#networking

Howdy I've had the issue of my steam not using much of my internet so the downloads dont take 3 hours it usually sits around 60-80 Mbps when I should be gettinng 200-300+ Mbps

Try changing steam download region

https://youtu.be/UyczOQTx5Gg?si=xDap3TIbOr3kzAks

I have a ubiquity network at home with a couple of wired APs. I'm looking to possibly add a couple of mesh APs in a couple areas to fill in a couple of shadows, and possibly extend wireless out to a detached garage. (probably 20ft from the house but both APs are on the opposite side from the garage).

my two current APs are a U6-lite and a U6+.

should I just look at getting a U6 extender and plug it in on the wall closest to the garage and see if that helps to extend the signal out that side of the house?

Unifi thinks my Windows 11 PC is a Lenovo ThinkSystem SE350 Edge Server, every other device connected to my network is what it should be. Did I get hacked or something?

what does it base the detection on ?

Any recommendations for an affordable 10Gb/s switch? I'm gonna bite the bullet at grab Beanfield's 8gb/s syncronous Black Friday deal. $60/month is pretty reasonable.

i mean it could be deciding based on MAC address, but that would only tell it it's Lenovo (based on first 3 parts of the MAC address). Don't think there is a way to directly detect a system more detailed than that

what do you mean by detection?

where does it say that for you ?

Report as incorrect, move on with life

This is the first time it showed up as something else

UBNT is just guessing based on MAC address and user feedback

that looks like device fingerprinting, which is based on MAC address, so your system is probably Lenovo, or your random MAC address fell into the Lenovo reserved area

My device is definitely not Lenovo

you can even edit that if you wish it seems

Windows shouldn't be using those for MAC randomisation

well show us first three numbers of the network card MAC address. FOr example mine starts with E8:9C:25, which is ASUS

x2-xx-xx-xx-xx-xx
x6-xx-xx-xx-xx-xx
xA-xx-xx-xx-xx-xx
xE-xx-xx-xx-xx-xx```
Are the only addresses that should be used for MAC randomization

I don't have a network card it's plugged into the MOBO

which is a network card

Otherwise devices would conflict

Realtek Gaming 2.5GbE Family Controller

but again, if the mac address of that device matches the mac address of your device, it is just wrong fingerprinting on Unify side

04-7

Hello Mr. Paranoid :p

you dont have to block your dns suffix or internal ip

Yeah lol

i do have to, it is my own TLD with personally identifiable information 🙂

it is not home.local or stuff like that 🙂

to be able to do anything, first 3 segments are needed, like in my picture. in your case 04-7x-xx

The mac address of the Realtek controller is the same as my "PC" in unifi

Report as incorrect, move on with life :)

how do i do that?

Do I submit a ticket on their website or is there a way to report it in Unifi?

So, if I need a usb to RJ45 console cable by tomorrow, and no one in my town sells them, how might I go about getting one. Or am I fucked.

I believe there’s a button when you click the device

Or just rename it

What kind? There are different kinds

Working with n2048p

I know there are some UPSs for example that use a completely different pinout to a Cisco rollover cable

And do you have a serial port?

Or just USB?

Just usb but technically I could do usb to serial then serial to rj45

That makes it easier

Yeah but not really when I still can’t find a serial to rj45 :p

DIY

If you don't have a DB9 connector just jam the cables in

I have also realized the “near me” feature on Google no longer works for this because every store just lists it for delivery “near me”

So, let me make sure I’ve got this right. USB to female db9, then grab an Ethernet cable, crimp one end, and just stick the other end in the open holes?

Yes, with the correct pinout ofc

RTS 1 -> 8 CTS

DTR 2 -> 6 DSR

TXD 3 -> 2 RXD

GND 4 -> 5 GND

GND 5 -> 5 GND

RXD 6 -> 3 TXD

DSR 7 -> 4 DTR

CTS 8 -> 7 RTS```

Kek. Honestly, it’s the only idea I realistically have left

NO WAIT my boss has female db9 to rj45

I just need a male db9

lol

I thought it was a female db9 to usb, I remembered wrong

That's a part you can't really diy

hi guys today i was trying to portforward, and when i've been having some issues. when i check the port checker, it says port 80 is open, but when i do it for port 443, it says its not, and im pretty sure i did the exact same thing. it also doesnt work with 25565.

do you have a server behind it. If you just "open" it on the router it won't do anything

i dont think so, but whatever i did for 80 doesnt work for any other port

hey also i was just going through my wifi settings and saw this, do you think that this is the issue

Are you using ipv6 address to test?

no i think ipv4, the reserved one

Apparently it’s a part you can’t fuckin buy anywhere either

But I’ve got a usb to db9 and a db9 to rj45, so we gonna see

Out of curiosity, does the device you are working with have an IPMI Card or BMC

or if you have another PC/server with DB9 you could just use that

Nope. This was my only option :p

Also I can hit the network interface but someone set a password and we don’t have it. And I don’t want to reset the switch due to possible vlan configurations

Hi everyone

Love to see my pihole in action, blocking ads

I'm new to doing networking but we got a new modem and has only 1 port for ethernet. I connected it my mesh network hub then to a switch but I'm loosing a lot of the speed from the hub. I tried to connect the switch first then hub but had IP address issues as devices slowly started to not work.

What would be the ideal setup or best way to fix this? New switch or mesh routers?

Modem will hand out the public IP address to the first thing to ask, so if you go Modem > Switch > devices + router then you'll have tons of issues
Modem > Router/Mesh system > Switch off the main node is the ideal setup
If you're hanging the switch off a mesh node that's not the main node then that would explain a good part of the bandwidth loss depending on the environment

The switch is off the main mesh node however am loosing a lot bandwidth. Probably due for an upgrade on the mesh network as its been more then a few years. Thanks for the clarification. Any recs on mesh network hubs?

What model mesh?

and switch too, just making sure something isn't stuck with a 10/100 megabit port

Unless the mesh hub has serious issues wired speed shouldn't really tank unless something is limited with only 100 megabit ports or a cable is damaged

Deco X60

I never thought about the cables, always just have used them as they were never the bottleneck...

Switch is a netgear 16 gigabit switch

Hmmm, interesting, if you bypass the switch with a computer are there any issues still?

Not really up to speed on the mesh stuff these days but off and on I'll see TP-Link mesh stuff with generally good mentions

Issue exists intermittently on the wireless devices as they just buffer

If I go router to computer same speed basically

Have you rebooted the modem since swapping router to switch and back to router afterwards?

Yes few times

ok, hmmm, you could try picking something up on amazon just to see and return it if you want to go that route, lol

At least it would give you a new data point with something else

Not a bad idea lol might be doing that

i want to get a 10Base-T1L network trunk up

seems fun

When the storm makes the Internet go out

Not great

Better by the window

Why is it so hard for me to Masquerade the 1:1 NAT AWS does on their EC2 Instances so I dont have to deal with Public/Private Advertising configs

"To masquerade the 1:1 NAT"?

Are you perhaps missing that AWS blocks output of routed packets by default?

Not sure what else you'd mean

i had my fun, now i gotta glean this shit up (third screenshot)

Would it be possible for network settings on an Xbox to cause the reset of the network/router to have problems when that Xbox with whatever network settings is connected?

Long story short there’s an Xbox in my house which was connected differently then everything else. We had ran some Ethernet cables to try and get it connected to the same network as the rest of the house but everything was until the couple times we did plug it in. I’m not 100% it’s the issue but everything had been issue free for a while so its weird to randomly see issues now and that’s the only thing that’s different or new so I was just curious if custom network settings on the device could cause problems with the rest of the network. I didn’t think it made sense but wasn’t sure if maybe somehow the custom settings are spamming or DDoSing our own network some how

i can use pfsense as gateway even i have no lan connected to it right? So my setup is a pfsense running through the vm then a direct attach virtual connection .

Actually what exactly is a "gateway" if you have no LAN?

Gateway to nowhere :P

Tell us a bit more about your goals - what's the PFsense router's purpose? Want another subnet for VMs for a homelab for example?

I rewrote my response like 3 times then realised your ask is too ambiguous to really answer your question properly

So like if you have pfsense you have a wan port which connects to your router right ? then you have seperate either nic to be able to connect to a switch or device directly . BUT lets say i want to use the pfsense to test captive portal without the seperate nic (i am running pfsense in laptop via vm) i would only use the ip address i used to access pfsense in browser as gateway ?

You need to control the user's DNS and DHCP to implement captive portal

Probably easier to just set up a dedicated VM for that testing if you don't want to mess with your laptop's settings though

ohhh you mean seperate device? my laptop is the server lol

it is broken laptop reporpuse

Probably not the hypervisor but you could if you really wanted to

well i am surprise with this laptop tbh lmao .

Yeah no graphical VMs are going to fit on the free memory of that unless you're cool testing with dillo and icewm on Linux :P

I love the picture Acer used

"Get support on the ewaste netbook somewhere in this pile maybe"

yea and repurpose it lmao. Its monitor is broken so i just remove it and install ubuntu server

works great been planning on putting 8gb ram on it .

I used an old aspire one zg5 as a Linux server for a few years

It was very low performance but who cares, it only served files and stuff for a house

Faster and more memory than a Pi at the time and free to me

but anyways made the pfsense work do i need the other nic to use it or i can use the ipaddress of pfsense to as gateway to my pc ? I think it would simutlate me connecting into one of the lan ports if i have dongle

yea . this is also passive cooling so turn off pc and it is quite asf

The problem you're going to run into is that you don't have a second network at l2, so you could use a usb NIC or you could use a VLAN (If you had enough RAM to run W10 or something in a VM I'd say test with that... but you do not

welp guess have to buy usb nic

lmao

For VLANs you'd need a switch or router capable of handling that and your stuff doesn't look like it is

decapitated laptop lol

They work better with the screen on, free KVM

ohhh the ONT has vlan as far as i know

Ah, but probably not VLANs for you

welp it is not for me lmao

i guess would buy usb nic with a router . I plan to hand out voucher of sort for people to connect to wifi lmao . like 1 month pass they buy to me

If this is a moneymaking enterprise there are consultants for this sort of thing

no . not really

just to help me pay the internet bills lmao . split the bill of sort

Yeah i give up

It went up to 150 megabits for like 3 sexonds and now it's back to 50

I can't tell if something is wrong on my end or my specific steam cache is literally being beaten to death by the number of contemporary downloads for this game

Nvm changed download cache location and i'm getting my full 300 megabits

That poor server must have been getting absolutely tortured

lol auto select is worst

it is like selft driving car dumping you to a river

if i use the pfsense to do fall back like 2 ISP i would want the main internet line to be in Ethernet port of the laptop right ?

then the 2nd one is in usb 3.0 to ethernet

then my lan which i will connect my 8 Ports will be in the usb 2.0 to ethernet adapter

I got one of these https://www.aliexpress.com/item/1005006473745641.html and a pair of these https://www.aliexpress.com/item/1005005199153737.html (550m MM) they work well of I plug them both into my ruckus switch to two vlans but I don't get any actively with this switch. Any ideas, is the switch just DOA?

Out of curiosity who is your carrier?

how are you powering that switch

oh its got DC on the back, its not the DIN verison

For wanting to boost a routers capability in communicating with nearby cellular towers, is the best method a specific type of Antenna or Satelite Dish? Or maybe other ways? Currently running Xfinity Gigabit Extra 1200 Mbps (No fiber in the area). Private router instead of an Xfinity router? What would you recommend?

You made sure the two Ruckus switchports are untagged?

Wait im not understanding

Are you asking about how to boost cell connectivity for your Internet?

Which is Xfinity?

Or was that a different line of questioning

You need to use a proper listed cell booster if you are going to use one

Yeah I think they need to clarify a little

Non listed ones are illegal

(technically)

I want my router to communicate with the cell tower faster for less ping.

you have xfinity gigabit though

Yes

its not using cellular

its using DOCSIS 3.1

The router does not communicate with the cell tower?

No

You are not getting gigabit network service over cellular like that

Does the router communicate straight to my ISP then?

over DOCSIS (Coaxial) yes

What cords are plugged into your router

Let me go check

You're horrible at L1 support :p

I dont need to confirm this

lol

You do. You have to show them what's going on

A round cord which I believe is the Coaxial, along with power cord, and 2 ethernet cables.

The coaxial cable is how you get your internet

I did that for years on this server.

Oh

I know

yalls turn

Thank you for the clarification

if you having odd connectivity issues, it may because of the connection outside (usually in like a pedestal or if you are in something like a trailer park or whatever, directly to the pole) are degrading/exposed to the elements/other kinds of damage.

Coaxial is very fucking picky

In fact, if someone upstream of you happens to have their modem not plugged in correctly, it can cause noise downstream to you

No connectivity issues or anything, I just wanted lower ping in games haha

its as good as its going to get

Bummer

I guess I will just have to pray fiber gets installed in my area

whats the ping

Like on internet speed test?

and in game

Valorant I get around 30-40, same with Rust

That's fine

Google is showing 9 ms to Miami

Blame your skills, not the latency :p

?

I want to make sure everything I have is the best it can be for when I build my new pc

It'll be fine, and you can't help it anyway

Yes, I know that know. Thank you Rouing.

https://youtu.be/06qrssJ2RQs?si=JFRuhZYQP7OP_0sp

This dude making his own router

Oh, good point. I'm not really too sure, sine I'm very new to switch management.

It is a ruckus ICX7510-C12P.

show running-config vlan 10
produces:

 untagged ethe 1/1/1 ethe 1/2/1 ethe 1/3/1
!
!```

1/1/1 is lan computer, 1/3/1 is the sfp port. Does this mean it is setup correctly?

it is from philippines . GLOBE Telco lmao

why?

There also aren't any activity lights next to the sfp port... Shouldn't there be some lights even lights with a transiver but no fiber?

usually not until link is up

Ok, do you know if this config is correct? #networking message shouldn't it just be plug and play like ethernet?

Not always, you might need to configure the port itself and bring it up
Not sure the exact syntax for ruckus though but I know Cisco is no shutdown

Seems to be (or at least was)
interface ethernet x
enable

I looped the fiber back to the ruckus to the second sfp on a second vlan and that works, that means the ports are up right?

yup

Same SFP used?

Yep

Or I should say did you pull the SFP from the mini switch and use it in the ruckus and it came up

Yes

weird, hmmm

what model is the mini switch?

The SFP used is a gigabit SFP right? Not a 10g one

Yes.

Not much info or model name #networking message

The pcb says su1006gpbt

And it is based on a rtl8367s

Ah, did you use the same cable by chance or a different one when doing loopback?

Same, just unpluged the sfp an plugged it in the other switch

weird, because those SFPs you got are single mode (1310nm is single mode, 850 is multi mode) and the cable is multi mode

There are two options on that page?

I picked 550m mm

Ah, interesting, yah they show pictures of both but the 550m one claims mm but there are pictures that say 1310nm that show up first. Might just be an aliexpress thing

ok, I refreshed the page and it defaults to the right picture now, lol
so that's not it either =/

Wait, I see the 6 lit up on the switch, so that tells me it might be up?

They are these

yah, you're good then, just bad page loading on my side

?

on your picture above PWR there is a second light with 6 above it

That tells me 6 is up, in theory

and 6 is the SFP port

BT might be for poe

🤔 Ill test

Yah, the docs and layout aren't great but I think AT and BT, where your purple arrow points, is for something else and the two green lights PWR and 6 are for the switch powered up and the status of the SFP port respectively

Ok. I'm not at it atm. I'll @ you when I am and ill test what lights are on with the sfp disconnected 👍

cool!

has anyone used haplite router?

mikrotik ?

thus they support api that i can use to alter stuff in router ?

@clear igloo 😆🤦‍♂️ thanks for your help, the 6 light does come on when the there is a fiber link... It turns out we were on a wild goose chase. Since leaving it all off for the night it now works. Maybe something needed restarting or there was a bad connection. But ultimately it now works 🎉

anyone here have experience with truenas and usage of dockers? I'm a bit of a noob here and trying to add a jdownloader docker but failing miserably

Thank you @clear igloo , very cool.

ruckus icx switches usually require licensing for 10gbit support on sfp ports

but since it seems like you're doing just 1gb sfp it SHOULD be fine

https://cdn.discordapp.com/attachments/1294041719473573969/1309184252281094235/image.png

One last look at my stupid NAS setup before I install the proper drives

when you are too excited cause you have router os and probly you can use pcie wifi to do wifi ap then you cant use pcie device cause you are on vm

hello guys who had tried setting up routerOS? how do i get pass with this setup ? like local network part

Well what subnet is your LAN?

Because your WAN isn't 192.168.1.1 I would hope

unless you're hanging it off an existing LAN then you'll need a different subnet for behind the routerOS box like 192.168.10.x/24 or something

you mean my actual isp router with this right ?

so my setup is i have ISP ONT router hooled to 8 ports whichmy laptop server is hooked then i run the Router os via VM which has direct attach network

our household pays for 125 download and 25 upload, anyone know why the speed is so low, also this only started happening 4 ish days ago

in wifi?

ethernet

call your isp

is there ISP advisory ?

like broken fibr line or something

we called them yesterday

they said there are no faults anywhere

that's why im so confused

So then you'll need to use another private network for routerOS for the LAN side then for the VM

Since the ISP router already has a public IP and is giving out private addresses

My house has cat 5e cables, and I have a 24 port gigabit network switch connected to my router.
I noticed that my network switch reports a gigabit connection to my pc when my pc is on, and a 100megabit connection when my pc is turned off. Why does this happen?
Its not an issue since it only occurs when my pc is off, mostly curious as to why it happens

I'm not an expert on this stuff, it's probobly related to autonegotiation and it defaults to 100mpbs

1000BASE-T requires autonegotiation

Probably for power savings, allows Wake-On-Lan and similar without the effort of maintaining the unnecessary higher speed

You don't use Quick Set - it's designed for the most common use case for a given product

Quick Set's neat for people wanting to set up a basic router in a common configuration

I believe there's usually a dropdown somewhere on screen that will let you pick from a few use cases based on the features of the device you're using

Router vs. AP for example

It also won't show the local network config if you set it to a bridge

Just got destroyed by CCNA
Am i the only one

If someone is going to try to buy gas, but i don't want them to. And i tell the register that someone wants to try to put a penny on the pump, but just leave the transaction pending, does that count as a DOS attack?

added to the pool of so many lol

I see\

I think the new Win Box is noice looking but also it is kind of confusing lmao

I'm paying about like $60 for fiber optics. Going at about a gigabit a second so like 20 gigabyte games or download in 20 seconds with moca and a lan switch from TP Link

no

gigabit is not a gigabyte

welp gonna get second ISP soon enough

Hey!
I have a assa abloy 10psc l anyone know what it might be worth found it at work unused

https://www.assaabloy.com/se/sv/solutions/products/arx-sakerhetssystem/arx/batteribackup/batteribackup-certifierade-och-kommunicerande/assa-abloy-10psc-l

id slap that contractor

Would it possible to connect this like a Nas then I can access movies and photos throughout my network

Fired

Attach to a raspberry pi and install samba

You can use anything else as well

Why

thats drywall

so they cut a hole then just slapped a plate over it... not even centered

What do you mean that's drywall

Yeah

I see that

That's crazy

You put one of these first.

I thought all frontier contractors did it like that

We just had a frontier dude come do it

Then after that, use that same plate with this guy.

They prob do, because they are lazy fucks.

I don't really care about it so going to a different country anyway that doesn't support frontier so

You get something like this

Yeah I see how that's smarter

Speaking of the internet do you want to see what it goes at

oh god

What do you mean? Oh God!

is it terrible or something

No no. It's really good actually

Let me turn on my PC that's connected to lan and get it better. I'm on a mobile right now

did you get gigabit

Yes

I love it!

well at least theres that

Yeah it's still pretty good. In fact there are box actually broke one time and her internet was down for a little but that wasn't the fiber optic so it was a mechanism in the box

What I saying in fact I was just putting a detail

was it this thing that broke

No it was the box itself like something in there broke. We got it replaced with a black version but it used to be white

Yeah like that

the FOG421

I got too expensive so we slowed it down to 500 MB a second but it's still the best internet because I went to a relative's house and it was very slow from Verizon

This is connected through lan

I actually have a question for you

hmm

What's this cable for? It never got plugged into anything

If you have another router and it uses the same voltage and that fits, you could have the battery backup work for it too

Oh that's cool

I have a switch so my original thought is we got a power supply that had the thing for a switch but it wasn't the right jack so we never plugged it in or it was in a different spot and it didn't reach

Its funny I cant find the non-rebranded model of that ONT

It just kinda does a lot

Nokia often makes custom skus for different carriers

It was Intertek

Nokia I can find.

intertek I cant

Never mind, looked like an ALE ONT

It kinda does

Yeah I just assumed

gonna upgrade the ole network with rackmount shit

so how do yall feel about used cisco gear?

Not unless it is broken used gears i think is cool

though if it is put in shitty place like used it in a room without a proper vent probly not good

i heard pretty bad things about cisco IOS, how its a pain to manage

ohhh cisco ? no idea lmao

It's all CLI based

I'm biased so I won't comment but I've been working with Cisco gear for years so am very familiar with it

ugh, sounds like a pain

I mean most enterprise gear is CLI based

but there is definitely a learning curve

this is just gonna be a homelab

Well then I would learn and have fun

Cisco 👍

probly will start my stuff on mikrotik haplite haha

Used stuff is fine, but in most cases it is used because it doesn't support the latest whatever or something isn't working correctly. I would only get Cisco if you want it to lean Cisco, or if you have no need for higher performance, but I would not buy it thinking Cisco is reliable because used is not always reliable. Also, hone network or work network?

What I would look for in a homelab would be a decent 10gig switch, a router you can play with with some vlans, and a decent 2.5gig switch. Many smaller 8 port switches can still be rack mounted. This setup will let you play with LAGG setup and vlans for fun. I have a 48 port gig switch on my home rack only because it was free.

Also worth considering is energy prices in the area too. Used stuff, especially data center stuff, isn't as concerned about power usage

They are concerned, but practical about it, a switch that consumes 500watts because it has sever gbps backplane is not outrageous.

@everyone

So im trying to create an AP on my raspberry pi 4 so that all my devices can make use of the eth port i have in my room. Now i dont know what im doing wrong but the access point can be seen by other devices, i just cant connect. Im helpless at this point. Heres what i did:
sudo systemctl stop dnsmasq
sudo systemctl disable dnsmasq

### I then added dns=dnsmasq in the NetworkManager.conf

nmcli connection add type wifi ifname wlan1 con-name accesspoint autoconnect yes ssid "eth2wlannetwork"
nmcli connection modify accesspoint 802-11-wireless.mode ap
nmcli connection modify accesspoint 802-11-wireless-security.key-mgmt wpa-psk
nmcli connection modify accesspoint 802-11-wireless-security.psk "whatever"
nmcli connection modify accesspoint 802-11-wireless-security.proto rsn
nmcli connection modify accesspoint 802-11-wireless.band bg
nmcli connection modify accesspoint 802-11-wireless.mode ap
nmcli connection modify accesspoint 802-11-wireless.channel 6
nmcli connection modify accesspoint ipv4.method shared
nmcli connection up accesspoint

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan1 -o eth0 -j ACCEPT
sudo iptables -A INPUT -i wlan1 -j ACCEPT
sudo iptables -A FORWARD -i wlan1 -j ACCEPT
sudo netfilter-persistent save

sudo systemctl restart NetworkManager

Also: im on raspbian os bookworm headless

What documentation are you following?

are you running a fortimanager vm?

no documentation. just a bunch of forum posts and this https://raspberrytips.com/access-point-setup-raspberry-pi/, but this leaves a lot unsaid

https://www.raspberrypi.com/documentation/computers/configuration.html#use-your-raspberry-pi-as-a-network-bridge

oh, thanks, this might be better hehe

Lol

this worked without me having to create a bridge somehow sudo nmcli device wifi hotspot ssid <example-network-name> password <example-password>, the only problem is after i reboot the connection is gone

as with most linux network settings there might be need to save config somehow

Create a .service file and enable it

Probably not the way you're meant to do it though

i assumed so im just double checking, cuz creating it this way at least made sure it got reconnected after reboot

im pretty sure sudo nmcli connection modify Hotspot connection.autoconnect yes just to be sure im testing but yeah

yep. that did it

thanks for the link @topaz patrol

No worries.

No

does anyone know why NetworkManager is still spawning a dnsmasq process and binding it to port 53 even when added dns=none to the nm conf file

yessssssssss

now what to do with this internet speed haha

should i change my ISP router account or should i leave it there

Hey guys, does anyone of whether the following is possible:
Have a full WG tunnel from SiteA to SiteB
Assign an additional virtual IP to SiteB
Route it in such a way in OPNSense over the WG tunnel to SiteA that that virtual IP can be assigned as the interface IP of a VM on SiteA

virtual ip?

Yeah, additional IPv4's are called Virtual IP's in OPNsense

in traditional s2s you just create static routes over vpn interfaces on both sides

I've given that a shot, but couldn't figure it just out.
What I did was create on both sides a gateway on the WG tunnel interface with the IP of the other side, added the public IP to the allowed IP's in WG and disabled routes in the wireguard settings. Then, I assigned the public IPv4 on the machine on SiteA and added Outbound NAT settings on SiteB from the Virtual IP to the public IP itself.
On the machine on SiteA, I tried using both WG tunnel IP's and both local IP's of the OPNSense routers as gateway, but couldn't get it working.

fkin hell i dont have no shit mounting stuff

so i just do what ever

In WG you just pick how much address space is going over the tunnel in the config then it's the receiving end's job to deal with that
The rest is Boring Old Routing

So if you're terminating on OPNsense you'd ensure you had visibility to the VPN from it, then add its subnet to allowedIPs in the wg config on the originator

Oh! One extra thing you need to ensure! The VM obviously needs to have a route back over the tunnel, it'll do it for you usually if the OPNsense box in question is your network gateway because it'll have the route

Do you mean adding the public IPv4, which is assigned to the interface of the machine on SiteA to the allowed IP's in the wg peer of SiteB on SiteA? I've got a 0.0.0.0/0 entry there

0.0.0.0/0 will be a full tunnel to the other end of all traffic by the way

Is that perhaps not what you desire?

hate it, its not legal.

@clear igloo ©️

Yeah, basically I want to mimic the machine on SiteA to be on the public site of SiteB (so all traffic sent through SiteB and the IP of the machine on SiteA is the additional IPv4 of SiteB)

why not

he just mad he can't use it in prod, lol

used stuff in prod?

honor based licences go brrrrr

not anymore. they are cracking down

I dont think new licenses transfer.

grey market used vs refurbished/authorized reseller used is different because grey market can't get support

They are starting to make us run licensing servers on prem to make our stuff work

Please be aware that the wireguard IPs can't be in the same subnet as the remote network as it's a layer 3 VPN

In both cases the OPNsense boxes are the main gateways of the network indeed. I've added a static route on SiteB to the WG IP of SiteA for the public IP I assigned to the machine on SiteA, and also added this IP to the Allowed IPs of WG. Does this suffice or am I missing something?

eh i am fortunate enough that i only run new gear that are not eol

Do you mean the WG tunnel IP's or any IP over the tunnel?
I've added the public IP as a /32 btw, not the entire /24

You should have

Site A device > WG routing address space > Site B router > Site B address space

@clear igloo for all the "we're better" pitches Arista does I am annoyed that even they wont sell a fully unlocked switch. Why does everything need to have licenses. ugh

license all the things!!!
They use PAK licenses I think

on friday i got a almost million dollar quote from fortinet lmao

For example you can have SiteADevice be 10.255.0.2 and SiteB router be 10.255.0.1 but not if the Site B subnet is 10.255.0.0/24 (no path back over tunnel), but you can if the remote site is 192.168.0.0/24 or 10.0.0.0/24

Apparently my manager did a quote for a real project with them and he got dizzy. I guess they are close to as expensive as cisco

was that for a license? 😛

yup, that's what I've seen a lot of the time

some hardware appliances (fortideceptor and fortisandbox) but other than that licenses for 1500 users

That I can definitely see, yah per user licenses are evil

Do they still ding you for third party optics licenses?

Last I saw it's a key you need to install on each box to use third party stuff

not that I know of

Licenses are gross, my shit should still work if I don't want to pay maintenance

but line must go up
recurring revenue bro!!!!
😛

we talked optics and a license was never part of the conversation

Yah, it's only first party optics at least for the box I used but there is an unsupported license command that does need a key on the CLI
Google got me one XD

only per user license was 70$ *1500 ~100k

That's not bad compared to some, lol

Would you mind me sending you a dm with the entire setup I currently have?

we only run first party anyway because there were painful problems in the past and the stakeholders dont want to try again

Makes sense, yah

our 100G stuff is already past the posted limits of what it can do

we have to switch to SM now for over 100

Fine, I won't hang around long because it's like 2:30AM

But I'll sanity-check

Yup, single mode is the way of the future

we are looking at options for replacing our current trendmicro solution which idk how much costs

Need to start charging for this shit :P

the prices on SM optics is BS

short range single mode (2km) aren't terrible but still yah

aw yep
huge bs
we will probably spend rest of opex on transcievers this year

i will ask about -rf ones just to see price delta

and then you have OSFP optics for 800G and OSFP only for 1.6T and up so you'll need a carrier if you want to use 400g or lower QSFP optics in them standalone. I doubt it's going to be a huge deal for most but still

😦 yup

how is 400G barely more than 100G?

for 5x as many 😛

OH, unit price, lol

I thought that was total for a second

It's cheaper because ummm, yah reasons

that is list price, not many people are paying list price for it
most have a discout of atleast 50%\

yeah I cant post my discount or @clear igloo might tattle on me

even with discount its stupid expensive

he is cisco police

when I need 600 optics for a project...

my account team at my VAR is nervous because we haven't really ordered anything major since 2021. lol.

all of a sudden they want lunches and stuff

I'd order tons more if they quit the bullshit on license costs

adds 40% more cost to a switch

you dont love mandatory licenses that you dont need?

@clear igloo it reminds me of CDJR dealers who slap addendums on all of their cars and wonder why nobody wants to buy them

you know how it is... you need that one little feature but you need this whole license for all these other features

cable tv all over again

they also reworked it so that a perpetual license is more expensive in the short term than paying them yearly for a renewal license

I like calling sales out for it because they act like its a gift from god and then I tell them uhhhhh our depreciation is 5 years.... run those numbers again

I will not sugarcoat it. We are BAD at staying ontop of end of life. We have too much gear. They can screw us if we hit EOL and the license expires

meanwhile meraki
no license no packets

I'm not 100% sure but I think ACI will stop working too

If you need features in that license like multi-site I am not sure if it just stops working properly

@clear igloo they almost had ACI right. Almost.

They need to remove the concept of EPGs and microseg

thats ruining the product for people who dont want that

its HARD to migrate to other products if you ever do take advantage of that

because you have all this stuff on the same huge subnet

gad damn pricing for mikrotik routers lmao

they are good for what they are.
smb not soho

mweahaha what enterpise grade stuff is for sure

planning on getting haplite for voucher wifi vendo

ye na
you know when you reach enterprise when price isnt publicy listed and just says call for quote

@clear igloo dante go brrr

24/7 usage like this

what is that nms?

librenms lol

ohhh yea . cause you have to talk how much you want to order and for some terms lmao

i am just implementing a nms in my org, it isnt live yet but soon it will be

i realised one of this ONT router of otehr ISP does not have other shit other than changing wifi stuff

I like their SoHo stuff for gigabit or less (but I know I'm not a typical SoHo user)
Sadly no decent 2.5 gigabit or better options yet I've seen, always some stupid caveat

probly i am just using the normal admin account lmao

isnt their RB5009 offering for 2.5g?

not sure if this question belongs here but ima ask it anyway
im trying to play vr wirelessly but my bandwidth is bad. could i buy a good wifi card and then use my pc as a hotspot for the headset?

1 2.5g port :(

and other is 10g

So you need a switch with SFP+ and 2.5g to actually benefit from it

And access points

Which is not very SoHo

cuz my mb has built in wifi but i only get 7mbits when i do it over a hotspot from it?

Or an internet connection using SFP+ I guess

just use it as a router on a stick in combination with crs326

Too much kit for one small room with two computers and a laptop in it

Everything else in my house is low bandwidth and will never need/achieve fast speeds anyways

some people use a dedicated routers for vr like https://store-eu.gl-inet.com/collections/travel-routers/products/eu-beryl-ax-gl-mt3000-pocket-sized-ax3000-wi-fi-6-travel-router-with-2-5g-wan-port

@clear igloo How should I handle DHCP and NAT for a broadcast truck?? I don't really need too much of a router but I just need basic shit lol

minimally 😛

I'll probably just get some white box 2.5 gigabit wireless router platform with openwrt or something

Well yeah

idk what to use lol

rpi or docker container?

I mean that can do DHCP but I still need NAT and I don't wanna do that off a rpi

Does it need much speed?

home use case or something else?

gigabit would be the max internet it would ever have

just needs to handle encoders sending some 10/20mbps streams

work

I'd use a Mikrotik hAP ac^2 or hEX refresh off 12vdc

would i have to buy another internet plan or would that use internet from my current router
sorry if i sound like an idiot i just have no idea about any of this

no you dont need any new internet plans

ngl I am tempted to just do something like a 1u pfsense box or even a udmp lmao

Probably overkill?

Do it, keep it simple

I will probably have unifi APs (switching is netgear m4250)

Little boring ARM router

All you need

If you need a pfsense box let me know 😛
Work spend $$$ 😄

Yeah I don't want anything I have to do much maintenance

As much as I hate to say it..probably a udmp

Yah, then unifi might not be a bad idea in this case

bc it can be the controller for the APs

bingo

its not doing any inter VLAN routing

ima look into it thanks

UDMP feels overkill but if power is not cared about it'll definitely work

no firewall inbound shit, just all outbound

And $379 is small in compairson to this build

It'll look good when you show nontech people your sweet mobile rack :P

the funny thing is im doing it with a wifi extender on 2.4ghz and i have 60mbits max with constant drops

maybe ask in #virtual-reality for application specific setup

Yeah UDMP will blend in with all that just fine

thanks m8

better ap will definitly improve your experience

My AV friend is almost certainly jealous

He's just got an x86 server and a bunch of mixing and IO cards in a 6U roadcase rackmount thing

ap?

Access point

rip

WiFi box that only does WiFi

access point
what is commonly said as "router" is often a combination of 3 devices
a router
a access point
and a switch

He bought a 7th gen intel platform because he found some golden motherboard with pre-broadcom PLX chips

im watching a video rn if i do that in my room my parents are gonna crucify me

Alas he could have possibly went Threadripper if he had a little more money

yeah the PC i have in my rack is a threadripper for video

I don't think that old board was cheap either

you can always have a isolated network just for vr
it will perform better too

<Obligatory Fuck Broadcom statement here>

yea all my homies hate broadcom

None of my homies willingly buy broadcom

I might need more than 1 switch lol

Now im confused what of the three is this?

which means I need 3 now 🤪

lol

even nvidia is less greedy than broadcom

48*3 ports?

48*2 and a 10g agg layer lol

In a truck with two racks?

1 rack

Ah, leaf+spine

could be a powerline adapter

In one rack

Yeah

Incredible

lemme pull up the design rq

Either powerline or wireless repeater

should be the later

thats what im doing it with

That type tend to really suck

Not that powerline is generally good

that toilet better be japanese.

does the "server room" have a dedicated ac?

lmao

yes

Ah I see, 48 ports to the toilet

I need at least 2 ports at each station for laptops/etc.

And some stations need ports for the control panel at it

Yeah looks kinda like the setup for a stadium I saw but like half and minus all the servers and broadcast gear which lived elsewhere

plus one for a router panel

then the audio console needs control & dante primary/secondary

then all of the shit in the rack

ok i finished the video i still dont understand any of this...

AV dude gave me a very sneaky tour, I thought it was pretty neat

I love big budget systems like that

ok wait so if i buy a router for it i can just plug it into the repeater?

I work with small things on small budgets

Yeah and we are gonna have fiber patch bays outside the trailer for I/O

everything out of the trailer will be fiber

Makes sense

SDI, Dante, control network

It's not sensible to use copper ethernet

SDI over fiber from location?

yeah

yes but you can also just throw away current repeater as glinet router can act as one

i have that repeater cuz otherwise i have no internet in my room

Just have 12 smf everywhere

if this was super high budget this truck would be 2110

all IP, 25/40/100G to cameras

oh would it act like the repeater?

just please use diffrent ssid than the main router

sfp28 on cameras

psh, only sfp28 and not sfp56 or 112 😛

lol

That does look sick
All the expensive proprietary bullshit is annoying

Even a bit less is a plus

NEP rack for some sports

for IP 2110

2110 is open standard, it all works together

Yeah smpte

one slip untill doom

lol

It's a stabilizing cable 😛

already own all of the fiber, just convert from using SDI to 2110

ye yea universal cable/ wheel caulks

I'm surprised there are just roadcases and mobile racks

then dante audio

or madi over fiber

Are they planning to just not have live streaming later :P

Nexus is loved for PTP lol

how is the communication between racks done?

wdym

Sorry guys all this techno shit isn't needed, just look down at the field and be here, roll away the racks and roadcases

ah it is that ground snake

yeah

its all mutlicast!

AV over IP is just multicast 🤓

ah i just figured out its a powerline repeater
on the website it says up to 300mbits over wifi, would that be the bandwidth of the local network then?

100 megabit

The plugs are going to negate that wifi claim and hamstring it to 100meg speeds
powerline marketing sucks

i dont know the language to phrase this
does it act like an access point with its own local network?

i dont care about the internet speed i care about the network bandwidth+

Generally no but I don't deal with powerline so I could be wrong on that

i keep having to switch wifi on my phone when going around my house

Those powerline adapters tend to just extend the existing wifi network in most cases

the top one is the repeater and the bottom one the main router

Sure looks like both are from the repeater

@clear igloo @pseudo blade So far lol

wehen the ethernet port of access point is 100Mbps but the wifi speed is 300Mbps lmao

Yeah that's because outside lab conditions you're not getting more than half that speed

I will say that in the hAP lite you've bought a bit of a lemon product, they're dirt cheap for a reason and that reason is being so cost-cut they often can't even perform software upgrades without being reflashed over the network with netboot

Good for lab testing for students or other environments with no budget and a willingness to accept problems in exchange for saving money, if I'm billing for a service in 2024 I'd at least get the hAP ac^2

If scrappy US WISPs use them you should stay away from :p

https://web.archive.org/web/20241004175508/http://mikroshit.com/

The selling point is the price

They do sell real networking gear, you just have to pay more than $20

More than a couple hundred bucks*

Have you seen what some of those cheap American WISPs do lmao

I can guess

“Look mum I built an ISP” sound it up perfectly

But you can get some half decent TP-Link gear for that price

Or Cudy/Ruijie

I'd take a Mikrotik over a same-budget tp-link or Cudy

And they aren’t ugly as all hell

Eh. Most people would prefer the latter two

The feature sets are not comparable and I like the flexibility

Also if you're buying Cudy you're definitely not a real ISP :P

Yes but you also aren’t buying a $30 wifi router

The Australian WISPs would disagree lmao

They're not real

Powertec salespeople are great at selling that crap

I did that stuff for a bit and we at least sold Mikrotiks with enough RAM and storage to do whatever was needed at the site

They use them as CPE

hahahah this is fun

MikroTik has always been weird to me

Their configuration system is jank as fuck

The APs they offer always have weird limitations and bands

Their config system isn't what's janky about them and the band limitations are not an issue outside the US

RouterOS script and the API are what's actually janky

I hate it

Find routeros annoying to use

its honestly really shit. Ill just say it

Mikrotik gets flak because it's got nearly as much surface as Cisco iOS but people aren't doing lengthy training courses on it, it's not actually bad for what it is - it's just not aimed at you

Who is it aimed at

Who is this aimed at

https://www.youtube.com/watch?v=UOQ6au41m9k

Please don't ask me to understand their marketers or why they do this
But if I tried I'd say they looked at the LTT stuff and decided to try to copy that formula

Which yeah not great overlap

WISPs, rural telco, SME, low-income country everything, whatever blend of net/sys admin I've became over the last 8 years

Being able to set up routing, VLANs and VPNs on my APs and switches has been repeatedly useful when given stupid demands and no extra budget in workplaces

And I am the cheapest of all my bosses and that's why my home network is what it is

I didnt take lengthy training courses for Cisco iOS either

that being said, I can follow along what I am doing when configuring something running C-iOS much easier than Microtik. This combined with the fact there are always various workaround or problems with the current firmware (may not be true anymore, but ive had fun issues with IPv6, VLANs, and GRE Tunnels causing problems like crashes) makes it really hard to say "oh its just not for you". No its because its flimsy and very clunky.

lol ok bud

Even an Ericsson AXE Telecom Switch Station isnt as clunky and its all over the place in much the same manner actually.

And that think is older than me

feels the same though

so i got mikrotik haplite

but the problem is the port 1 which i connect my 8 ports unmanaged switch disconnects

but it connects for a few minutes then it would disconnect

difference with bridge and ppoe?

My issue is that there's like 2-3 different ways to configure the same thing and there's right and wrong way apparently

Lmao
https://youtu.be/xpepZgIvVYY

So strange

what the fuck

this guy must be high as fuck

Their YouTube channel is hilarious

ew a ai generated image

is it that hard to grab a product photo lmao

This guy? The whole company

I prefer the other option, real work experience with devices I cant afford.

I don’t poke my head in much, but I thought the networking people in here would like to know about a deployment I found

It’s a bunch of PoE devices that run through a Powerline adapter that goes back to ethernet almost exactly on the other side of a wall, when it easily could have been run under the floorboards

wow how incompetent, though while thats something I would have done (run small wires to the other side of the wall) now I would want everything in a central location patch panel

@clear igloo @rocky badge you should switch to arista and join the AI revolution!

AI what now?
🤣

ok story time. this one hurts my soul

Are you joining AI NetDevOps Scrum teams? 😛

A business unit wanted their own network and they talked to us about their needs and we did a whole design. Because of the big cost, they decided to hire a 3rd party consulting company to not only look at our design, but advise if there are industry standards or forward directions that we missed/didnt account for.

We have many meetings with them to discuss our designs. We get to the presentation from them (before the exec level) to make comments. They went and did all this AI-this, AI-that, including pricing servers from nvidia partners. I was sitting there like uhhhhhhh guys... I never once mentioned AI in any meeting with you, none of this is in scope of what we asked for. Why did you do this? "Oh, its because [sub-team from BU] said they might be interested in AI"

Have you heard about our lord and savior AI?

Futhermore, with all the meetings they had with the BUs sub-teams, they never once understood the traffic flows and network requirements and started saying 400G this/that because its where things are moving.

This group of apps can get away with a few gb of uplink if we wanted to.

Why would you want to understand the customer requirements when you can just shoehorn the latest and fastests for reasons

The head dude for the network analysis used to work for (major tech brand that you know) and could not stop going "well at [brand] they do this, so you should too"

So we told them to change the preso by a lot, and I did not get to see the new one, if they did it, but I heard it bombed when they went to VP+ level

This was months ago and no network project has been approved. It was that bad.

Nothing is worse than a new coworker who injects his old employer into all of the conversations. I knew a guy from motorola who worked there for like 15 years who did the same thing.

They just needed to run the preso through ChatGPT first, lol

They heard AI and ran with it

Hey, I'm getting fiber installed out here in the woods on Saturday, I'm imagining that they would rather just drill a hole in put a hookup immediately on the opposite side of the exterior wall...think they would go up the wall into the attic space to bring the cable down to the wall next to the window that actually has outlets?

no

No huh,

Anyone have experience with MikroTik Routers? Are they easy to use or somewhat difficult? Any shortfalls?

RouterOS is kinda clunky

https://demo.mt.lv/

Ohhh. I see. I happened to come into possession of one and was gonna take it for a spin/lab with it for a bit.

kinda

Interesting that it uses a 36 core CPU

Ah yes, VLIW architecture - very specific use-cases, these have. https://en.wikipedia.org/wiki/TILE-Gx

With VLIW, you have to compile the software to take use of the specific amount of cores

So thats why it was never scaled

God damn it, my stupid ass setup SIP SMS Messaging over the SIP proxy forgetting you gonna need the Subscribe functionality in order to send the response back

all that work on the wrong layer

I think it’s crazy that MikroTik lets me download the latest RouterOS on this “discontinued” piece of hardware. From 6.13 to 7.16.2 released not that long ago, damn

Everyone thinks their workload is big and special

Like the enterprise databases I keep seeing with single digit users and - gasp - tens of thousands of rows!

"We need Oracle DB" I think sqlite will do just fine actually

Hell anything but Oracle DB please

Back at the MSP I was tasked with moving an old onprem VM from 2c/8GB to Azure at something like 16c/64GB because the vendor insisted that their crappy little medical ASP.net webapp and mssql database needed it despite having two authorised users, no real performance requirements or demands and maybe a few hundred thousand records at best. Just idled and bled money

Can be easy, can be very difficult. You'll spend more time working with/around hardware than you might with other vendors but it's easier to know what you'll get out of it once you get your head around the block diagrams. I've been working with them in businesses for a number of years now and am pretty familiar with the platform

The pitfall of the Tilera-based units, for example is their very low CPU clock speed. The memory architecture of Tilera does not help.

So any task expecting high sequential CPU performance is going to suck despite all those CPU cores

BGP was a huge showstopper on RouterOS 6 for that reason as it ran on exactly one core

The Tilera CPUs are also weird and dead and the Linux kernel dropped support for them. Mikrotik still supports them but there's no new development around them, they switched to ARM on the newer products. So you can get upgrades now but in 3-4 years it'll finally run out of road

I'm running a different Mikrotik (hEX) I got in 2018 for my lab for $60 US and it's still promised at least another 5 years of free support. I'm expecting that EoL announcement sooner or later but I'll have replaced it long before due to obsolescence

Another unique pitfall of that specific model is also one of its strengths - No switching, only routing and bridging. Everything's straight to the CPU.
The newer stuff leans on L3 offloading on switch chips heavily (which they're getting better at but will never be possible for everything), this one just brute forces its way there with its unusually parallel CPU.

I felt this in my bones

Just wait until we do another U-Turn on this and FPGAs with Softswitch Features actually become a viable option everywhere

the amount of U-Turns and wild adjustments into different directions network hardware has taken makes everything else seem timid

The funny part is FPGA's are kinda sorta the past of networking. Cisco used FPGAs for all sorts of IO and offload tasks but they're too expensive and slow to beat common-path ASICs and nobody seems to be rushing to change that

Exactly.

We keep coming back around

this time with the idea of using a management coprocessor with FPGAs

A large one

the idea here is you can install all the features you need into the appliance and it becomes... well whatever

Interesting ideas come to mind with those capabilities. With a click of a button you can reconfigure entire datacenters and all the networking hardware in an instant

Switches become Firewalls, Routers become Switches, Firewalls become Gateways

Is this actually idea? no prob not you would select the hardware to match the need

but if I wanted to take an 8 port switch and make it an 8 port firewall and move it, that works

FPGAs being great at filtering can suddenly make for a great firewall

I saw a similar argument for replacing CPUs with dedicated softcores that could be mutated based on workloads and the problem always came back to performance not being good enough for the common path

It's definitely a fun idea though

P4 Programmable Switches!

anyone here using OPNsense and the IPsec VPNs?

No, nobody has ever used anything, don't simply state your question as nobody will know the answer and you'll look silly or something idk

Yeah this shit.

Yeah so this is a thing

You got programmable ASIC and then some sort of DPU CoProcessor

P4

DPUs are interesting

It can be ARM, X86, RISC-V,

Never seen one on a mezzanine like that before though

Uhhh MIPS (ew)

MIPS is OK even if its not exactly the new hotness

even the MIPS foundation is going RISC-V lol

I setup a few site to site ipsec VPNs via OPNsense with pre-shared keys. They somewhat recently added a new setup gui page for the VPNs and moved the old to "legacy", so I'm guessing they will deprecate at some point. In the new page, I can't see a way to setup a preshared key, so I worry all my VPNs will stop working when they roll out an update deprecating that feature

MIPS architecture is apparently really commonly used in university courses so it's probably just the most familiar option for the designers

https://opennetworking.org/stratum/

Part of the bigger ONF project but this I have toyed with in the virtual environment

Uses p4. The ONF Project is meant to make every single piece of the carrier functions programmable and virtualized if possible

Not sure what it uses behind the scenes I'm afraid, but this sounds like a great question to post somewhere the devs frequent if you want to figure out their plans and priorities regarding it

My understanding of such projects is they're kinda the other way - all on CPUs, but with data planes accessible to the user

Which is neat in its own way

As there's not really another way to "virtualise" or program them

It's all cool stuff, I wish I had the time or justification to play with it

Honestly I still dont know to use P4. This is a little over my head and has architecture dependandt workflows

Oh interesting

It's a DSL

control ingress () {
     table routing {
          key = { hdr.ipv4.dstAddr : lpm; }
          actions = { drop; route; }
          size = 2048;
      }
      apply {
          routing.apply();
      }
}

I understand this.

https://p4.org/sandbox-page/
heres a fun little sandbox

A very C/C++-like DSL

Yeah that looks very interesting

And it is designed to also run on FPGAs among other things

@rocky badge

Sir, I'll have you know this is a christan minecraft server and we'll have none of your devil hashtags!

Lmao

Man. I remember Christian counter-strike servers lol....

@rocky badge @clear igloo what hes not telling us is that cybersecurity isnt like that at all. It's log jockey. It's barely understanding networking and security protocols. It's creating policy from misinformation.

#BlameTheNetwork
#NotFirewallFault
#DNSorsomething

My favorite cyber story is we had a person, a CISSP or whatever it was, turn ALL the features on in a firepower because DUR SECURITY, and it took the traffic down for our entire datacenter in small random intervals to the point where it was impossible to track down

#FeaturesMakeMoreSecure 😛

The internal interface would get clogged up

Sounds about right

She did this and quit to be director level somewhere else, before the issues really started showing up.

Your cyber security management, folks!

At the same company: cyber engineers who cant explain how a static route works.

Don't you just use opsf for that?

I’m interested in different kinds of networking gear and wanting to lab different setups to see what each piece of equipment does.

This MikroTik was just running for years with nothing plugged into it at one of my work locations. We don’t use that brand anywhere else so I got to take it home.

I have some Ubiquiti gear, Cisco switches (and a 1921 router lol) and now this MikroTik router. It’s neat to see the different CLIs, GUIs, and limitations/ capacities of this gear.

Still have another airport express to add behind the Garage one but the cable in the ground brokie

Been a long while since I’ve seen AirPort Express/extremes in use

Theyre cheap asf

And are perfectly fine for what i need

True. Last I used them was when I worked at a school district

The expesses are 10 euro a piece

The extremes are like 20

The extremes do wifi AC

Damn that is cheap

Last I checked if it blocks all traffic it’s secure

dont run copper data cables underground please
just use fiber

Mmm copper and water party.

and add in 🌩️

poe ++++²

Oh I didn’t even realize

At work our infrastructure sucks. We keep hitting conduits or rats keep chewing the fiber cables, so many fiber runs keep dying we have to use PtP radios to keep our stuff connected

only things that chews our fiber are sparkies but we have 2 rendundant paths back to dc for each access switch

Nice… all our shit is one chain link with no redundancy. So one fiber breaks, everything past it in the chain loses connectivity.

yikes

also most of our fiber is underground conduits or up in the ceeling cable trays

I am planning on getting NAS so I can backup my stuff. I was wondering how does QNAP and Synology compare? I wouldnt connect it to internet just my pc

they are all pretty much the same - overpriced, underpowered mini pc with hot swap bays and propriatary firmware

Honestly you could buy yourself a nice cube shaped hot swap chassis and just build a mini ITX pc in it for probably cheaper

just bought the cheapest camera NVR on amazon

lets see what it ties to access

I looked at some cases and thinking of getting fractial desing node 304. IDK WHY this didnt come to mind. Gonna do more research and dive deeper in to the rabbit hole

What and how should I pick my parts for the NAS?

QNAP - while it is often the stupidity of the users for using the cloud features or putting their NAS directly on internet, there were few times when people had their NAS encrypted by bad actors through holes. I remember at least 2 such global incidents, might be more.
Synology - they like to use underpowered, nearly decade old hardware for $500-$1000 hardware.

If you are willing to pay for it, Jonsbo N3/N4/N5 might be worth considering. Then you pick motherboard/CPU/RAM according to your needs and case choice.

There is also an option to use something like the Ugreen NAS devices and put TrueNAS or OpenMediaVault on top of it instead of using the propiertary NAS system. I think Terramaster also allows 3rd party software OS, and probably few others too

Yeah I saw lot of the security issues when googleing them and that really put me off from them