed out as I keep talking to willy how about this, you know, what are the threats? Like we had a real conversation We just having laughs about it and obviously if you can get to the IP address of my device You could ping flood it you could Stop it from working by flooding it with too many packets as opposed to If it was at the management interface was where it talks to the rest the network is on a different network Yeah, you couldn't ping flood it But if you're someone playing flooding things on a network they can denial of service anything Because they're on your network with high level privileges. So it doesn't it just changes where the problem is But it's it's not as big of a deal. I think as you think idea more ideally You should put everybody in a Vlan and worry less about your devices and have them on native Now I know that opens them up to the mistakes people make That's the excuse a lot of people have was well, someone could just leave a port set to all and then if someone plugs into my system They're on that network. Well Okay, you could also less likely I know you can call me out on that part less likely that someone would switch a Port to be the management Vlan instead The other problem is of course if you have it at all or you have a trunked port And you're using a separate management Vlan They can capture all the data on that port potentially and trunk themselves into that Vlan because you're sending all the data So there's you're just changing what works. Maybe they get native out of the port But if you have that port set to where it's sending everything They would have to put some effort They the threat actor would have to go listen to all the traffic Pull the Vlands out and see what other Vlands are writing on that traffic and go. Hey Here's some other data on here. I might want to get so I'm sure I figure out I want to do the video on it because I want to kind of play out the attack scenarios for each way you set it up but it's It's one of the things I think that sometimes people have a misunderstanding and because of the way unify between each one of the switches And the access points they communicate to the unified controller app via an encrypted connection That is encrypted that you even if you were on the management Vlan You were able to capture all that traffic. It's all encrypted Therefore it doesn't really get you much unless you have found a way to decrypt it if you have done such a thing You have found a way to decrypt it Awesome and you can collect a bug bounty on that they offer bug bounties if you can figure out a way to Defeat their encryption and the way and the transport method they have so it's one of those things like People get really hyped up about it, but it's not There's a lot of things that have to kind of be in play to make all that work Unify UXG probe in 301 and beta. Oh You know what if I have a company if I angered a company enough to make them update their software I I don't know if I can take credit for that, but my video is popular enough and me calling them out um They just want to prove tom wrong They're like I'm gonna prove tom wrong I'm gonna do this thing that tom said we're not gonna do because we don't like all those views tom has on that video Let's I mean honestly, I just I do have a very self-serving reason for doing this. I don't want to buy something different. I have a um You know a unified dream machine pro. I don't want to buy another one so Uh But oh this is only for the UXG not the dream machine. So only the UXG is getting it I mean Yeah, it's much less exciting Closer and closer Yeah, at least it's I mean it's it we're improving I learned I learned somewhere youtube put everything on vlan 69. Yes Love the internet box icon show it to my wife. She got to kick out of it. Yes I always like to use the internet box icon. Hello from land on under It is my friend willy who I was talking to earlier about vlands Oh Man, I feel like some cisco craze guy here We always just wait because it's the way it's done without any further reason why that's the problem I have is the I want to people to understand why If you have advice that can set It vlan take yes, this is exactly my point of the attack scenario of even though it's on a management vlan If you grab all the traffic out of a port you are also going to be able to grab the traffic going to the management vlan so Yes I like xabbix because it's got so much support built into it And so many things including pf sense have a xabbix agent that gets you all the goodies You know, I don't know why people ask so much. I feel like people who ask me about firewall are part of a cult Because there's so much Like oh tom you got to review this I said, but it's a consumer device that uses a phone as an interface It also doesn't tell me what type of data Like You in order for it to work and it's very consumer friendly. I will give them that You know with the phone interface on it and it has really simple block rules But those block rules are being fed from firewall. They're not like magically baked in so it's got some type of telemetry going to their cloud How does that work? What happens if they go out of business? What happened? Who's going to keep those feeds up? Can you adjust any of those feeds or does it turn into a pumpkin at midnight when You know the cloud service that drives it goes away. I have no interest in really reviewing something that's You know only controlled by a phone app. I just don't like that as a concept So I don't plan on doing it Consumers that use it seem to like it to the point of being really really pushy the number of dms I get on it. I just don't have an interest. I'm like if it makes you happy use it Um, I don't look at it as a serious device that we would ever use in businesses Uh, well, I think a larger solution would be zero trust networks. Uh, how are you pulling zero trust any products? I mean, I zero trust is my favorite marketing term That people don't understand. It's got slapped on everything. So you I don't know what that means. What says you you have to trust something. Therefore, uh, what is there? There's like a fuzzy definition of zero trust. It's a cool concept of marketing term. It's not a realistic one It's really just principle of least privilege. Oh, it's not zero trust. It's only trust these things Well, okay, we can do that. Uh, so it's always it needs more context than asking about it I mean, I like do we overlay networks work our overlay networks a zero trust system kind of in their own way. So Now firewall the the fan base will not let it die. I think there's a lot of people buying it to support it They keep punching out products Today, I had a new vlan for servers configured all switches couldn't ping any servers Uh, after an hour of head scratching figured I didn't close the patch cord in. Yeah, that's a different one You know, my switches are way easier to configure to vlands and ios that is for sure true So you think we made it harder for hackers? Uh, just trying to make my really weird annoying setup that requires them to spend ages to figure it all out But what are they going to figure out they get out? They're not going after your switches, by the way If you read the differ reports, it's not this wow they infiltrated the cisco switches and microsoft got owned Nope, they infiltrated the cisco switches and uber got owned. Nope. They infiltrated the cisco switches and then Uh, what's the other company? Rockstar games got owned. Nope. They tie they target the endpoints Does taking over the cisco switch possibly lead to that? It seems like the hard way to do it But yeah, you could probably figure out a way to take over switch do some dns redirection and do all kinds of You know crazy stuff, you know, hollywood. Let's get the hacker Mashed in a keyboard or i'll send a phishing email to the person that already has the access That's that's how we got it. You look at the largest attacks of 2022 Which is by the way something i am working on because i'm gonna wait right to the end of 2022 So i don't you know because hey, we still have a few days left. Um, but The biggest attacks weren't even done with mailware. They were done by attacking the people every time That's in these longer methods of doing it are Great, but people spend Um a lot more time thinking about them than they do securing the more obvious one because i've watched people It's like the browser argument right now. Oh just use different browser. Whoa I care a lot about the security updates of my browser So I really like using chrome or firefox because I trust them to deliver security updates Is fast as they need to be done versus other companies I'm always a little worried if they can roll them as fast when people ask me about using alternative browsers Because the browser is the major attack service. We're looking at right now I've if the firewall it works for you I mean go for it or did you say you bought a barracuda firewall? Haven't looked in for a long time looks like the short crude products The barracudas are fantastic. I've heard mixed reviews on them. I'm not going to blink it agree with willy. I've heard mixed things Willie how Hey, do you think it's a good idea to use him for telebox for pf sense agar at home maybe head scale Um, I don't use agar so I have no answer for that one and and I generally with pf sense I only run the official things for pf sense. So I don't create problems Uh, what are you creating? Uh topologies with it's just draw.io diagrams.net same company Get your snowblower ready. Yeah, allegedly Don't mix ios with ios lowercase Yeah, apple versus sisco You know one thing about it with the firewall It does have some consumer things for like blocking pages and dns filtering that pf sense doesn't have I mean if that works for you or that's your use case awesome Um, you know, you're not going to get that out of pf sense Zero trust after adequate violation. Yeah How do they get? Oh, congrats again on your uh getting your sisco ccna gracing awesome How they got hacked i am tim. You passed me your password. Yeah Here's a phishing email that says here's here's your christmas bonus. Uh, just click here to get it Uh, let layer three switch and add route back on pf sense Rebuilding my own raid home server to a true dance. I want to go zfs thing about going with mirrors So it's easy to expand array but raid z2 storage for you something Uh recommendations i'm fine raid z2, but you have to think about your future. I only have to think about my future So yes to expand Expanding the arrays does require some planning doing mirrors loses some storage efficiency but can offer you better Um, you know expandability later Uh, do you have video? I should look at an implement pf sense for consumer use I have lots of them like uh my getting started with pf sense videos I guess it's what you're using them for and right now we use barricade of bpn with mfa I gotta admit willy barracuda has been in the news a lot less than uh 48 for having big security flaws So I will give them that Yeah, the on-prem ad integration is probably pretty slick on those network diagram looks like A soup pf sensor fire on maker tech unify sysco switch when neck gear is going to make some decent ap's I don't think I don't hold my breath at all the neck gear will ever make uh decent ap's Our enclosed racks quiet enough to be wife friendly not usually they make special racks that are quiet though Oh, I wonder how apple didn't get sued by sysco. I'm sure there's something going on there Just finished my xcp and gga with two nas 10 gig and two rise in servers love the a s rock rack Yes, we built a few of those they all work great I am really happy with them Actually choose to our company sent bonuses as a gig gift card recorded clicking a link in an email. Wow Huh Thanks for the videos and xcp and g awesome glad I could help Uh, should I go for the pf sense rack unit or buy the one plus rack adapter? Uh, I like the rack adapter. It's really nice. We have one. Um, I got no complaints about it at all. So this, um It holds up well Well, we have a pf sense setting on top of a pf sense. So Let me present share screen But Yeah, we have one of those rack adapters They work great. I got no complaints about them at all And I you know, if you get the 6100, um, it's really quiet because it's passively cooled. That's an 8200 I have sitting right there Uh, 49 is the nightmare to deal with when it comes to zero days and memory leaks. He just can't fix some true Who a bad ass rack motherboards in a row that sucks I'm using any of the ai features on your am amcrest canvas I sure am I have a whole video if you type in amcrest ai on my channel. You will uh, see it I have videos on that Yeah, rack is never quite it's it's all about what's in the rack good point Cisco have licensed green with apple at the bottom of their term of service meaning ios is being licensed to them by sysco Probably the other way around I'm sure there's all kinds of litigiousness between those two companies Have you ever looked into, uh Having one big server with different virtualized systems and essential occasion using the clients Think clients around the opposite. No, I don't find that practical at all. Um It doesn't make sense The reason why is because most of what does make sense to us Is you know, we'll think you got to think about what you're doing first That may work for some people like let's say they're doing CAD drawings Yes, that may be a good thing because the drawings or video editor, for example If you have a remote video editor you have some application you're running that you need Near to the large amount of data storage that it's accessing with us everything's web based So all the different things we access to manage all of our clients manage all of the all the tooling we manage All has web interfaces. There's no point in my employees remoting all the way back to the office to a central server Then to have it come back out that central server going to all the different web places that we go to You're adding extra layers. You're adding extra latency. You're adding extra complexity to it I don't understand that I've seen people insist. That's the way to do it But it seems to make less sense to me. So I don't do it that way So I don't really Drive, you know, go into any of that like from a design standpoint No, you know, people really have doing it is like I said customers would have something that has Usually data storage needs such as, you know, your CAD designers your engineers We have a music company that I think does something similar You know, you can't easily transport that over a VPN because it's mostly files. So As more next-gen firewall features, I don't have context for that question Do you use? Oh No, we don't use option 43 with them I mean, I need to do a video on that because I I just I think I set it up one time We did for a customer who wanted it It's not something we do we just Adopt them on the same network and then push them over to the network they need to be on So we usually adopt things and send them somewhere. Uh, so it just hasn't really been an issue It's it's easy enough. It's not I don't remember being particularly difficult to do Uh Dell r210 cool got to go fast Uh, is the 6100 and overkill consumer use? Um, yeah the 4100 is probably more consumer-ish So probably depends it it comes down to How fast of a connection you have and how many things you want to run? You can route gigabit all day in a 4100. So But if you start using a lot of sericata, uh, or something like that, then it's going to require You know a little bit more horsepower What would you recommend a true next course up vm or ice cuz he asking for my student org? We have three esx a service 12 for terry tries Uh What would you recommend? I don't Understand the choices. I recommend something fast because I I don't have a A question for the like what's your hardware budget? What kind of hardware? you know, you um You don't give me enough context for me to answer that Nicky 6100 can discrete ports be set up as switch ports. I wouldn't recommend it. You probably could bridge them together into a switch Um, I imagine it would work. It just seems like less ideal switches are cheap But possibly yes, but I it I don't know seems like a waste of the ports Wait a second. All these cameras be on the naughty list. We can just say santa where the GitHub repo is and block them. There we go uh How you started your company was the first thing you made you think hey Uh, this may work out for a living. I worked in the enterprise space I turned my enterprise customers into my first customers. So kind of like that Option 43 works well for unifying pf cents Regarding sericata does it transfer pf cents? Uh to a next gen I don't use that armor. I don't have it. I've never tested it. Uh Sericata just offers you more filtering Via sericata. It's it's an ids system I don't like the word next gen next gen is in our marketing term It doesn't answer the question as to what a firewall does we can call all kinds of things pf cents themselves call it a next gen firewall You have to define what that means Uh in trying to figure out what exactly you want out of the firewall I always look at things from a feature basis not a marketing name basis because the marketing marketing name basis Just causes confusion to everybody. So pf sense is a next gen firewall. So we're a lot of other ones What's the feature you're looking for? Finally came back to live she met for two years and missing them weekly. Oh, oh, welcome. Welcome back Bradley Is there any neck eight home budget with a 10 gig wan? um We're lucky enough to have a 10 gig fiber connection at home Not really the the problem is once you go 10 gig routers get more expensive because routing data at 10 gig has a higher cost to do so um So not really. I don't think they have anything that's going to be Well, budget-friendly is also Let's just say budget-friendly is a broad term because it depends on whose budget we're talking about I'm realistic and realize that the average home user may not want to spend that much on a 60 100. So Uh, if you think the 60 100 is too much and it's out of your budget Hunt around and you can possibly find something but there's not a lot. There's nothing else from neck eight The their base model that has 10 gig support is the 60 100 uh According to wikipedia in june 2010 apple rebranded the iPhone os is ios to avoid any potential lawsuit apple license ios trademark from sisco Oh, okay interesting tail scale will be amazing once Snack can be disabled As it can be full-length routers and enable firewalls properly work, but again user space is free bsd. Yeah Are we still using snort? well For testing reasons I have snort at home But I like sericata because I've been using it longer and that's my that's my entire answer Like I don't have a good one I do like him and it depends on what rule sets you buy but the sericata rule sets seem to work and I've got it Tuned so I don't feel like messing with it to switch over to snort Ran out of characters we have 12 hortera drives And then r610 as a storage controller, what would you recommend the zfs layout for a balance performance and capacity? uh 12 4 terabyte drives I mean If you have the controller in aperture mode if or it won't work But also being in r610. I don't think you're gonna get good iops out of it no matter what um, you could do six by six And that would probably work I don't know I've got a whole breakdown of all the different comparisons for different layouts if you go to my site My forum site forums at loresystems.com all the layouts and the speed definitions are linked in some of the um It's all broke down in that particular video There's a lot. There's a complicated topic. I don't want it to occupy the entire live stream But I have it all laid out. There's actually a table someone made and I linked to it in that forum post Is there in ssl inspection for pfSense? Nothing good. They offer squid. Squid's not good. So the answer is yes The answer is good is no. I don't use it because it's not good So squid is in pfSense that does do or does offer ssl inspection It's not good 10 gigwan all the data hoarding potential. Yes Which negate battle showed them as most stable and reliable But which negate model showed them as the most stable I will tell you that negate in general with all these new industrial designs if you will I really like them The new ones No, they have a bottom on one of these Nope, maybe I go to We found all of them to be reliable. I won't lie. We haven't had we're not saying these things back for failure um But if we look at just one of the bottom picture Nope Maybe you look at the say 81 8200 their latest one Well, here's what we're gonna do We're gonna just share a different page. I have a picture There we go Share this instead This is the bottom of the 8200 I took it apart and You can see it doesn't have much of a fan just a little bit of a fan They have really done a good job on these all these newer ones They have of using really heavy heat sinks and heat is probably one of the bigger killers when it comes to Any technology device in modern era so as long as you have good and adequate cooling That's a good basis by which to start uh negate spends a lot of time You know engineering their stuff to be high quality and reliable. We don't really have any problems with them There's been Like a couple times we've had I think we had a drive go bad and a 5100 It was my 5100. It was not a client's oddly enough. So for the most part I have actually found their product line to be very reliable You had me down a whole rabbit hole the machine id and cloud init tasks Awesome jason that is uh, yeah, that is a bit of a rabbit hole on that That person's suggestion does solve the problem because it's so stupid that machine id Is what is sent via dhc client to get an ip address I don't know why who who thought that was a good idea We have a mac assigned to it, but it overrides the mac Why why would you override the mac with the machine id? But if on a new system, I guess the machine id is generated a mac But that only brings in more questions about how all this works. So yes I Messed on 25 gig guy here firewall full speed as a pipe cream Yeah, I don't have any suggestions. I mean you're probably gonna have to build something to get 25 gig Uh, as someone who works on startup budget friendly takes a whole new meeting. Yes, it does There's any way to block your wells or domains in pf sense. You could do it with squid, but it sucks It's it's possible to do but it's not great You better off buying two ssds for cash. I think with an r6 10 if you have a lot of reads Caching can be good If you have a lot of reads lots of memory will be better. So caching hierarchy is starts with your l Your arc and then your l2 arc is your ssds or something fast, but we try we actually try with the um In r6 20 we bought one of those cards that got the mvme on a pc i We actually found some bus limitations for how fast the r6 10 or r6 20 we were testing it is Which was a little disappointing to try to get full speed. We couldn't even get full speed out of mvme on them So the problem is with some of that older hardware your iops are well first limited by spinning rust But also further limited by some of the back end bus that del designed for those Del designed a hell of a reliable system. Um that will probably still last 10 more years of being on but Um iops. Mm. They're gonna they're not going to be good I have an old r7 20 we pulled out because the iops are so sad Uh, do we have fiber mishkin? We have several fiber providers in mishkin But i'm just using a cable because it's cheaper The nice thing is the fiber has created more competition and caused my cable to be cheaper I think I have a six. I think I pay less than I don't write around a hundred dollars a month for like 600 down Cheap is relative to where you live I'll give that. I know somebody in europe is going to go. I pay less than that. Yes, I know Do you recommend a network monitor tool for home labs? What are you trying to monitor? Um, do you need xamics is cool that I'll start there But that may be way over complicated or maybe just the right amount of complicated for a home lab project How is netgate uh versus your own pfc system we like the netgate because we get a consistent install And I don't have to build anything But I build some of them sometimes for fun in my lab Um, I just like when we're deploying things at a client to have a level of consistency Because if I have a client that has something fail, I can grab Off the shelf the same model netgate that they have at their office I can grab their config at which I keep a copy of Upload it to that pfc sense deliver it to the client be a hero because it's going to match exactly I don't have to worry about any type of uh deviation And I don't have to send a really advanced tech out because you plug it into the same ports of the one that they took out So if the client has a netgate 6100 or a 4100 at their office Then you plug the ports in to be exactly the same I've already uploaded the config to be exactly the same have a wonderful day That's one of the biggest reasons you use it is kind of that consistency you want in business When you're doing it Next-gen firewall often our enterprise firewall features like identity based firewall rules application control Updatable firewall objects service-based. See the fact that it has a definition that not everyone will have like identity based firewall rules Yes, but I don't I think there's plenty of companies that use the word next generation that don't have identity based firewall rules Have you seen the new open sense routers? What are your thoughts? I haven't used them. Haven't looked at them I don't use open sense either. So I'm looking forward to release of zen orchestra 6. Yes, I am Jason knows why Actually, Jason, did you see the uh, I Signaled you a message on uh, the firewall the kernel problem in linux. So I'm using a sg3 100 for five years works perfectly and the update on real link reliability Um, possibly used with 802 1x real link I don't have any real links. So I don't know I have, uh Amcrest cameras Ever used an armor as a pf sense. Nope Machine id instead of a mac address that puzzles me when it comes to dhcp. Yes, it does uh When using pf sense unify switches does layer 3 switches from unify add much more an advantage the firewall is in pf sense The layer 3 in unify is not great. So no Uh, I don't like it. It's not great. I just it doesn't add anything unless you're going to use it And it's weird how it's implemented. So I would skip it Uh, why do you guys all buy all these power hungry dels? Yeah Yeah, I we got rid of some of our power hungry dels our power bill went down And the advice of someone's looking for network engineering career start poking at all this stuff There's lots of places hiring when you get the experience you can get the experience at home Matter of fact, we were just talking the other day where someone one of the reasons that they wanted to interview The person was their homelab list was really nice on their resume. They were young but they had a good homelab resume Don't underestimate your homelab resume. There's my advice So grab some stuff start learning teaching yourself also from an employer standpoint I like people who are ambitious to learn if you build something Rather complicated like a kubernetes cluster at your house or you did some type of really neat network engineering That's going to pique my interest as someone who's looking to hire someone Any given moment that i'm like, oh look, they do these things. Those are important things Neat we matter of fact is a good discussion point when you do an interview is like Hey, how'd that thing go that you set up that was on your resume? So don't underestimate that Uh, because a bunch of his lenses cloud images how How they have passed and I How they Have an ip assigned as management plane machinities part of the process of cloud vm's move across vx lands. I'm not wrong Yeah, I'm not sure exactly near Uh, you said snort is not good. No snort is good and suricada is good. I said Uh squid bad squid bad snort good the other s word Sir squid proxy is no good for vlan. Uh, what do you recommend? We install endpoint tools that manage Proxying on a per endpoint basis That's how we manage all that we don't manage it via squid Uh, I use my home lab and my home lab is nuts. There we go. Put that on your puts a good resume Uptime kuma. Uptime kuma is a really simple easy thing to set up. So yeah, uptime kuma is pretty cool When prox installs with uh max boot 50 ssd. Could I use the other 50 percent? Uh pf sense of the same ssd was cause kind of pf sense runs inside of Um bsc proxmox runs and linux. I don't know how that would even work. It's probably not a great idea You could virtualize pf sense But that adds its own complexities as well Someone has been happy with their ear real links good I we mostly went to amcrest. We've only tested a couple real links Yeah, that was matt that said that uh yesterday. Someone matt was interviewing. So jason at cnwr is hiring and They uh, one of the people had I think on their resume something about their home lab. So Absolutely I too said that that was the other day have used home assistant and it's great Uh, home assistant is absolutely great. Well, um Switched to my home assistant I ordered small factor pc psd router dual core over clock to 1.6. What do you think it'll be enough? I don't know I don't know what that scores at My home lab in the background and ask right about it. Put your home lab in the background on a zoom interview. There we go Squids should remain in the sea. We'll go with that He's kind of right. It's the underlying hardware mac changes reservation of the machine relating to same. So the machine id Uh, which is smb biospace. Okay this Is it still a home lab if one of my school's data centers? Is it still a home lab if I have it in one way? I don't know I don't know where the line gets drawn I call mine a home lab too Work at red hat open ship toko a home lab has come up on all three interviews. Awesome Have you heard of home assistants plans 23? Oh local voice assistant. Yes, uh, I Jay has been testing that we'll just throw it out there. Jay from learn linux tv He's got the new he's got a few new things on there. Uh, mycroft and things like that So he's testing all kinds of new stuff Vm should I use one standard server vlan and one management vlan? Nick that's really up to you. Um, if you're just starting out No I I would say keep it simple and migrate to it Uh, that's where I kind of started. Um talking about some of this I don't have reference for what 262 is in terms of score And I don't know how well amd works for routing because all the Neckate boxes we have and most of the ones we tested. I mean, I take that back the virtualized ones we have route quite well with amd So Uh, thanks for your xcp juice. Uh, I have two low end Ryzen servers. Love doing migrations for no reason Yeah, it's just kind of novel that you can do it. Um Let's refresh this page here but in terms of moving things back and forth on the Management vlan if you will Let's do that real quick here because it's one of those things learn how it all works first then you can move it out to management This I'll do a video on this Maybe tomorrow I don't know. It seems like a good video to do tomorrow. I have a lot of things I want to do. Um But here's how you change the network. So I click on the device So we we want to take this u6 mesh, which by the way, I should do a video on this u6 mesh Then we're gonna do a settings of u6 mesh We'll go down here. Keep scrolling down management network Let's put this on Tom's management vlan. There we go. I'll do a video of how you create a management vlan What are the things on there? But all you need to do now Is apply changes And it's going to Put that onto the management vlan pretty simple. Um You it's something you can do after the fact as well It's not something you need out of the gate and what I want to talk about It's kind of what I talked about at the very beginning of this video is like Let's talk about all the reasoning behind why we think this way why we do this way That's the most important is I want people to always understand why you should do something that like I don't know we click it and it goes over here because if you don't understand the context of why you may not set it up properly um to Do the thing you want to do which by the way In my context here because even though I put this on a management vlan And it's getting ready to go on one right now. Um It's not particularly meaningful Because I have a controller that is outside of this network So the transport method for this is now reaching out to a cloud controller So why does it matter if it's on a management vlan with the minor exception that I do have port 22 open on this particular device So we can ssh into it if we need to Uh Let me find that over here So let me figure how do I share this make the screen bigger? Share another screen Pull this over here I heard you pray xabbix uh yet seeing you using net data. What do you recommend for more small home lab? Is net data act as a syslog server net data and xabbix are two completely different things xabbix can do monitoring and create actions and triggers on that monitoring So you can build new rules that's like hey xabbix is going to pull all this info In it's a self-hosted server that does that net data. Awesome. Net data just gives you pretty graphs for everything Um that being said net data does not do any type of actions. It's only reading the data It's not triggering It's not like you can go. Hey if processor usage gets this high or if this service fails Do this action that's something you can do in xabbix where Hostify my friend riley uses xabbix to monitor all of his hostify instances And xabbix can tell him how much memory is being used on each of these if there's a problem with any of them And then he has automated tooling in xabbix that says do this thing If this happens so if there's parameters or conditions that are met it can trigger something net data is this um Net data is um pretty logs for things See is this working? I can't remember I may have this one broken or is it just not using much data right now. There we go Let's go ahead and give us The last 12 hours Yeah, it's just not using it's not doing much right now So there's not a lot to look at it was doing some stuff this morning. That's why I stretched it back Um, but net data is great for viewing this it looks great. I love it It's it's so easy to install. I did a video recently on it. Um, this is what it looks like when we run a backup I could probably kick off another big backup to do something But yeah, that's all these are these little peaks are just some data that got moved around It's we'll see idle But you tie all your nodes together you can use their cloud for free for that. It's pretty slick Tom can you do radius or ldap author wireguard vpn users of pf censored as an author because I have to come up with customers It doesn't come up with customers because there is no ldap author wireguard Wireguard does not have a user management tool This is one of the arguments I had that people didn't like because they thought I was crapping on wireguard They're like, you know, this is this is the headline wireguard has less code than open vpn It's way better. It's easier to code on it. Blah blah blah cool. That's that's neat It's kind of like saying though my motorcycle weighs less than my car Well, yeah, it doesn't have four doors It doesn't have and then trunk it doesn't have all these other things It you don't have all that functionality in wireguard. So of course, there's less code Of course, there's also less code because there's less old ciphers, but there's no user management in wireguard It doesn't have that facility. So you have to think about. Oh, how am I going to manage all my users? Well, you either need to put something on top of wireguard for user management Um, and that's not an easy task That's you know, whatever you're going to write tail scales an example of a as a technology that is built on top of wireguard That offers management But this is why open vpn and my opinion still holds true that wireguard would not change the industry And I think I said that two years ago It would be a cool tool in your toolbox It would be a great site to site vpn But open vpn will still continue being the more popular underlying open vpn underlying vpn technology because it has a user manager that you can tie to things like ldap Things like your radius authentication or however you want to tie it into your integrations So that's why it doesn't come up because it's not it's not a viable solution uh netflow netflow analyzer suggestions not really other than um And n top png. That's I've done a video on it. That's my go-to suggestion for it Well, it's the best way to virtualize pf sense. What are best practices in your opinion best practices not to virtualize pf sense um I have a I I like it, you know, I use it virtualize and uh xcp and g it works It just requires extra technical knowledge if you're new to pf sense You're going to have a bad time because you're adding more complexity Or you're going to have a great time because you're really interested in solving all the puzzles around it. So How would I uh, how would you get a copy of server or want to make one one copy of a friend server and mess with it My own box not breaking anything uh you Clone it with clone zilla. Um, I don't know how to get it when I could use ssh access, but not physical. So it's like 20 gig. I mean use whatever cloning software to get a copy of it Netflow analyzer cry. I have an isp netflow nightmares fair assessment afternoon Any ipam discovery open source tool recommend is probably netbacks, but I don't know about auto discovery um The auto discovery part is complicated. Um, but netbox is kind of cool. I thought about playing with netbox Maybe I'll do it in the future sometime. Uh, it's not today's project I got too many other things going on But netbox looks pretty neat We have enough stuff that I might start using it because netbox would be good for doing that Uh shadow e restore backup and have assuming they have a backup. Yeah Versus each and a pf sense could be a great for creating snapshots snaps are very useful Something goes wrong. Um Yes snapshots are good when something goes wrong, but One thing worth noting is Um, may find this real quick here I did this. I think I covered this in a video Oh me Let's see Let's roll this back Would you like to revert your vm? Of course, I'd love to revert my vm I have a version of this vm before all the shenanigans started I was trying to create a bug. I found a different bug. I didn't find the bug. I was looking for The bug I was looking for not where I not where I thought it was. So I found another bug So let's go back to that other bug Um, which this one actually doesn't have a bug. This is just going to be once this boots up my virtualized pf sense here I can watch it boot on the screen here. Um The Problem what not ipam The snapshots, I'm gonna show you how the snapshots work in it plan on using k8 instead of odd vm. Maybe one day. Um The problem is when you run different operating systems lots of different things and not everything lends itself to easy setup inside of kubernetes I All the individual things are better run on vm's that i'm doing Plus there's less security concerns about them because they're all individual What do you think of the new netgate firewall installed? I think it works great. I haven't any problems. Um, that weren't mine. So The aj function of two identical vm's when using that way. Yes, you can do it that way as well As long as whatever you're doing ha is identical. It works better another one messed up sdr To maybe map Everyone wants to sdr. Nope. I haven't heck rf operates one mangers. I haven't had a need for it Um, I'm aware of things like that. There's all kind of there's even expensive commercial things you can buy to do it, but I don't know. I haven't really came up with a need for it Sometimes it seems like people will try to show up everything containers just because even though it's not always the best use cases yeah, um I've run into When I've played with containers a little bit. I have I actually have a portainer instance Um, so because I've been doing some testing with it Uh, where's it at? And I I gotta get around to I know it's me. I'm not saying it's not me. Um In terms of the way it's working not working, but one of the problems I've run into with this Oh, it's it's missing now. I don't know where it went Where'd it go? The it's it's not missing. Um Is net box in here Oh not even in the list Volumes maybe it's in here somewhere I was playing with net box on here Okay, it is on here. I can I can bring it back up. I always have weird networking issues You know, and I just got to figure out and learn some of the networking in here and get better at it That's some of the problems I run into it just works better as a vm I don't run into any networking issues and it's not that You know, it's just something I haven't taken the time to learn. It's a me thing Uh, let's see. So maybe it's better to do home being less a meek or chick rather us behind a pf sense Uses firewall. We'll go with that Everyone's a pie to use every job. Yeah It seems like people are trying to shove everything containers because even though it's not always. Yeah, this is The exactly it It's just like the stupid problems I was having I can probably pull this up as well It's a sage portainer Do you run next cloud in a vm or container? What do you recommend? I don't run next cloud I run it on my churnass system just to do it. Um, but I don't really use next cloud So I don't I don't think a lot about it. It's gonna be a good video Uh, I have to watch later the guy I replaced says management playing on our PLO cells So as you did a plane this gateway, hmm I put management vlan On the switch of vrf and see how you can figure it Do you use true charts? I'm gonna do some testing with true charts. Uh, I want to play with it more Let's go to the image. Here we go Hey, there's my docker stack for next there it goes But so I followed their instructions to deploy it I deployed it actually from the command line not through here But I want I seen it in here because it's not working through the command line And when you click this It it just doesn't the networking's getting a connection refused and now I just got to dig into why But it's one of those things like some of these things just sometimes I don't know But I want to play with net box. I'm like, hey, I'll set the demo up like this on my portainer demo box But I don't know the networking seems to be kind of goofy with it So I'm I just don't use docker enough to go. Hey, this is exactly what's wrong with it Or you forgot to set this thing up in docker. Uh, I just did a pretty basic install about Few minutes ago I was on a topic. Let's finish that topic really quick Now that I put the server back up and running Sign in the pf sense Hey, it's working um pf sense added this And since they added all these different Uh boot environments, you can now create your own boot slices of pf sense And because they added this as a feature It kind of it is a zfs snapshot So if I quick create this snapshot or multiple versions, you know quick quick Here's a couple snapshots. I can then go back and activate these or Activated a boot environment activate boot environment now I can create different versions of pf sense by the way when we do things like this here I'm actually let's go ahead and Oh, these are all small plenty plenty of space if we were to update our pf sense for example Current stable. We'll let it think And we want to go to the Latest filament snapshots like this it would also create a boot snapshot So I would have two snapshots of my entire system if I needed to roll backwards to it So there's some nice features with how this works with the snapshots and it kind of solves some of those other problems Um like having to do it virtualized. So it works really well So heads up attaching method change now and you pretty much need to use nfs to have your host path validation Huh um And the other thing I was going to share was earlier we moved our uh pf sense system over so let me Change tabs again, which I may have made it too big window Here we go. Here's our um There's our ip address right there 10.77.77.10 and now it's on its own management vlan And this goes back to the Thing i'm gonna do the video on me. I I'll do it tomorrow because I want to cover I think I want to cover that because it's one of those points of confusion But once you put these on the manager vlan, which was The ip address Present share screen chrome to Unify there we go There it is right here. There's the ip address from switching it But it still carries the same ss id's like now it's carrying the native ss id like it was in my Uh diagram, but the management plane has changed. So this is vlan zero native vlan one Native is all these ip addresses this one. I've now moved to management I can move other ones to management if I want I can just go down here and flip them all to management and they're on a different network So not a big deal to do that and then they pull it But the only thing you've done is remove this ip address out of The other network the more ideal way from a security standpoint to set this up is to put everything in individual vlands Which technically I do these things in my computer all live in the same vlan Because it's like my home lab and I don't feel like having it in a separate one But all the other things like my son's computer And my wife's computer and all the chromecast and things that I have around my network Are on a separate vlan that are not native vlan and I've talked about that they are on Uh go to networks like lts tom. There's your native, but then all the other ones go back uh like Third party gateways the way either then vlan 10 is my nsfw net So the things that I worry where something could be on my network or guests come over on my network Don't have access to any of the native vlan ip's So it's it's not as big of a deal as people kind of like to make it out or think it is Let's see any storm um Nope It's just rain It's rain and lots of weather notices that we're going to get rain and potentially a couple inches of snow Followed you i missed it, but were you able to test techic speeds with a 200 uh net gate has I think it's in their blog They have there you go performance There's the front it's on their web page. I don't need to test it. They test it So they have their speeds on there. Um So in general manager vlan would be the same for all devices across uh the network Yeah, I mean it depends on what you want to control inside of that. That's really what it's coming down to Have you thought about placing a honeypot not in my network? Yeah, it's supposed to get to freezing tonight if I wouldn't hold my breath on it And with the rain roads might get uh froggy. We'll see in the morning. Yeah, it's right now. Um 37 out so 37 and drizzle is not even raining much. So between 37 and drizzle Um It's not a lot to be concerned about at the moment Of course the weather app seems extremely concerned about it Yeah, I I seen cold waters around the way I should review the maker ticks I don't know how much interest in those. What model are those anyways? I what do they do? That's a ccr 2116 I mean, what's the review about them? They still have the same goofy meeker tick interface Forget all the cpu limitations and 10 gig says it's powerful 16 core arm cpu blah blah blah What's the specs on it? 13 For 10 gig ports. There's no interest. I really have in this device Like it's just a 10 gig switch So you have a 10 gig switch with we'll zoom it in so the class can see It's a 10 gig switch. I'm sure patrick has done it Uh review of it. What am I missing? Why is it? Why is it so much? Well, anything maker ticks got going from us are cheap It's downhill after that for 10 gig sfp ports I'm microsoft maker tick doesn't make a terrible product. It's just goofy And I don't really care much about using their Router os. I mean some people love it the people that know taking the time to learn it. They love it and that's it I can't make myself, uh, how you could Like how you can figure maker ticks how these a port ones office that ever used because it pisses me off Jason has nailed it right there I I I can't make myself love those things at all They're just painful There's nothing at the bottom that like there's no pleasure in configuring a maker tick I'm not I'm not a big fan I really like the ingenious sisters way nicer than aruba. Yeah I the problem I have with ingenious is they literally and I haven't checked lately But when I did the review a month almost a month before I did the review I told them their own instructions on vlands were wrong. It is not how their switch works It wasn't hard for me to figure out how vlands do work on their switch But I took the time to write up the documentation send it to them and a month later They hadn't fixed their own documentation. That's wrong on how it works I'm like you're missing a few steps because for reasons that I can't quite fathom You have to define the vlands on two separate pages. Whatever U. I design is hard. I get it But you define it on one page and activate it on the other page They forgot to tell you that in their documentation But when it wasn't working, I was like, well, I bet it's because there's this weird spot where I can do it again And you can't do it in the second page unless you first do it on the first page I covered it in my video and I'm like, this is just a weird way to set it up So I don't know Windboxes trash cli or at least the web. Yes Okay, you ran the same thing the vlands are just wrong under documentation is bad Top tips for msp is going into 2023. Oh, me and jason should do that Jason you want to do a video on the best tips for msp's going 2023 Which are the same tips we'd probably have for 2021 2020 and keep going backwards. Please turn on 2fa Please have good passwords Please quit logging in as admin But yes, absolutely me and jason sliggles should talk about that Because we never did our follow-up video We need to do the follow-up video we me and jason slaggle did the video for how I would hack you But we want to do the counter counter video like how I would defend Against you because we talked about all the the holes that get left in things So we want to go and do the other side of how do you defend against those things. So yes Ooh conditional access is a thing if you're in the ms world. Yes, you should be setting up conditional access um there's Have a have a sane plan for patching Quit spending all day arguing about which rmm you're using My my biggest tip is how much is it msp? How much time are you wasting arguing about rmms? Quit asking about security things that don't Don't do don't post about security things to get attention Uh Vlan dual mode You think unify will update udm 2023 to uh multi gig internet cpu gets a little high above one gig with ids I don't know. I don't like their routing devices Um, even if they ever if they ever get to unify 3.0 on the dream machine I probably still will find another reason to not like it. I'm not gonna lie But at least I won't hate them for doing the dumb vpn setup. They did I was gonna you know, I was polite and I should retitle my video that not instead of the weird way up Unify does vms. I should just call it the dumb way. They do vpns Like here's the stupid way that you guys do vpns. I don't know why you do it this way I'm not used brocade, but I respect jason slaggle. So jason slaggle says brocade os is trash too But this rmm is better This this one has has a flash mob Uh marketing team that that makes loud noise or something. I don't know Unify router secretary's a dlink Teleport is like teleport doesn't make any sense Like I of the use cases I have wire guard on my phone and it works great Without teleport I doing it with pf sense. I think I did I did a video on that It works better I watched tom's things and I want to go to work on my home lab Tom's been actually tom's been taking things apart too. So Because if anyone's curious That's the other side of the 8200 I took apart Last question. Do you think pf sent tns or will merge? No, they will not they are very Uh Tnsr is a very different use case compared to that tnsr um Is designed for high performance routing, but it's all um Command line driven and they don't plant that I know they're not making a ui for it I believe they just it's all they have been a way to drive it via apis It uses vector packet routing. It also is based On linux not on bsd. So it's a separate product So pf sense router unifier sysco switch unify Or ruckus apis ruckus apis are expensive. I'm not I'm not a big fan of them like I I don't understand why they're so pricey. I don't understand why their website's so bad either So the those two factors kind of collide to ugly website that I'm not real clear on the product product That costs a lot of money I use teleport sometimes and it works. I think not sure it does it. I don't know Uh, do you think the future will get a unified sdn system managing a mix of devices like ubtp? Uh, if one place be awesome not likely I just use uh wire guard with pf sense Travis and travis enjoys hanging up at my office with the with all the stuff we have with our lab Uh, what are your hobbies outside of it and running a business? Um Doing stupid things on motorcycles. I guess I don't really have another hobby other than um Doing stupid things on motorcycles I think that's my only other hobby. So hey, look, that's what there's there's one of me doing stupid things and crashing a motorcycle in the sand so Uh, what's a good way to realize centralized management for p sensible and ten separate offices I mean some tools like palo Alto panorama 40 man. There is no built tool for this Uh, isn't tn somewhere similar to cumulus linux? Probably um, I I think it's more like that. They want me they they've actually I've talked to people in that gate a couple times They want me to try it. I just really haven't taken the time to learn it. Um I mean you can get a home lab license for it. It's one of those things where pf sense got popular in a lot of data centers they have a lot of use cases there but data centers got bigger and there are some limitations in the bsd kernel for how fast it can route and It's the single stream single tcp stream routing That lends itself better to vector packet routing. So on the same hardware You get a substantially faster overall performance with tnsr. So that's like the reason for doing it Cisco actually developed vector packet routing, but then open sourced it. So it's built on That concept. I know tnsr is not the only tool to use it. They're using clicks on and a couple other things For the basis. I really think it's cool what they're doing. It just kind of feels like way outside of my channel But it may be something I want to learn to have an offering For more data center stuff. So I don't maybe i'm wrong about it being off center for my channel, but it's kind of neat Advantage of static ip's for home lab. That's a terrible idea. Everything should be dhcp. That's my opinion What's up with untangle? Arista bought them and rista has been doing well with untangle So I don't really have any complaints about arista's behavior with untangle Uh, true. We have a home lab and a home lab at work best of both worlds Yes But I consider an eb motorcycle if it went far enough Um right now I can't do things on my if I were to buy they exist But they they don't have the range and the charging time is not enough now for dirt bikes I like the evs for the bigger motorcycles the evs aren't there yet. Um so This is the my bike is a uh super tenor a 1100 I can fill that up and go pretty far and then wherever I go I can easily fill it up again because I'll hammer out 600 miles in a day or 500 miles in a day If I go on a road trip. So, um, that's not easy to do. There's not an ev bike ready for that So that's I I mean I'm if you give me an ev bike that has a 500 mile range between charges Pretty cool. I would definitely do that Um Have you or anyone known to set up a unify switches and education environment considering them a Cisco replacement? Yes Uh, we did a school district five buildings. Um 300 Something like 320 access points and another hundred switches. Um all with unify Uh, it even had some we even used some of the unify layer three routing It worked. I got the job done. Uh, so it definitely Can be done. Um, we we got contracted for some big projects like that. So it definitely works Can you block torrents and vpn and specific vlan pf cents not really That's not going to work well. There's not any good utilities and pf cents natively to do that On the new net gates with sim slots. Uh, we still have four gpci Backup landing idea when it will come to the market. No idea Thank you for the donation recommend the ecosystem instead of Ubiquity nvr needed. I'm a big fan of the synologies. Uh, synology surveillance station is solid. It works well. It's what I use myself for doing cameras we do we sell a lot of these surveillance station systems and They work well. You can see all the rain In my house. So I've got plenty of videos if you type in synology surveillance station I've got videos with links to the camera. I've even got reviews. I've done other dva models for some advanced features So absolutely It's usually something I might eventually take with me my networking background. Yeah, it's it's really cool Um, and you know, they're more than I mean the home of that license is probably adequate But uh, obviously I have a relationship and um, Decade so I meant business internet static ip offerings for cost $20 a month more. Well, here's the thing I have dynamic ip from my provider wide open west I've had the same ip address for a year They don't change it. So I Does your isp swap off your ip address and does that matter to you? Mine doesn't seem to do that. So it doesn't matter Uh advice on acquiring new clients for an it support startup company Absolutely right in the description is our business technicalities channel. We have marketing videos on there Uh start watching knows if you dig around on my channel, I have some old ones on this channel But we split them and my friend jason slagle and brett have been putting videos out on those topics So absolutely. Um, we have videos talking about marketing Not going on doors and calling people and talking to people, uh, that's That's the short answer. The long answer is it's complicated and marketing is hard Why is cisco always mentioned, uh, are they the historic superpower? Uh, they're still superpower I mean, you can't you can't doubt cisco's market Um penetration. They're everywhere. They are massive. There's not they're not going away anytime soon Cisco's got to be cisco Uh, do I use ipv6 at home? No Tell us in canada a business ip change three times a week. Yeah That's what it comes down to like my I don't need to pay for a static because mine doesn't change So Simple as that not changing means I don't have to I don't have to deal with that My sp changes mine over three months. Okay, awesome Just join miss some vlan manage that seems like a myth to me I rarely see it in the real world networking gears use static on ip and vlan. Oh, yeah Yeah, what you see like the number of people that assume companies have large well segmented networks I'm like, oh, you clearly don't work in it, right? You I mean, yeah All right, I'm gonna wind this down. Um I kind of I wish I didn't have somewhere to go. I would just kind of keep this going You know, maybe I should do like tom after hours and do another live stream at night where I goof off with computers because by the way When it's raining and wet and cold, I don't do my other hobby motorcycles. So I'm I do this I just play with networks and uh do this. I don't play too many games Yeah, I gotta feed my son. This is uh, I told my son I'd take him somewhere We need more likes absolutely Absolutely now I am considering doing two live streams on thursdays One the one I usually do which is the now one just my vlog thursday But then I have a lot of people I see the marks next to you that shows me that you're like a some of you are members And I thought about doing something more for my members and people who have joined in doing a more private live stream where I You know, just answer more questions and things like that. So Oh It's really weird there's a couple of messages I just looked at it says for some reason they Wouldn't let them be on here and whatever Are you cold enough to get ice and snow? Um We will be tomorrow Today it is 37 tomorrow. It's going to be cold and over the weekend. It's going to be really cold See we got uh Someone became a new youtube member But let me know what you think about that because I notice too hard We hear about me doing another live stream like a members only one I want to do something more for the people that take the time. Yeah, like an after party. That's I think we found the name for it the after party because I'll have a beer the members only after party come join me. Um I I you know, and I I may even do things like figure out how I can make things more interactive Maybe set up a chat server bring people on I can actually share out. I've had kodi on my channel before I've had jason slagel easily jumps on I'm using a tool called stream yard And it allows me to add people really well to have more interaction. So Uh, I already think there's enough people saying yes right now. Um, that I definitely should do this. So, um Don't hold your breath that I'll do it today because I don't know what I got going on tonight because I actually I don't know what my wife wants me to do tonight, but yes, I will Uh, I'll I'll do these little after party things for people I like I try to keep as much as inclusive I can but I love you guys that are supporting the channel It really does help out a lot because youtube revenue is just Whoo Discord to be cool. I could do that Sounds good like an after party. Okay Maybe we'll see because I uh I will try and plan it because I don't want people to miss out on it either But I don't know how the member only thing works. So I have to figure that part out I I think I know how it works. There's a button in youtube for it I think I just press it and I say send this to members only but I don't know I think that's how it works. I have to do some goofing with it But uh, nonetheless, thank you all for joining. I'd love to stay longer, but I do have somewhere to be and uh, but Maybe I'll do I don't know. I don't know what I got going on saturday morning. Maybe I'll do a saturday morning stream I don't think I should I mean I want to do a christmas morning stream because I got nothing going on early in the morning But it seems kind of you know Um, maybe not I don't know how many people would join now I mean you should be spending christmas with someone other to me. So at least at least I think I don't know I don't No one's coming over my house till later. So I have all morning for myself. So All right, thank you everyone for joining and uh, if you're still watching Jason say I'll reach out to you directly Let's talk. Let's talk and get this as we talk about doing stuff and then I forget and I need people to remind me So you have my phone number literally he's got Jason as myself. He can just uh, Send me a message and signal and we can get those videos done and we can well We'll try to get that video on tips for msp is going into 2023. I like it Thank you everyone and take care