#networking

@thorny vector

I told the. What's you say and they say you don't know anything about the game

https://tenor.com/view/elmo-shrug-gif-5094560

I'm just trying to see where its getting mangled

Oh which is the router

What's the router hardware?

I use pfsense, and I've never had those mangling issues

Does anyone have experience with pihole

@languid shale yes

A old desktop

Is the default blocklist good enough do you think.

yes

expanding on the default is really only necessary if you're trying to drill down on specific domains, like a business blocking websites from employees

the default advertisment CDN blocking is pretty solid

Thanks, because some blocklist I was looking at were blocking all the Google sites like translate which I use on a daily basis.

Is this correct

what did you have before?

automatic?

Yes

https://docs.netgate.com/pfsense/en/latest/nat/static-port.html

They say this is stupid

yes and no

,

it depends on the environment. For someone like me, who doesn't serve any weird and sets up everything manually, rewriting my source ports for regular traffic is great to prevent man in the middle attacks that rely on guessing protocols that change ports as they go along, or making it harder to follow individual hosts

They say it fake security

Its not though?

They are foot down about it being stupid and say switch isp to a ipv6

Or disabled it

If you can get ipv6, your isp might not serve it to you.

And if they think its stupid, fine. It's staying enabled on my system as additional host obsfucation

They say to switch to other isp Comcast

Cool. Let me know when I can choose what ISP I want.

issue is my dad say it the game and we not swithc foot donw

he hate them and then have slow upload speed

@thorny vector they say how do you expect udp to work with it it enable

I don't. I also don't serve UDP traffic.

@raw timber Wonder if they know what they are talking about...

They say the same about you

The dev decided o UDP for a reason so you don't use it at all

UDP makes a lot of sense for real time communications. But it should not matter if you are using IPv6 or IPv4. It's the same UDP packets.

I really don't understand why you would use UDP for game traffic.

Obviously it works, but I don't like UDP when TCP works just as well.

honestly, with how fast the internet is getting, there's less and less reasons to use udp over tcp

Because it's faster, as you do not need to ack every packet, it also does not matter, if you miss a packet or two, and if they arrive out of order, the older packets are useless.

I get that, but that was also a lot more relevant when bandwidth was more limited

I can not imagine why you would use TCP for game traffic. 😉

Well, by not acking all packets, and not reassembling out of order packets, you can get lower latency.

It is for people with slower connect

Or people hunting every ms of latency they can. 😉

I know, I get it. I just stay away from it in my homelab, and at work, because I can't stand dropping my logs

or data

I normally don't use anything that can be ok with dropping stuff

Well, if you have a voice conversation, it's usually more important, that latency is low, than every packet gets delivered. Usually you split the stream in 20ms packets, and a few gone missing, will not be heard. 😉

I should mess with it more

I am stuck if I tell the dev they foot down blame the rotuei close it and

Well, nat just plain sucks. I agree that IPv6 is the solution to nat problems, however, if a game or other application does not work with nat, it's to be considered a flaw in the software, unless the ISP blocks the traffic on purpose.

An ISP would neeeeeeever do that

A decent ISP will not.. But not all ISPs are decent. 😉

I've been decently happy with my new one. Except for my upload, a whopping 10MB/s

MegaByte or MegaBit?

Byte

I'd say, that's a decent upload, unless the downstream is 1Gbit.

Yeah that Comcast the one with ipv6 30 and 1 gig

Vs Verizon 300/300

I just wish it was more symmetrical is all

For cable the reason is limited overall bandwidth and a general need for more downstream than upstream. On fiber, in most cases it's just to be annoying. 😉

I serve a little https traffic, and host a CTF network for my old highschool's compsci club, and it just gets bogged down sometimes

its docsis 3.1, so 🤷

@thorny vector CONSUMERS dont NEED UPLOAD -every isp ever

Not just a cable thing, with fiber GPON is a hard 2.4/1gbps per PON. Upload is going to be cut. Different for AE

@rocky badge Right? I wish there was a plan in between consumer and business

DOCSIS ISPs can give more upload over DOCSIS

It's just that they don't wanna

Not just a cable thing, with fiber GPON is a hard 2.4/1gbps per PON. Upload is going to be cut. Different for AE
@hollow marlin But that's a choice made when the standard was developed. 😉

You act like hardware limitations at the time were a choice

@rocky badge Depends on how many TV and radio channels that has to be in the network as well. And also the size of each segment.

getting ISP's to change the reverse DNS entries too

Mine's actually a spectrum business

@craggy parcel yea

https://blob.pcmr.rocks/MountainousObeseBlob.png

biz.spectrum.com vs whatever Spectrum residential's is

But we're on Spectrum residential

And its not like its the only time it happens

You act like hardware limitations at the time were a choice
@hollow marlin Hardware limitations when making a new standard? They were literally making the requirements, and decided to devote more bandwidth to downstream, than upstream. (Which kinda fits most consumer usage patterns.)

I got one biz IP on my pfSense WAN and one on my USG WAN

Oh god. The buisness services my ISP offers at my address are literally the same, just more expensive

I can't wait until the summer tho

@rocky badge I just heard, fiber is banned

Dad said we'll get AT&T fiber

@clear igloo

We banned fiber for all blobs

oof

reeeeeeee the stupid $10/mo equipment fee tho https://blob.pcmr.rocks/PeacefulLumberingBlob.png

You can get Hughes Net Gen 5 though 😛

Do you still rent the gw?

I have the gateway, I don't pay a rental fee though

Not sure why they are charging you the fee

Why add a fee for equipment, instead of just including it in the price? 😛

@craggy parcel At the time GPON was developed the hardware was not there to be able to develop an SFP capable of pushing symetric 2.4/2.4.
The choices to move to asymetric was chosen long before for legitimate resons

I'm just gonna bypass it anyways...

eap_proxy

https://github.com/jaysoffian/eap_proxy

Proxy the AT&T GW EAP packets to the ONT to unlock the port

because AT&T is a bitch

What is funny Comcast have a faster upload but they want 300$ a month for it

the ONT uses 802.1X to auth to their network, then the GW uses 802.1X to auth to the ONT and their network

And only in some areas it fiber direct to the home

@clear igloo I hate doing anything networking/server at school 😐

rip

I can't set static IPs or DHCP reservations

oof so if it changes

I had comcast try to charge me a rental fee for the coax cable they sent me

for the cable?

Yep. Had my own modem, but they sent me the cable anyways. and tried charging me for it, i think it was like 5$/month

omfg

what

Yup. Walked the cable back into a brick and mortar store, and told em to fix it

that's so stupid lmao

I can defend 99% of what ISPs do but that is plain asinine

It was new to me. I had always seen peoples horror stories, but assumed it was mostly just upset fringe cases

Alot of these fringe cases are also due to acqisitions and stupid billing quirks that followed from the previous company. If you ever saw behind the scenes you'd get sick on how a lot of this is handled

@hollow marlin how is a cable Tester able to measure a cable with only one end plugged in?

The signal reflects?

@little schooner With fiber it measures the reflection from the light. With copper is like magic with resistance and induction

Really cool

It is neat. One day I'd like to get with our tester vendor's engineer to ask exactly how the copper test work outside my high level knowledge of it

@hollow marlin yeah. I noticed that with my fluke Tester, it is always within 1ft margin of error

Really high quality

Now if I used the klein tools versions, it was telling me results that weren't even that consistent

Sometimes 15ft, others 19ft

And don't get me started about using the edgeswitch to determine cable length

It's horribly wrong

Fluke is on the border of overhyped and expensive but their stuff works very well.

Yes very expensive

I almost had a heart attack when my professor dropped the Tester

We went with another vendor for out tech as its add remote access functionality. So our techs can be on site and if they can get a connection somehow we can view and operate the tester remotely. As well as all the bells and whistles

@hollow marlin what vendor is that one

Oh is it not in reach for consumers?

In price

Cant remember on the top of my head since I used them when they came in an are in the field since. I can grab it though.

They are around ~$5k each

Dang it

Thats a lot more expensive

Yeah they're pricy. If I remember they had a next step up that was about 3 times the size but also had a fiber splicer built in. It was like $30k though

lol

i think its a network problem so i posted here

My laptop won't connect to the home wifi it just says cannot connect to network even though it worked two days ago. But I can connect to a hotspot or tether to the laptop but the home network is rejecting my laptop. Any ideas on what it is?

Anyone know how to tell if an ISP router has a modem built in

If it has a coax, fiber or DSL port/connector, it has a modem.

@lost charm Updates over the past week with Win 10 has caused my coworkers similar issues. Best bet is to going into settings, forget the network, reboot and try reconnecting.

Okay thanks I'll try that @hollow marlin

technically, all networking equipment that uses layer 1 has modems

i am going to upgrade to gigabit internet and dont know which isp to choose. In my are there are to gigabit provider century link and sparklight. which one do i choose?

century link has fiber and sparklight has copper

@abstract magnet You pick the one, that has the upload speed you want. In some countries, the upload is only a small fraction of the download.

i am in the U.S

I'm not. So can't say what they provide, but I've heard about US ISP's the will give you a lot less bandwidth upstream, than downstream.

yeah, ive heard that the customer service of century link is trash but gigabit is only 65 a month

compared to sparklight which is 125 a month

is the tplink ax1500 good for wired network and wireless network and can it handle 10 -15 devices at atime

Hey is this a good place for network troubleshooting?

I'd say so

@unique canyon what's up?

Hey so for some reason my desktop has been completely disconnecting from my internet connection... It is hard wired and has a wifi card in it as well. The wired connection shows that it is connected to my modem but isnt connected to the internet. When i switch over to the Wifi connection, the same thing happens. However my internet is working fine on other wifi connected devices. Any help would be appreciated
or any help on finding where i might be able to see what is going wrong
After about 5 mins it just comes back and is working fine again

copypasta from tech-sup channel

My initial guess is that the wifi card and ethernet are "fighting" over who the connection is

Have you tried disabling one, and using the other?

I have my wifi turned off when my ethernet connection is on because it will prioritise that otherwise

can you ping 8.8.8.8

in edge?

no, command line

cmd.exe

command is "ping 8.8.8.8"

sent 4 recived 0 lost 4

i didnt something that might have been a mistake because now the ethernet isnt showing that its connected to my modem

I did the network reset thing

reset the network on what?

the modem?

under network status

the last one

Did you restart yet?

I turned it off and back on

now its restarting propperly coz i was impatient

😅

ok well its back on now

pc, or connection

pc

its back completely now

everything is back to normal

i pinged again

and i got sent 4 recived 4 lost 0

min 55ms max 55ms adv 55ms

👍

but like

its came back 5 mins after last time this happened

and that was like 3 days ago

its done it like 4 times in the past 2ish weeks

what, dropped connection?

yes

exactly what happened today

next time it happens, try in cmd

ipconfig /renew

it might be a dhcp problem

ok ill try that

do you think that will fix it forever or only fix the problem while it happens?

I couldn't tell you for sure without more information

yeh ok i looked in event view and found this

idk if that is from the LoL game that i was in the middle of while it cut off or not

no, that's unrelated, don't worry about it

In actual fact, as far as i remember this has only happened while i have been playing LOL

idk if thats a coincidence or not

Is there any chance it could be a power management thing?

highly unlikely

ok i didint think that it could

did the event view info make any sense to you?

Never really delt with network stuff before tbh 😅

That wasn't a network log, it was a application log. A windows application tried to make a log somewhere, but it failed. Not any real big issue

ok o k

Anywhere i would be able to look to find anything?

also thanks for the help\

Another thing is that some of my chrome tabs take forever to load even tho my speed is fine and the site will be working fine another time (its definitely not the site)

Hey guys, would something like the NanoHD be the cheapest mesh APs for AC Wave 2 160MHz or is there anything cheaper from Aruba/TP-Link or someone else? Just need two APs for this deployment and pretty much all the machines have 160MHz AC cards in them already

@muted timber What kind of traffic are you going to be serving? It aught to be fine

mostly file sharing and a 500mbit internet connection

have a NAS and often shuttle a lot of files to and from it

Yeah, that's fine. I'm assuming wired just doesn't fit as a solution for you

Well I'll be ethernetting most of the network, servers, desktops etc, so the wifi would be mostly for mobile devices like laptops

at the moment the 80mhz network bottlenecks at about 450mbit, but all the devices support 2x2 160mhz AC

and there's clear enough channels in the area

from what I gather you can get around 800mbps off VHT160 AC

does seem a bit of a niche as far as spec sheets go

So im about to move into my new place the person who lived there befor has run a decent amount of network cabel thought the house sadly its almost completely buried in the walls with no identification what he has run, whats the best and easiest way to find that out?

Just check how much data you can run through them; in the end type is somewhat irrelevant if it's a shoddy job

I have installed some hardware today at a new DC

EPYC PowerEdges? 👀

indeed! =D

Good eyes! ;)

and an Unity 880F

Yeah, the R6525 ends in a 5, so it's AMD 😛

yep =D

Is that a SuperServer?

in the middle pic?

Well not superserver, but whatever Supermicro's lineup of short depth servers

Yea

yeep

our perforce proxy

noice

faces on things

He's shocked!

haha :D

is that an isilon

correct

for our artists to work off from

RIP, just got word we are out of power in one of the rows in the lab.

ajaj

good it's the lab tho?

Yah, just sucks that we have to shuffle stuff around to free up some of the power if we need to add more gear into that row

aaah, you have that due to overload?

3 rails with 180amps each, lol

They limit us to 200 amps per rail so no overload yet but the alarms will go off if we go any higher

i guess thats US amps? :D

I think so

else that's some serious power :D

220v rails I think, not 100% on that though

@jaunty talon ooh nice

@rocky badge yeah they're really happy

@clear igloo I finally labeled stuff <_<

we replaced on older Ceph setup with Isilon

@rocky badge lol, always label 😛

100% worth the investment

https://blob.pcmr.rocks/GhostwhiteMaleBlob.png

Nice!

I wanna fill up this 48 port switch...

https://blob.pcmr.rocks/LawngreenExtrasmallBlob.png

@jaunty talon haha I bet 😄

Buy all the stuff, plug up all the ports!

I ran out of 10 Gig ports <_<

rip

I need a shorter fiber cable as well <_<

1m is too long

0.2m is better 😂

Haha, smallest I know of is 0.5m

https://www.amazon.com/dp/B07Z5B1YHP/

oh nice!

That's the only one I can really find

without ordering from fs.com

$40!!!

Yeah

I just need to do this

Go with 0.3 meter and the price drops to $13

yeah ...

😂

ugh, I want the 0.2m cables but I'm not spending $40 each for them

yea

Just ordered some of the 0.3m ones 😛

lol nice

Sigh... With fiber getting bigger, soon the days of telling the junior guys to go make some CAT will be gone...

@clear igloo yikes school VPN

not compressed, encrypted, and all traffic is routed through it

mega oof

thats fine, the govt is paying for most or all of their pipe

the login is vpn and a 8 char password

shared

XD

@waxen scroll it's only a 4 gig pipe

for 8000 students

4 gig can be $$$$ depending on where it is

🥰

4Gbps/4Gbps WAN burstable to 5Gbps, $150,000.00/year
1Gbps/1Gbps metro Ethernet HS to freshman campus, $18,000.00/year
10Gbps/10Gbps metro Ethernet HS to 14 sites, $630,000.00/year

14 sites? why not MPLS

High school is the main ingress

idk lol

i suppose if the HS hosts * and the schools dont need to talk to eachother much.... eh

The high school has the primary dc, nac, ContentKeeper, etc

At every school there's a rodc, intercom controller, file server, print server, and such

Just enabled DHCP in a home lab network. How can i make existing windows machines use dhcp? assign ip automatically is enabled but it isnt being assigned an ip

it turns out, there is a save button for a reason... 🤦‍♂️

OOF

@rocky badge where in the world is that?

US?

Yeah

US sucks so badly!

for 630K USD i get 2x 100G's with 100G commit in Sweden

This is after E-Rate discounts...

:(

Fiber is provided by Spectrum Enterprise

64 strands to the high school

How much for that?

Or is thta included?

It's included

okok

Anyone set up a FreeNAS system before? I'm having issues getting it to install

Right now I am trying a normal FreeBSD install if it works via USB but so far anytime I plug in my FreeNAS bootable USB it locks up the BIOS on my old repurposed PC

Ubuntu, Windows however do boot on it

Yo

Can someone help

so apparently my system in general hates FreeBSD

So i have a router and it works perfectly but some of my devices lose internet connection

It says connected(no internet)

How do i fix this?

Everytime it happens i have to restart my router and its kinda annoying

My DHCP lease time was at 120

Extended it to 48hours to see what happens

@jaunty talon @rocky badge

U had ranks (srry for tag)

funny. so after installing FreeNas on a different system as a external drive, it boots up

nvm. it just kernel panics

rip FreeNAS

any alternatives? I am too poor for Unraid

If your hardware is okay, FreeNAS will work fine

what are you trying to install it on?

@turbid furnace your question is far to broad. Your DHCP server is only one compoment. The DHCP server, DNS server(s), and the actual Routing part of yoru system work in tandem

if any one of them goes down, your internet stops working. If you set a lease to be very long, then the computer(s) won't ask for for anyone lease

and if your hardware is truly non FreeBSD compliant, you can install OpenMediaVault on bare metal

or install Proxmox and then run FreeNAS as a VM

Is an Intel n4100 too slow for pfsense firewall?

@little schooner As long as you're not trying to server a stupid amount of traffic, yeah

ram is important too, make sure you have enough for all your firewall states, and any plugins you add

@thorny vector I was going to use it for my apartment. about 100mbps speed but gig local

and probably put openvpn server and pfblocker

4gb should do the trick is suppose?

I run a full gig pretty saturated with around 2 gb, with a pretty lengthy snort rule set. If you can, I'd play around with it. My routers are VM's, so I can do that easier than a hate metal machine.

4 gb would for sure be good

yeah i wanted to throw snort on there too

i will receive it by next week and test

Be careful with your snort rule sets if you use the community ones, and block on alert. Some are super sensitive to relatively normal traffic

Snort

I like that name for IPS/IDS 😂

it's gonna snort your traffic

Does increasing the lease time for DHCP mean that it will take longer for devices to automatically get another ip from my isp?

@turbid furnace That's probably your local network DHCP, I don't think you've got any access to the DHCP lease timer of your ISP

@dire flare i have 2 routers

One in modem mode, one connected directly to the modem

And you're setting your DHCP lease on which one?

Can someone that knows their way around nftables @ me?
I have a question regarding postrouting chains, specifically in regards to default policy.
If I setup a masquerade chain through the nft utility it adds an accept policy by default. If I write it myself into the conf file I can however ommit the policy and it still runs. What's the default stance and significance of it?

@little schooner I use a J1900 with 8GB of ram for the same WAN speed, and about 10 1GbE networks internally. Works great

@clear igloo its time to unsub from LTT

ShortCircuit is my best friend now

lol

@slow pivot refreshing to know since that's an even older cpu

I didn't want Edgerouter this time for router

@little schooner Yup, as was said above, memory is far more "critical"

Yeh

Hi there im just getting into pfsense im still learning networking in school 😊 I have tested my setup on physical hardware it works fine so I virtualised it using hyper v (im using hyper v because my main server is windows server 2016) so I have 2 Physical NICS on the server one for PFSENSE WAN works fine no problem but then my second NIC is for pfsense Lan side that comes out of my server goes into my switch then my switch has all the vlans properly tagged etc the problem is that the default pfsense la works fine but I have multiple vlans on the port coming out of pfsense but the vlans wont communicate through the virtual switch on hyper v done some research didn’t find much a part from the fact that hyper v doesn’t support passthrough of physical hardware to the vm witch I probably need to have multiple vlans going through ?

Any Propositions would be great

Thanks

@shadow bluff Without looking at it, I'd guess an issue somewhere with trunking

@thorny vector From what I have read online you can only have one vlan pass through the Virtual swtich
That seams stupid

I'd imagine microsoft did it that way so that any interaction with the physical nic wouldn't have any weirdness. If you really want to get more into virtualization, I'd recommend spinning up an ESXI box

That supports vSwitches that do the more complex stuff you want

Im sure that’s why. yes planning to move over to Esxi I can at least passthrough hardware directly to a vm @thorny vector

what server hardware?

Physical network carts

No, I'm just making sure you're running a server that'll support all the passthrough you want

Im using a standard Office Pc With Windows server 2016 with hyper V and 2 Gigabit NICS

For pfsense, I used two virtual nics of the same physical nic

And threw them into different vlans

@shadow bluff You might have issues with i/o passthrough, depending on the chipset that the motherboard is

and make sure the processor supports it too

I mean everything else works and it has 8 GB RAM, it just that FreeBSD' OS apparently don't like being booted on USB via that repurposed PC

and installing it externally causes a Kernel Panic if I replug it back to the main machine

Ubuntu works fine, Windows same thing

not sure why FreeBSD is making it go ded mode

I am watching this Linus Video and apparently I could try Rockstor since my dad won't be paying 60 USD to Unraid just for me to store my crap into a Q6600 system https://www.youtube.com/watch?v=m_B8AFvguqo&t=225s

what can i use instead for drive set up like let me add more drive as need and have docker and vm and not proxmos i try it

instead of unradi

@keen ermine now I am curious if my Q8200 system works with freenas

@raw timber that expansion method of unraid is pretty unique in the “free” systems area

You can give it a shot and let me know if it works @slow pivot

i thout i saw some set it up with linus free or is that very hard

Though I am trying to look at Rockstor

@keen ermine ok will do that later today

Cause I flashed multiple USBs over and over and nada

Could also be a Dell Issue but weird then how Dell hates BSD

I haven’t used rockstor before either

Wished Unraid was also free for personal use than paid

Bsd uses a different partitioning system as well, might be something with that

how to tell if it is worth the price vs just use sofware raid

with a 2 tb hard drive and 3 tb and and 500 gig

Unraid? For a nas it is kinda derpy. I usually recommend freenas over unraid. My unraid setup I use for storing backups

i only have one sever for nas and for vm

So run a virtualization OS, and build a nas inside of it

^

I run esx and a freenas vm in it

i done that not very good hard to add more space

it is most of the sapce to nas not much to vm

space

Not really? Using what os? I use vmware products at work and home, and its easy to extend volumes

With any raid-ish system it will be hard to add space. Raid based systems are not designed to be expandable

sound lke unraid my only option

Also, you don't have the disks for raid. They all need to be the same

i have lot of small vm

too many to make eahc it own vm they are docker

So since FreeNAS can't boot baremetal on my system, I should try it in a VM with ESX? and is ESX like free non-commerically? @thorny vector

Then they're not VM's, they're containers

@keen ermine yes esxi is free

@keen ermine I'd highly recommend that. There is a free license, as long as your not expecting all of their features

You still need a license, but you can get one free from vmware after registering on their website

yep containle

nah, I just want FreeNAS

it can run but not easy to add more drive

i think i just stick with unraid unless some one can teach me how to set up a linus sever

linus server?

ubuntu server

@keen ermine here are the limitations for the esxi liscense

No support
Free ESXi cannot be added to a vCenter Server
2 physical CPUs
Unlimited cores per CPU
Unlimited physical Memory
max. 8 vCPU per VM

with vm and docker on it

Google, my dude. There are even excellent docker options for running a file server

Pydio, a web browser and SMB file server, has a docker config. Same with nextcloud

why not un raid i jump all around

@raw timber if you go unraid, that 3tb drive is completely unavailable

I see

Since you have to use your largest drive as the parity drive

i need somthink for back up

https://forums.servethehome.com/index.php?threads/trying-to-decide-freenas-unraid-rockstor-proxmox-etc.25107/

saw this

you could use proxmox

@raw timber if you need backup then you need to answer this: how much would you pay to recover your data if you lost it all?

@burnt cedar i try it had lot of issue

do any one do 2 vm one a nas vm and one a docker vm in exci

yes

Sure, all the time

https://imgur.com/a/YwHikuI

do it work well

how to get data off the uraid

How well it works depends on your hardware behind it

6500 cpu and 16 gig of ram

and to get the data off, just transfer it to another storage device. or straight pass through the harddrive to a VM

hmm

ESXi on a Q6600...

even with what unraid do to data

It's virtualization. ESXI doesn't care what it looks like if its passed through

which esxi to get

What do you mean? Like which release?

yes

You're going to have to get vsphere 7.0, they just released it

why did people went with it vs unraid

Because at its root its enterprise software

since linus like unraid so much

they have a whole suite of stuff behind it, that makes large scale management very easy

or is he only use it becaer he was paid by dev

I mean, he's featured on the front page of unraids site

He probably uses it because he's familiar with it, and it has everything he needs

Unraid fits LMG’s requirement better than ESXi

And better than FreeNAS which would require more work to get that same raw extendable storage they need for media archival

Also, freenas has BSD behind it, which has very little support behind it

Well TrueNAS is the commercial variant of freenas 😉

What about me

You're going to have to experiment to see what's best for you

@slow pivot I thought they were rebranding all of their stuff truenas? is it just commercial?

Yeah it our main dns and unfi controller

@thorny vector just the commercial part; freenas is supposed to stay the same but be the free variant still

We've got FreeNAS in a vm at school right now

I'd love to move it over to a Synology diskstation or rackstation

Looks like they are unifying

https://www.ixsystems.com/blog/freenas-truenas-unification/

Synology or qnap is really nice

I like both of em

This is itb

White box solutions for everything!!!

😉

My server is too big. Its in a cooler master haf x case

Once you go rack life, you never go back

Not sure where I can fit the rack

I have mine in my living room

My mom doesn't want me to take over a room for rack

Huh, well fuck.

The sweet sweet sound of server fans spreads through the entire house

The hikvision nvr has an annoying hum at night that I wish I could replace it with a noctua

My server is sitting on a table in the basement lol

But the noctua ones aren't rated like the delta one is

Delta fans last forever it seems

Yeah my dad thinks rack are over kill for home and a few bad wordl he refused to let me buy one

The R620 is quiet thoooo

They keep spinning fast and fast

Foreverrrrr

Delta PSUs and fans for me

IDRAC or bmc is a must for server management

iDRAC yesss

And the enterprise version too

Because the other one doesn't support HTML5

10 gig, iDRAC, 4x Gigabit

2 of the onboard is for ESXi management interface

Do people think it funny

The other 2 is failover for the 10 gig interface

@rocky badge very nice

This is our mess

@raw timber I'm shaking

I tried to organize our mess

Exci won't boot

Part of the mess

How to get exci to boot

Look at this beauty

Oof

Oof

Gives me a chuckle everytime

Server mess

If you call a Vostro a server lmao

also the one that won't boot BSD 😛

In my room

Don’t have a handy photo of my setup but yeah, you do what you have to for home labbing

@rocky badge yeah I need to do that

Cat6 and om3 sc

Both 10 gig capable, but only the fiber is 10 gig

Wait I ran freenas before I think

I think my newest hardware is 9 years old.

but it was like Freenas 9 or somethin

wish I can find a older BSD iso

Idk what my newest hardware is, but it's probably my network

How do I set up a install usbfor exci

The R620 is from 2012

So besides PCs and laptops, that server is my newest non networking gear lol

What about my question

Use rufus or something to burn the ISO to the USB

Servers 2011 and older. My switch might be 2013.

Lol have to boot up a old laptop for it monitor on sever down stairs

It a Intel Pentium p600 500gig hdd 4 gig if RAM laptop

Which to pick@clear igloo

Yes

Lol the fan ramp up at time

Lol 56% cpu just copying file

How to set up a docker vm on exci

WOAH

So FreeNas works on this on 11.0

@raw timber you make a VM of whatever host os you feel most comfortable with, then install docker on it

how long do it take to restrt

Ugg

What to do

@thorny vector sorry to ping you I don't know what to do think if going back to unraid or set up deban sever

That's a hardware issue. Just set up a Debian server, install docker, and run what you want

No fussing about with stuff

why not unraid

@thorny vector how do i set up debian sever

I just don't like unraid, it's closed source. And google how to. There are so many guides and tutorials for stuff.

how do you configer your drive i cant do raid and want back up

i have a 2 tb drive a a500 gig and a 3 tb drive

What do you mean?

like for storage

worst part is i only have one keby board and mice so each time i have to drage them to said sever

and back

What? You just mount them, either with an fstab entry, or with a startup mount script

Where are you dragging stuff?

so you treat each as it own drive the kebord and montory from my main pc to sever to set it up

i dont have another hdmi display

Just ssh into the server

Can't I am reinstall os from unraid trials to Debi

A quick Google says you can

https://wiki.unraid.net/Terminal_Access

I am confused it is a full reinstall from blank

Nevermind, thought you said you were still using unraid

And sort of. Each drive gets mounted somewhere in the file system. Common practice is to put them under /mnt

Install it now with just the boot SSD

Just using base Debian?

I use Debian

Base debian, or some branch of it?

Base i think

How to format a drive from deban install

Using fdisk

How to get to it

It's a base utility

I mean I am at the Install

You don't

You install, reboot, login as root, and setup the additional drives

I can't get it to install on the drive

What does it say?

I am trying a different drive

Got this

You might need to run a boot and nuke on your drives

How

Google it

I try and all o got was comand. Not found

Google dban

Or if you have a windows setup iso handy, boot into that and use disk part.

Dban has the fewest steps

That another image to install to udv drive u don't have

Cant busy box do it

A@little schooner that works it took seconds after boot

How do I mount a unraid drive in debain to get data off it

Never get spectrum

i have it. right before corona it was fine then it went to shit when all this happened.

Yeah, I have 300(download) and 30(upload) and now I have 34/15

its gotten alittle better for me atleast, but its not the same

i would like to host servers at home, should i make a good powerfull Pfsense router and use multiple interfaces (lan's) for guest network, server network, wifi devices etc?

or place a pfsense router behind our own router?

what cause this

likely that subnet does not exist on that server

i am confuse it the subnet taht i am on right now

i dont know what im talking about, but why would you assign it the same address as the gateway

maybe thats it

Oh yeah, that is likely not right. If that docker is going to be running a router config, then you might have to not give it a default gateway. I have never run a router as a docker container

I end up deciding it was too hard for me and to go back to unraid

But now I have this part work and part don't

Is there a list on what the Firewall settings on the router/modem should be?

(secure but also not block anything useful)

I mean this is the standard ones:

Medium:

High

And there is custom

If custom I want to know what to put it as

@clear igloo yeet https://blob.pcmr.rocks/InternalIdealBlob.png

Yeet!

https://blob.pcmr.rocks/WhirlwindDependentBlob.png

and my ping isn't shit :D

pinging host I'm iperfing with

Could you fellas recommend some relatively lightweight software for drawing (very) simple network topology diagrams?
I'd usually just do it in Cisco Packet Tracer, but certain packages recently became unavailable for my Debian 10 system making the installation a bit too complicated for my tastes, thus I'd prefer an alternative.

I don't need any simulation or whatnot, just a glorified vector graphics editor

Visio if you have that

or Lucid chart or something perhaps

@dire flare I'd probably use GraphViz, using a Mac, Visio is not really an option, and graphviz kinda gets the job done, without spending a lot of time on in.

@dire flare draw.io is good for networking diagrams

@sullen oyster draw.io is gonna do perfect, thanks

is this a good place to ask for what network switch i should get?

If you want a lot of different answers, ask away. 😉 Also be sure to specify what you need, eg. managed/unmanaged, sfp/sfp+, 1/10/40/100gbit, how many ports of each type etc. If you want a usable answer.

quick question: what's a managed switch and what are the pros/cons

like i think if i remember it's like a switch that requires another piece of hardware to control it

10gbit would be nice for futureproofing but not required

20-30 ports is fine, i would like 2-4 (Q)SFP+ ports

Managed switches are used for separating VLANs mainly. There are lots of other features like client isolation, DHCP spoofing protection, etc that different switches can have depending on the exact one. Some can even do a minimal amount of routing. Usually if you need those features then you will know and get a managed switch, otherwise you won't. They are usually more expensive, take more power, create more heat, and are often meant to be rack-mounted. Most switches that have SFP ports (or SFP+. QSFP, etc) are managed because if you are at the level of needing that speed then you probably need to manage VLANs as well.

Switches start to get a lot more complex once you get to the multiple thousands of dollars where there are controllers with modules and all kinds of other things depending on the need. There are also cloud switches and SDN switches if you are managing them over a whole organization.

so basically, i don't need a managed switch

this is home networking

Depends what you are doing with it. Some people have really complicated home networks where they like to keep IOT off of their main VLAN for example. If you don't already know what a managed switch is, or at least what a VLAN is, then you probably don't need it

the things i put above were what i was looking for

except actually 30 ports is outrageous for this application

so like 20-25

questin decide to go back to unraid how do you acess the docker foler on it say i dont ahve acess

@ebon temple If you are interested in networking, I'd say a cheap managed switch for your home network, would get you started, but if you just need to add a bunch of devices to the same flat network, and all devices will need to be on the same subnet (Or you don't care about isolating groups of devices) an unmanaged switch is most useful. Also if you have POE devices, POE would be a requirement for you, as powering POE devices over the network will always be preferred. ;)

As for models, I've used UniFi devices with good results, they are in a price range where most home users can play along. They do require a controller, that you can either setup on a raspberry pi, host outside your network (Complicates initial setup a little), or you can use the cloudkey option.

UniFi is so easy to use, at least for small networks, that you could probably train a monkey to manage it. 😉 If I don't remember wrong, their switches with SFP supports 10 Gbit on the SFP side.

Also ZyXel and Linksys has some cheap managed equipment, that most home users can buy, with SFP support.

I've thought of doing this pretty cool thing where you can wall-mount a Nest Hub and use PoE to power it

this was in my cart 🤔

If you want 10G, you have to think about if you want 10G in 8P8C (what most people call an Ethernet port) or as SFP+ (which is also ethernet but looks very different). SFP+ is a modular connector so you can put in many connections, there are multiple types of fiber, DAC cables, even SFP+ modules that just covert to 8P8C. Most "clients" like computers with 10G ethernet cards, NASs, etc use 10G 8P8C but fiber is most common between networking gear. So what you need is up to your configuration and what you are planning to connect to. Usually the 8P8C 10G switches have all of the ports being 10G whereas with SFP+, you can get ones where all the ports are SFP+ or ones where the SFP+ ports are only a few that are intended as uplink ports.

QSFP or quad SFP+ ports are basically one port that acts like four SFP+ ports, they are very large and can either be one 40G connection or be split into 4x1G connections depending on the configuration of the switch. If you wanted that, the cost is going to go up a lot. 10G already pushes up the cost quite a bit.

If you want SFP+, you are pretty much already going to be getting a managed switch, unmanaged switches are usually only the cheap ones you buy from an electronics store which usually does not have stuff like SFP of any kind.

Since you mentioned PoE, you can get a PoE switch, just make sure to note if you need passive or active and what voltage since they are not all inter-compatible.

I'll echo @craggy parcel's suggestions of UniFi gear. I have some myself and I really like it. It's not too expensive and leaves you a lot of room to expand without too much configuration

https://store.ui.com/collections/unifi-network-routing-switching/products/usw-pro-24-poe this one looks pretty interesting

although it's quite a lot of PoE

You don't have to use all of the ports as PoE ports. They just allow that as an option if you wanted to connect up a bunch of PoE cameras or wireless access points which is what Ubiquity expects you to do based on their product line (though can do whatever you want of course). That is a very nice switch

that's true

i'll put it onto a "this looks interesting" list

8 of the ports are PoE++ ports which can power their most crazy access points like the AP XG which is over $1000 (at least here in Canadaland) or the HD and SHD access points which are meant for a stadium full of people. It can still power less powerful things but it's cool that it can do that

https://store.ui.com/collections/unifi-network-routing-switching/products/udm-pro this is confusing me as heck

That's a router rather than a switch

it says

but everything on that page is like business oriented

Unfortunately your image is not loading for me but it is mainly business oriented

strange

why not a home sever it is what i do

leme just copy the page

UniFi Dream Machine (UDM) is the easiest way to introduce UniFi to homes and businesses. The UDM includes everything you need for a small-scale wired or Wi-Fi network.

You could use it for anything I guess. It's just super overpowered for a home. Maybe if you had a mansion and security cameras

also, we're using spectrum (🤢) and so they put our modem in like the worst spot for a switch (in our living room) and i'm a little confused on how you'd get the cable from the modem to the switch if it's in a more central location

how it over kill you shuld see our pfsence rotuer

router

it have 4 gig of ram

The UniFi Dream Machine Pro also has 4G DDR4

Not that you would need that in most cases

also, we're using spectrum (🤢) and so they put our modem in like the worst spot for a switch (in our living room) and i'm a little confused on how you'd get the cable from the modem to the switch if it's in a more central location
@ebon temple Well, like with every other cable. Just run a cable from the router to the switch. If the connection is CableTV network based, you can perhaps get away with extending the antenna cable from the router, and move it next to the switch. Depending on distance.

it was what was a cheap enout computer for sale

But it can also act as a server in some limited ways like as a DVR for security cameras

i look there was old one but did not have pcie slot for pfsence

and cost less then a one of the pfsence roure prebuld we only pay like 90$ for it

how do i deal with tis

it on unraid sever need in to add mod to gaem

gmae

game

we have a coax cable going into the modem, we lose 911 if we move our modem around and spectrum will come and kill us.

i think they wouldn't let us extend it

spectrum took 2 months to have people come dig a cable

and they put warnings all over their stuff (DO NOT MOVE)

that dont make sence

Well, I don't see how you could loose the ability to dial 911 if you move the modem. But I do see a possibility that the signal to the modem, is so weak, that it will only work if it's connected with the shortest possible cable. Also if you have VoIP from Spectrum (I live in Europe, don't know their offerings), you would need to run a phone cable to wherever the phone line is connected.

we have this thing called E911

oh wait i think it's only the position

so you'd have to tell them where you live

i don't know anything

Yeah, I know that, but it's not tied to anything but the physical address. It's just some extra data sent to the 911 dispatchers, for businesses it might include things like extension number, or internal physical location, but don't think that applies to residential connections. 😉

i feel half awake rn

There are other differences with a proper router over a server. Mainly hardware routing, hardware switching in some cases, usually more ports, built in SFP/SFP+ ports, depending on the brand available support, OOB, IDS, software that controls everything together and ti easy to use etc.. You can of course get all of those things in a custom built router but it's usually not done by businesses because they want the support and all of the equipment to be from the same brand.

currently our router is 3 google wifi points

so, yeah.

My parents had a similar situation of having the only place that they could put the modem be very inconvenient. They ended up having to run new ethernet cables which was a huge pain

Also in Denmark where I live, every provider has to report the address of every phonenumber, to the authorities for emergency services (and police use) even hidden numbers. Also all 911 (Actually 112) calls here, will NOT respect requests to hide caller ID.

waht to do about this

the main point only has 1 ethernet port

all others have 2

@raw timber Image not loading for me.

they're also gigabit

our actual speeds are... bad for our area

400d 20u

@ebon temple No problem having only one port for the modem, you just connect that port to a switch. Depending on the speed you have, the cable can run up to about 100 meters, higher speeds means shorter cables. But for cat6 I think you can get 1gbit at about 60 meters. Should be enough for most homes. 😉

like right across the street people are getting gigabit up and down

cause they have fiber on their side

Isn't cat6 1G at 100m and 10G at 50m?

I think cat5e is also 1G at 100m

I wonder if Denmark does SHAKEN / STIR (basically caller ID verification so that spammers can't spoof caller ID, real problem where I live)

@raw timber You change the permissions? If you are trying to write, it could be the file is on a read-only filesystem. Also it could be cause by Windows Ransomware protection.

how in unraid there end say i can write to the folder

but say i cant

@fresh copper I have no idea. Last cable lengths I don't have to look up, was 100 Mbit for cat 5 at 100 meters. 😉

yep i can make new folder but not change what there so confuing

Haha, I'm lucky that I bypassed the "fast ethernet" age

I ShOuLd Do PoWeR lInE

Also most providers in Denmark, are obligated, by their interconnect agreements, to only pass trusted callerID's In most cases that means we trust every caller ID we receive through interconnect, and none from customers. (And funny enough I just happen to work at a VoIP provider. 😉 )

so confuing now it work lol lol

Powerline is better than it used to be. I did power-line for my parents at one point but it did not work very well which is why they had to run new cables

@ebon temple Powerline will be a mixed success. I've heard as many success stories as failures.

Sounds like Denmark does have some version of SHAKEN / STIR then. There is a fight for caller id verification in Canada and the US right now but it's not going super well

our house would probably not work with it

i flipped the breaker for our upstairs hallway to replace the smoke detector

apparently it was also the smoke detector breaker

Well, I think most providers around the world, works like that. Also if you have customers with their own PBX systems, they might need to send out caller ID's they don't own, eg. when forwarding or transferring calls, or routing them to cellphones.

@ebon temple Most powerline adapters today work in the neutral line on the powerline, which should be common for all phases.

wouldn't powerline only work across one breaker?

If no transformers/coils are in the circuit, it should work across it. It might even work between houses, if the signal is strong enough.

interesting

across houses though

takes stealing your neighbor's wifi to a whole new level

The electrical wiring in my parents house is a mess, there are like 5 panels, nothing is labeled right, things are connected in weird ways. Because it was built when you didn't need to plug many things in so it kept getting more crazy as tech required more and more plugs. To be fair, the power-line did cross all of the panels but the signal was very weak

Well, it's sending a signal through the cable, and everyone listening can detect the signal, if it's strong enough. But encryption is used today. 😉

Yea, most power-line has some sort of encryption so that you have to properly pair them up so people can't just plug in another one and steal your connection

The neutral line is usually shared, and the one used for signaling. 😉

yeah rember taht issue with a mp game it even hapen in differ comptuer

computer

What is a good AP?

or router that can be used as AP

not too expensive

Unifi make pretty solid AP

Does someone know if SC to LC adapters are directional

they arent from my experience

I love my Unifi AP. I’ve got the FlexHD which is just a different form-factor of the NanoHD that’s better for putting on shelves. All of them are good. Which one is the best for an individual person is a complex thing to decide as there is not really a best AP for all situations unless you are going to buy their top of the line AP that’s like $1000. I wrote a long thing about them on this channel ages ago which you could search for but it’s outdated at this point.

What things of the situation decides what to get then?

It will just be in in a closet under the TV

Whats the benefits of buying an AP rather than a router and putting it in AP mode?

usually they can handle more clients and you're not disabling features and, in some rare cases, able to disable to prevent double nat

If a router can be set in AP mode that turns the NAT in it off

And there will be like max 10 things or something on it

most of them not doing much at the time

True, it should, but sometimes the crappy models don't always do that so I say it just to be safe

If you don't need tons of coverage then go with a router over a dedicated AP then

Usually a dedicated AP has more powerful radios, not always

TIL: my dad put a 4 port switch between his modem and his router

The options are now really:

1. Go back to having my desktop and Printer on Wifi and put the router in AP mode in first floor, while my NAS is the only thing using the one ethernet cable that goes between first and second floor. (Worked fine when the ISP router was working without issues, other than the printer on wifi being little bit more pain sometimes)
2. Buy a small switch and put it second floor and move the router in first floor, might probably be better than what it is now.
3. Just buy a router/AP that is tested to be more powerful than AC1300GPlus but place it where it is right now.
4. Some combination mix of the three above. (If buying new one, I doubt I can sell the AC1300GPlus used and buy a small switch and have money from the sale left, so then its no point getting rid of it.)
5. Buy a new AP/router in AP mode, and place it in first floor with the same SSID and stuff as the one in second floor.

(Info that needed for that, the current AP mode router is in second floor now, but bad coverage in the garden. Before the ISP one was first floor when it was working fine I think)
(I think the ISP router might have had little bit longer range, not sure)

Does it really matter if my unifi Flex-HD is placed close to the floor?

I'd need to get like a stand just for the thing

Depends on the radiation pattern of the antenna...

Seems like ubiquity actually has those available.. https://help.ui.com/hc/en-us/articles/115005212927-UniFi-UAP-Antenna-Radiation-Patterns#uapflexhd

I'm not sure how to interpret if it's shooting the signals up and then back down or

Whatever it's doing

@craggy parcel seems to have great 5ghz coverage

Looks like it's shooting up more

I'm no expert either. But my understanding is that the elevation is looking at the antenna from that angel. Meaning with 0degrees, you're looking at the antenna from the side, in exactly the same height as the antenna. And at 90 degrees you're looking straight down at it. The Azimuth, and Mapped 3D plots, I won't even guess on. 😉

But yeah, unless I'm completely mistaken, placing it on the floor, will be just fine.

But placing it around the same height as the antennas in the devices you want to connect, would probably be better. 😉

Hmm.. Seems I'm totally wrong, from what I can see by glancing over this https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-antennas-accessories/prod_white_paper0900aecd806a1a3e.html

@waxen scroll so trying to troubleshoot this RDP problem, but the packets aren't identifying the issue for me.

wat

There's like a 15 sec gap each time I establish

Before the gap, there's a tcp retransmission

Idk how to troubleshoot it lol

this

It's so odd and the behavior is very consistent

10.0.100.100 is the server, 10.0.100.13 is the client?

@craggy parcel yes

Anything in the event viewer on the server?

What section of event viewer should I check, the admin events or a specific Microsoft one?

I think there is a remote desktop section, but Application or security would be a good bet.. I'd probably just look around myself. 😉

What windows versions are used? Just windows clients or servers?

Server 2019 on server side and windows 10 1909 on client side

With remote desktop services installed, or just for remote administration?

Just for remote administration

Rds role not installed

I'll have to look with my PC. I'm on phone now lol

It's hard to navigate

Heh.. Yeah. remote desktop on a phone is possible, but close to useless. ;)

But perhaps check traffic on the server as well. Could be issues regarding slow authentication to the domain, or slow DNS lookup

@craggy parcel alright. I had to step out for a few hours, so I'll check it when I'm back

Yeah because it's been bothering me so much lately

Have fun, whatever you need to do. 🙂

@clear igloo yeet redid network

redo all the things? 😄

https://blob.pcmr.rocks/DemandingStrictBlob.png

Nice!

https://blob.pcmr.rocks/CircularHalfBlob.png

Needs MOAR!

https://blob.pcmr.rocks/ReflectingCyanBlob.png

All VLANs are now sharing a direct connection to Pi Hole now

Very nice

is that pihole 5 @rocky badge ?

Yea

oh nice

I've been meaning to upgrade, but I haven't yet because I haven't sorted out my two requirements

namely I want to use a list of lists, and I want to keep my two piholes in sync

how is it so far?

Good

i've been using it since beta

Also, why two pi holes

@vapid dune

redundancy

so I can take one of the pis down for maintenance or w/e @rocky badge

Ah ok lol

My pi hole is just in a VM

and the second dns server is my domain controller

I mean if you send out both IPs then won't some devices bypass the pihole?

no

o.O in my experience I get traffic from my devices on both piholes

the domain controller forwards to the pihole

ohh I see

I guess in that case you can just swap the ip on the domain controller if you ever need to take the pi down

I don't have to 😛

Clients get pi hole + domain controller

ah lol

Pi hole goes to cloudflared and domain controller for internal domains/ip ranges

domain controller goes to pi hole and then goes to 1.1.1.1/1.0.0.1 if that fails

guess I may as well upgrade lol

Yes the new pi hole is worth the upgrade

Database everything

But only if there were a way to do content filtering like ublock does. But nothing could be developed platform wide to enable this

Standards would have to change

Add a filtering proxy. But that requires quite a bit more power of the system, than just DNS filtering.

@craggy parcel hmm I have a squid proxy running

But it would block content and strip it?

Stripping js is probably what I want it to do

You can make it manipulate the HTML of the pages.

Hmm...

Where to start for that lol

No idea. I just know it can do it. So can the proxy module of nginx, as far as I know.

@craggy parcel I think schools should teach more troubleshooting skills

Heh. Maybe.

the MITM aspect of it is hard to overcome

well I mean unless you can insert a certificate in all your devices of course

That's why I didn't do it

Because I can't install my root CA on every device

Mitm was easy to overcome

Problem is it wouldn't be free unless I used let's encrypt

you can't issue certs to domains you can't verify

it would have to be your own root CA

where you can issue to anything you'd like

@rocky badge I would use the one that I could verify

The cert was what I meant that couldn't be free

It's either let's encrypt or paid ssl company

They charge a lot

Let's encrypt is annoying to renew

Your saying a web server cert would still fail if it's for another website?

I didn't test it that far.

I did test with internal CA cert though

Well. We use lets encrypt at work on multiple machines with centralized renewal and deployment. Works fine.

@little schooner the cert is only good for the CN and SANs

You can't get a cert issued for google.com from anyone

@craggy parcel does it have to work with a specific domain reseller? I didn't see a way to script it with namesilo

Unless there is a misunderstanding on my part

I personally use CloudFlare as my nameserver

@rocky badge uhh. I mean the cert used to intercept connections

And use cloudflare dns plugin for Lets encrypt

Yes

You can't

The client trusting the intercept

Really?

Yes

But for internal CAs it works?

Yes

Why is that

Because you control the internal CA

you can issue anyone you want to

With a public cert, there's restrictions

Ahh that's the gotcha there

I knew it had to be something like that

Because eventually I wanted to use it on an iPhone without having to manually install it

But there goes those chances

And this is how TLS/SSL certs stay trusted

Only select companies have root CAs on your machine

@little schooner We setup our own infrastructure to handle renewal and distribution as we need the same certs on multiple servers.

DigiCert, Baltimore root, etc

globalsign, etc

Makes sense

@craggy parcel and oh that's neat

They can issue sub CAs

Which then can issue to actual entities

entity being web server, person, server, etc

For example, the DoD's PKI

@little schooner Yeah. A couple of scripts for renewal on let's encrypt and a script to check updates end handle hooks to restart services on servers.

Internal CAs are used a lot on windows domains and for ssl inspection in security equipment.

Thanks for the explanation

Is the marked line is a spyware or something bad or it's normal? Thanks

Dumb question; I'm just connecting some stuff I've got laying around at home into a mock "lab".

I would like to connect the area in the circle through openVPN with the ThinkPad on the far left

Which machine in the circle would be most appropriate to install the openVPN server on?

Within the scope of my understanding, it should function regardless where I place it, but is there a right and a wrong location here?

the FW is easiest

if you dont put it on the FW, depending on what you do, you may need static routes

Right, say I host an SMB share on one of the hosts in the network (let's say the Acer) & I want to access it from the other end of the tunnel

it should be fine as long as the OpenVPN subnet you create on FW is reachable from 10.10.10.X range

what do you plug a ethernet switch into modem or router

modem right?

@abstract magnet Generally your ISPs DHCP (or static IP if you pay extra) gives you one public IP, if you connected your modem to a switch it'd work, but only one device connected to the switch gets internet connectivity as you've only got the public IP assigned to it.
That's why you go Modem -> Router -> Switch -> Hosts
So your router performs network address translation and gets you a pool of local addresses for your multiple devices

ok

thanks

@dire flare

That's only for IPv4 and because its address exhaustion

looking purely at the IP protocol, you could connect a switch to a modem

Is even the best solution for some FttH solutions in the Netherlands if you don't want to use ISP provided router

@clear igloo YEEEE NVME

Time to throw this in my server

Needs moar space @rocky badge

it's only 1TB

@clear igloo https://blob.pcmr.rocks/SarcasticAttentiveBlob.png

ughhghghghgh

it's so slow

probably some config with freenas idfk

LOL

I have SMB multichannel

with smb3

@rocky badge I never got multichannel to work

It was either that or my storage system was still too slow

I think I've narrowed it down to FreeNAS's NIC

I can only get 4Gbps to it

Yeah, on another VM I can get 10 Gigabit

So it's something with FreeNAS

@little schooner https://blob.pcmr.rocks/LowSturdyBlob.png

iSCSI performance...

Now that's more like it

Super fast

@rocky badge freenas driver problem with nic?

Or the nic itself

prob freenas + nic

SMB perf is shit

@rocky badge is iscsi really that fast in the real world?

Like if it were over the internet

Idk

I tried to tell my professor to embrace it more

But he wants to use smb

But it would go a long way to use iscsi with our esxi hosts

Ok

I get this after I log in

But after like a couple of minutes, it drops to 20MB/s

@rocky badge yes very abnormal

And how to troubleshoot it with Wireshark?