 Welcome to another Sunday Q&A. I'm here to answer questions and talk about Home Lab and servers and all the things I talk about on my channel in a more free form. I've debated about calling these, but I don't think they would get the right attention or maybe they would, like free tech support. I don't mind answering all the questions and essentially, it's like tech support, I like helping people out. I love interacting with all of you, the audience. These are just fun. Let's see. Is this a question or a statement? Let's read this one here. I've got a fun one about, we could go my PF Sense VM WAN, stopped getting a public DCP address from my kid modem. It will pull a modem private 192 for a few seconds and then go triple zeros. So it sounds like your upstream provider changed something. Modem and WAN, the only two things on your own VLAN is we're great for years, no recent config change updates, they went through a good because it's pulling attempt at E from the modem. Yeah. I'm guessing your upstream provider changed something. I don't know what they changed, but that would be my assumption is that they changed something. It's a guess. I don't know this for some certainty. That is definitely a challenging one. Lab is a Proxmox cluster on Format Minis, switches are Cisco small business. I've had problems with the cable providers more than once, where they've just goofed with things. This is a fun question here. This is a topic that I think is in an hour. I'm not someone, but my wife is someone who does investments. My wife does my investments. Do you follow stock and networking companies? Ubiquity stock is down 75 percent. Do you think the future of Ubiquity is leaked? Do you personally invest in this space? The answer is I let my wife do it, because I don't want to think about it. Let's see, Ubiquity stock price. And let's look at them over five years. Just because it's a fun topic, and they're down now a lot from where they were. And it sometimes is the writing of a market. So they jumped up here, this is 2020, $180 all the way back to 122, 153. And then we see them really going crazy here, pushing 400, and then they just wander back down the cliff here. There's been a lot of adjustments made to companies based on what they think their market saturation is, also depending on the positions of the CEOs and how much buyback they do. So I mean, it's interesting to watch, but they've had like a good run. I don't think the problem is, this is very much the problem. When you are trying to judge a company by their stock price, you're actually just feeling public sentiment about them. And if you look at the fact that I believe, if not mistaken, their CEO is still their far majority shareholder. As in, they're so far away from being delisted. I mean, their current market cap right now, because they're down from 323, their 52-week high was 323, their 52-week low was 104, and are currently trading at 106. So they're at the low side of things, but they still have a market cap of $6 billion, a finally bouncing back of inventory and stock. They might be down now, but they're not the only hardware delivery company that's down. The other side of it too is the popularity of their product can't be denied, they're selling things good and they're making margin. So I don't think it's that big of a deal. So I will, yeah, I don't think that's too big of a deal. And as a matter of fact, it might not be, I don't know, I don't wanna start saying financial advice, but who knows if it's a time to buy or not, it's kind of a maybe. When I ran a Forbidden Router, I passed the WANNIC directly to PF Sense. Now that's a better idea right there. Passing the network card through solves most of the problems you're running in virtualized system like that. When I enable squid proxy on PF Sense, the latency on WANNIC gets really bad and the internet will randomly cut out sort of wait or restrict the bandwidth. I just don't recommend squid. Matter of fact, there's been so many flaws recently found in squid. I mean, there's just a lot of bugs in it. I just avoid it. It's a headache, it's never a good experience. You can do other ways, you can do traffic shaping on there, but generally I stay away from squid because of the headache that is squid. Thanks for the chat and live help. Hey, glad you're here. Little late Cowboys game is breaking my heart. Well, hopefully I'm more entertaining than a Cowboys game, but that's a tall bill. That's a lot of people like the footballs. They're a football team, right? I don't know, I don't follow any sports, so I have no idea. ISP changed my LAN back to 192.168 because for Spectrum Small Business, I need to use their router to obtain a static IP. Comcast actually made some changes, so this is a little while ago, I think this couple of years ago, at least in my area, you have to buy a Comcast to have multiple IPs, like a block of IPs. They would only give and maybe they'd change it again. If you wanted to use your own modem, you weren't going to get any more than one IP in their business class one. And maybe they'd change it, it could be that they just forced you to use it all the time, but yeah, it's kind of annoying. I don't think you big would need a split. I sold my stock UI when it was in the 300s. Hey, if you bought it below the 300s, this is what I do know about the stock market, buy it low, sell it high. There's some real stock advice. If you can just figure out how to buy it at a cheap price and sell it at a bigger price, I think that's how you win. Why do you want to proxy outside connections? That's the part I don't understand. That's the first question is, what are you trying to accomplish? I see somewhere along here, we have Thank You Dakota. So the bearded IT dad, if you don't know who Dakota is. He's got some videos out there, good stuff, talks a lot about the IT career world. Cisco has been a dominant player in networking space by leaps and bounds. It seems every large company has been challenged by a newcomer. Yeah, I mean, that's the whole thing. It's ups and downs. So let's look at the, I just want to point this out to people. Hey, look at Cisco, who's also had some ups and downs. So $30 a share, $65 a share, back down to $37 a share. So you're watching other companies very similar to rise in 2021 and kind of a decline in 2023. So a lot of things are down when the markets down by, I guess, I don't know. I rather talk about tech things. I mean, that is kind of a tech thing. So I'm sure it's been asked before, is it beneficial to put cameras and IoT devices under own VLAN? I'm running PF Sense Ubiquity hardware with Orbeez in AP mode. I generally would recommend cameras and IoT on their own VLAN. It's one of those things that people overstate. So I don't think you're in eminent peril. It is not like the end is near. If you had your cameras on there, do we trust these cameras? I don't know. Here's the other thing. What is the attack surface of being on their same network? If you have a firewall on your Windows or Linux computer or Mac that you have attached to your network, what is the likelihood that there is some nefarious thing going on in one of these cameras where it will try to do something? It's not an impossibility, but it is a chance. This is why we would prefer, if possible, to segregate them to other sides. So it is a better best practice to put your IoT things in the IoT side of it and keep your business networking. An easy example is gonna be, I will admit, I have not changed the password on this Bly KVM. It is admin-admin to log in. Someone could hack if they were on the same network as this Bly KVM that I've got pulled up here. They could certainly take it over. Don't know if that would happen or not, but hey, you know, it could. So it's better if you didn't have them on the same network. Then you don't have to worry about it as much. I can leave admin-admin and I'm not worried about this getting attacked. Your business network blocks apt updates on certain networks and I need to proxy apt. I would, I mean, use an external proxy. I wouldn't use proxy on your WAN. I don't understand. I still don't understand how you wanna do that. You could A, use a VPN so you could get out to a network beyond where it's being monitored. So that's really confusing as to how, because if they're blocking it, how do you get it to WAN? If you have control over the public IP address, what's, I don't understand what's blocking it. If you want more one RP from my company, by the way, the bearded IT dad, he also works in IT and an ISP. So yes, he's got a lot of knowledge on this topic. No matter how little sports matter to you, don't tell us. You aren't sure if the L's CoAs are a football team. Got it. As long as all the teams have fun, I have a single IP and a Comcast and use my own modem. It is work rate for three years. So cool, they still allow it. I wanna move my website to locally hosted any YouTubes, YouTube is your recommend. I don't really know who's done videos on setting up locally hosted websites. I don't really have an easy answer there. Eight gigs symmetrical fiber. Oh, I'm gonna upload everything from your house, dude. What would a good proxy solution to cash OS that may interest all of our computers on a network with a slow connection? I don't know. I don't know what's good anymore for that. That I don't have an answer for. Usually, if you're talking about Windows updates, you just wanna cash in with the Windows update server. So you don't really need to do anything at the firewall. You can have the WSUS server running that pulls the updates and then distributes them to other systems on there. That's probably the more practical answer. I have no control over the wait list on the sites that can be reached. So the proxy allows update the Proxmox knows and get around that. Yeah, I mean, I really don't know, man. I've never set up a, I've not set up squid proxy and had a good experience, but I mean, there are tools for apt cash that might be a better option. I just don't understand exactly how you have control at the WAN level to run a proxy, but don't have control to set up. You have control to set up squid but not control over the wait listing that goes in front of it. So I don't know how squid gets you around it. Any better. So, but there is apt cash tools out there. So that would seem like it make more sense. P of cents in a Raspberry Pi. No, it's not going to happen because it doesn't support that architecture. Just set up a new XCV hosting use Windows Update tools and it's all guests on server, 22 VM, XOENIC, current IP address display, shutdown restart from XOA works. But management agent not detected shown in general VM, RAM, Windows Update rebooted, VM host has no change. You have to load the Citrix management agent for that to work. That's the solution to that. Matter of fact, that's what I was kind of in the middle of doing when I was jumping on this is I got to connect our system. So let's share this tab, I'll show you what I'm doing. I'm actually connecting in another server. Let's get a connector real quick. So we're going to run updates while we're doing this. So, Ace magic. There we go. Connect. Oops, wrong one. 142, set an IP address later. There we go. Another Ace, this is going to be the AceTel, there we go. That the pool name, did I set the pool names? Yep, Ace Intel, Ace Dash. There we go. I'm going to load some updates on the hosts. So the 36 patches. We can load them manually. Let's load them manually. Let's show people loading patches, what it looks like. Which is not that interesting. I know it's going to be small. All you do is say, yum update and yes, and it's going to load them all. That's what it does in the background. Do you know how AcePs are applying statics to their routes? Not that they're modems, spoofing. That's going to be a good question for bearded IT data to answer in a more articulate way. Using my home lab is a proxy destination to get around limitation. You might want to post to my forums what you're trying to do or just ask in a Proxmox forums the best way to cache the updates. Might help someone after many beers or troubleshooting and figured out PSN Spust was not pulling away an IP, but while PSN was, same configs, weird. 40 guard broke today because the daylight changed. That's fun. Any advantage to setting ISP to static by IP, the cable provider for a home network or will it make it less secure? It's not about security if you have a static IP from your cable provider. It's more about the rules that you have on your firewall. I mean, unless you're worried about someone DDoSing you, that's less a security, it's more of an annoyance issue. Like if someone finds your public IP and it's static, people go, oh, look, I can go annoy you and start doing a DDoS. That is kind of a somewhat of a security risk, more of an annoyance problem. I have an old Zen server set up for VMs. I have thought about going Proxmox or XTBG. An internal web app for our company is Ruby on Rails, web-facing access to reverse proxy. I like XTBG. It's my, that's my impartial too, but I mean, Proxmox is good. There's nothing wrong with Proxmox. Ooh, this is a good question for the bearded IT dad if you're still in the comments here. What's a good first cert for infrastructure consultant, looking to pivot into security? All of your security certs, I am, because I have none, I'm not going to be the most articulate on that. So I don't, I'm probably not the best first answer, but I do reach out to Cody. That is exactly something he knows a lot more about than I do. Same with John Hammond. I'm not sure which ones are the best. I don't know if it's like the CSSP. I'm also not up to date on all of them. So I guess the clarifying to Squid is in my home app and Proxmox nodes are inside my work on secure networks. They don't have control over what's inside the store. Yeah, I, but I don't completely understand how the, I guess you're trying to cash it at your local place. I would just set up an apt cash at your work, tunnel out to your home to pull the data to an apt cash and then the apt cash could distribute to the Proxmox nodes. I believe Proxmox actually has a, there's a whole, there's an article cause it's got pointed out before. There's a whole Proxmox of even how to update it without an interconnection, how to bring the updates in. But because it runs Debbie and you should be able to run a Debbie in cash, it should work. That's my guess. Old checkpoint hardware is old checkpoint hardware running x86. If it does run x86, that's the requirement for PF sense. It doesn't like armed systems. Singapore has 10 gig fiber. That is awesome. The issue is that after getting gig switch gear and router costs go through the roof, you can get some decent 2.5 stuff, but faster is expensive. Yes. I have a Nikkei 2100 two ISPs and a unified switch. Do I plug the ISP ISPs into the switch or the back of the Nikkei 2100? You would want to plug them in the way end of the 2100. So maybe I'm not understanding your question. Pull an image up. The problem is if you have two ISPs that there's only one WAN port. There's a guide I think on playing with the VLANs to get this to work. So you can take one of these and switch it. The 2100 is really not the ideal one for having dual ISPs. But generally the ISP is going to plug into the WAN. I believe you can reconfigure all the 2100 ports to be a secondary connection. Thanks for the tip on sync things. Super easy. Looking forward to seeing an updated video. Yes. There's a couple of things that came to sync thing that are going to be really interesting that I want to do an updated video on. I got to build out a bigger demo because I'm not using this right now but I want to play with it. It's the extended attributes feature that they've added to sync thing that allows it to sync permissions between two locations. Thanks to the device. I'm sure I figured it out. The proxy was just an easy way to get around the apt update and solve problems was fine until squid took down my home internet. I will switch back to open sense. Remember that I don't have to mess with stupid stuff on my reverse proxy to work. Yeah. John Hammond. This is something we agree on. John Hammond is really probably, he spends more time very focused narrowly on the cybersecurity space. John is an awesome individual. So yeah, when it comes to getting into cybersecurity, definitely he's going to have better tips on that. Tag him on Twitter. He's not too hard to find or get ahold of. DNS synchole server on IoT VLAN. I don't. Well, does the, I have different. I have a camera network that doesn't have anything. It doesn't have internet. My camera network doesn't have internet, but it doesn't need to my IoT network. I just let it go wherever it's happy going. I don't care about that. I don't try to filter the IoT stuff because it creates silly problems sometimes that I don't want to deal with. It's like my one of my friends had this problem too. And I think I had this problem once with my wife. My wife's phone is on the open IoT network essentially because she plays clicker games. And if those clicker games don't work because an ad is blocked, that happens sometimes with the dumb clicker games that she likes. I don't want to hear about it. So I let the IoT never go where it needs to go. I use people to do something either with radius or DHCP. If you can do DHCP, you can do DHCP snooping, buying that address to accept only the genuine IP. Okay. I'm starting to say I'm not sure how to get TrueNAS scale inputs and log any tips. It's really, I'll open up great log and show you because it's pretty straightforward. So let's go through here and throw this on the screen. Where's my screen connection? There we go. It's just, I mean, it's edit the input. TrueNAS, I created a port. It's port 1522. Then I go to my TrueNAS servers. Hold on. Somewhere in here. Is it under general or advanced? I'm gonna go with advanced. There we go. There's the same port again. So 2.7, 1522. And then in gray log, gray log happens to be at 2.7, 1522. Follow my gray log video on how to get gray log going with this. But yeah, you just create a port and put data to port. Pretty simple. No, you cannot get different rules per interface. That doesn't really work very well in there. I think Debian does have some DVD repositories you can use either. I mean, as well, not either as well. Followed your advice in an RMM, EDR, Zeros, hybrid staff, still a PF since the office, PF Blocker Quad 9, thanks. Awesome, I'm glad that works for you. That's the important part. It's all works for you, you know how to use it. That's awesome. First round, you know, I should have said this. Security plus is probably not, this isn't the obvious answer. So thank you for that answer. I would say security plus is probably a good one to start with just to get your basics down and that. I'm also though, I don't have any certs. So I like to bring that up that I, that's what makes me less of an expert on it. I just don't, I haven't taken a test for a certification ever. So I'm not an expert on, especially modern ones. I've seen the test for the ones 20 years ago, but I haven't done a modern certain forever. We're really looked at one. See, people talking about open sense. PF sense 10 gig build recommendations. Honestly, I mean, I should do a video on this because it's such a weird question. I don't understand why people think they need a lot to do it. Neck eight, eight, 200 here. Like this device here, and I'm going to pull it up the 8,200. Where's the specs? There we go. So we have, whoops. An eight core, eight core atom CPU at 2.4 gighertz. There we go for the 8,200. It routes 10 gig. Like it does not take a substantial amount of CPU to route 10 gig. That's just the way things are. So build recommendations for 10 gig. I mean, I recommend the Neck 8 hardware. If you're going to build it yourself, it does not take a lot of hardware to route 10 gig. So way in for port ISP one and opt one for ISP two. Yes, that is a good answer. For the 3,100, that's a good answer on there. But it doesn't, it should be fine. 3,100, it's reached end of sale, I believe, but it's, that was one of my favorite devices they made. That was, that like hit the sweet spot before prices went up. And it's not that they went up for any more reason than supply chain and things like that, which kind of sucked. So Slogan G was just fixed. Yes, I filed the bug report on that. There was an extra curly bracket in the config file. So I'm happy that it's fixed. They actually fixed something else too. I have to do, I'll do an updated video in another week or so, that they fixed a few things. They also are fixing some bugs about, what was it? Something with the encryption. I've seen a point release for it, but oh, they also fixed the MinIO. They actually updated it so it has a certificate. That's what I was told. I don't know if it does, you're not yet. I haven't tested it, but I was told that's fixed as well. I worked it, I worked for a school IT department. We've been moving identity providers such as AXA and ClassLink for their SSO and rostering. It seems like a trend. You know, moving to identity privers. Yeah, the OCTA one, I don't know. OCTA's had a lot of incidents obviously. So that's the thing, but the other side is I get the need for central identity management. Like I understand the demand for it for simplifying things. But thank you very much for the donation. Thank you for your videos. Do you play with OpenSSL and PF Sense? Any plans to do a video on it? What would I do with OpenSSL and PF Sense? I don't, I guess I don't need, I don't understand what the question is. Do I play with OpenSSL and PF Sense? I would say that, I mean, OpenSSL is part of the VPNs I use. So in a way, I need a more specific question, I think. Oh, yes. Yes, yes, the, so even my, the way my home network works, the labeling, if you will, that I use, will log into my network because I pulled the interface assignments on here. See, I have my, make it bigger. There we go. We have a, the not safe for work land. Where do you think my wife's phone is? And the IoT devices. LTS Tom, that's where I'm at. PIA VPN, that's where some things go. I have a WireGuard VPN. That actually goes out to my other lab that I have. There's going to be, this has got to be moved around. I'm swapping some lab stuff around, but yeah, I keep a WireGuard tunnel up. So my lab that's not here, I have remote access to it. That's just always on. That way I have two labs. I have some things here at my studio and some things in, at the business building. So I always have access to them. Greetings from Seattle. Absolutely. Why do you need a 10 gig router? Why not layer three? So which is, why are people routing their storage? Almost every time someone tells me, oh, I really need 10 gig. And then they tell me they're routing their storage. I'm like, why aren't the things you're trying to access on the same land? I mean, I know there's some exceptions and it's better to use just routing, not firewall, if you need them to be broken down to subnets, but yeah. 10 gig route does not need any part for hybrid IPS, DPI, Require CPU. Any FIPS recommended firewalls? I mean, you're going to be able to get that from the enterprise companies. I don't really have a particular recommendation. Cisco, Cisco 40 Nets. We have a handful of clients because, you know, they use the FIPS version of 40 Nets. So Intel Xeon E5, you know, I would have to look it up. I don't know, probably. The Intel Atoms can do it. So, payrolls are going 10 gig is the cost of the switches. Even use enterprise switches are expensive here in the UK. Cards, cables are easy. Yeah, there's, I mean, it's a bumping cost. Yeah, routing 10 gig is a take-off. But once you start filtering and applying firewall rules, it can start bogging down. Absolutely. Let's see here. My Sophos XGE31220 can route at 30 to 40 gigs with IPS-enabled only 45, or with, but with IPS-enabled only routes four or five gigs. Yeah, there's a substantial, that traffic inspection has a heavy cost. You don't use MDM to manage a wife, kids, mobile device to have a smuggle. No, I do not. No interest in it. Make a video for home network users that, I think there's another piece of the question. PF Sense Blumeira tutorial integration. Oh, that would be a really boring video. It will, I'll cover that really quickly to show you how boring of a video that would be. You go over here to the, login in now, some spinning. There we go. Oh, something broke. Oh, certificates expiring. Mark all those red, I don't care. I got some certificates update. Anyways, let me clear all the errors before I log into this thing. But if you wanted to integrate Blumeira into, and I just did a video on Blumeira, here's my Blumeira integration. There we go. Just, you load the sensor on Blumeira, you point the PF Sense logs at the Blumeira sensor. Done. That's, it's not much else to it. There's not a lot to integrating and shipping all your logs like that. Can you make a video running in best apps and configurations? I mean, I'm a, I didn't catch what it's for, for TrueNAS, for PF Sense. So you throw in one more word on there for me. You know, I mean, this is a valid use case. The title of this was Home Lab, not Enterprise Networking. But I like talking about Enterprise Networking. That topic's not off the table. But I think most people ask me about buying a bunch of expensive 10 gig switches, usually have some goofy routing things you're trying to do. Running, we route VM replication between different data centers over 10 gig links. Absolutely valid reason to route things across there. Different, there are different use cases for it. It's usually not a home user or home lab one. Do you think it helps or hurts PF Sense projects that new features only get implemented if it comes downstream? I don't understand the question. If new features only get implemented downstream, that's a confession, I'm not understanding it. Yep, just connected to PF Sense, FireDwell, Blue Mary, very cool. Awesome. Easy to file a bill, remote access, TrueNAS or files from outside the network. I mean, I did the file manager video, that's probably the easiest one. I did one on TrueNAS as file manager. I'm gonna be probably the easiest way to access your files remotely with a, use a VPN or tail scale. Tail scale is a form of VPN. It's an overlay network, but works like that. What do you think of MikroTek? Have you tried dealing with it, especially for home lab use? I think MikroTek has a good niche market. It's the learning curve. If you take the time to learn it and deal with the quirkiness of it, it's great. It doesn't manage well at scale unless you're really talented at the command line and learn something like Ansible to manage it. It doesn't have a nice dashboard. This is why Unify is so popular in the home lab, is they're easy to glue together. It's less of a learning curve. MikroTek is quirky, but that's what you're trading off. You don't get the same nice UI. You might get with something like Unify, but you do get a really inexpensive, good performing device. So I don't think they're a bad device. Jeff from Craft Computing just reviewed one. I think it's pretty cool. They just released. So yeah, the chat on MikroTek, that it's complicated, but it's cheap. Yes, it depends on how you value your time. What happens now with Greylog if you can figure remote log server in PF Sense to .2 Blumera? Well, if you noticed, there's two servers here. Let's zoom in for you. And the second server is, this one is the 1514, 2.7, 1514 is where my PF Sense logs go to Greylog. You can ship logs to two or three places at once in PF Sense. Yeah, PF Sense can have more than one. Yep. Would you trust MikroTek on the SwitchWan for connecting HA routers instead of shared WAN links? No, I would not trust MikroTek on the WAN. I think they make good switches. I think the complexity of their configs lead to the fact that there's an absolute time of owned MikroTek devices feeding botnets right now. It's not that they can't be secured or whatever. They've just seemed to have a lot of bugs in them and people not understanding how to configure them leading to bad security with them. Does running Coreboot disable out of band management? Generally, no. You want to run an, if you have open VPN, how can I get X for my network on a true NAS dashboard? I mean, if you have open VPN, you can just connect over your open VPN connection. You'll be able to get to your local network provided you set up open VPN. So you go open VPN to your firewall and then from there just go to your NAS like you normally would. It's not going to be fast. SMB over VPN is terrible. Why is everyone so anti VPN? Everyone's something that complicated and requires cloud proxies. I don't get it. A lot of people are stuck behind CGNAT. I know that creates a problem. What would I trust on the WAN side? P.F. Sense and Enterprise Firewalls. Instead of opening a port for access to your Plex, is WireGuard the way to go is a better option. WireGuard or open VPN, both of those are really solid options for that. What is the most common use case for a home server and how does one start the endeavor? You know, I'm going to start saying that Plex question is probably number one. People build a lot of home media servers. It's kind of like your first dipping your toes in the water for what you want to host at home. And I think it makes a lot of sense because the reality is, you know, Netflix ended piracy almost because they had really inexpensive access to a wealth of videos. And then, you know, all the companies started making streaming services and the price started going up. And then you can't even figure out where your show you want to watch is anymore and one season's on one platform, the next season's on the next platform. And you're going, you know what? I'd like to just have this when I want to watch it. So Plex is probably Plex or related, MB, Jellyfin. There's a lot of different media players out there. Seems to be like a pivotal point where people go, I want control over my media again. And I want to be able to watch my media when I want to watch my media. So usually media is your first step in the home lab. But from there, it's all the experimentation. You know, I love my news reader. I love all the stuff that I self-host to aggregate data, you know, that I get to have. I mean, even for me, all my videos and everything like that, it's all on my true NAS and storage servers replicated between them. Site to site, Azure VPN with PF Sense, you know what speed I get over, I would get over a 1.5 gig home internet. I'll be setting this up soon, having some devices. I mean, you can get line speed if you have a fast enough device that can support 1.5 gigs of that. I don't know how fast it is in the cloud. That's a sales person question. Well, not really. It's a Azure question of how much compute power did you give it in Azure? We have a customer using 2x microtik four ports taking between the 10 gig links from us and their firewalls, loads of problems with SFP problems. Yeah. I think you want to get a dream machine just to get running easy and somewhat safe. Oh, go PF Sense and I'll help you with that. So reach out to me, we can, we'll do PF Sense together. We'll make a video on it. Matter of fact, I kind of want to do some more testing with this little box. I got this and these are pretty cool. Patrick from serve the home has reviewed these, the R65s. This has got two 10 gig switches. I mean, this thing's pretty spiffy. I'm going to read, I just got this the other day. I'll be reviewing it soon. Plus one for home media, that's the bug that got me started. I need something between PF Sense and Modems so that PF Sense can share with both Modems. Dumb switches work fine. I mean, I've done that more than once where you just put a dumb switch. Like if you have to have multiple PF senses, the nice thing about a dumb switch, you never have to worry about it being misconfigured cause there's no management to configure on it. Next Cloud's a pretty popular one too. If you're wanting to manage all your own documents and have that under your control, Next Cloud is definitely a great home lab project. We use PF Sense running on Proxmox of Wintem VM running. Use Wintem, do no need for VPN. So he's in need for VPN. I don't know if a Zima board will be good for the Plex server. It might not be quite fast enough for that. I guess it depends. I mean, I'm sure the Zima board would run a 10, you know, a 1080. I don't know if the Zima board would run a 4K stream. I love the Apple TV. I run iTunes and old Mac mini. It was given free, works well with Apple TVs and more. And I think you can view on Apple, it's been a year since I looked at the Apple TV, but a lot of them will actually view MB and Plex and things like that. I actually use MB for my media and I stream it to a Google Chromecast, works fine. Yes, let's talk some PF Sense. For Home Media Center with 5.1 Dolby MLS either by physical media or host on server, they stopped selling physical media now too. So not many options for users. Yeah. You can run PF Sense on a Zima board, yes. Oh, or were you asking this device? Yes on this device as well. I mean, I haven't loaded it, but I feel confident this will run PF Sense perfectly fine. I'm really interested to unify stuff that is coming out. I would not have any need to get a Dream Machine Pro. Wasn't a Plex server the downfall of LastPass? A Plex server publicly exposed to the internet was the downfall of LastPass, yes. Don't publicly expose your Plex. Can't get OpenVPN to open VPN to work with a WAN IP that works with the WAN address. It sounds like a firewall rural problem is my guess. Anything wrong with running PF Sense with a PC? Not at all. PF Sense will run fine on a PC. The usual downside to it is just the higher power draw and the fact that it's bigger, but that's not necessary. If that's not a problem for you, like, hey, it doesn't use too many watts and hey, I have room for this, then sorry, yeah, you're running a bit. Then it's not really a big deal. Massive fight with OpenVPN and CGNAT. Yeah, you're not gonna solve the OpenVPN CGNAT problem. If your upstream provider is doing CGNAT and they don't give you access, that's where it stops. Starting discovery, oh, discovery with the wife. Good stream. Watch tomorrow while I slog through the on call. Have fun. With switching to IoT WAP channel from 20 to 40, only 20 give better range and connectivity, cheap IoT devices like late switches. That's gonna be varied. Probably going to the narrower may help them. As long as they support it, the narrower ones, because they don't need bandwidth, they need connectivity. Also for note for those wondering, let me pull this up real quick. I went all Z-Wave with all my lights and by going with Z-Wave, I avoid all the trying to get lights connected to Wi-Fi. So all these controls for all these lights around my house and light switches, they're all either Zigbee or Z-Wave. I've got a mix of them, but that's all facilitated with one adapter and my home assistant. Yeah, this is right here, man, because this is an extra one, definitely makes my life easier. I think I PF set VLAN setup with my unified switches, but port forwarding is not working and it is worth noting PF Sense. It'll be regular place to see esoteric PF Sense questions. The NetGate forums are good. There's a lot of information on forums. I have videos on how to do port forwarding. There's also people posting in my forums. Start with the PF Sense forums if it's just PF Sense questions though. Home Assistant will be on a family be annoyed and they can't turn lights on and off on the servers down. Yeah, that's the thing. I got a project tele was only gonna use it. I was gonna use it, but only has two and a half gig. Well, yeah, you're gonna need something with 10 gig. So you're probably gonna need something more like this. I'm on PF Sense 252, but when I go to upgrade to six, it just sits initializing our PF Sense blocking upgrades. No, I don't really know why, but you're trying to jump. I mean, it should go to 2.6 then seven. I don't think you can go from 252 to 277. The other option is just reload it and I'll back up your config, reload it and restore the config. And it may be something might be broken where it's not grabbing the updates from the update server. You have to dig around in the backend to do the package updates. There's forum posts they have on this topic where sometimes packages get out of sync and you have to re-initialize them or you could just download 2.7 and use your config from your 252 and get it going. I have a 7100 this week. I picked up for 300 bucks. That's a good price. What hardware should I get to the ultimate PF Sense setup? You know, we'll talk on that. But yes, we'll talk about some different hardware options. You know, if you wait, I'll even let you know how this performs with PF Sense. I'm gonna load it on here and this might be a fun one to buy if you're looking for something kind of novel. I'll check how it performs pretty soon. This is actually a cool little box because you got three ports here, two 10 gig ports. They also have a 25 gig version of this box. So if you're wanting to try it on non-NetGate hardware, my recommendation for businesses is always go NetGate hardware. That's what we use because it just works and it comes with PF Sense Plus and it's great. But for non, you know, for home users and people that want to tinker all the time, these different little boxes are pretty solid or even some of the stuff from Protectely is not bad either. It depends on how much data the syslog server is ingesting. So if you build a gray log server for syslog and you're sending it a massive amount of data, well, then you're gonna need a massive amount of storage and a massive amount of compute. It's a hard thing to measure because unless you really know just how many logs you're sending, it's you wanna really overshoot because you don't wanna under plan the resources but you wanna make sure that you have enough resources to, you know, make it work properly. I forget how big ours is right now. So let me pull up. It doesn't really use too much CPU on the day to day but if I start querying this, it does. But like the disk, you know, here's the network that we'll put on it. It's pretty steady, you know, network traffic that's going on here. We've got like 12, what do we got here? 16 cores, 16 gigs of RAM and it's using it to just track all the stuff at my office. And if we do this, I'm just gonna open up another window and log in a gray log. I'm gonna do a search for the last seven days. Now let's try to find something. Not bad. Let's change it to 30 days. What you're gonna see slowly here is the, it starts picking up. So it's not too bad, but it's also, this is a pretty fast system. This is a really fast rising system but you know, when we jump up to about 17% CPU usage, it's a hard thing to scale the gray log servers to make sure you do it. I overshot this is faster than we need but I'm not unhappy because I was just able to parse through, you know, a few hundred thousand logs pretty quickly. That's always the beauty is how fast you can burn through logging information. Matter of fact, I'll switch over to like this. Let's filter it down to something else. Or something fun. Maybe true to us. Like looking in here, this is 386,000 logs on that day. So 280,000, 137,000. I'm able to index these relatively quick. Let's try and pull something in there where something interesting. Trinity, SMB, if you wanna find something specific that I can like parse out of here, add to query. Yeah, I'm able to bring these queries. You can see how fast that works inside of here. And I'm doing this all through a 30 day lookup. So take that one back out, query back for 30 days of Zen server logs. So it's relatively fast. The XG7100 is a little odd the way it handles the switching. I'm not a fan of it. I'm glad they don't do that anymore. Do you recommend Synology Active Directory? Not really. Just because you run into some support problems with it. I guess for home use it's probably fine. I'm not sold on using it in a business application because if you run some compatibility problems with it, like I think if you're just managing a handful of computers at your home, that works. But now you're trying to do a larger business integration. I know there's gonna be some limitations to how it works versus how full Active Directory works. So think about your use case. I wouldn't try to sell this to a customer that also needs it to integrate into their other line of business applications that need Active Directory support. But for home user, yeah, I think it's great. Sorry about any topic. Sorry for not asking top of PF sense. What are your thoughts on Zen TL and alternative firewalls? You know, I just did a video on, oh not video, podcast. So if you check out our podcast, we had a big discussion on all the firewalls and they're all gone these days. Let me look, I think I had ZenTal in there. I made a lot of notes for this. So where did I put my notes? There we go. Is ZenTal in there? Is that one of the ones? Yes. That project seems to have not had an update since 2021. So I think it's neat, but I think it's another dead project. That was my whole problem with the whole, everything about it really, was how all these different companies present, share screen, let me find my, how can I make these notes bigger? If you're wondering how I do notes, everything's in markdown for me. Anyways, there's a bunch of firewalls I talked about and they're all, all these same notes are actually dumped into that podcast. It's a live stream on my channel. It was the last Homeland episode, but yeah, all the firewall projects, so many of them are just gone now and ZenTal is kind of one of them as well. Some ISP will allow you to request to remove from cgnit and get a public IP free of charge. It's going to vary by ISP, that's for sure. Hello from Roseville. So hello, I'm assuming you mean Roseville, Michigan. So awesome. I should reach out to some of them. I don't know them all that well, but I'm fine with doing, I like doing collabs. Here's the part that kind of puzzle me. It seems like I have to reach out more often, but then I forget and maybe they have the same problem. They don't think about it either. So I don't mind, I randomly guessed another podcast, but yeah, maybe I did sort of thank you for a reminder for reaching out that I should reach out to them. When would you recommend open census and a PF census? I don't, especially because I've been since release. I've talked about this a lot recently and people are not happy with me bringing this up. Where is there, what do you find to release notes for open sense? Anyways, vlog, there we go. One of my challenges right now with open sense is really big. Open sense does not have a path. They have not disclosed how they plan to do this, get to the supported version of open SSL. They're running a dated unsupported version of open SSL. That's a big security problem. So I can't recommend something that's using deprecated open SSL. That is, especially if you have a path where you're like, oh, we're gonna fix it next week or two weeks from now or something, but not when there's not a path. So that's a big problem right now in my opinion. What's a good router AP beginner homeland project? That's not hard to say. I think PF sense is good for the reason. It is a complicated project, but there's enough documentation out there and it will up your networking skills and knowledge getting there. I'm wondering what PF sense port forwarding issues could be hardware related. Is this an official place that supports SAP Nix? I don't know of any hardware related problems to port forwarding. What is the name of that little black box? That's a good question. Here, let me do this. Serve the home R, what is it called? It says 86S. I will pull up to serve the home article because it doesn't have an easy name. So let me present share screen. This is the box. So R86 low power and 10 gig networking. It's cool, you can find it. This is the, I'll drop the serve the home article in the chat here, but yeah, it's a cool box for sure. But the other side of it is of course, that it doesn't have an easy naming to find. And I think it's only available through like Aliexpress. Learning as it go, it also set up Nix cloud. I can access files and share NAS service as well. Looks like it wants to store files on my smaller drive. I've installed for setup app files. I'm not thrilled with the implementation of TrueNAS' version of Nix cloud. So yeah, it can be tricky to set up. I think I did a video on it recently. Did you install a Citrix management agent on your new VM yet? I will. And if you're asking about what I was doing earlier with this, I'll do the, I have a Windows, I have a Windows VM that already has it installed. I don't use Synology AD for the home lab. There are a lot of other tools and applications that require a Windows AD integration. Skill Managing ADDS is something I need for business. And why do you think so many firewall projects gone just curious? And don't worry if you don't have an exact answer. Well, that's what I discussed. So one of the challenges is how to keep these as a, build them as a business that operates. The only long time runner of an open source firewall right now is really NetGate with open, with PF Sense. They're the only ones really pushing forward to keep it going. It's just not happening anywhere else. The challenges of running a firewall is a lot here in 2023. There's just a lot of things that have to go into it, a lot of managing, a lot of updates. And how do you build a business around it? Because the people that get aggravated every time and granted, NetGate does make some dumb community decisions. But the other side of it is without NetGate, you don't really get a lot of these updates that come with free BSD and everything else. Open Sense is an easy example of they pull from what NetGate does upstream. And how do you keep this going forward? How do you build this as a business doing open source? If everyone just wants a free firewall and you can't figure out a way to pay the bills, you will go work on another project. And that's what's happened pretty much of all these other firewalls is best I can tell the project maintainers just kind of dropped them. So it becomes a real challenge, trying to figure out how to put a business model around it. I still think the Lenovo MQ 720 is a better option versus the Arri 6. And I agree. I think the Lenovo boxes are really nice. Have you ever configured a router using Vidal Linux and Firewall D and Network D? I mean, yes, years ago, I wouldn't run that in production. I mean, just because I know how to get it working, it's tedious and it's not something you can't do. It's not something that everyone can do. There's a reason that not everybody writes things in assembly because it's easier to build things with these frameworks from programming languages. Same thing goes for firewalls. Just because there is possible to completely manually build a firewall in Linux doesn't mean that it's something I will do a video on because most people just want to use a web interface to get things done because it makes it a little easier. Please do an MB video. Hmm, I'm just not that expert at MB. I mean, I use it, it works. I don't have any problems with it. It seems pretty straightforward. I've had trouble making it work on TrueNAS. There's a reason MB is on my Synology because it didn't work right in TrueNAS. I haven't tried it in TrueNAS again lately. Maybe I'll do an MB Synology video because that's how I use it. I mounted TrueNAS NFS here into the next cloud, data storage, and you can share that out as SMB but don't edit via SMB. It'll confuse next cloud, yes. What would be a good server to build running TrueNAS, Proxmox, or XPG? What would be a good server build? That's a better forum question because there's a lot of questions about do you have the budget for new servers, old servers, new servers, these little mini servers or these little Ace Magic boxes that I've been playing with. This is what I've been loading stuff on right now. This is another Ace Magic box that I've got loaded up on here. There's not an easy answer. There's not like a cookie cutter one but I will admit all these inexpensive Ace Magic and all these weird top tin and co-tom and protectellies are making some pretty inexpensive servers that can get you started. ZimaBoard is awesome. ZimaBoard is definitely one I think is just, they've been killing it. It needs a lot of money to make open source secure, especially for security appliance if your project doesn't have a lot of users knowing what trust your project either. It takes a long time to build the trust. What is the best way to use Ansible on Windows to manage Linux hosts? That's a fun question. I would say use the Windows subsystem for Linux. That seems like the best way to do it. I don't know many people who do that and have Ansible on there but I don't see any reason it wouldn't work to build your Ansible playbooks and everything and then push them out to Linux and systems. So are you doing the $12 per user of Lumera? You know, I don't know. I don't look at our billing anymore since we merged. I'll be straight up honest. We switched a lot of stuff when we merged and I don't pay the bills anymore which I know it's a lame answer but man, I'm happy not to look at that anymore. Have you ever worked with Red Hat servers? If you're interested, yes. What kind of projects have you worked with in Red Hat servers? Not, I mean, I'll support whatever servers. If we have a client that has something that runs Red Hat, like there's some line of business applications clients have that happen around Red Hat, but I'm not the biggest, like I don't go out of my way to do anything with Red Hat. Pretty much I'm a Debian guy. So for Home Labs, depends on how much you can get away with before the wife husband says, yo, how many servers do you need? That's a whole another, yeah. That's, yeah, you can't blow the family budget on there. This is one of the reasons. So the real reason Tom has a business is so he can just play with unlimited hardware and everything else because that's, I just like playing with this stuff all the time. I love what I do, fixing all the computers and building things for clients. So that's really why I run a business is I keep doing this all the time. Do you think TP-Link Omana's solid system for a medium sized business? And answer that is no. I gotta bring Eric on because he has some thoughts. The more we've run into the Omana stuff, the more buggy we have found it. And I would say it's quirky and buggy and we've just had to reset the devices to get them to work properly. So my confidence in them is pretty low right now for them making a quality product. I recommend you servers run Raspberry Pi Zero if you have a tight budget. Yes. Definitely if you got the budget, man, these little Raspberry Pis are fun. I mean, you gotta have this stuff at the ready because somewhere I've lost it now. Oh, there it is. This is an E-ink display. Let me get the camera to focus on it. This is one of my, before I switched to a different box, back when I only had like 200,000 subscribers, this was all part of an E-ink display kit I set up. I built that, that is not a, I should show that on here in a moment. How many servers do I need? Yes, absolutely. Something we'll do here. Let me see if I can make this work right now. Hold on. Is it? Yes, it's up and running. All right, we're gonna do something fun for the screen here. You know what, I gotta go and plug something. So I'll be right back in a second and we're gonna play with the screen update real quick. So I have a little be right back thing that shows up, I think. Can I get this to work? Oh, there we go. My Pizzeria runs off battery and solar. Absolutely, I have this. So let's, a little show and tell, right? Nice break music. Yeah. Hack in the network and I wanted something really cheesy for the graphics on there. Is this Q and A from the YouTube chat? Absolutely. But this right here, this is E-Ink and this is run by, hold on, so I'll drop it. This is also my Raspberry Pi Zero project and it's got a battery backup. This is just a battery, a little battery device. I keep it plugged in behind me, but whoa, crap. The Velcro popped off. Hold on, stick the Velcro back on. I should put this together with more quality. So, yeah, it looks pretty cool. But it's up and running right now. What we're going to do is show you what it looks like when I actually, I'm running on, I'm trying to type and hold this. There we go. You're actually gonna watch it get updated. I know this is gripping stuff. So it's gonna start erasing the screen. This is, yeah, bear with me. This is Raspberry Pi Zero, so this takes a little bit of time. There we go. Why did it unfocus? There we go. Oh, because it doesn't know what to focus on. Now it's updating. Come on, stop hunting. It doesn't like the blank screen. Keep my fingers in there. Camera didn't like that. And now we're starting to draw the screen again. Come on, screen. It needs an edge to focus on. These E screens are cool, but they update so slow. There we go. 306,000 subscribers now, and it's got to finish blending all this in. There we go. That's kind of cool. And now it says 306,000. Yeah, this updates, you know, just sits back here. Plug it back in so it stays charged. But that's what sits behind me. It looks like the digital license plate. You're not wrong. It's novel. I think it's pretty cool. E-Ink is so neat to me because this other, this is not, I mean, this has not been turned on. This is so old. This is back when I only had 200,000 subscribers. I mean, this is not plugged in, but because the way E-Ink works, you push the data to the pixels and it stays like that until you refresh it again. It's just novel. I love how those things work. Does anyone have a NAS, does Synology have NAS plus a trunking option for their neck? I don't know if they do trunking on there. Pretty much you, they have some VLAN support on there. So you can do VLANs, but I don't think it's great. I don't, I usually just put multiple NICs in a Synology and put one leg on each network. PfSense on a quad two and a half gig mini PC. I definitely think that would work. Is that a double plate behind you? That is actually, you know what, let me take, this is a question that actually comes up a lot. I should talk about this at some point. This is just a, I did that because now it will easily show up when I go to photos over here. Come on, upload, backing up one item left. As soon as this uploads, any recommendations for two and a half gig four port router or just build PfSense with a dual two and a half gig PCIe? I mean, I prefer the neck gate hardware, but I mean, I haven't really tested it much on the non-neck gate. So I don't know which ones are good with the two and a half gigs, but it should work with a few of them. But this behind me is just a thing from Huntress. My friends there did this. This is when they reached their two million, hunting the few to protect the many. And yeah, that's what's behind me right here. So it's a silver record behind me, kind of like an award. It's a platinum record for reaching two million endpoints with my friends over at Huntress. I was among the early people using Huntress and I've been a longtime friend and supporter. I've known Kyle now for several years as the CEO of Huntress. I know a lot of their people, they're always great people to talk to, great interactions and but they sent that to a few of us who are their early adopters. Yeah, Huntress is just awesome. Just really enjoy them, really like them. Throw your questions in because I am going to wind this down in probably another 10 or 15 minutes. What happens if you play it backwards? You get infected. It's nothing but viruses on there. I don't really know what's on the record if I'm going to be honest with you. I know someone did try to play it and did say something was on it but I don't remember what. Our platinum record, I don't know. I don't want to take it apart because it's so nice. Like that is really a nice thing. I like it a lot. So I am, it's been great working with that team. Is better since the merger? Is that, I assume you're asking a question and yes. Were 90 days past me merging my tech side of my company with CNWR and I'm absolutely happy. If I have the Unify Flex6G switch, do I need something like the Dream Machine Pro to connect to it or is it the only switch I have? I don't know how to connect to it. You need to manage it with the Unify controller software which can run in a Dream Machine or you can run it independently. So the Unify platforms, the Unify switches all need the controller software. Whether you run it yourself on a Linux or Windows computer or whether you run it in a Cloud Key or run it in a Dream Machine, that's how you manage them. Sentinel-1 versus Huntress? It's not really Sentinel-1. For us it's Sentinel-1 and Huntress. So the Sentinel-1 is good but I think Huntress is better. I don't know. It's still an and for us. Could there be a future where we only run Huntress? That is certainly a possibility. What am I drinking? This will surprise some people probably, I don't know. I found this in my basement. I don't even know how I got this. So if those of you are wondering when I started drinking, it's that. Do you have any experience with Disless Boot Systems? I haven't used one of those Disless Boot Systems in 10 years. I used to use the, I wonder if it still exists. The Fog Project. I'm looking up to see if this is even still a thing. We had actually built this for a school system for free. I don't know when the last update was of this project. It was called the Fog Project. So you could do booting and imaging systems over Pixie Boot. Oh yeah, so Fog Project is a March 5th of 2023. So yeah, they're still current. What security system do you recommend for home? I'm huge on the Synology System. I think they are great. I am really happy with Synology. Let me pull it up. Yeah, I've talked a lot about the Synology System. It's just my, it's kind of been my go-to for a while. They just work so well. Is there a way to sort, usually you want, if you want Snort or, Snort or Saracada to notify you, you want to ship it to a log server, aggregate it there and build your triggers and alerts. That's the best way to do that. What are the selling points in person, getting a Cloud Key versus Self-Pose the Controller? Not having to run the Self-Pose the Controller, which not really a huge selling up point, convenience. Like if I have a customer and it goes, I don't want to stand up an extra server for this, Cloud Key for, you know, as inexpensive as they are, I think they're a good solution. But if you already have a virtualization stack or somewhere to run it, I'm just going to go with running the controller itself. If you're an IT guy at a large nonprofit, what would the setup look like for security firewalls, 50-50 Apple Windows? I mean, PF Sense, and then I would load application. I wouldn't try to do filtering at the firewall. It's just too, too much of a headache. Oh, why is my Synology stuck? Maybe it needs to be rebooted? Usually my Synology works fine. Let's reboot this thing. It's weird. Oh, it's got a package update. What does it want to update? Oh, yeah, sure. We'll say yes. Fogger's running, oh, just as boots run off systems off run image. Okay, I didn't understand the question you were asking. Yeah, I don't have much experience with those. How many APs and switches can a Dream Machine support? Probably a large number of them. You know, my friend built a bunch of discless Raspberry Pis. I thought that was a really neat project. I don't really, I don't know why he did it. I think he did it for the fun of it, so yes. Hey, thanks so much for dedicating the time to chat with us. Absolutely, I love doing this. I love helping the community, and this is just a fun way to do it. Like, live streams, they're just great. Oh, well, my Synology is like telling me it's not gonna update, or maybe it did. Oh, it did update, whatever. I'm rebooting it. Well, I guess I'll try a surveillance station one more time. Does it work, or is it stuck still? This is weird, it's the first time it's ever done this. I know it's working because if I look at my, if I switch over to this, it's still got images, it's still sending notices. It's just not pulling up on the screen right now. No, let's reboot it. Why not? Restart, I don't know when last time this thing was restarted is. Well, let's reboot it while we're live. The issue is that it works too slow, storage are too cheap. No real reason for this nowadays, unless BDI. Yeah, I don't think there's a big demand for it. I use the HP Perlant DL3D G8, Lilo uses Java since they updated how can I access deprecated old Java webpages. Yeah, there's no easy answer for that one. There's some tools out there like you can find some old Java to be able to connect to it, but it's not a secure thing. So I don't have an easy answer on that one. Trying to connect OpenSense and PF Sense of WireGuard site to site. I don't know, I've never tried to connect those two together. S1 Flags active backup as, yes. S1 Flags, QuickBooks as malware. S1 Flags, lots of backup tools as malware. S1 Sentinel-1 has lots of false positives. Can I connect my mini PC router to the uplink port on my Flex XG? I don't see why not. The port on my PC is one gig and the uplink flex is one G. The other four ports on the XG are 10G bottleneck concerns. You can't go faster than the slowest link. So you can't, the other devices will be able to go at the higher link, but you can't get any more data to it than the slowest link within that chain. So each hop, but I mean, they connect. You can certainly connect them. I have one gig links in my 10 gig network sometimes because, you know, not everything under syncing. That is the problem with Dell and iDRAX modifying the Java security files. Yes. Really enjoyed the talks about PFSets, awesome. So hopefully I'm clear on that. I mean, you can mix them if you, you just switch it down to the lower speed. This thing's taking a long time to reboot. You should look at something more interesting than watching that reboot. What was I working on when I started all this silliness? Hey, look, I can sign into my Synology again. And it's spinning, it's booting up. Pull up the resource monitor while it, good, my Synology is healthy. That's a good, that's good news. And it's working over here in HomeLab or Home Assistant, not HomeLab. So it's seeing vehicles and notifications again. I got, this has been on my two to this for a long time to show my Synology integration with my Home Assistant because it's cool. If it detects not motion, but if it detects a person or vehicle coming around my house, it will actually turn all the lights on. It's got some little things like that, but it's nice because you can build those integrations in with this. Where are we at here? Remove that, we don't need that here. Close this, I have too many windows open, sorry. I'm just trying to get them all closed. All right. Now I'm less confused. I want to say that's how reliable Synology is our small medium-sized deployment trying to convince our boss to move $3,000 Windows Server, one terabyte SMB file share. FYI, it's about disability. We're going to operate 20e gaming center now with fast network speeds and storage speeds that possibly run them all in the same image. I don't know how well that would work. Honestly, with hard drives being so cheap, I think you'll create a bottleneck. I mean, you're not going to get the same performance over network as you do with a locally installed MVME. I mean, you could if you had 100 gig interconnect, but MVMEs are going to outperform this and MVMEs are cheap and most computers have them. So you're not going to get the experience. I don't think you get the experience you're looking for on it. Frigate and Home Assistant. Yeah, Frigate's kind of cool to integrate into Home Assistant as well for sure. Oh, that's neat. I did not know that. So apparently most gold and platinum records are actually vinyl records that have in vacuum metallisized and tinted. They usually do include some metal if it's, but not sure if it's gold or platinum. Hmm. As someone managing 20 plus analogies, they do recommend them for small home office. Just so you know, there is no true custom support to go with. So you have support when there is an issue. They're solid. I'm really happy with the analogies. Have you ever had issues of mounting virtual media in iTrack? Keep trying to install Linux on a server remotely to virtual media files corrupted, but the hash checks out. It's been a while since I've had to do that. So not really sure on that one. It's not often that I'm trying that. So that's a harder question to answer simply out of lack of using, and I would say. I don't, it's been, I'm trying to think of last time we had to reload one of the Dell ones with the media on there. Definitely an interesting challenge. This, here we go. Logging in a few more things. That's my review of that. How do you get your chat on video? It looks cool. I'm using a tool called StreamYard. Works wonderfully for this. Oh, I found the problem. I goofed a proxy setting. So this is working now. Back to the analogy question and what camera systems do I use? Do you wear reading or computer glass? So as it turns out, I can see things far away. So if, like right now reading the screen like your words on there, now they're clear. So as I've gotten older, I hated to admit it, but glass has helped me see things that are close to me very, very well. I don't, it's when people meet me in person and they realize I don't wander around with my glasses on because I don't need them. I only need them when I'm looking at things up close. And man, I tell you what, like trying to look at even my phone, like this is me on my phone without my glasses. If you see me doing this where my phone's way out in front of me, that's how I read it. If I don't have my glasses on, my glasses on, it's fine. Upgrading 10G networking was thinking Fiverr but going with Cat6, are there 10G switches with RJ45 portrait or do I have to get media converters? So the challenge is, and it's not to say Fiverr, I have a video call, put some DAC in your rack. Easy video to remember, put some DAC in your rack. The advantage of DAC versus Fiverr even is lower power usage. When you start using all those converters, they get hot. So that's also because you're converting back and forth, there's a wattage cost and why DAC and Fiverr both are very popular. So take a look at your use case and make sure the switch you're using will allow for you to use a certain number of them. The switch even may have like 20 SFP ports on there. Will it, how many SFPs before it's a problem? You know, even the MicroTik small 10G switch, which I think is a pretty cool switch, the challenge is if you put four SFP converters in there, is it'll get hot and it has to be able to dissipate that extra wattage it uses. I just saw a specific browser to even access remote management, my old server and even then Java KVM doesn't work. Yeah, there's some challenges with it. I hate all the old Java stuff. I'm so glad it's going away. What are some good projects using Proxmox and SureNAS in a home lab server? Sorry, kind of new. You know, we talked about this earlier, but media is usually what the first thing that people wanna start doing is have control over their media, learning how to set that up, shares, you know, whether it's Plex is probably the most popular. From there, you're gonna have MB and Jellyfin and there's a few others out there. Also, NextCloud for documents, managing, you know, managing your own media and specifically when I see media, like documents, not just videos, the NextCloud is pretty awesome for that. So yeah, those are all good starting points to kinda, you'll find a lot of documentation out there to get you started, which is also very helpful. The main fees in my PSN strata, the ring port is one gig. I wanna use that port to connect to the one gig uplink to other FlexXGs, hoping to plug my 10 gig devices to remaining 10G ports. Yeah, that's fine. That'll work perfectly fine. Hello from Cincinnati. Awesome. Hard to get good Chilean Cincinnati. Is that, I don't know, I've tried Skyline Chile. It's okay. I didn't dislike it, but I didn't, I wasn't as excited as I thought I'd be on it. Didn't do a video a few years ago showing that copper is faster than fiber due to all the conversion between the two? Yes, I did. That's a controversial video. I think at the measure of the speed difference in nanoseconds, but, you know, if we're being pedantic here, it's faster. I use Unrayed for all my immediate home and my Docker containers. Yeah, Unrayed's, I think a good home server project as well. I don't use Unrayed myself, but it's not bad. The power of music, WKRP in Cincinnati and the infamous Turkey Drop. So if you know what the WKRP Turkey Drop incident was, you're probably as old as me. What is the best software for a DIY NAS like a Raspberry Pi for sharing a home lab? I think once you get into the ARM side of things, I don't, the options become very limited. I think Open Media Vault, don't quote me on this for sure, Google this. Open Media Vault, I believe is the only NAS that I'm aware of that runs on some of the ARM stuff like a Raspberry Pi. I need tutorial videos to recommend. There's a lot of them. If you just start dropping in there and looking for like how to set the MIDI servers. I don't do a lot with media servers myself, so I don't have any videos on that topic, but definitely, you know, between my videos, Jeff from Craft Computing, he's got a lot of videos on home lab gaming stuff. Jeff's videos are great. Jeff Gehrling covers a lot, a big variety of things, definitely good. Hardware Haven, check them out too, also Friends of Mine. They got good videos on lots of different home lab projects to get you started. You know, that's probably a good video I should make is how to get started on a home lab. Who do you recommend? I have a good friends that I trust and I will tell you, their videos are solid and I recommend them. So that's, you got a video topic idea that I wanna do. Why would you recommend customers buying up gate hardware directly rather than being an official reseller? I'm just, I'm not an official reseller and I don't see the benefit of being one. For me, the margins are too small so it isn't really worth my time. Is it possible to monitor from SolarWinds, Dell, DataIQ and IQs and Censors VMs or RVMs and Doctrine? I don't know. I don't use SolarWinds management tools so I don't know how they break out and monitor some of the Dell stuff. Then a turkey drop was hilarious. Oh, cool. Another of my YouTube friends messaged me. Just wanna say thank you, free exercise, free for everyone. Awesome. Yeah, like I said, this is a lot of fun. When using XOA, which storage share do you prefer to create VMs on? I don't really understand the question because I mean, it's probably just gonna be, like for example, I'm gonna pull one up real quick. I mean, I'm creating a VMs on the local storage because I don't have shared storage on this one. Oops, I spilled stuff. If I go over here, I'll share this tab now, this does have a bunch of shared storage. So it really depends on, you know, I create them wherever it's advantageous to create them. I don't know how to describe it because you wanna put them wherever the shared storage is. Well, usually shared, but maybe you have fast local storage. So you put them on that or you're talking to them specifically XOA, I put that on local storage. That way, if I have to troubleshoot my remote storage, I have a way to troubleshoot it. Hi, Tom, love your videos? Awesome, thank you for stopping by. Christian Lempa, there's another friend of mine, friend of the channel, I call him. There's a lot of different people I know from YouTube but definitely Christian Lempa's got great videos on getting started with Docker and lots of other things too but his latest Docker videos I believe are pretty good. He covers a lot of good projects, he's super smart. Ever set up SNP monitoring in Xabix? I do not, it was on my to-do list and never got around to doing it. I don't use the hotspot so is there a way to capture emails to unify hotspot to guest networks please? No, I'm not something I set up and that's something I even recommend. You know, I had a customer, I'll tell a story about this. We told this person wanted to try to capture emails and I said, you're wasting your time trying to capture emails with your wifi hotspot. It's not that effective. If you're doing it for marketing purposes, you're actually gonna be better off doing something like doing Facebook to try to capture the leads and doing retargeted advertising. We kind of got into that topic but people would try to do it in a hotspot. Every time I've seen someone do it when they make someone require an email to register for a hotspot, their usage of the hotspot goes to almost zero and they get a bunch of unusual emails that are always some weird Yahoo address and it just fills up with spam. Like no one wants to give their email address out and the people who do, they give you their junk email account. I've never found to be effective marketing for hotspots plus everyone's got, you know, entered on their phone. So they're like, oh, I have to register my email. No, my 5G is fine. Mark here from Australia. I just want to say a huge thank you for all your videos especially PF sent setups. I've gone from hardware router, PF sends. Your videos taught me a lot. That is awesome. I'm glad you got it all running. Have fun in the land down under planning to get a Necky $4,100 for $600 or similar hardware that's cheaper for PF sent. Yeah. So here's the thing. Could you find one of these protect teleboxes for cheaper? Yes. Does that help support the PF sense project? Not really. But if you go with PF sense plus, yes, it does again because PF sense plus they have a price tag on it of 129 a year. So yeah, if you want to go like a protect telebox those are out there or you can just buy the neck gate box and you have to think about total costs of ownership. So you pay whatever you pay for a neck gate device but the license is for the life of the device, not annual. There's no license fee if you buy a neck gate box. If you want to use PF sense plus on a protect telebox you pay the fee every year. Is there a performance between NFS or ice fuzzy? It depends on the back end. So Synology does a little bit better. If you have a Synology box ice fuzzy is slightly faster. The last time I tested it, not much, just a little bit a little bit faster with ice fuzzy over NFS with TrueNAS they're really neck and neck. There's a couple of workloads that you have some variations on but TrueNAS is really fast with both. NFS is portable performance spends on storage. Yeah. I like NFS a lot better. I personally use NFS. Yeah, don't spill your drink on your keyboard too late too late, my friend. I noticed there's more such bold the HomeLab community in regards to running PF sense on Proxmox is that horrible even for small home setup. The, I don't have any problem with that. I think PF sense on Proxmox works fine but now you've added two issues. You've got a hypervisor with virtualization and PF sense. Depending on your skill level I don't recommend this as the first thing you learn unless you want to have a trial by fire to learn something more complicated. At my house, I made my internet with maker ticket and a couple of ubiquity point to an access self-hosted controller with HA proxy and PF sense, awesome. Yep, 4100 comes with a PF sense plus for the life of the vice. What am I drinking tonight? Gin. I'm also spilling it tonight. I use a wake on land for my server machines. I made wake on land for the BIOS enabled and correct C states. This doesn't work well. Can I check? I don't know. I've not had it not work but most of my machines are, well, no, I can't think of. No, I only have, actually now I think about it, the Windows machines work fine. So I haven't had any problems with wake on land. So I'm not sure. I'm not the best at troubleshooting it because anytime I've set it up, I actually have the, and we'll pull this up real quick, this little button here for the studio computer where it says studio computer right here. That's a wake on land. That just wakes up a Windows box. That's one of the example ones I have but it works fine. So I'm not good at troubleshooting because I've never had it not work. Using TrueNAS Samba shares to Windows workstations, look and upgrade the networking for ones or a better solution for speed to share the drive, iSCSI. Samba and iSCSI are completely different things. So I'm not exactly sure what you're trying to do. They're very different in how they work. What would be a good idea? A lot of users update LDAP or radius, password or custom portal. Ooh, I don't like when users update their password like that. Usually I do it through Active Directory. So, I mean, users are not gonna have, unless you put a nice web interface on LDAP or radius, it's not gonna be easy. Virtualizing a router sucks when you break things and have no internet to research the things that you broke. Yes, you're not wrong about that at all. That is a true statement. So isn't the concept of studying or troubleshooting a task within itself what speeds up the learning process? It depends. It depends on your determination. For some people, it speeds up the aggravation process. That's why we say it's up to you, but if you wanna virtualize something, as your first project, it will be a more demanding project than other first projects. Some people struggle with getting a firewall setup. If you slap virtualization in the mix, now you've created more potential problems. I'm like that. I like those things. I like complicated things. I can't always speak for everybody else. Some people, I never want people to get discouraged is my goal. I like them to have some sense of accomplishment. So it's hard because I've got people in here that I know work for large enterprise organizations and I got people in here to go in, where's my first project? So I can't just assume the audience because they seem to attract the audience of all over, which is awesome. I love talking to all of you, but it's always trying to narrow that down. What's the right answer for the person asking? So you have it all working and that's what matters. PF Sense Carp Video. I have HA videos on it. Is there anything wrong with the HA videos that I have? I'm assuming you mean Carp with the failover. Which service would you describe to you regularly back up your astrology and ASV, a hyper backup for personal use? If you don't have an offsite system to do, like personally, like for me, I have now three buildings. So I have three locations I can back up to. C2 is my go-to answer for the other ones. So I think C2 is really solid and yes. Definitely the C2 backups analogy, their pricing is good. They do encryption before send. So you don't have to worry about the cloud and the security of it. Jay's book on Linux is pretty good. One of the best resource books you recommend for Linux to get started with Linux. Jay is a really, he's a good writer. There's a reason his book is pretty popular. Jay from Learn Linux TV. So if you go to Learn Linux TV, one, tons of tutorials on his YouTube channel. Two, Jay has numerous revisions of the books. Also really good books just in general on tech for specific things like mastery of SSH, mastery of SNMP. Michael Lucas has some really good books too. That's Michael Lucas and SSH mastery. Always recommend that one to a lot of people. I don't want my firewall router to go down every time I screw something up on server. You know, and this is a challenge when people put their firewalls inside their virtualization stack is they sometimes will delay patching their virtualization system because they don't want to disrupt their firewall. So you don't want to be in that situation either. I don't know that I'd recommend people starting out with chat GPT. It's kind of just good sometimes to read a book on it. You know, one of my challenges is I don't read a lot of beginner books because my beginning to Linux started all the way in 1996 or 97. So like I was there in the beginning. So I don't read as many beginner books but there's probably some good ones out there. I always, I know Jay is a good writer so he's got some good stuff. Yeah, chat GPT is great. Quick thought about thin client VMs for VMs on Proxmox. I don't understand what the question is. Thin client virtual machines for Proxmox. You want to run Windows on there? I'm not understanding what you're asking. But let's see, I have a question for Tom is there a way PFCS they have two WAN connections for low balancing, complete fail without losing connectivity for VoIP. No, there is not an SD WAN solution to solve the VoIP problem. I have a video on that topic already but too long didn't watch, no. SD WAN is what solves that where you bond connections together but then you're bonding them together up to let's say a data center. This will allow your stream, your VoIP stream to not have to swap IPs if there's a failover between ISPs. So your states will drop if the ISP switches and you will have to reconnect your voice. This is just a problem. Thin clients to Windows VMs. I got no thought on that because I don't use that. Just picked up a meeker tick, 10, 8, 2, 9, continue. Have you had the opportunity to look at it? So any thoughts? Is that the one that Jeff from Crash Computing reviewed? I watched his review of it. I don't have one. I think it seems like a good price switch. Last company I worked for ditched Thin clients for standalone PC, hardware cheaper than maintaining VMs. Yes, Thin clients is a band-aid on a problem but it's an expensive solution and hardware is so cheap now. I don't see it long-term. It's kind of like we need this solution for now because it solves this problem, but it's not. Yeah, let's see. I'm gonna wind this down here because I'm going to go chill out and watch some TV or more so, I'll probably swatch YouTube. Got a good experience with NetGate support. They are really helping and consider it. Yeah, the support team at NetGate's really good. We've rarely needed them for anything but the general feedback has always been very positive for people. I mean, we've had the RMA things. We've had a device go bad and they were easy to deal with there. We don't really need much support for the software though. What would you recommend for hardware for SD-WAN? SD-WAN is a software solution, not a hardware solution. I mean, all the major companies have SD-WAN solutions. I haven't really sat down and evaluated them. I'm not a huge fan of them usually because they're expensive and I mean, they're nice to do seamless failover, but failover is not, it's like all those things, like should I go spend $300, $400 extra a month on a service so I have seamless failover that doesn't happen very often? It's not something that comes up a lot. Equalizer three, you know, Denzel Washington, I'm assuming that's a Denzel Washington one, I like him. He's got, those are fun. He's got to pay the licensing test, yeah. I have a video about how SD-WAN works because people are often confused about how it works and how it routes traffic, but it's all those things like it, because it has to bond these things together and go up to a data center, it's gonna have a recurring cost and it may have its own issues because if there's a problem at that data center, well, so there's a problem with your SD-WAN connection where it pops out, but yeah, thanks everyone for joining in. This was great, I went to, I went just about two hours here, so this is a great hanging out with all of you Sunday. If you notice I was yawning a little in the beginning, I'm probably gonna yawn a little more and I think technically, because of the stupid, whatever daylight saving time is, isn't it actually 1030? Means it's past my bedtime or something, I don't know. I get more frazzled as the day goes on since I wake up so early. I don't wanna get incoherent and babbling and yawning a lot, so I will leave this here, hit me up in my forums, great place to get a hold of me. I try to go there every day. I will see about doing, so I'm gonna be at IT Nation, which is an event next week, so if you are going to be at the IT Nation event, hey, say hi to me there, and yeah, I'll figure out all the other fun stuff. Um, but you avoid using a UDMP, that's not SD-WAN at all, so that's even more confusing. May all your uptimes be measured in years. Yes, thank you very much. All right, take care everyone. Thank you for hanging out with me this Sunday evening.