#networking

🤔

True. Which is why I think we would be fine dynamically setting the test to the local gateway router. If it’s down, who cares? Everyone else in the house/hotel/airport is going to be all up in arms. But at least the message is going to be correct most of the time.

Thats thanks to the Captive Portal detection system of Windows. It will load it behind the VPN on purpose.

Android does this too

As much as people like to bash on Windows.... they got a SOLID management ecosystem

Yep. Though, I wish SCCM was a bit more… immediate. But that could actually be a corporate management problem. I’m just not sure yet.

Like, if a Windows update is past due. Install that NOW. Don’t care what the end user thinks or wants. They literally had a week or more to get it installed. Why is SCCM stalling?

I also don’t have any formal SCCM training. So the terminology may mean something a bit different than it’s face-value.

And for crying out loud. Why do I have to micro-manage the SCCM cache folder. If there’s an update or program that needs to be installed, and the cache is over the size limit. It fails with random error messages. Like. Just auto clear out stuff that isn’t needed and auto expand or shrink as needed. If the drive limit is reached, that is FAR easier to detect and diagnose.

But now I’m off-topic for this channel. Lol.

You need to move away from SCCM

Also: https://docs.microsoft.com/en-us/mem/configmgr/core/support/send-schedule-tool

I’ve used PDQ Deploy and Inventory in the past. Loved it. Worked really well. No idea how well it scales to our size though. And though absolutely no one where I work would even entertain the idea of moving away from SCCM, I would love to entertain the idea. Any suggestions?

SCCM is now Configuration Manager basically

The other option is: https://docs.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune

They both put SCCM to shame now

We have interest in managing through Intune.

I forgot about that.

Ok I hate Azure and all that, but my Bias cant defeat the ease and utility Intune offers

And thats a massive compliment coming from me

Hey guys. Moving here for relevancy, but Is it possible to write a script in windows that automatically creates an outbound rule to block internet to applications through the firewall?

Yes

sweet

bat file then?

oh thought you're referring to PS

ps?

powershell

Oh, either can do

Idk how I'd do it or what I'd write

go with PS

Can I save it for future windows installs?

Absolutely.

Certainly

https://www.amd.com/en/press-releases/2022-02-14-amd-completes-acquisition-xilinx

@plain siren Didn't Intel have Xillinx? or what happened there lel

I need help with a networking problem. Not that I can actually implement a solution, but, I am trying to understand why desktops on campus randomly get assigned IP addresses belonging to the unauthenicated VLAN.

The desktops are connected to Cisco switches and those Cisco switches are provisioned using Cisco Identity Services Engine appliance/product suite. If the client desktop is powered off for 4-5 hours, the next time the desktop powers on, it gets an IP in the restricted VLAN. However, if I physically unplug the cable that's going to the PC from the wall port, wait 10 seconds, and plug it back in, it authenticates to the Cisco ISE and the correct IP is given.

Doing an ipconfig /release and ipconfig /renew doesn't trigger the PC to get the right IP address.

It's so odd why this happens and its not consistent. It's always a different PC.

Got a QLogic BCM57810 to install in my windows PC. I was doing some iperf3 testing and was noticing that I was only getting about 5Gbps transfers out, and 3Gbps Transfers in. Checked "Get-NetAdaptersHardwareInfo" in Powershell and i'm seeing that the adapter is connecting at PCIE ver 1.1 instead of version 3 like it's listed to support. Is there anyway to force the version negotiation?

Guys please I need help! I screw something up. I installed the cockpit for linux and then I was creating a bridhe to the esp5 something and now everything is dead and I cannot connect to the server. What shouold I do?

I dont do ISE but have you thought about looking at the logs?

if it doesnt mention seeing the problem computer the first time, maybe there are connection issues

so I had this idea where we get daily reports of which computers are communicating to our inventory management appliance (kace SMA), and I was going to get the port ID numbers from where the desktop is connected to and have the network admin bring it up to the ppl who manage ise and see if they can see the logs for that particular port and pc

I am hoping they can narrow it down that way. yes the logs are a great starting place

Sounds like the NIC is kept active even after power down. I’d wager if you pulled the power plug on the PC and powered it on, it would behave as if it had been unplugged. Could try disabling WoL and see if there’s anything concerning keeping the NIC powered. Also check the BIOS/UEFI. edit Disable “allow this device to wake this computer” - that will also keep the NIC alive in low powered states, or even the “off” state.

I’m not entirely sure how the Cisco authentication back end works, but if the port is alive and the authentication service can’t figure anything out (lights are on, no one home), it may drop the port in to the restricted access because it doesn’t know the state of the computer.

Need an absolute network genius to help me out. R/tech discord has no answers. About a week ago i lost the ability to connect to 5ghz band wifi out of nowhere. I was advised to do a fresh win10 install. I did, and I still cant connect to 5ghz without getting booted off after about 10 seconds. Other devices have no issues. Please help!

if it's a laptop, i wonder if the antenna got damaged or disconnected from the wifi card.

I'm no expert but there are some things that might help

Upgrading drivers for your specific wifi/Bluetooth router

Updating EUFI, and then doing a CMOS reset with the EUFI

If it still fails after that check network logo for any anomalies

he needs an absolute network genius

Absolute notwork genius, gotta somehow peer with cogent.

Sorry

thank you for the suggestion! I don't think I've checked for a setting that controls if nic will operate in low power mode when the desktop is off. I did notice that nics stay active after power off. I'm gonna have a look next time I'm at work

I think that would fix it for sure

yeah this makes sense

hey my ethernet cable for my pc died, and I've got virtual class i was just wondering is there anyway i could get internet to my pc from my phone through USB or Bluetooth? it's an s10+ (Samsung)

yeah you can do usb tethering pretty easily

should be able to just find it in system settings

under "connections" in system settings

Bluetooth works too but Bluetooth is just not a very fast connection, it may not have enough bandwidth to really run a video call

https://community.cisco.com/t5/switching/802-1x-and-wol-wake-on-lan/td-p/1360094

"We have problems with enterprise pc's ending up in the guest vlan for some reason, and we have to reboot them to get them back to the enterprise vlan."

😮

@little schooner now kiss.

lol exactly what were running into, tho, our switches supposedly don't support wake on Lan. that's what the net admin said tho, I don't know for sure.

well i did try usb tethering but i don't think it worked, I'll try again soon

everything is locked down. It's policy for in and outbound and every port we want needs to be in a change request and approved

it's so crazy for a school network

they take it more serious than some private businesses

a school is a business

but like they have more security than Tmobile for example lol

in the checks and balances

but yeah ig bc it's a school it's diff I suppose idk

ooo right they also keep student records and sensitive data

well now it makes sense lol

the students can be phished like a business too

tell me about it

our security is bad

and they have been. There's been several attempts and at most earlier this year, we had 15 accounts phished

and then phising wise, man

they clicked links and typed in info

there's so much

now they are trying to slowly phase in mandatory two factor authentication

lol

starting with IT teams

most people havn't changed their default password

when I worked for a school we paid to get attacked. They got students to click, they walked into a PC lab and did some nasty, they breached our stuff through a server the students had access to

which was 6 chars

no special chars

just upper/lower case and numbers

so accounts get hijacked and keep spreading it

Got my wifi fixed. Had to go into router gateway and prefer 40MHz within 5Ghz wifi. Apparently windows update messed it up for many people

do all US houses have hollow walls?

to run cat5e

no

most do, but not all

there may be insulation there as well

our exterior walls have spray foam

and internal rockwool

i do not believe i have insulation in the wall i al gonna run it becuse when its freezing in my room its freezing everywhere else even though i have a heater

if you get what im saying

so i belive it is hollow

don't run CAT5e.

Futureproof yourself with 6/6A

It’s hollow until you run into a fireblock.

i already have the cabling, its from like years ago when i was doing outdoor work

I still wouldn't run it. You can get 100ft of CAT6 for around $30

yeah thats fair

CAT5E is fine now for under 1 gig connections but think about 5-10 years

im only gonna need it for 4 years.max

your choice. Still wouldn't recommend it considering how cheap CAT6 is

just use it can always be used as a pullcord for cat 6 or better later

yeah that's true.

also as you have it it's free and if you need better yeah it's more work but 1gigabit is more then enough for the internet even in 5 a 10 years as fiber is just getting widespread adoption

DOCSIS 4.0 👀

pushing the max out of copper lol

people are mostly still on 300 mbit these days gigabit is so expensive

depends on provider

I could get gigabit, but I don't need it

like, my network usage sits at 5 mbps average

$80/mo

and for burst, 300/300 works just fine

yeah I could get it like around that price

Anyone familiar w/ MoCA here? I'm pretty familiar with it but have a question still

If I seperate the incoming DOCSIS line from the rest, do I still need a MoCA Filter

I'd assume no?

anyone in here good with openWRT, im having some issues and cant seem to wrap my head around what im doing wrong?

https://dontasktoask.com/

i have spent 3 days working on this problem and always seem to loose either internet connectivity to my devices, or cannot see the static IP devices on my "router", it is OpenWRT based and i was hoping to find some help.... and in regards to your response, its about as useless as a hemroid, thanks...

https://linustechtips.com/topic/1412070-openwrt-help-custom-routing-solution-for-travelling-automation-technician/#comment-15263487 i can see the LAN connections on the built in VLAN that im trying to setup as a switch, but cannot communicate with the devices. they are on different subnets, however i can communicate with them on a different router than this one....

if you set a static IP, the router won't see usually in devices since that's usually derived from DHCP leases, and it prob doesn't use ARP, would have to check on that tho

I'm not quite understanding your diagram. But what I think you could do is this, setup your laptop on the interface connecting to the switch as 192.168.43.34/16 or something like that which wouldn't cause ip conflicts with any device. This covers everything between 192.168.0.0 - 192.168.255.255, the whole reserved subnet. This will allow laptop to connect to any device within that subnet.

Then configure the internet router to use a different subnet, something like 10.0.1.0/24 so the router IP would be 10.0.1.1/24. Laptop could just get IP by DHCP. This is needed as we can't use the 192.168.0.0/16 since it would result in IP conflicts.

The diagram are the two ways I am trying to use the device, one using my existing wireless in my workspace, and the other being when I am on the road for work, I can use my phone as the internet source. But the devices I need to connect to tend to have default static IP addresses like 192.168.250.1, 192.168.1.2, 192.168.0.2... I have to adjust them individually and put them on the same subnet/assign static IP addresses so that they communicate and can deliver I/O signals between them. I usually set them to 192.168.1.1-192.168.1.3 for example.. my computer (and sometime multiple computers) are normally connecting via DHCP, the problem I'm running into with this router is I can't communicate with them if their plugged into the router. Regardless of if I have changed the ip... The router is rejecting communication and I have tried setting it to accept with no obvious change, and I've tried seperating the physical ports as a switch and creating a network bridge to link them, but when I create the bridge, I lose all internet connectivity but I can see any device I plug in, maybe I'm configuring the bridge improperly? I know this is probably something simple I'm overlooking, but This is my first attempt at using openWRT with this setup, before buying this device I had daisy chained multiple devices to accomplish this connection setup... The old TP-Link router would allow me to ping and connect to the devices with their default IP and then I could change it and see it on router. Then I used another access point to add our existing wireless connection to my new network...

I'll try toying with the IP configs tonight as I didn't try seperating them to such a degree, maybe that will help if I configure the entire DHCP range as 192.168.0.0-192.168.255.255 and seperate the laptop that may result in better results, thanks...

what I would do for the devices is just get rid of the router on that switch. If none of them use DHCP, there's no need for a router. Just set the IP statically on the ethernet interface on laptop

and if they have static IPs, perfect

I was trying to eliminate the step of programming them all individually, when I started doing this, we just used a switch, but then I have to constantly reconfigure my ip on my PC as I change each ones IP address, then the problem lies in I have no internet for help files in certain software, or to look up something up on the fly, the router portion of the device is mostly for the wireless laptop(s) to negotiate an open IP and not cause conflicts on the small network of static devices... Meanwhile the device is also allowing me internet access on the laptops through an existing company network... Maybe that describes what I'm trying to accomplish better?

hi! there! i'm shopping for an internal 2.5gb network card. are there better chipset that put less load on cpu?mine is a i7-4770k @4.4ghz all cores (4c8t)

cat5e long term is only good for cameras

and maybe PoE sensors

yeah tru

i have some that still use 100 meg

is the cost savings that much??

you have some of what?

ip cameras from 2021

ah yeah. Most cameras only use 100meg ethernet

unless you get a higher end one, it's simply not needed for most cameras

yeah, like the 8 or 12mp ones, i think

I don't even think they can use more than 100mbps

even 8 bit raw 4k video is only ~200Mbps

and cheap IP cams are definitely not shooting raw video

When it comes to things with Microprocessors, it's more taxing on the device to have gigabit capabilities

$50/mo

lol

that's a lot of itnernet

5gigabit for 15$ a month

lol where

no one? :(

italy

Wtf can't even get 1 gig internet for way more than that here in the states.

Wait wot

What's wrong 😛

Speedtest usually does multi socket connections unless you say single

that's sad but price is handled very different between region, here in italy best price for mobile is little less than 3usd a month for 30gb and unlimited calls/sms

ftth lowest is 15$ unlimited 5gbit/700mbit epon

What am I doing wrong, I'm using Windows 11 now and my phone can't get connected to a remote app (remote mouse/keyboard).

App says it's got firewall access, but I don't see anything actually connecting on the 'connections' tab.

It's supposed to be using these ports, how do I make sure they are accessible?

This is all my phone sees using a port scanner

Would upgrading to wifi 6 be worth it for futureproofing reasons

Or should I just stick to wifi 5

Since it's cheaper

depends what you plan to do, I personally play VR over wifi so the lower latency and higher bandwidth is worth it. But otherwise meh

Hm guess I'll stick to wifi 5 then

If I play vr it'll be wired

I feel like wifi 6 will be like cat6 cabling

Not necessary in most situations

WiFi 6 or WiFi 6E?

either

like, necessary internet speeds haven't changed in like 10 years

you can still watch youtube vids and browse with like 5mbps

Even if WiFi 6 won't help with speeds, it'll help with congestion.

Plus it's the first 2.4GHz spec improvement since N

that is true yeah

but in terms of speeds improvements with the new standards it wont really be utilized i feel like

@thick minnow the driver is going to be the power management features not the speed

and the density improvements

xen, esxi or proxvox for virtual firewall/network stuff (asterisk, sdn controller pfsense guests) thoughts?

can't really go wrong with proxmox

if you can pay for vcenter I heard esxi is really good too

alright so I have a very weird problem. I recently purchased the Orbi RBK753S mesh kit from costco and got it all setup. I know orbi might not be the best system but its going in my parents house and they dont have/want ethernet run all over their house. It was also relatively cheap for a wifi 6 mesh system. So we pay for 250 down 20 up and I get that perfectly fine off both of the satellites but when you are in the main room of the house next to the base router the speeds drop to basically 0 and while it is at 0 if you reconnect to the satellites it will jump back to 250. We dont have any interference that I can find. I tried calling support last night and got a bunch of useless information and things to change that didnt end up helping. I am hoping that someone here could point me in a good direction because I am kinda stuck at the moment. Thank you.

Looking at reviews looks like a lot of people have had issues with your mesh networking kit

Yeah we are going to take them back. So now I need suggestions for a mesh system. I’m thinking eero

ok so i have recently switched motherboards from a msi mortar b460m wifi to a gigabyte d3sh ac wifi and i have been having wifi speed issues and they are very odd. my pc will get any where from 1mbps to 60mbps on download and other device on wifi will get 130+mbps but on my pc my upload is stupid fast like 120mbps compared to other devices which get like 30-50mbps. so for the past couple days i have been fiddling with my wifi drivers and my wifi adapter settings and i have not gotten any luck. so if you any of yall could help that would be great

I mean WiFi 7 would like a word then 😛

1Terabit OTA would like to have a word in 400 days too

wifi all the data!! Wifi datacenters!!!

😆

Although WiFi 7 is supposed to have aggregate throughput of like 30 to 40Gbps which is insane by itself

Hi! I need a bit of help. 😦

So I'm having issues with my current ISP and I was looking at load balancers (like the TP-Link TL-R470T+), and from what I've gathered, you can either:

Combine multiple ISPs into 1
or
Have 1 active ISP, and 1 fallback ISP in case the primary one goes down

Are there load balancers that do something like this?

Home: ISP 1
Office: ISP 2

If ISP 1 breaks down, switch Home to ISP 2 (so now both are running on ISP 2), or vice versa.

I'd like to have them split as much as possible, and only ever run a single ISP for both if the other one is having issues. Am I looking at the wrong things? My knowledge of networking is pretty limited so I have no clue if I'm even looking at a possible solution D:

What you want is a router with dual wan

And then configure failover

You aren’t going to be able to combine both ISP’s for aggregate bandwidth. For example: ISP1 = 100mbit. ISP2 = 100mbit. You will download at a max speed of 100mbit. Not 200mbit.

^

You can have 200mbps total bandwidth, but not on a single connection

more like 2 computer downloading at 100mbps

if configured correctly

Do you have coax cabling in your house? (The jack your cable modem connects to?)

I'd recommend MoCa adapters + UniFi APs if you do

More complex setup but will be miles better than mesh

Does anyone know how to setup reverse proxy on Apache? I’m trying to get it to forward internal port 8080 on a subdomain through port 80 without messing up my website that runs on ports 80 and 443 (I was told that this should be possible, and I very much need it) (also I think this is the right channel for this question)

Thanks for the heads up / clarification. Yeah I was expecting that, I mostly just want to have 2 separate ISPs and have one cover for the other if one fails. Would it be better to just run 1 ISP as the main, and 1 as the fallback, instead of running both in parallel?

does anyone know a way you could block a specific website on a network? when i goto the login page for my email hosting it says this site can't be reached, but if I make a hotspot with my phone I can get to it? it's not just one computer, it's the entire network, could they have done that? I checked the firewalls for anything that might cause that, it's wierd because it's so specific. I can goto their page but just not the login page, tried several browsers and all coming up the same.

Yes websites can be blocked.

yes

websites can also block certain IPs

If you're able to check firewalls I assume you own/manage the network? Or did you mean local firewall.

yes it's a business network, I guess I should contact them and see, when I did they just said it should work and that it was on my end.

@peak cloak esxi is free for personal use

but proprietary 😦

thing is I heard many features are hidden behind vcenter

there's a bunch of stuff missing but I mostly don't care about it (things like vmotion, storage vmotion etc) for a signle virtualiser

I hear the vmug program grants you access to those, for personal learning, for about $400/year

in my mind, why deal with using a proprietary piece of software when equally powerful FOSS alternatives exist... with free proprietary software it's always going to be designed for an upsell somewhere and you never know when your needs will change and you'll hit a paywall

and this is the reason proxvox or some xen solution is most likely ^^

another piece people don't realize until they've been on the commercial side of things - with open source there will always be documentation and crowdsourced how-tos - but if it's commercial, the assumption is that public documentation doesn't have to be very detailed or comprehensive because if a user needs to figure something out badly enough, they'll just shell out for a support contract

with open source, pretty much all documentation and accumulated knowledge has to be public (or at least there's no good incentive to keep it private)

anyway sorry to be contrarian - it's just an aspect that people tend to miss and hopefully i can save you some time pointing that out

If anyone could help me with a problem I'm having with Apache I'd be very grateful

i was actually just reading back and saw your question - if you still need help i can try to assist but I'm not 100% sure what you're looking for

so you're trying to have apache listen on port 8080 and reverse proxy that to another site on a subdomain?? or you're trying to have a subdomain that goes to a different site through a reverse proxy?

both should be possible I'm just not clear on which you mean and what you're trying to accomplish

I'm trying to make it where, when I use a certain subdomain it forwards to port 8080, rather than using 80

Cause I have a server already running on port 8080, but the client will only listen to 80, but my website is running on it

TFTP = Nice 😏

Sorry very random but I need it on a shirt lol

hmmm... yeah I'm pretty sure that's possible. i haven't messed with apache specifically in a while because i mostly use nginx for my own projects but lemme double check.

Okay, thanks

ok soooo... you should just be able to create a vhost for your regular website or a default vhost and leave the settings for your regular website in there

and then have a separate vhost for the subdomain with the reverse proxy directive pointing to 8080

but I'm not 100% sure it's that simple - can you give that a try? or if you have already and it didn't work, let me know and i can try to figure out what's next

Earlier I tried to make a new .conf in /etc/apache2/sites-enabled and enable the mods for it and it didn't work

Though I have barely any idea how to do this

hmm that's weird. can you check either your apache log or your systemd journal for errors?

apache will either say "this config file is totally broken" and just not start, or it will just ignore whatever block or site it thinks is broken and keep serving the rest of the things that are still valid

This is what I had before (doubt it's right, I've tried doing multiple things, this is only one of them)

hmm so iirc you actually don't need the proxy directives inside a <Location />

i think the syntax would just be ProxyPass / http://thisisruka.fans:8080 and same for the proxypassreverse line

oh wait one or both of those might need to be quoted

they might work either way but i don't recall for sure

both might be fine but try putting it in one line without the extra location

So just this?

without the location line at all

Ah

the proxy directives should look like these https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#examples

oops how did that send twice

yeah so add a path "/"

in other words ProxyPass "/" "domain:8080"

This is the status

Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message

nice

The 8080 server won't load on the subdomain

why would it

Idk

Tryna figure it out

Got this, still doesn't work

show config

When it fails is it a message from apache or the browser?

can you show us your browser

also i do hope you enabled this site configuration, right

wait a minute

that's a dns probe

can you show us your dns configuration

The one on the client pc, or the server?

the server, that's a weird question btw

no not that

I meant the DNS config of the domain

It's this I believe

still no, that's the DNS server not the config

was talking about the A records, CNAME etc

Ohhhh

where's your record for diva

So this then?

you CNAME it to itself?

im not bigbrain

also it's late lol

what does that mean

no smart sometimes

If I have a question about a new NAS, would it be better to ask it here or in Tech Support?

@feral wadi
CNAME should be pointing to thisisruka.fans
Change it then run
Ipconfig /flushdns
on your pc

his whole config is just plain weird

It's working

I'm not extremely experienced with this as you could tell

forget the apache reverse proxy

just redirect your domain to thisisruka

or cname it whatever

welp.. I destroyed hardware today 😦

in good news I bought 2 in bad news I think I blew up a minipc

wdym a minipc, a nuc?

nuc form factor yeah

chinese laptop part based things.

this was totally my fault. I didn't unplug the power working on it and dropped a screw on the board.

like I KNOW better I was just rushing

but I have one working one.

welp, live and learn again again

you built it or you bought it?

I bought this: https://www.aliexpress.com/item/1005003111113672.html?spm=a2g0o.9042311.0.0.393d4c4d7qz5x3 and installed bits.

interestingly it's got $40/unit more expensive since I bought it

oh a pfsense-in-mind pc

neat

well because that's not complicated enough

it now has a tb of storage and 32gb of ram.

because I want to virtualise a few things on it.

asterisk, sdn controller, pfsense

and maybe a factorio server...

so I bought 2 and I killed one 😦

I also bought a 1tb p5 nvme because I misread the specs and it's actually msata not m.2

I then bought and shucked a samsung t5 portable drive becasue msata drives are $400 for 1tb and the t5 1tb was $139 at $majorretailer

What a bargain

so the exercise has resulted in spare parts for next build...

and maybe I'll return the 2nd samsung t5

now I just need to get a system installed on this

I wouldnt run all of this on a single machine personally

plan is a few vm's 🙂

That VM Overhead is going to be deadly

it's 3%

the VM Virtualization itself is but you have the overhead of running each additional OS on top of the Host OS with all its included default services that cause overhead

so there isn't a host os in this plan 😉

ESXi is considered a Host OS

Now.. Lets say you ran Containers instead of VM's

That would have damn near 0 overhead

While giving you that same sense of segregation

so there's enough cpu and ram here imo

internet is only 100/40

so it's not like I'm trying to route gigabit

so the reason for a t1 hypervisor is pfsense vs a linux based router

Oh thats also gonna be the next fun thing

Doing PFSense in a VM is a huge PITA

You end up isolating the Multicast

And stuff like VLANs dont always work right without SR-IOV

Thats the one thing I generally say you would run bare metal on its own platform

so pci passthrough was something I considered for the pfsense guest

SR-IOV is your friend for the Nic Functionality

yeah

Would let you split up those 4 Nics into segregated "Hardware Nics" split across multiple VMs

(I have one of these boxes myself, this is What I used)

Its worth noting, I found that the Celeron is pretty limited on how far you extend it out, so dont overload the box with too much demanding services

https://www.friendlyarm.com/index.php?route=product/product&product_id=284 I use this for pfSense by itself when pairing with these more "Process service" oriented MiniPCs

I notice you said you killed a second MiniPC so idk if you would consider another to help spread out your stuff

Really helps with the oddball routing issues you will run into running pfsense on the same box as other services that needs to be on the same pfSense Routing

mmmm

I kinda want to give this a shot. but I hear you

The issue you are going to see first is that pfSense is going to need to literally connect back to the host machine in order to connect the VMs you are running

Mini PC (Nic 2 (LAN)/PFSense) > Switch > Mini PC (Nic 3/VM Nic)

So you loop back to itself

Nic 1 Would be WAN

nah you put a tun interface on pfsense to a bridge for the internal vm's

yeah that was the other option I was about to say

But the second you have it do bridging internally through virtualized software, you will be surprised how much power it eats up on the CPU

hrm

Meanwhile you use a physical Bridge (Switch) its basically the equiv to "Hardware Offload"

Thats why I like that Mini pfSense Dedicated appliance option

You are not messing with the SR-IOV Details and settings for shit like Multicast and VLAN or the physical/virtual routing oddities of doing routing + Services on the same machine

so I was looking at some ubiquiti edgerouters cause I was bored, and found some site selling them for over 4x retail, and when asking their support if they offer anything above competitors to justify this they just said "the price of a product depends on various factors like demand and supply, shipping cost, customs charge, quality etc"

Its more of a quality of life thing

I know ubiquiti store is in USD but Scorptec has them priced at $2400AU

Scorptech
Ive heard this name before and it came with complaints

ive never had trouble with them

scorptec have been reasonable for me.

they're au specific tho

spent over $15,000 over the last 5 years and only had one faulty razer headset

I feel for the AU Marketspace, such a mess with pricing

but even ubiquiti doesn't charge anywhere near $6000AU, let alone the supposed regular price of $11,000 that site is charging

could be worse we could have newegg shipping dead stuff 😉

over 4x the damn price of the thing when it's not out of stock or anything

local pricing is heavily dependant on forex rate among other things

not to mention that with almost everything being made of unobtanium these days there's some gouging going on

I can buy direct from ubiquiti and exchange rate still doesnt make it go over $3,000AUD

I wish TP-Link would increase their Omada product range to have closer to the amount of options that Ubi has

so omada is the sdn I landed on for this upgrade

sold out at scorptec, but again, I can buy direct from the US no problem. charging $11,000AU for this thing is an absolute rip off

I replaced a few Ubiquiti solutions with Omada, its worked really well

615-wall for my office on the other side of the house and a 610

Yeah I used the Wall AP's

ok I've found an edgerouter in stock at both, look at this

What a difference

charging 2x the price, yeah

these guys have a au.name.com domain so im guessing their aus presence isn't huge, no way they would last charging 2x retail

so buy from the top retailer

yeah im not buying from bottom one no way, just found it ridiculous how much they're charging

who's the bottom one?

scorptec ?

https://au.directnine.com/products/ubiquiti-edgerouter-4?_pos=4&_sid=10ef09541&_ss=r

directnine is the bottom, scorptec is the top

scorptec are one of the best in aus imo

ah I thought you were saying that scorptec was charging multiple times RRP

oh no soz

https://www.scorptec.com.au/product/networking/modems-&-routers/71353-er-4

thats scorpion

I bought 2 EAP610's from scorptec

the eap615-wall was $10 cheaper at auspcmarket and a couple of 2008P switches

5 615-Walls (Office, Office, Kitchen, Living, Bedroom), 2 EAP225-Outdoor (Front and back yard), EAP660 HD (Garage), OC200 SDN Controller, ER7206 "VPN", RouterSG2210P V3 POE (L2/L3/L4) Switch

I've done a little bit of shopping with them over the years

This is what I am looking to do at my own house for a new solution

they've just had everything computers I've ever looked for (ill stop posting cause im getting off topic)

so avoiding the consolidating the router and oc200 was the reason for the minipc

I havent decided on if I wanna use the ER7206 "VPN" Router or pFSense yet

I have a NanoPi R4S with pfSense loaded on it already so I might try out both to see how it works

I don't like the idea of routing particularly intervlan routing on a pi

Its a RK3399 Chipset, The thing is pretty damn capable as a Router

I use a few diff RK3399 SBCs of Varying configurations for many things atm

This is one of my fav RK3399 Boards

cute

Has a Battery, USB C With PD And DP Alt Mode (4K Output with HDR @ 60 FPS)

Runs Android and Linux

I just finished porting Windows 11 ARM64 to it

how does one port windows arm? is there a insiders program for it?

https://www.amazon.com/Interface-Interchangeable-Perspective-Applications-OS08A10/dp/B085RCBNH4 I also use 2 Cameras on it

First you have to port EDK II (UEFI)

https://github.com/jeffchenfz/Rockchip This is an old Port of it for the RK3399 Chipset

You need to make the various edits needed for the specific hardware platform too

PCIe Path Routings and such

so this is all exposed without the windows source?

Yes

ok

https://github.com/tianocore/edk2 Your UEFI Firmware on your PC is a variant of this right now

This is the main UEFI project which is ran by Intel

yep familiar with it 🙂

the uefi bit made sense that's not what I was really curious about

it was how the hal/windows port bit worked

Thats the hard part, you gotta write those drivers yourself

I dont have any of the periphs working yet

It does have functional display output

And the USB Ports were working with the generic drivers since that routing is handled with EFI

But things such as SD Card, Camera, MIPI-DSI, And Audio are Unknown

display is pretty big.

The built in Mali Drivers and HAL package worked out thankfully

It doesnt have HDR enabled on this particular package yet though.

sd card is a pretty simple interface hardware wise..

yeah its just a SPI Interlink

Thats gonna be the first one I do

audio could be.. a nightmare.. and camera.. ugh why didn't they just put it on the usb bus 🙂

Faster

It also has a eDP Connector, which makes it interesting if I opt to enable it

less cpu 😉 usb is a bus designed by intel to sell more cpu 😉

Thankfully all the Linux Drivers for these various boards are on-point regarding their periphs and capabilities

So I can use those to make my Driver Development way easier

OH yeah there is also the IR Sensor and Gesture Sensor, thats gonna be fun

Battery, DC Jack, and USB PD are routed in UEFI, the Generic Charge Arbitration drivers work great

Wi-Fi worked on and off but I need to go in and modify it

Honestly, doing all of this gives a sense of respect to Windows ecosystem and how its able to support so much. Also the amount of work that goes in behind it

windows isn't a bad operating system honestly

I agree 100%

(ntkernel.dll) windows not 9x 9x was garbage

and I think there are bits of the api that are better...

The Management and Remote Systems interface and API + Documentation for Windows is Top Fucking Tier

oh I meant the kernel ipc stuff with your pid just being in a register and stuff

That too.

The dynamic levels of abstraction Windows provides between the OS, Kernel, and OS has offered shit loads of Flexability

right.

oh my god I FINALLY got my NAS's certificate to be trusted

I need to get that M.2 Port + NVMe Working on that "Mini DIY LAptop" I posted earlier too... That should also be a simple port

I have literrally had that issue for over 4 years

At some point I would just have a private CA/Sub-CA server

like every time I tried to do it I would install install install in every store I could think of and it didnt do it, you know what I was missing?

OID?

I never filled in the "subject alternative name" field

HAHAHA

so the cert never actually said what it was for because I have been so smooth brain

to be fair the nas's help button says tahts for securing subdomains, doesn't mention it's also for the root name :/

now to see if I can install it on my laptop

so I bruteforced it on my PC now I don't know what is actually needing to be installed on my laptop, just the CA? or the certificate as well?

The CA generally is all thats needed, but the Sub-CA in the Chain is ideal if you get that too

If there is one

hmm so I installed CA but still saying invalid cert

You put it in here right?

how do I get there again? crtmgr.msc?

ye

yep its in there

May wanna put it in here too.

huh thats all it was missing

the third-party root one

Ye

thank you once again my tech lord

Trusted Root Certs are for Windows Applications while Third-Party typically gets inserted into Browser Cert DBs

aaah

I shall remember that for da future

Certification Chains can get complex at times.

ok now I cant seem to get it installed on my windows VM

well that fixed

for some reason exporting the cert from the NAS's store doesnt work, but installing it from the web browser when it comes up as bad does fix it.. weird

the one I downloaded straight from the error is 2KB smaller than the one I exported from the NAS.. but all the details in the certificate window are the same

this is such a bad take but whatever

@clear igloo @plain siren 💁

The value of CCIE is little BECAUSE it has bias to people that can memorize text and not apply it well, there are test cheats as well as people borrowing other CCIEs credentials

Also 8xCCIE? Talk about not knowing anything

He's attempting to defend the fact that he barely remembers any of the test content IMO

I feel like a [legitimate] CCIE whose last memorized (some feature) years ago and a CCNA would come to the same conclusion around the same time? Why? Both are gonna google it.

So where's the value my dude?

Im still going for my JNCIE-SP in spring regardless of what others think the value is . We all know which set of people are just allowed to bribe their way through but I don't think it should tarnish the cert entirely. Especially now that it has been changed to just the lab as a response to the rampant cheating.
Going for either IE is just a goal of mine, keeps me motivated. I can say that my studies have helped immensely in my day to day. There is more to than just memorizing CLI

As far as value, googling has lowered the bar across the board. To be fair, the minimum barrier of entry has sky rocketed over the past few years as the amount you need to know is ever growing. Googling is always going to be part of the job. But in many scenarios, a NA vs IE googling for an issue and resolving it the same, the NA may have found the fix but the IE may have a better understanding on WHY that was the fix.

I have worked with too many "experience is all that matters" people and its worse than the IE cheaters. In reality its going to be a mix of both studies and experience, not one or the other

What does IE even stand for

Internetwork Expert

Infra Engineer/Internetworx Exp

the barrier of entry to networking has always sucked ass

the dirty details are easier to learn now but its still difficult to get your first few jobs

why devs non-networking people think networking is still magic

the worst is when a company makes a "cloud" team and forgets that networking is still relevant in the cloud. or they hire a "cloud network engineer" who is not embedded in the actual network team

@plain siren this is why we have prefix lists on everyyyyyy thing

cant be trusted.

I betcha corp outages from cloud changes are common too 😄

idk if this is the right place to ask but, does anyone know how to access host machien from inside a vmware instance via tcp/ip?

used to be part of cloud team but i wouldn't say I'm good in networking.
pretty much we have to follow a "convention" of networks or escalate to the actual networking people

@unborn sluice my company attempted to fork our entire network team for the cloud. Tools, Automation, DNS, etc

we saw the job posting and were like WTF

they never asked us

so you were the cloud team even before you knew it

not sure what the end result was. I think the jobs got squashed but not sure what they're doing

that's a relief though, maybe they came back to their senses

One and done is fine. You have real experience too. But EIGHT CCIEs?

8 is too many. There gets a point where its more detrimental to keep pursing different certs. 1-2 is the most I can see having any value

All these companies struggling to hire remote neteng
General Dynamics: We need neteng, 100% travel, must have secret clearance already

good luck, bro

@unborn sluice im laughing cause Meta has been trying to hire multiple neteng for months now and clearly not working

damn i didn't realize those kinds of things were available for that price... how has the experience been other than bad luck with that screw

I've been thinking about getting one of the 1L business USFF machines, they seem to run $300-400ish for an older gen 14nm i5 but ... that's only with one gigabit NIC

if that is really 4 2.5G nics that's kinda insane for the price

guys, is it possible for me at home to set in the router avoid a certain network? My friend keeps having packet loss when playing rocket league and we identified the router that's causing it with traceroute, it's some random german network and not something in his LAN

No

that's sad

what is the newest cat cable for ethernet

no need for newest, all you really need is cat6

once you go up the higher numbers the standards become blurry

whats the highest

i running a nas

like basically most cat7 cables on amazon are not actually cat7 spec

what do you need

fast as

useless answer

need for nas and fivem server

what network interfaces does your NAS have, network devices, computer

I assume it's only gigabit

and then cat 6 is what you need

2.5

everything between NAS and PC is 2.5 ?

so cat 7

2.5gb interfaces on NAS, Router, AND PC?

nope

highest speed is based on the whatever the lowest speed connection is

ok

heck, 2.5Base-T can apparently work on 5e

but you really don't need anything better than 6a

CAT6A will go up to 10gbit. CAT7/8, if I recall correctly, aren’t officially certified and more of either a marketing gimmick or companies pushing non-standardized cables that MAY do what they advertise, and might not work the way you expect it to.

Cat7 is an ISO standard but not TIA/EIA which isn't too big of a deal BUT Cat7 spec calls for TERA connectors which are not compatible with 8p8c connectors. Cat8.1 and 8.2 are TIA/EIA and ISO standards allow 25GbE and 40GbE respectively with 8p8c or TERA connectors but there isn't anything on the market that does 25GbE+ over copper RJ45 cables and it's limited at those speeds to like 20m or something

highest i'd recommend is 6A, otherwise use Fiber

^ Exactly

ok

If you really want to futureproof run smurf tube to all the ethernet locations and pull the 6A inside of it

Is this the place I can ask questions about servers or?

so the fastest interconnect is 10Gbe

and the cheapest interconnect is short copper (1m) with integrated SFP's

it may be worth doing 2.5 or 10Gbe to a switch if you have several user stations on 2.5 or 1Gbe

@forest furnace ^^

since making this change, the report of PCs not reporting to our inventory appliance dropped from 46 to 7. So disabling wake on Lan when in 802.1x environment works! bad news is I can't remotely wake the PC at anytime I want lol.

That's okay tho, since all the systems are set to auto wake at 5am and will be on for whole work day for tasks and stuff

and ty @waxen scroll for the Cisco article. I shared it with my net admin so he could understand the issue and try to bring it up to the ppl who can make switch changes. it's sad they don't let him use the commit or save commands

Sweet.

These supposed to be accessible on my network? I need to access port 9512 but it doesn't seem to be detected as open on this Windows 11 desktop, my phone port scanner only sees port 5357

5357 is repeated here also, not the 9512 that I need

is there something listening on 9512?

Yeah, app on my phone worked fine when I was on Windows 10.

The app thinks it should be accessible.

well there's nothing listening on 9512 from netstat

nevermind

there is, my bad

0.0.0.0:9512 should be reachable on network? Or does it need to be [::]:9512 also?

[::]:9512 is ipv6 synatx

ok

doesn't show the port but this is it here in Firewall allowed apps,

U G H

Cloud Engineering as a whole is based on Networking

Its not just Terraform and Done

You are still working with the core Network Appliance elements but in a very easy to manage fashion and the fact that its so easy makes it so overlookable

I just found something called simplewall as an addition to Windows Firewall, gives me notifications on connections but it's not telling me anything is trying to get to 9512 when I try to connect to it. :/

bet

Can I have multiple bridges to the internet on one network?

A main modem and router, then another 'router' acting as a switch and a bridge

A switch is basically a bridge...

Both on layer 2

So I just did a wireless point to point from my network to my neibers network (more or less both basic small home networks) and forgot that both routers will be on 192.168.1.1 because I am dumb.

I thought that because the RB2011 I was using for the wireless station pseudobridge didnt have DHCP I would be good.

Fun part was, it somehow worked even with both on. We could each unplug our routers and fail over to the other one.

Both being on the same ISP and same power means it does not matter, but still. kinda cool.

I couldn't really find a better place to ask my question, so I'll ask it here. Recently I started using Mullvad VPN, but I also host a minecraft server.

I thought I could just force the server to use my real IP, by adding java.exe to the exceptions in the Split tunneling list. But that's not the case, it will display that the server is online, but when people attempt to connect it will throw an error. "Failed to connect to authentication servers". When I disable online_mode in the server.properties file, people can connect without problems. When people are connected, and I enable my VPN with java.exe in the exceptions, people can still play, but no one would be able to join.

But I use a whitelist on my server, to prevent server finding bots from griefing our server. So I have to use online_mode.

Now I was wondering, what could I do to fix this problem. Could I just add some more files that minecraft uses to make these authserver requests? If so, which files would they use? Or how could I run the server through my VPN without the external IP changing for my friends? Any help would be greatly appreciated.

Don't use a VPN on the mc server ..

I just host the mc server from my personal rig, since it's just for friends. But yes that is probably the best solution, just getting a small dedicated pc to host my mc server. Although I don't wanna spend money on that rn :p

I mean, there is always a risk hosting servers from your own rig. Take log4j as an example, there could be other vulnerabilities you simply don't know about yet that could be exploited to gain RCE on your local machine.

If that occurs, and it's on your personal rig - they've got the holy grail of data and can just run a script to scrape everything they can and leave just like that. Since you've got a port open and a service running on it too, it means it's not much effort for them to exfiltrate it and start a reverse shell straight from the internet either.

I'm not trying to scare you, I'm just saying there are risks involved so be aware. Personally, depending on how much resources you need, you can host your server for free somewhere else.

Oracle Cloud, Amazon Cloud, and Microsoft Azure will all offer you at least a year of free computing power. It will be fairly limited specs, but it will work.

Alternatively, I'd grab a solution like https://www.zerotier.com/ which is pretty modern and easy to use, and relatively secure - and it will allow you to set up a logical LAN with your peers, and you can avoid being advertised directly on the public internet.

Thank you very much, I'll look into it :)

This is why everything I host is on its own subnet firewalled off from rest of network

If I could I would use a seperate global v4 IP for it

how did you go about doing that and how much did it cost you

i need to find a decent cheap router to vlan my server off from the rest off my network but i dont need wifi on the router 😦

With an actual router it's not hard at all. It helps to also have a switch with vlan support but it's not 100% needed

I have an Er-X

And some managed dlink switch

Then you just setup firewall rules between subnets

What I do is allow new connections from lan to servers, but not vice versa

i was gonna get one of them but someone said it was old and not supported or something anymore

I mean yeah, a lot of things are not available in gui, and it's a bit older

Hw acceleration with v6 is broken, but I think that's an actual hardware issue, nothing that can be fixed

everywhere is sold out on them they must be more rare than the pi4 just now

Yeah, I mean a miktotik HEX will also work great, if not more powerful

The CLI imo kinda sucks too

no gui?

But its not as user friendly I would say and has a few quirks for home use

not epic at all

There is

oh

what about this funny little fella my server has sfp 🤔

Hex S has sfp

I have one, right now not in use

is ubiquiti not more friendly?

For basics the gui is much more beginner friendly

But once you want to do anything super advanced you have to use CLI

Like firewall can be done all in gui

But 99% of anything ipv6 is cli only

lets say my mesh wifi supports vlan for the guest network would that allow me to seperate it or is there some thing missing in that

like you can set a VLAN ID for the guest network

I mean yeah you can do vlans

Policy based routing

Alot

Vrfs

OSPF, BGP, etc

i have a dodgy chinese camera i dont want talking out the way i just want to view the footage on a phone on the same network so how ive done it with my tp link mesh wifi is put it on the guest network and basically set it as a child with 0 hours of internet access with the parental controls lmao

Oh lol, yeah with an actual router/firewall you can like make a seperate interface and just not allow internet access via routing rules, firewall rules, etc.

Multiple ways to solve a problem

would this thing do the job?

tp link for you

Perhaps, but I don't think it has as much configuration

Like with mtik, all their routers from smallest to largest run the same powerful OS

http://demo.mt.lv

oh i see

Has some quirks that imo are just not the best for home use. Features that are in other home routers, but require scripting on mtik

should i avoid buying a used router on ebay?

depends on the brand

I mean I would. Not like some basic consumer router tho

buying new ubiquity or mikrotik for home use is the way to go tho

Was actually looking at older juniper ones for learning

i cant find new ubiquti on any website its all sold out

I would buy used tbh. Many people upgrade and want to get rid of it.

i have seen cisco nexus switches a few times used they huge

tho who is gonna buy that used

That's like big business

They don't buy used

yeah and 2 of them are for sale at a refubrisher i do internethip at

like no one buys that as no one needs that

You definitely need a N9K-C9332D-GX2B 😄

Big business doesn't buy used but a lot of SMB will buy used stuff for sure

Yeah

and it makes sense, if you can get used enterprise stuff as a small business it can be cheaper than new SMB targeted stuff and if you don't care about support it can be really cheap as is or for parts for EoL stuff

If there's still lead time on ordering network equipment, it might be the only option if you're desperate.

Depends on what you want, I've seen anywhere from a few weeks to a year+
But yes, if you need something in a pinch definitely used or refreshed is the way to go if you have no other options

Yeah me too. I just use AWS now, but a specific firewalled subnet for any publicly hosted services is an absolute must.

Is there a reason my desktop won't connect to my mobile hotspot?

It's running Windows 11 atm, was connected to WiFi like 2 weeks ago but we don't have WiFi anymore.

I've tried everything, disabling network firewalls changing the band its connecting to and still nothing. Any help would be greatly appreciated.

What's the error

It says "no internet, secured" after connecting

@unborn sluice

Could just be a bad connection

my pc says that when connected to my hotspot but it works

but you tried to access the internet?

Yea I have tried and it can't access the internet. The connection is full bars on both my phone and when it pops up on the WiFi sconne tuon selector on the pc @meager ginkgo @unborn sluice

Added some RGB to my cabinet

Moar RGB!!

Android or iPhone?

Android

Hmm okay, maybe try taking sim out and putting it back in?

I added RGBWW to my stairs, my kitchen cabinets (under and over), and my TV furniture. All automatically controlled based on time and/or light level.

Hey there! So I have a 10Mbps Up/Down internet connection (probably DSL) which works great and I get the speed that I pay for. However if I do a speedtest the speeds I get are about 80-90Mbps. So I wanna know why is it like this and if I can get that higher downloading speed now that I know that my connection can actually deliver that extra bandwidth. While using torrent I get the extra speed but not on normal downloading.

PS- I'm not a networking expert or something but it's always good to have more speed without actually paying for

if you're getting faster speeds than you pay for, it will apply to everything on your connection, unless your ISP is doing something really shady

the only other reason regular downloads wouldn't be that fast is if the server is throttling download speeds for individual clients, which is the reason for torrenting anyway

It is possible to rig speedtests for sure. I have seen it with an friend's ISP, speedtest was giving more speed than promised, real subscribed speed was way lesser, and actual real world speed was near the subscribed speed

yeah exactly...Also i forgot to mention that I get that high speeds on google play store, youtube and drive too but not on chrome downloads

try another browser?

Speed tests on internet are about the most useless thing. They can only test to locations setup as receptors, which you notice are never the site you individually want to measure.
Learn how to read the network tab of your browsers debug (F12) menu

well yeah speed test servers are conveniently placed as close to the user as possible

I wouldn't call it useless tho

Can verify max throughput of a connection

Max throughput of your ISP, not the internet.

well yeah...

you can't speedtest an individual connection between routers

unless you are the operator of said routers

The internet being interconnected tubes of different sizes and densities makes speed tests just a tool to help people spend money on bandwidth they don't need.

yes and no

anything like google, netflix, etc. utliize CDNs so you have fast downloads/uploads

lowers backbone bandwidth as well

you can except full download and upload to these CDNs and close POPs or whatever the name is

I tried edge but it was worse 💀

hmm, was wondering if it was some browser setting

ofc something on the other side of the atlantic won't have the full bandwidth that's on your plan

or something with poor peering and/or transit

For the average consumer, speed tests are not a troubleshooting tool is what I am saying.

ehh, they can be

much better than looking at ping

That's like remeasuring the size of your water main rather than trying to figure out where the blockage is inside the pipe.

@royal crane where are you downloading from on chrome?

well depends on the exact issue as well

for some things, yes they don't help

wdym?

uhh...i just tried to download some anime to test

from what server

try google drive

like revolver said, connection to one server isn' the same to all

yeah...google drive works great...like 6-7 MBps

yeah maybe

hallo Does anyone know anything about fibre SFP+??

a few here do

Anyone know exactly what it is Apple is looking for here?

Can’t find much useful info on it anywhere apart from confused forum posts. It’s not the use-application-dns.net canary domain, since that resolves fine. And there’s no Pi-Hole or similar on this network. Just bare standard Unbound, configured as a recursive resolver and without any fancy options.

Is there a question with this ?

It's probably not responding to encrypted queries from Unbound so Apple is just warning you I think

I guess that would make sense. The “blocking” wording is a bit of a poor choice in that case though.

Definitely poor choice of words but I guess it's easier to have one message than conditional statements to determine things, lol

let me sing you the song of python determining vlans to add in ACI

VLANs go brrrrrr and the config goes wrrrrrrrrr?

Simple messages are easier and I guess how would you really tell if it's just not responding or setup to respond vs blocking them outright

Very true.

Another bit that’s odd is this though, in the page where DNS servers can be configured. I definitely don’t have iCloud+ or Private Relay 🤔

I suppose. If I was writing it, then I’d probably go for a more “may be blocking” wording in that case if there’s uncertainty.

Yah but that's "confusing" 😄

🎶 In my iLife. In my iWorld. On my iPhone, with my iGirl.

this is going to take a while I am dyslexic I use a voice to text

@clear igloo I got friends who complain that my chat bubble is green or whatever it is. I'm like, I dont know why you're complaining about ME, I have the better phone.

lol, who cares about a chat bubble that much?

on iphone it means no rich text

poor text is fine

Personally I think pixel software is vastly superior over iphone

the GUI is perfect. I dislike the iphone gui

I like Pixels but the Android 12 layout is too simple I guess would be the word on them

So I stick with Samsung

I only get iphones if work is supplying cause they're a second phone and I need it tiny

carrying two big phones is meh

Sure, take time, and feel free to write jibberish, im fluent in that...

Some say @lone tide is still waiting

Even in his sleep he waits!

legends say jjc waiting for the question after a year still

"The specified port(s) are being used by other configurations.Please check your configurations of USB Readyshare, Remote Management, Port Forwarding, Port Triggering, UPnP Port Mapping table, RIP, and Internet connection type."
Port: 1723
Router: Netgear C7800

Anyone know why it won't forward? No existing port number on the router.

Best guess is you need to log in to it and enable port forwarding.

what specs do I check for to see if the router has VOIP and is re-configurable? I'm looking to get a BYO router for my new internet plan (AUS)

Already is enabled and I am logged into the router. That was the error I got when trying to forward the port via the online protal.

If the router is already running its own vpn internally on that port. then you may have to disable that service to use the port for other purposes.

Can't find anything that is running that port. When I listen for the port it doesn't show, and also doesn't show that the port is open at all via an online checker and command prompt. The router doesn't seem to support running it's own VPN.

https://kb.netgear.com/966/Troubleshooting-VPN-passthrough-for-home-routers

Netgear seems to know that it has some issues in that respect.

I read through that guide with no resolution sadly

No it seems to offer nothing, but at least admits that they face issues with that sort of thing.

Router DHCP

Could that be the culprit? Cause I didn't see that netgear genie software link in that article.

DHCP should have no link to port forwarding. but its netgear.. so who knows..

😂

Twas not the culprit

What does this look like when you try to set it up ?

There is the option to export your configuration and read the text files it makes.. that way you may be able to see who currently uses the port or is causing you trouble..

[LAN access from remote] from 107.115.242.177:58523 to 192.168.0.30:1723, Mon, Feb 21, 2022 08:27:51
[LAN access from remote] from 107.115.242.177:58523 to 192.168.0.30:1723, Mon, Feb 21, 2022 08:27:42
[LAN access from remote] from 107.115.242.177:58523 to 192.168.0.30:1723, Mon, Feb 21, 2022 08:27:38
[LAN access from remote] from 107.115.242.177:58523 to 192.168.0.30:1723, Mon, Feb 21, 2022 08:27:36

Found that in my logs tab

is anything in that service area ?

Not that I can see in the attached devices

so something is using a vpn in there..

Can't think of what, and also there is no 0.30 connected

several of those are configured to talk to .30 ?

yeah which doesnt make sense

ping -a ipaddress

.30 or the other one

.30

.32 is my pc

The other address is maybe somewhere in dallas..

Might've been me trying to connect through the hotspot on my phone from my laptop

But why would it direct itself to .30?

maybe 🙂 but even so.. if you dont have .30.. try and remove the rules 🙂

where would I remove the rules at?

you have the option to delete the services in the settings

og.. and if you have UPNP enabled on the router, then you may not even need to make the rules for vpn passtrough.. depending on the vpn server you are running..

It's a tunneling VPN

The service in windows or in the router?

yes. but first negotiation opens the proper ports

UPnP is disabled

in the router.. you have 3 services tied to .30 .. if you dont have .30. then you should probably remove them instead of having holes in your firewall.

try and enable that and see if it fixes the auto porting.

I changed them over to .49, my server used to be .30

It doesn't, I enabled it then disabled it

do you have an isp router in front blocking you ?

still just wierd that it does not let you register that rule..

i like the idea of going pfSense and making the netgear into an ap 😛

Wait I got it working

I'm connected to it

great 🙂

do you know what made it work ?

Now I need to figure out how to allow it to see the network drives I've allocated

what vpn server ?

I think it was specifying the type of connection in windows on the pc that was connecting

yaay.... windows..

I'm connected to my router via server pc through a vpn. I need to access the drives on my gaming rig and the server via network discovery which I have setup.

but what is the vpn server then ?

there are so many one may deploy these days

What do you mean?

The vpn you are using. what is it called ?

I'm using the built in connection creator in windows on my server pc

oh..

The sole purpose of this is to connect to my home network and see network drives so I can edit and do whatever with the files

Without having a remote desktop

ah .. yes.. never used that.. ususally run a linux box/Vm with a vpn server on..

Ah

dont much care for windows implementations of these things..

https://openvpn.net/access-server/

as long as i dont need more than two connections.. this is the reeeeeal easy thing to throw into a linux box..

https://openvpn.net/vpn-server-resources/deploying-the-access-server-appliance-on-vmware-esxi/

I have to use windows

there are even OVA files for esxi to just boot up..

https://openvpn.net/community-downloads/
There is an openvpn version for windows.. buuut its not as smooth to play with as the access one ..

It seems you have to enable it in the users in your active directory area.. under the dial in..
in there you can allow network access to the user logging in.

and you seem to have to open the routing and remote access settings as well..

where is that?

This one?

Nope

Those are share permissons 🙂

Where is the active directory?

good question.. i only ever did this on windows server.. and i am now in win11 here.

I'm using windows server'

https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/set-up-routing-remote-access-intranet

Click Start, point to Administrative Tools, and then click Routing and Remote Access.

Click Start, point to All Programs, point to Administrative Tools, and then click Active Directory Users and Computers.

I dont have either one of those

The command is dsa.msc

cannot be found

rrasmgmt.msc

you should be able to open those from the cammand promt?

its saying that those programs dont exist

did you enable them in the computer management thing that comes up when you boot ?

ohhh wait.. what windows server version ?

2022

in powershell you may need to write " mcc rrasmgmt.msc" to get them up then

in the server manager it under tools in the upper right and then >> routing and remote access

maybe you did not install the service in the ServerManger ?

you have to add the role for remote access I guess to find it.

i am installing it now

I didnt realize till now

im so tired that im not even paying attention to details lmao

me neither.. its their new way of "slimming" down the os for deployment..

dont care much for it..

me neither

Its nearly midday in Denmark so no reason to be tired here 😛

its 3:40am and i woke up buzzed around 8am

i need to disable ics?

Im stuck in a room due to corona.. so the only thing im tired of is the chair im in..

lol

at least you're not dying from it like i did when i had it

Not sure about the ics

Nope, I cant even register the effects..

danish government was kind enough to stab me three times to make that happen..-

from what i see you may need ics

the routing and remote access is saying i need to disable it

then you might as well..

that thing takes over the subnet routing anyway

idk how to

google isnt being very clear

is it enabled for one of your adapters currently

?

i got it

it was that

What do you have in this env that you need to access so dirrectly ?

an external drive thats hooked to my gaming rig

#NasIT

what

use a nas 🙂

https://www.windowscentral.com/how-build-raspberry-pi-powered-nas

but then of cause you would not have the option to learn about the wonders of the windows routing thing 😛

It's not giving the client internet or network access

?

what its suppost to do is enable SMB over the vpn right ?

idk

its connected via pptp and its not giving it netowrk or internet access, but it's connect to the vpn and is showing up as its connected

can you ping the pc with the files ?

no

Then it aint routed correct yet.

what does the routing settings thing look like now ?

what should i screenshot

is that what you are trying to do ?

not exactly but close

Click Start, point to Administrative Tools, and then click Routing and Remote Access.

that thing 🙂

is that closer ?

Yep

But I can access the server's drive as well to manipulate files

whats under the vpn configuration top left ?

why open it 🙂

its nice that never change no matter how many fancy things they stick in the front 😛

need you to unfold that ..

is there really no way to share screen in this thing .,

if we were in a vc

Anyone here good with mikrotik routers? I'm just trying to get a simple setup but after following this guide https://netwerkje.com/config-internet (it's in dutch sorry) my router itself has internet(can ping any ip/hostname) but my pc does not. Also can't ping my pc from the router but I'm connected using IP over winbox.

At one point it even worked but only for a few minutes

Apparently I can ping 8.8.8.8

But it can't resolve hostnames

Set dns manually on my pc and it works now, any reason why dns on my mikrotik wouldn't work?

What's the dns setting on dhcp

thanks, that's all that needs to be said 😅

Question about firewall rules on unifi:
If I have vlans 1,2, 3 and 4 and I want to allow 2 and 3 to talk to 1, but not eachother, I could set those rules BUT
Does the traffic have to pass through the UDM Pro?
I have a udm pro, and 2 switches. Each switch is plugged into the UDM pro. If the traffic is going from device -> USW -> device and not passing through the UDM, do the firewall rules take effect?

then vlan 4 would be for the unifi protect cameras, and have no access to anything, in theory the udm pro could still record events etc from it?

If switches are just pure switchs, not l3 switches, all intervlan traffic has to pass through router

Because think of it this way, technically vlans are just seperate lans and subnets. Anything going between subnets needs to go through router

will it automatically route it for me?
If so, and I have a 1gbps trunk does this mean intervlan traffic would be limited to 500mbps?

Like between vlans? Something like the UDM I think it does automatically

Why would a gigabit link be limited to 500mbps?

It's full duplex, gigabit in both directions

2 1gbps links being routed through 1 gbps link to the router, then back

ok so limited to 1gbps then
For example
Device 1 routes to device 2 at 1gbps. if just the switch, leaves device 3 and 4 to also route at 1gbps
If it has to route all this traffic through 1 trunk port

now 1,2,3 and 4 need to share 1 gbps link to the router effectively destroying the switching capacity of the switch. What i'm gathering from this so far.... is don't do intervlan routing except for some management stuff of UI's or something

I've ran https://github.com/dev-sec/ansible-collection-hardening/tree/master/roles/os_hardening on my Ubuntu 20.04 server, but now I cannot access any of the web services running on the machine (both locally and remote). Does anyone have any suggestions to what in this Ansible role might have caused this?

root@ip-10-0-0-193:/usr/local/openvpn_as# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      404/systemd-resolve 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      653/sshd: /usr/sbin 
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      827/openvpn-openssl 
udp        0      0 0.0.0.0:1194            0.0.0.0:*                           838/openvpn-openssl 
udp        0      0 127.0.0.53:53           0.0.0.0:*                           404/systemd-resolve 
udp        0      0 10.0.0.193:68           0.0.0.0:*                           402/systemd-network

root@ip-10-0-0-193:/usr/local/openvpn_as# curl -kLv https://localhost:443
*   Trying 127.0.0.1:443...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:443 
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:443

From remote machine:

curl -kLv https://<<PUBLIC_IP>>                   
*   Trying <<PUBLIC_IP>>:443...
* TCP_NODELAY set
* connect to <<PUBLIC_IP>> port 443 failed: Connection timed out
* Failed to connect to <<PUBLIC_IP>> port 443: Connection timed out
* Closing connection 0
curl: (28) Failed to connect to <<PUBLIC_IP>> port 443: Connection timed out

Things I have checked:

• UFW is disabled

looks like its because openvpn stole port 443 from your httpd and your httpd is not running due to it

What does it mean when plugging in an ethernet cable causes wifi to disconnect 🤔

It means the WiFi disconnects when you plug your ethernet cable

big brains only

Work is pitching a 48 port PoE switch (a Netgear GS752TPSb). So that's going with me. That's going to be fun to play with

ew netgear

It was free, and has 48 PoE ports. I'm not complaining

holy shit

i'd rather die than use netgear managed again

interesting

I haven't had any issues, but understand where you're coming from

it truly is a horrible experience

my unit hard locks after x amount of days into the year

The web interface, even in http mode, is slower than a raspberry pi webgui

model in question is the gs108T

💀 at least yours has a web interface

some of them only have the adobe air desktop app

both are horrible

i do like a good web ui

but I want cli for bulk configuration

unless your web ui allows for bulk updates

The bulk updates are really slow, but yeah, its nice to have both as options

I was deciding on trendnet switch over one from fs.com but went with trendnet bc of 1 day delivery

its alright and miles better than netgear one.

Im pretty sure the fs.com switch would of been just as good. it has full cli support too

This model from trendnet: https://www.amazon.com/dp/B0985B6S4S

Needed one that had management vlan support and poe+ with enough power budget

Any suggestions for a fairly cheap router or is it really better to try and make own out of an old pc with an i7 4th gen

I'm planning a PfSense VM on my Unraid box and want to re-use as much equipment as I can to save cost.
I want to set up my current router as a WAP for laptops, phones etc, but I want to also set up an old router as a second WAP for IOT devices to keep them away from my server and WAN etc.
The catch is that I want my HomeAssistant VM to be able to talk to the IOT network, and my assumption is that I should do this with VLANs.
My old router I want to use for the IOT network doesn't support VLANs.
Do I need to use VLANs for this, or can the same be achieved with firewall rules?

@silver tapir sorta apples and oranges in terms of what you want: VLAN will just allow you to keep ethernet traffic segregated (like separate physical switches would) and routers/firewalls will let you control what traffic can reach which servers/devices

Ahh, so hypothetically if I had many ethernet (not wifi) devices that I wanted to segregate with firewall rules, I'd VLAN the switch ports separately so they looked like separate networks with separate IP ranges.
In my instance I have separate switching devices, so it's easy to segregate my IP ranges. separate my devices that are in different IP ranges using firewall rules

Have I got that more or less right?

Basically yes

So how should I let specifically my HA VM have access to the IOT subnet and vice versa?

I could probably assign a dedicated ethernet port to the VM and connect it to the IOT AP

Would that be a simplest solution, even if it's a bit ugly?

That would be the simplest solution I think.