#networking

I dont have another way to sign into the account other than the password

great tutorial

https://www.digitalocean.com/community/tutorials/ssh-essentials-working-with-ssh-servers-clients-and-keys

I never done X11 forwarding myself

and then on windows idk how complicated it is

Ok so.. back to chrome remote desktop then haha

if it truly is that simple, I think that's all I'd need

but it sounds like you guys think I need the SSH X11

I just don't trust chrome remote desktop

isn't that centerized

I want to have direct control over my connection

Another linux question about

auto starting a .sh file on startup in caseo f a crash

I'm running a .sh file that runs another program. It requires me to open terminal and use "sudo" to run it

then I need to put in my admin password

How do I get that to do it on its own

sinec ubuntu uses systemd you could make a systemd startup script

you can make the script run as root?

You tell me haha

in linux sudo is just a way to make a program run a root

when you are logged in as a regular user

let me find out how to do something like that exactly

tbh it's bad practice to run things as root, what does the script need to do that requires root

It's a mining rig

so it runs a program called T Rex Miner

On windows it requires putting down the firewall as it gets marked as a virus

but it's a legit program

yeah because it's not signed

because on windows not signed = virus

ohh, it's a cli program

no GUI?

https://github.com/trexminer/T-Rex

https://www.golinuxcloud.com/run-script-at-startup-boot-without-cron-linux/

https://github.com/trexminer/T-Rex/releases

it's centos, but should be similar

@fickle timber you can also do a crontab

https://www.cyberciti.biz/faq/linux-execute-cron-job-after-system-reboot/

make the cron run as root

don't use sudo

I wish I knew more about this stuff

Did you study CS

nope

all self learned

nice, yeah this is slowly growing for me

if I can do it, so can you

mostly learned with MC servers

got a spare computer, first ran windows server

than installed ubuntu

then learned of something called proxmox, a hypervisor

and installed that

and now everything runs in VMs

What do you use VMs for? I feel liek my use cases are so limited

VMs for running various things instead of installed on bare metal

I'm a designer, so all I do most days are use the creative suite and render stuff on my windows when I need to keep going on my mac. The mining is something new and part time low key stuff

each VM gets it's own ip because of proxmox's macvtap

oh yeah I'm not creative at all

mac is more similar to Linux than to Windows

mac is POSIX compliant, so many commands are similar to Linux

What do you do with the VMs though ahah that;s the thing. I could go and make 50 PCs in my apt or run VMs but I don't have uses for any of it

rn not much

just jellyfin

Do you store a lot of data

All I know about jellyfin is that it's good for servers? I think haha

no
Jellyfin is just a media server

everything is running on one HDD

the best setup would be to have a seperate storage server

running ZFS or something

and then have the jellyfin connect to that networked server

Nice

Oh! One more question @peak cloak

yes?

How do I overclock/undervold my GPUs on ubuntu

I was using afterburner on windows

but thats not availble there. I use 5 cards, each has different needs

no clue tbh,

so one script to change all wont work

apparently from a quick google search there is program called GreenWithEnvy

also you can do it cli

https://www.maketecheasier.com/overclock-amd-gpu-linux/ (AMD)

@fickle timber one thing that is unique to all UNIX systems is that everything is a file. Your gpu is a file

every device is a file

those files are usually in /dev/

https://www.addictivetips.com/ubuntu-linux-tips/overclock-nvidia-graphics-cards-linux/

Hmm. I wonder if we can undervolt with this too. My 1080ti runs hot so I’d need to reduce power draw and up the memory clock

I honestly know nothing about overclocking/underclocking

All good thank you a lot for the help

I heard people talking about VM's

https://tenor.com/view/spongegar-funny-blink-spongebob-gif-7390773

Hi guys,
I want to connect to a work related application that functions outside the domain but does require the VPN we use.
Is it possible that the VPN i've setup doesnt want to connect because my PC is not in the work domain?
I hope this question makes any sense.

The vpn is connected?

The VPN fails to connect

What protocol is the vpn, and do you get any error messages?

I am trying this on my personal computer

the error message reads: "The remote connection was denied because the username and password combination you provided is not recognized, or the selected authentication protocol is not permitted on the remote access server."
Username and password are correct, they're mine and the protocol is setup as required.

Are you including the domain in the username?

no

is that it?

Try that. I’d guess so, it would make sense on the administration side to do it that way.

can you tell me how the fill that in please?

Either domain\username format or user@domain format

aaah thx

Let me try that

Can I use tunnelbrokers ipv6 tunnel with dhcpv6 in mikrotik?

I think so

I use that with dhcpv6 on my pfsense in cloud

But I couldn't use the dhcpv6 on my mikrotik for some reason

@thorny vector also in the script this Authentication Method is required: MSChapv2. But I cannot select this option when setting up the VPN.

What options do you have?

Now this is the error I get: "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer"

Yeah, that makes sense. If the vpn is set up with mschap, using anything else would fail negotiation

PPTP
L2TP/IPsec with certificate
L2TP/IPsec with pre shared key
SSTP
IKEv2

Windows built in vpn client?

yes

Select PPTP. It uses mschap for authentication

I'll try

There is also a router here, might that be an issue?

Can you ping the vpn endpoint?

Yes

I’d wait a bit, then try again.

ok, thx for your time 😉

No worries

Got a question for you guys on some purchasing advice

Saw online that there's a HPE OfficeConnect 1920 JG928A for sale in my area for only $320

Looked it up and it's a 48G 48 Port switch with POE++ and 370W

This switch appears to have been released in February of 2015

https://h20195.www2.hpe.com/v2/GetDocument.aspx?docname=c04394247&doctype=quickspecs&doclang=EN_US&searchquery=&cc=ie&lc=en#

Is this price too good to be true, or is this a legitimate price for a switch of being 5 years old?

The newer version of the switch appears to be the one with an -s appended onto the end.

I'd believe it. I see it on ebay for more and less, so I'd trust it

Do you think the price is fair?

How do I include a manifest file when importing a .ova template into vsphere 6.7 content libraries? It only allows me to select a single file

my family pays for 200MB/s. i realize that i wouldnt get all 200 but im sure i should be getting more than this

i swapped my SSD over from my laptop to my new desktop and my laptop got better speeds than this. i made sure to download the new drivers

anyone have any ideas?

wifi?

yessir

if so, always use ethernet for benchmarking what you get from your isp

wifi is finicky

you may have to change channels or something

yeah i understand ethernet is more stable. unfortunately i cannot take advantage of it

idk i just think its weird.

maybe deleting drivers and re-installing?

do u use 2.4ghz or 5ghz

i am currently using the 2.4ghz band

how would i force it to switch to the 5ghz band?

its to my understanding that 5ghz band is more stable but in a shorter range?

Ah, have to go somewhere but maybe someone can help you troubleshoot wifi @thick minnow

Ah it’s cool

Thanks anyway

ahhh you know, im getting the same speed on other devices so im just gonna guess that its just my wifi being bad

its one of those router/modem hybrids...

You can't because you are only getting a /64 from HE. Mikrotik's DHCPv6 is for PD (prefix delegation) only. This means you need a smaller prefix such as /56 or /48 because what PD does is assigns a request an entire network to a host. This is how ISP handout v6 to customers.
I don't think even in routerOS v7 it supports DHCPv6 for clients

I use he tunnel on my pfsense in cloud with dhcpv6

Yes that's because it actual does DHCPv6, Mikrotik only does PD with it

😩

So how can I fix it

I have an issue with ipv6 he tunnel on mtik

You don't need DHCP for v6, that's what SLAAC is for. Did you run a torch on the bridge to see if it's sending RAs

What do you mean torch ?
For now I disabled it because it made my whole network goes down

If you click on an interface there is a torch button. What that does its do a lite packet capture in which you can see a little more of what is going on in the network

I got a network sensor that’ll do that for ya 😉

@thorny vector Just dry running a cabinet I am building for a 10ru rack

After finally getting a house last year I am finally able to get tools for small projects

Ooooh, looks good! Those ears come with those devices?

Nope, the EX2200 and SRX300 ears are about $70-100 each so I pulled some old ME3400 ears which actually fit the EX no problem, but the SRX I made the ear on the left

Once I am done the outer casing will be white gloss and I am going to stain the edges and inside dark grey

Now it works but the https://test-ipv6.com doesn't detect my ipv6

@hollow marlin oooh, that’s pretty. Going to stay doorless?

Also, I hate how expensive ears and rails are. Like heck I’m going to pay half of what I spent on a server for some pieces of metal

@hollow marlin hey man how can I configure ipv6 dns on mikrotik ?
I want to know if I'm doing it right, I went to IP -> dns and added 2 more dns records there.

do you get a address

Im planing on finding a tinted glass from door about .5" smaller than the face and will be adding some Noctuas in to get some airflow. SRX300 and EX2200 are passive so they run quite hot. There is a glass shop in my area that is actually our customer and I will probably be going to them to get it made.

Yep its just under ip > DNS. v4/v6 is shared there

Ok

I think I found the problem for the ipv6

I think it's related to my switch I can't find ipv6 on it even that in specs it's supported v6

netgear?

Cisco

ipv6 shouldn't be a L2 thing

I had issue with my netgear switch

Cisco sg250

Poe

Support layer 2/3

Unless you are doing L3 on the switch, the only thing to look out for is IGMP snooping. If its just L2 and no snooping, it will not be involved

IGMP Querier Status I have enable on the switch

oh my bad

not enable

looked on something else

and its only on ipv4 section I can't find here any ipv6

Switch, 1 G, 8 ports
Enclosure type
Compact, 1 unit
Ports
8 x 10/100/1000
Power over Ethernet (PoE)
PoE+ (8 ports, 45W)
Performance
16-Gbps switching capacity, 11.9-Mpps forwarding performance (64-byte packet size)
MAC address table size
8k entries
Capacity
256 active VLANs
Jumbo frame
Yes
Remote management protocol
SNMP, RMON, HTTP, HTTPS, TFTP, Telnet, SSH
Features
Layer 2 switching, Layer 3 switching, DHCP support, BOOTP support, VLAN support, IGMP snooping, Syslog support, port mirroring, DiffServ support, Weighted Round Robin (WRR) queuing, Broadcast Storm Control, IPv6 support, Multicast Storm Control, Unicast Storm Control, SNTP support, Spanning Tree Protocol (STP) support, Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree (MSTP), Trivial File Transfer Protocol (TFTP) support, access control list (ACL) support, quality of service (QoS), jumbo frames support, MLD snooping, SNMP, RMON, SNTP, Cisco Discovery Protocol, Auto SmartPorts
Compliant standards
IEEE 802.3, IEEE 802.3u, IEEE 802.3z, IEEE 802.1D, IEEE 802.1Q, IEEE 802.3ab, IEEE 802.1p, IEEE 802.3x, IEEE 802.3ad (LACP), IEEE 802.1w, IEEE 802.1x, IEEE 802.1s, IEEE 802.3af PoE, IEEE 802.3at PoE, IEEE 802.3az
RAM
512 MB
Flash memory
256 MB flash
Status indicators
System, link/speed per port``` My 2 switches

it says ipv6 support?

ya

but can't see it in the route section no ipv6 there

I see MLD support. Look for that setting and disable it

what MLD means?

Multicast listener Discovery. Its like IGMP snooping but for v6

oh ok

can't find it

As someone who loves multicast and is curious: why disable MLD?

Because if MLD is not enabled on the router then the queries will not make it to the switch. All multicast ND will not be flooded

Just like IGMP snooping, it requires knowing about the groups and who is members

found it

good job cisco perfect in hiding important stuff

Thats why I hate GUIs. CLI for the win

I mean tbh sometimes it's a pain to find something in cli as well

especially with bad docs

thats the problem with cisco gui

ya all the issues comes from the switches

For some reason the ipv6 not loading correctly with wifi

Did disabling MLD fix it?

left me with timeouts

twice in a while

nope

issues comes from switches and hex-s for some reason

switched issues on wifi and hex-s on cable my pc

I keep saying a PCAP will tell you the problem

Updating ipv6 module

qustion about the starlink, is there a way to set up a ipv6 and/or a ipv4 address so it can port forward to the internet or will i have to wait till they update there sofwar to ipv6 link?

You'll have to wait until Starlink either offers public IPv4 addresses or supports IPv6 addresses - until then, the addresses they hand out appear to be impacted by CG-NAT.
https://www.reddit.com/r/Starlink/comments/jwqse6/dear_starlink_public_ipv4_and_a_noncgnat_service/

HE IPv6 tunnel

Hehe ipv6

Set it up on a router like pfSense, VyOS (USG/EdgeRouter), etc

Its satellite, I doubt it will ever get public IPv4

Need to let ipv4 die

Migrate to ipv6 now

can someone check if this site works in browser? http://[2600:3c03::f03c:91ff:fe73:2521]/

nope

nope?

so its not only me

xD

why?

crystal sent it to me on his pc it works

I can ping to it but can't surf to it

Well dammit again I can't surf while using cable after re adding ipv6

Are you getting a v6 on your devices?

Yap

wait

lol

I forgot I don't have ipv6

at least not on my main pc

Lol

Well now I broke my tunnel xD

We'll just google what's my ip and see if google is returning a v6 to make sure you PC is actually using v6. Latency will play a factor in that

Ya I'm pretty far from the country my tunnel come from

I get it

Ok

Now I'm trying to figure out how I fixed it before I killed it

Gosh 5:42am I noticed just now

I lost it

What should I put in the ipv6 addresses list as bridge ?

Webpages not loading with v6

Well latency is tooo much

I'll cancel it

Thanks for the help

My latency between 60 to 200ms

Usually 60/69ms

dat 10g tho

wowwwww imagine

1G is good enough for me

Wish I had a 10g network 😫

Okay coming here as a last resort

https://help.ui.com/hc/en-us/articles/204952274-EdgeRouter-Policy-Based-Routing

Trying to get this working

But stuck on running the first commands

I dont have static ips, they will always change

Makes 0 sense

Tried using next-hop-interface instead but it doesn't work

Your IP should only change on power off, most ISPs don't just change your public IP at random unless you're behind CGNAT

Yeah but I can't reconfigure my router every time I reboot it

So it does, for sure, change each time you reboot?

Yes

rip

I need this to work

I am so stuck right now

admin@ubnt# set protocols static route 0.0.0.0/0 next-hop-interface <eth0>      
The specified configuration node is not valid                                   
Set failed                                                                      
[edit]                  

I get this when I try and use interface

why the <> around eth0?
I'm not familiar with ubnt cli

Thats what it says to do in the guide I sent

https://i.imgur.com/af0o97I.png

You replace the entire line with eht0

I tried that also, no <>. Same result

So confusing

what about 'set protocols static table 11 interface-route 0.0.0.0/0 next-hop-interface eth0'

Well I don't want to mess with the second step until I get the first one working.

Otherwise something will break, I'm sure

it won't until you commit ; save

That worked

Also noticed when using interface its
interface-route 0.0.0.0/0
not
route 0.0.0.0/0

So maybe I should do that on the first step

Nope that doesn't work

Fuck why can't it just be simple

I set the route using GUI

Was much simpler.

nice

I give up

https://i.imgur.com/AscEqod.png

Trash router

Their own guide doesn't even work

Ive locked myself out now somehow

@clear igloo yay on-call \0/

big rip!

anyone have ipv6 on?

I do

can you check this ? https://pro1.shieldmc.net

I get block from cloudflare xD

DNS points to local or disallowed IP

this is my testing site

ok

thanks

weird cuze I can ping it

with external ipv6

on my second server

I can ping it too

2606:4700:blah blah blah right?

nah I can't it ping it self xD

ping the wrong server

lol

ah, lol

oh wait no its actually the right one

::6815:41a6?

ya

@clear igloo Woke up to my phone blowing up at 5am of a city going dark. Master RE went to backup because the RE lost connection to each other. forwarding plane freaked out and everything dropped. This happens too often with Juniper

Yikes!

nvrm it was cloudflare proxy xD

fd is link local?

fd82:86a

fe80 is link local, fd00::/8 is unique local

oh ok

so thats why it didn't work xD

yah

thanks

Are you using the switch interface at all

I have the er x, ping me if you need help

I don't need to open port 443 for ipv6 to connect from outside right?

there is no nat for ipv6

yah

ok

so I guess this think should work

https://test.shieldmc.net/

simple html page

I get 522 time out from my server I guess because I don't have v6 on my home network

hmmm, no luck here either for the web page

ok

I think now it works

added firewall rule that I forgot

Yes I am using switch interface

I am totally stuck

I'd definitely appreciate some help please if you are willing

https://i.imgur.com/8kMw0te.png

Here is my current setup

eth2 goes out to a switch which provides for most of my devices. eth3 goes out to a poe switch which powers my cloud key and two unifi AP pros.

dasdasdasdas

Yeah you can't create a vif on an interface that is part of the switch

Okay, I see. So how might I go about fixing this?

What are you trying to do again?

I want two vlans. Each supplied by a different internet connection.

I have two connections. One slow and reliable. Other fast but drops out sometimes.

I need to be able to switch between them.

Ah, so dual wan?

Yeah but the dropouts are usually 10-20 seconds just high frequency

So failover is useless to me

Hmm, never done that myself

The guide I posted tells exactly how to do it.

But it just doesn't work

I tried disabling the switch earlier and just using one port but that locked me out the router and I had to reset it.

And my vlans are connected to the switch interface

Kinda considering just hiring a network technician to come and do it for me at this point.

Hopefully will only take them an hour or so. Won't cost too much

You wan't to manually change the clients from one vlan to another when there's an outage?

Pretty much

Not really when there is an outage

Just some devices will do better on a more stable connection.

When I'm playing games I want to use the stable connection for example.

But when i'm downloading stuff I want to use the faster one.

Do you have some of the edgerouter ports as switch?

I wouldn’t do this with vlans. This is much more easily done with load balancing at a router.

But how would I choose which wan connection each device uses?

And would I have to log into the router to change it every time? (not the end of the world if I do)

Nope. So, using pfsense, the router OS I use, if I want to load balance gateways, you put them in the same gateway group. You can then set them up to either run connections round robin, or set one link as the primary, and if that one goes down, switches to the secondary.

https://www.cyberciti.biz/faq/howto-configure-dual-wan-load-balance-failover-pfsense-router/

Here’s a decent write up on it.

Yeah but failover applies after 30 seconds

And the unstable connection only goes down for 10-20 seconds

So there is pretty much no point. Plus it causes issues because when it fails over the IP will change. This will be a problem.

No? I’ve never had a failover take that long.

Thats what it is on ubiquity

Pings ubnt.com and waits 10 seconds

Does that 3 times

I want the ability to use that connection outright.

So some devices will only use the other connection

Pfsense checks on a link by link basis. Pretty much as soon as connections start failing, it’ll redirect to the backup.

Yeah thats all good. But as I say, the outage is so short it makes no sense to use failover

What I want is the ability to set certain devices to use one connection. And other devices to use the other.

Okay. Then you just set up each separate lan to use a different gateway.

Thats what i'm trying to do.

But it won't work

But you’re using ubiquity stuff?

Yes

That may be the problem. I doubt their consumer gear has those kind of features well supported, if at all.

I am using an edgerouter, its meant for pros

You could probably get it to work on edgeos

Not on unifi though

I haven’t been in a single data center or server room that uses ubiquiti

When I get back home I could look into it more

Thanks. This is just so confusing

Been at this for hours

If I could just get one VLAN to use a WAN connection and the other VLAN to use the other it would be perfect.

All hail the pfsense gods.

I can just go into the PC Ethernet settings, change the IP to the other VLAN and boom

Yeah, I always had issues with edgeos's switch interface

wouldn't that not work?

you need to change on which vlan you are on

not change the IP

unless there is some sort of auto-vlan thing

@hollow marlin Had time to disable hardware acceleration and reboot the router, that was the issue

I'll try updating the firmware to see if that fixes it as well

I am just going to set up a separate router for my broadband and any devices which need that can connect to its wifi.

I give up trying to get it working on one network

Been at this for hours and i'm sick of it

You said you loose access when you configure vlans?

You need to be hooked up on a seperate interface than the one you are setting vlans on

I had the same issue

I don't have another interface

all ports are full?

Oh you mean on the router?

yeah

No I have more ports

But then i'd need to run multiple Ethernet cables to everything

I'm not doing that

I want it to all work over one cable

@quick hollow you don't understand

One specific ethernet port you use to configure the router

So you don't get locked out

I did the same mistake

I just reset the router to default

Then loaded my last backup

Yeah

This is what i'm not understanding:

https://i.imgur.com/mB9dl7D.png

I have two vlans

I'm currently connected to 10.0.10.0 vlan

And I have internet

Yeah

If I go to my ethernet settings on PC and change myself to 10.0.20.0 I have no internet now

I cant even get to the router

Yeah, that's not how vlans work

What's the pvid on the ethernet port you are connected to

10

Exactly

https://i.imgur.com/Tls8CQw.png

You on windows?

Yep

Ok, I'm not on windows currently but go under like control panel and click on the ethernet adapter

You on intel?

Yeah

Yeah so I forgot what to click on exactly but there is a menu where you can enable vlans

On the ethernet interface itself

It is already enabled

https://www.intel.com/content/www/us/en/support/articles/000005677/network-and-i-o/ethernet-products.html

ok and you need to add a new vlan

oh wait

the number I assume would be 20 for the other vlan

No there is no vlan option

then your NIC may not support vlans

idk

So yeah, i'll just set up a separate router in a few mins for my broadband. Pretty much every device in my house has wifi. So I can just connect to that using wifi

I only want to use it for gaming etc

I'll use my fast internet for everything else so i'll just use that for my main

ok..

This is far too much time and effort imo

Thanks for the help though

I have vlans setup to my AP, so I have several SSIDs

Thats what i'd like to have

you have an AP?

I have 2x unifi ap pros

or are you just going to use a seperate router

oh idk unifi

I avoid unifi

Ideally i'd just have two SSIDS. With different internet on each

Easy to swap between the two

Same for Ethernet. Just change my gateway and IP to a different vlan and have different internet

that's not how it works though

tbh I don't even think you need vlans to do what you describe

You could do it an hacky way

basically the interface on the router be like 10.10.10.1 - 10.10.20.255

but

10.10.10.1-10.10.10.255 gets routed differently than 10.10.20.1-10.10.20.255

but that's all theoredical

idk if it would work irl

And I definitely don't have the knowledge to make that work

Sounds like it could though

I get the idea behind it

F, I updated firmware and turned on HW nat and ipv6 is slow again

I'll file a bug report, lets see if they fix it

Can I make zerotier route only steam / epic games and etc?

Probably

I don't see why not

Can Steam cache servers be made

Like on a smaller network; not an ISP operated or bigger

https://arstechnica.com/gaming/2017/01/building-a-local-steam-caching-server-to-ease-the-bandwidth-blues/

Yeah didn't ltt do that

Yap

Just need to find how to do it

I have a probleme my openvpn server, It dosn't work : the connection is good every 45 secondes 😫 (the server is runnning with Truenas)

What are the error messages?

I opened the port

not error messages

What are you connecting with?

If something is not working right, there will be error messages. Whether on client or server side.

I had issues with openvpn with my pixel phone that google refused to fix

the server sends the data at first then it no longer sends the data

my computer send data

Ok, so not a phone then

Yes

It would connect for a minute and then stop sending data so I figured you might have been in the same boat

You could migrate to a dedicated openvpn server host. I have a strong distaste towards how truenas does it's containers

Yes i have to buy a raspberry pi and it is stupid because i have already a server

No you don't. It's all about that virtualization game

What can you advise me for Openvpn ?

What do you mean? Like what os?

What can you advise me for Openvpn in the Truenas? a virtual machine ?

I don't like using truenas at all. freebsd as a base OS is not conducive to easy building, especially for novices

And I've had packages just be broken in it. Its fine for storage and network storage, but all the container and VM stuff is not well supported, anemic in terms of features, and anything beyond simple CLI troubleshooting requires knowledge of freebsd

Personally, I virtualize my freenas install.

In a linux ?

No, I use vmware and esxi.

Isn't that just freebsd in general

Yes.

Yeah I don't understand jails one bit

You can, I use proxmox

Never ran virtualized freenas though

I may soon as I just got 2 more older drives

They’re essentially the same as containers, but not, if that makes sense. Freebsd has always been special, though. It has a hardcore cult following, so while everyone else moves on, they keep with their stuff.

and for the different OS i can use only one disk ?

Wdym

By default proxmox makes virtual drives for your VMs

But you wouldn't want that

You would want to passthrough the drive controller to the VM

So freenas has direct control over the drive

@wraith sparrow

Ok i thing that i needed a disk by OS

huh?

I myself just use one HDD for proxmox

not the best, but it works

@wraith sparrow

Ok thank i make that certainly

but you don't want to use that for freenas

because then it ruins the whole point of using freenas

freenas uses ZFS filesystem

i don't need a best performance

https://www.youtube.com/watch?v=lsFDp-W1Ks0

watch this

I have multiple data stores I pass my vm freenas to emulate multiple disks.

huh, doesn't ZFS like direct access?

Works just fine. Plus my datastores are raid arrays themselves.

huh, for me it seems like that just ruins the whole point of using ZFS

Meh. Don’t get the performance benefit of zfs on bare metal? Throw more raw power at it

but zfs can't read errors now can it?

and like drive health

Like SMART errors? My datastores handle that.

@peak cloak

yeah but doesn't ZFS do more than just SMART

I don’t know. Not into the hardcore file system game that much

ah ok, because I read that ZFS likes direct access because of error-correction, health monitoring, etc.

That still sounds SMART related to be honest.

like checking the integrity of the data and if some data is wrong it corrects it and that counts towards a drives health, SMART doesn't do that does it?

I’m pretty sure that can be handled outside of direct access

I guess

Don't have much experience with ZFS myself

Why the heck does the DSL Line Status say "good" when the SNR is literally below 7dB

It's lowering my speed by over 5 mbps lol

@gusty dove 40gb of ram? That’s an odd amount.

I have 2 16GB sticks and 2 4GB

ah, gotcha

If you look close enough there's probably some fine print that says GOOD (enough)

Here are some screenshots for the DSL1 Status

Hey, I just used DNS Benchmark and was wondering which one is the best. I don't really understand those things.

Looks like 1.1.1.1 is the fastest for you.

But is it better than the ISP

I mean should I even change it

Well, what's your ISP given dns?

No idea...

the one on the top?

I think

192.168.0.1 is your router, acting as a dns relay. Since its local, its going to be the top regardless

So 1.1.1.1 is better?

Potentially. Plus added benefit of less data to your isp

What should I enter in alternate DNS server?

up to you. I'd do 8.8.8.8, that way you point to cloudflare and google

Ok, thanks for helping!

@undone wyvern or you can also keep the local DNS and just change the setting on the router

The problem is that I don't know how to do that...

it should be as simple and logging into the router and changing the upstream dns server

is it that thing?

where is this under?

DHCP?

DHCP

yup

ah ok, then it's not that

Dynamic DNS?

look for something like DNS forwarding

or DNS server

network?

what's under there

what's under LAN

or WAN

Nothing DNS related

huh, what router is this?

Some tp-link

under advanced?

ah

I just looked it up

Network -> WAN -> Primary DNS and Secondary DNS

click the checkmark for Use these DNS servers

Am I blind??

so basically how it works is this:
Computer -> Router -> Cloudflare or Google

advanced?

yea

just found it

like that?

yep

Should I set anything on this

nope

that's for dual wan I think

should I remove those?

yeah

basically your computer will use the router as the DNS server

and the router will forward those requests to 1.1.1.1 and 8.8.8.8

I just check the ' Obtain DNS server..." right?

yeah

Do I have to restart anything?

nope, you shouldn't need to

if anything

you may need to do ipconfig /release then ipconfig /renew

to check what DNS server your using do ipconfig /all

and look under your network adapter, whether it's wifi or ethernet

I guess it's done

well you should actually just see the IP of the router there

or maybe not

idk how your router does things

It should be done

thanks

Depends, you can either set DHCP to push DNS servers or set them on the router and have it handle the requests

yeah, we set it up under WAN so I would assume the router would a forwarder

I get what you mean

Ah, ok, I missed that part then

what sort of virtualized solutions are people using as an alternative to pfsense that can scale past gigabit throughput

So I will say, I've gotten over a gig throughput through pfsense. A good alternative though is vyos. It's more similar to the classic router cli interface though.

dammit i knew someone was gonna say that

and yeah pfsense can get up over a gig but i dont think it scales to 10gig unless im out of the loop

is there anything thats got a robust gui or is vyos pretty much it

(or i guess a vyos gui?)

There's other more esoteric router os's out there, but I wouldn't recommend them. They're more for datacenter use, where you need to be able to scale laterally and vertically.

yeah thats not really what im looking for

Not so sure about 10gbe through pfsense, but you throw enough power at it...

i think it just hard caps out a little over a gig but i need to find the articles i read re: that

TNSR is netgate's other product and thats also a datacenter focused product rather than an internet gateway/firewall

Some quick googling shows me some people doing successful 10gbe pfsense builds. Those are on bare metal, though. But should scale well enough if you have a processor with enough cycles.

vyos?

if it can really reach that then i might not have need for a change

yeah we discussed vyos a little bit

have you tried OPNsense? I think it's BSD based

i believe the BSD base is the limiter for pfsense

i could be off

I guess I'm trying to understand the solution you need. 10GE hardware is what you need and you want an open source solution for those 10GE chips to run layer 2 or 3 routing on?

yeah id like the ability to increase throughput through the device to 10gig and i have concerns about the ability of pfsense to be able to push that bandwidth

if it can handle it, no change is needed

its comments like this that give me pause

https://www.reddit.com/r/PFSENSE/comments/fddnmp/hardware_for_pfsense_running_10gbit/fjh2jr3?utm_source=share&utm_medium=web2x&context=3

I mean at that level I guess it's hard because all those packets need to go though the cpu, you have no sort of hardware acceleration

with enough power it can do it, idk if it's worth it though

k so its potentially capable but not necessarily practical

the answer may be a second virtual appliance for the high throughput routing and pfsense as the gateway, separate

that could be a more economical use of system resources that generates better results

@chrome hound has 10 gig WAN with pfSense....he gets like 8-9Gbps? Idk his config though

that will be a useful conversation to have then

My pfSense can generate 7-8Gbps of traffic....but I only have gigabit WAN so its plenty 😂

I never really had good speeds in a VM

I was messing around with TNSR but never could get it to install

im primarily concerned about LAN to LAN routing, which is why im considering a second appliance

i dont need to bump WAN routing above gigabit

eventually, maybe, but that will warrant expenditure

Oh interVLAN routing on pfSense is fine for me

are you bare metal or virtual

Virtual

you running traffic throuhg a firewall than?

Me? or fonsui

i dont need stateful firewall between VLANs if thats what youre asking

fonsui

just static routing

and id like that to be in a virtual appliance rather than on a switch with l3 routing capabilities

What hypervisor

doesnt matter to me

ill run whatever works

well if you are only looking for vlan routing hardware switch might be faster than any software solution, lots of you high end switches can do that kind of routing as long as you don't care about packet inspectiong ofr firewlling

My pfSenses are in ESXi...pushes traffic between VLANs just fine...

if pfsense in vmware gets you line-rate 10gig without crushing your cpu then im in

Yeah

i want to avoid the switch being the LAN router

want to make it switch-agnostic

just layer 2 capabilities required

I not been able to get line rates from any VM setup, but than again I never tried doing dedicated Nics

dedicated meaning like pcie passthrough for the NICs?

yea

yeah id be willing to f w/ that

I'm just doing vNICs with vSwitches in ESXi lol

man blob sounds like he has it all figured

I can get 9's to my Speed test vm so

im vmware old school even though im all hyper-v now

running under a proxmox setup

slightly off topic but have you looked at truenas scale

any of you

since you mentioned proxmox

freenas + kvm virtualization feels like a powerful combo

I run Truenas core, not really every played with scale

I keep my storage appliance and KVM separate

some setups yeah

if its BSD's bhyve....no ty

other setups are hyperconverged

yeah its not bhyve, they moved to straight-up KVM with truenas scale

thats why im interested

so it sounds like the course of action is:

1. try it on my current hyper-v setup
2. then try it on esx if that doesnt work
3. split up WAN and LAN routing into separate appliances if none of that works

and the LAN router can be something that doesnt use PF

somewhere in there we can try pcie passthrough for nics too

if you aren't running an rules PF would probably hold up

lots to try apparently

booyah

10 gig client, 10 gig server, pfSense inbetween

thats one IP network to another through pfsense?

Yea

vnics on esx

hot

Just for fun...ipsec across WAN 😂 https://blob.rocks/PZHox9nmYg.png

idk what i could get with my setup

i have one thread of an i7-5820k clocked up to 4ghz and half a gig of ram assigned to my pfsense box, internet is gig fiber

Lemme install iperf3 directly on the other pfSense

Definitely should give it more ram, and possibly another vCore

instead of going to a VM

i mean i get gig solid up and down as-is

You don't run any other packages? Snort, etc?

newp

fairly basic setup

lil bit o' vlan routing, just one internet uplink, nothing else heavy on compute

niceee https://blob.rocks/44mRCWuqWW.png

Maxing my up lol

hotness

I should give them a private VLAN between

lol. I gotta give my edge router 8 gb of ram to safely run all my snort rules and other services.

i wont tell if you dont tell

I'd love for Wireguard in pfSense to try out WG site to site

its coming isnt it

I'm already pushing like 500Mbps between WG

like soon

Yeah in 2.5

Lets me log stuff like this though. 30 day world map of where snort alerts have originated from.

wireguard hype intensifies

Same 10 gig setup 😂

but iSCSI lmao

but isnt that 16 gbits/sec

2gbytes

yes which is why its funny

yeahhhhh about that

https://tenor.com/view/confused-wtf-math-what-numbers-gif-14841107

also what happened to iscsi protocol overhead

lol got a 9

https://www.speedtest.net/result/d/05ad15dc-c5dc-4029-97dc-18a5fa082047.png

ridic

so what justifies such an uplink

that cant be inexpensive

I wish Speed test software was stable its async coonection for only getting a 5 on the download is completely inaccruate

cries in gigabit

well this is a residential conncetion so its not anything you would use for Business class service

lol wow

I mean for me its pretty much Business class uptime

i did not know that there were residential 10 gig services in the states

@chrome hound I wish my ISP did active ethernet like utopia does.... lol

the most ive heard of is 2gig

stuck with gpon

its starting to become the thing

www.utopiafiber.com if you want to find out more, its a fiber network ran in UTAH

EPB in Chattanooga TN offers 10 gig....
Utopia in Utah offers 10 gig
Some ISPs in Texas offer 10 gig

yeah i just looked that up

its municipal

municipal fiber is often excellent

residential, if you're willing to shell out $$$$$ you can get 10 gig anywhere

I just happen to work for UTOPIA soo I get whole

Ya I'm on municipal fiber even though AT&T fiber is an option

sale

because 🖕 AT&T

new york will never get municipal fiber

never ever

never say never

im satisfied with gig fios for 80 bucks a month for now

its not the best deal but its good

Although I wish I had gig UP too

It's only 500Mbps up lol

its trending we have more and more cities ask for us to do evualtions all the time

but better than Spectrum 10 up before this

if new york city gets municipal fiber in my lifetime ill eat my hat

@chrome hound How do you guys do IP assignment

DHCP?

well it varies from provider to provider

My ISP just gives out IPs via DHCP....I have 3 public IPs rn 😂

Ah, some do pppoe, some do dhcp, and some do/offer static?

UTOPIA technically doesn't sell internet to the general public, its not good for us to compete with out ISP partners

Yea

I pay for a 12 static IP's

before I switched to UTOPIA whole sale I was with Xmission and they let me buy a block of 8 for like 6.99

that is an incredibly diverse provider ecosystem

so all those are what, operations that run NOCs and have their own uplinks, and use your last mile?

thats the whole point,customer choice

idk why my ISP offers 25/3 lol https://blob.rocks/dHzVmZn51s.png

yep

i wish it was like that elsewhere

we baclsily provide the Layer 2 domain they provide layer 3

yeah that makes sense

in some cases we do have layer 3 like employees like me and other customers that don't want an ISP

like Amazon has a couple of sites we service

but anyone with a noc and an uplink can sign up to use your last mile and be a competitor in that market

which is wonderful

Kinda like how business can have direct level3/Centurylink?

in some cases like between hospiltiles they rent the entire fiber, we call that dark fiber they put equipemnt on both ends of the fiber we just lease it to them

yeah theyre buying layer 1

rather than your usual layer 2

mmm private fiber

yep private fiber in some cases its a WDM wave we lease it just depends on the need

Spectrum charges my school out of the ass for private fiber lol....which is why the local fiber ISP is gonna be nice

hi everyone, I have a unifi dream machine pro and a pi-hole I set up a few days ago, before the pihole I was able to resolve local hostnames (with AND without the .localdomain suffix) but now my pihole is in, I can't, it began with simply returning a "website blocked, reason: site is not on any blacklists" and now it just can't find them. the only settings change I made in the unifi portal was to set its dns server to the pihole, the dream machine is still the dhcp server and shows that it gives hosts the domain name (as screenshotted) but im lost as to how to get the pihole to find them

like we have a 100 gig WDM form SLC to Sanaqiun for our

so here in NY theres no way anyone could be like hey i have an uplink, i can peer with verizon and theyll let me service customers on their fiber

school system in ut

thats a fantasy

commercial sure not residential

Whenever the school district moves to the local ISP

well that is the main diffrance between state owned and company owned fiber networks

They will get their own ASN

And then peer with the local ISP

yeah the state cares about the citizens

go figure

The local university does that

its so odd that this is hte one thing I really think works better in the goverments hands, how ever only when ran correctly open access is the key to success

The way the fiber ISP operates here

governments f up municipal fiber all the time

is the electric coop owns the fiber

australia was going to have this bangin nationwide network

politics ruined it

then they lease the fiber to the "ISP"

That ISP handles equipment, FCC filings, dmca/legal, customer support, licensing

I guess UTOPIA is kind of difrent there too, we are not owned by one we are owned by 11 cities and they run it like a company with a board and we have full control over our oppertaion

yeah its a good mix of government and private sector control

yup

lol that company was bad, they almost bough UTOPIA but it was uncovered what they did in AUS

yeah so you know about that then

yep

any fibernetwork they got there hands on went to shit fast

they got a few sad to say

so yeah muni fiber can definitely be done wrong, and its particularly sad when that happens

for a long time UTOPIA was one of those, it took a lot of work to really bring to market what UTOPIA is today

its fine tho elon got us all, starlink brain implants coming in 2030

I realize how spoiled I am with fiber internet now that I'm running a SneakerNet to my GF who's deployed on a Royal Canadian Navy ship in the middle of the ocean.

Everything has to custom encoded for low file size to make the most of storage, make sure everything is clearly labeled, carefully label the drives so no one is never unsure what's on what. Basically making it all efficent and idiot proof.

It's slang for networking where you physically move the data.

A network powered by sneakers.

'Never under estimate the bandwidth of an old stationwagon full of hard drives'

AWS Snowmobile, literally a truck for moving PBs of data 😂

...Or in this case the bandwidth of the postal service and a Boeing CC-177 Globemaster III...

I'm mailing off USB flash drives every 1-2 weeks basically, the ship has specific deadlines for getting packages to it

Which then go to the ship's home base, which then go to into a transport plane full of supplies and spare parts and other mail, then is flown ahead of the ship to it's next port, and the ship meets it at port.

...Thus ensuring that this naval deployment, during COVID-19 where NO ONE is allowed off the ship EVER, at least gets all the Canadian NHL games and other content while at sea.

...They deployed the HMCS Toronto on a lock down deployment last fall and it went so nuts they had to put a social worker on the ship 3 months in...

Your GF messed up. No matter wher I've deployed, collectively we always had terabytes of movies and tv shows.

Oh I sent her off with 48 DAYS of media files in ADVANCE. But how is she supposed to watch her NHL games while they are airing RIGHT NOW?

My RT 3080 spent 8.5 days encoding files to fit 48 DAYS of anime and TV onto a 512GB MicroSD card in her tablet

Man, half of the nice thing is to be away from to world for 6+ months

'Away from the world', locked in a ship with 260 other humans, all in close quarters, no weekends, little privacy outside of your bunk and when teh ship gets to port NO ONE is allowed to get off and visit the port city.

Yeah, fair. Most of mine were spent in wide open desert.

She FORGOT there was a pandemic when she signed up

No lies, she forgot she'd not ACTUALLY get to see teh world

Side note, shout out to the canadian armed forces. Some of the best people to work with, along with the brits.

Well, I preppred her with the anime

The NHL is a thing I'm doing

...Also I'm NOT a sports person and GOD DAMN there are a lot of games in this sport. D:

And I'm ONLY sending the CANADIAN games

(She only asked for the games for HER team, but I'm 100% sure once someone realizes she has games, people will want games for their teams)

...SOL if anyone roots for an AMerican team. 😮

But it's been neat to learn what media options the ship has

ALl the TVs have little android boxes

The ship DOES have internet and wifi, but wifi is in specific areas (It's a boat EVERY wall is a faraday cage) and, well, imagine 260 people on a satelite internet connection.

They also have an internal 'non military' network people can just dump files on.

So... Imagine these will make it onto the network on the ship

I'm dreading that this catches on and people start giving me requests even to send YouTube channels and such...

It also seems likely.

Just tell em tough luck. Besides, the ship only has so much storage.

I mean, I got gigabit. 😛 But I also ahve to transcode EVERYTHING so it's real small

I transcode everything down to 'watchable' quality

(Which is how you fit 48 DAYS of anime and TV on a 512GB MicroSD card)

Uhh I keep it 1080p if it's 1080p, but it's 112kbps audio and video is all HEVC at CQ37

Anime eps average like.... 100mb each.

Well it's a ship, only so much storage right?

Things only need to be 'pretty watchable'

As long as it's enjoyable and entertaining, mission accomplished

I'm jsut waiting to get tonights NHL games before mailing this out tomorrow. It should reach the ship in... 3-6 weeks. :V

Not much I can do

You mail it to the base, mark which dispatch you want it to go out with. It gets inspected by the military. Gets palletized. Gets flown out on a military cargo plane. Sits at the port and waits for the ship to arrive.

It's not exactly UPS.

I'm sure some might decry piracy, but it's not like the ship could sub to ESPN. No one is losing money here.

Let me let you in on a secret - the people inspecting those drives are probably ripping everything for themselves lol

I mean, A-ok there

You know what someone on REddit told me to do? To ENCRYPT the drives so that I don't get sued for copyright.

I was like 'MOTHER FUCKER. I am not SIDE CHANNELING ENCRYPTED DATA INTO A MILITARY ASSET'

That's how you get the RCMP at the door asking questions.

The point is, encrypting the data is suspect as hell when the data is innocent.

Like Roaldi said, no one's gonna go 'Wow, we better warn the NHL'. They're gonna go 'Hey make copies'

A lot of work goes into making this as simple and idiot proof as possible. All the files are VERY carefully labeled, so you can dump all the flash drives into one drive and they'll all merge in order. And so any idiot (This is the military here) can jam it into an android thing, the PS4, or any personal device and just watch it. Gotta make sure the drives are ExFAT so they'll read on ANYTHING

...Gotta support the GF D:

Also, have to order metal USB drives for durability cause, again, military.

I told her the drives are going on a one way trip. she doesn't HAVE to share them, but they may get shared around the ship directly? I'm not 100%. I designed it so you can EITHER put it on the network or each drive clearly says what's on it on the tag so you can plug it in directly.

Worse case, I get a necklace of Kingston SE9's when she gets back.

On the plus side, I'm flying out to meet the ship when it returns and I've not seen Anthony in years so I can say 'Hi' while passing through Vancouver

No, I mean LTT Anthony

I asked if I could see the office, he said probably. I mean, depends of course on how the COVID situation is in the fall when the ship returns

I mean, it SHOULD be better but, uhh...

I dream of them one day being big enough to need their own cybersecurity guy. I'd love to work there.

One would ASSUME

Just saing, fingers crossed.

I work in VFX myself, I kinda wanna see LTT to compare it to the typical 'Meets MPAA Security Requirements' office.

Yeah

GFX is just short for 'graphics'.

Which in TV and Film is usually more used to refer to 2D overlay graphics you see on news channels.

There's "VFX' which is 'Visual Effects' which is all the computer CG greenscreen fun

There's also 'SFX' or 'Special Effects' and special effects are all done PRACTICALLY. Like SFX makeup or real monster costumes, explosive charges, and anything that was 'really htere' on set but actually done in a very controlled manor.

There's also UX

But yeah, I thought some folks her emight get a kick outta trying to SneakerNet 'airing' TV to a military ship. 😛

I wonder how Starlink could help with marine internet lol

Sure, with that many people, 100Mbps won't be enough

Well for the military, with how fast the military procures things... THat's a great question for 2035

lol yea

Like, Canadian ships only got 'wifi', like, for crew enjoyment and not just direct communications back to the military in the last year or so.

WiFi on a ship....dear god

Yeah it only works in a few spaces since all the walls are steel

Every room basically needs it's own AP

yup...

So the messes and other communal spaces have wifi and that's it really

But I was still impressed when she sent me a pic and like every TV there has an android box

wow

I mean, it makes sense when you think about it

yeah

Android TV is nice

Hardwired I'm assuming then?

It's an easy box that'll plug into the dumb TV and let it read USB HDDs or the ships network

I'm actually unsure if the android boxes are ON the 'non military' part of the ship.

She's not SUPER techie and it's her first deployment and she's busy with 'her job'. I'm the media nerd just SneakerNetting her hockey games

lol

if they're not on the network, I'd be surprised lol

Where as my stupid ass would be like 'WHO CARES ABOUT THE GATTELING GUN, SHOW ME HOW YOU GUYS WATCH TV'

'Look man, I've been watching Discovery/NatGeo/History channel for 30 years of my life. I've seen a million CWISs in my life, I wanna see the Android boxes'

😂

It's been uhh, interesting to learn about the supply logistics

I can also stalk the ship on satelite which I'm paying like $40/mo for

lmao

21st century is WILD

do you happen to know the sat internet provider?

The internet? No

By Sat tracking I mean it's AIS transponder which is a civilian navigational aid.

yea

But gotta pay for the sat data for a given ship.

And I'm SURE that as a military ship, especially when doing anti-smuggling sorta stuff, it'll turn the transponder off

But it's funny to just open a bookmark and go 'Ah, I know where she is and it's going 25kn, so it must be using the gas turbine.'

lmao

"I love you, I trust you, I don't care about your passwords or accounts, but yes I will pay $42 to stalk you by satelite while at sea."

anyone here can help me configure firewall rules ?

Meanwhile @ SpaceX https://www.youtube.com/watch?v=KTc3PsW5ghQ

At my place, I have 2 Internet connections on 2 different routers placed in 2 different rooms. I have some printers and computers connected to Router A while come connected to Router B. Is it possible that I connect the 2 routers together so that I can access the devices connected to A from my computer connected to B? Will connecting their individual LAN ports to each other with an Ethernet cable do it for me? Also is there a wireless method to this?

Quick question is 31 MB/s fast download speed? or about 1GB per 30 sekonds

31MB/s is about 250Mbps which is pretty good

whats the best domain manager service (eg,cloudflare, bluehost)

I like using Cloudflare