I actually found out about this video while browsing on eBay for Ubiquiti gear! I am subscribed to you, but it seems youtube hasn't been suggesting your videos to me for a while, as I hadn't seen your videos in a bit. Was really nice to be reminded of your channel and come back to see your channel not only surviving, but also thriving!
BTW. If you were wanting to keep the UDM, you can turn off the firewall and NAT features and just static the device to something and then plug in the LAN into your unifi switch. But then again, the CloudKeyGen2 is probably a better idea long term
I recently moved to OPNsense on a small fanless server (i3 N305, quad 2.5 gbit nic) but instead of installing it bare metal Proxmox is running on the hardware and OPNsense is a virtual machine (NICs passed through as pci devices) I'm not using UniFi but TPLink Omada which is very similar (ok extremely similar) and also need a controller. Instead of a controller appliance I'm running a container on the proxmox server that hosts the controller. The server has far more cpu and memory and bandwith than is needed for OPnsense anyway.
Cameron! I've finally found a solution! You can keep your talking/speaking speed, the x0.75 settings is just perfect for me and now you sound like these guys from BBC. Perfect!
I've unplugged my Unifi switch, cloudkey, and wifi recently. I didn't like the interface. I replaced the switch with a cheap Mikrotik which handles my VLANs just fine, but I need a better one to handle POE+ out. I'm just using a WiFi hotspot until then. I've been pfSense for years, I don't want to learn anything weird like Unifi or MikroTik router/firewall admin. My pfSense LAN's are all IPv6.
I always end up with hybrid networks that are not necessarily easy to manage but hey... it works great. My router is pfsense, my AP is Unify, my switches are netgear managed switches... not the most integrated thing in the world but it does what I want.
Pretty well spot-on with "Maturity" statement. UBNT's biggest issue is trying to too fancy. The fork of UniFi Vs. Edge is a PITA but then when UniFi keeps changing, adding more bugs than fixing. The UDM-Pro were a rip-off that should have had a lot more including dual HDD's, PoE on the 8 front ports with a 10GbE bridge for the front switch ports and of course, A LOT MORE CPU AND RAM. Very underpowered.
I don't have any sort of UPS - power issues are pretty rare around here and I don't have anything that's super sensitive to power loss. Both racks are just fed from surge protected PDUs. I had a UPS many years ago however the batteries failed, got extremely hot and started producing gas. While this can generally mitigated with regular maintenance, I don't feel it's really worth the risk and additional maintenance/costs for my particular setup.
@@camerongray1515 I see, glad that you have a stable power connection. Last time my SD card on my RPi stopped working after a power outage. While the power outage is massive, but there is only 1 to two power outage every 2 to 3 years. But if you have Routers / servers or nas it’s better to have UPS, because sometimes the power will went out for 1 to 3 seconds thus causing the access point and router restart.
I was looking for this kind of stuff but got unifi everywhere. I am searching for better, open and flexible options for my home. Glad I stumbled across your channel. Will follow this series. Can I request you to create a playlist for this?
I used a Brother PT-E550W label printer - video coming soon on that one! It has desktop software that can print graphics so I used that and printed on to 24mm white on black tape. There's also a slightly tricky to find option to print at a slower, higher resolution so needed to use that too. I love how it turned out!
Keep meaning to look at opnsense myself, switch between firewalls too, Sophos XG, pfsense these days. Used to use Untangle, but they're stagnent these days with the Untangle. I've got a 24 port Cisco CBS switch that I replaced a unifi with due to Unifi's awful RMA process. I miss the dashboard etc. but it's so much more when you use the CLI. Such a shame Cisco CBD is poor, they had a prime opportunity to smash Unifi. I have Sophos XG 135 and XG210 units
I find sometimes Unifi, as great as it is, has restrictions that you don't get on things like OPNSense. The Central Management of Unifi is great for sure, and it is not difficult to setup. However, for more complex situations, Unifi does have some restrictions. Sometimes you do just need to look further. I had a failed battery in the CloudKey 2 and Ubiquiti replaced it under RMA with no questions, even though it was well out of normal warranty. The battery is no longer needed and the new Cloudkey 2 Plus devices do not have batteries. The database corruption issue is long resolved.
I swap out stuff all the time :P I had a VyOS VM one time, EdgeRouter X, Juniper SRX210, SRX300, then Fortinet Fortigate 60E, pfSense/OPNsense sprinkled in, and now VyOS on a Supermicro server
That's my plan for this setup, UniFi was great but with this setup I can easily swap out different parts and try out new things. I always make a conscious effort to try out different technologies and learn new things rather than becoming siloed into a single set of technologies that I never venture outside of.
Well said mate, I see these instagram "network engineers" all the time. They know some unifi products and plug them in and thats it. Have zero clue on how things actually work
Has someone experienced problem with the aps broadcasting more than one ssid? If I have 2 ssid broadcasting from one ap, eventually one of the ssid stops broadcasting. I have a cloud key gen 2 and I don't see anything weird... the solution I come to is removing the ap from the network and then adding again the ap, when i do that the ap works but I don't understand why this is happening, have somebody experienced something like this?
I'm not sure if I mis-heard this, but did you say here that you use your mobile phone as a backup internet connection for your house ? If so, how? I have a 4G router, but it would be far better to use my phone as a hotspot for the house.. great vids by the way..
I made a video about it here: th-cam.com/video/hSk2VLt_T5c/w-d-xo.html. Essentially all I have is a cheap access point configured as a station to connect to my phone's hotspot connected to my router's secondary WAN interface. If my primary connection goes down, all I need to do is turn on my phone's hotspot which the AP will connect to and provide a connection to the router which is configured to fail over to it. Works really well!
It was the best thing you could do. UniFis firewall is a joke. You have no control. But i think you should keep the switches and so on.
ปีที่แล้ว
At this moment i'm interest on the omada solutions... but I don't know really well at this moment... I also need to create a new home network in a home without, at the moment, internet... so I'm searching a managable not too much money system for wifi, would like vlan, capable of minimum 2.5gb down/1gbit up internet and routing... so right now i'm in search mode
Because I referred to it as a router? Realistically it's both a router and firewall (and NAT gateway, DHCP server, DNS resolver... the list goes on) - most people will happily use the terms interchangeably - in this situation it is being used both as a firewall and performing routing functions.
@@camerongray1515 I see a lot of people mix up routers and firewall, even see people call routers modems. Firewalls are more powerful at filtering, and is restricted by default, until you allow things. While routers allow by default untill you deny thing. Routers are not good firewalls, and firewalls are not good for advanced routing. Simply a matter what the device is optimized for.
@kjakobsen I get the frustration with people getting mixed up with terminology - try living in the UK where many ISPs have started referring to their supplied all in one modem router type devices as "hubs" however ultimately it's just terminology and as long as the other person knows what you mean, it doesn't really matter! Likewise, if I ask someone for their WiFi password and they say "it's on the back of the modem" I'm not going to go all "Well, actually it's not a modem, it's a firewall, router, switch and access point combined into a single device connected to your fibre ONT" Sure, back in the day when you would explicitly buy separate routers and firewalls.etc the distinction was a bit clearer - if you wanted a router you'd buy something like a Cisco ISR, if you wanted a firewall you'd buy something like a Cisco ASA. However, nowadays with x86 boxes it's just a server running a UNIX-like OS with a mix of routing and firewalling software. Sure, OPNsense comes pre-configured with more of a firewall focus, but it still includes standard static routing functionality from FreeBSD and can easily be configured with packages to support all manners of dynamic routing, you could even disable the firewall if desired. Likewise an OS like VyOS comes out of the box configured more as a "router" however it also supports a pretty powerful netfilter based firewall. In my case here, is "firewall" potentially a more accurate description of what the device is doing? Sure, maybe. Is it a big deal? Not really.
MikroTik devices are great and I use them myself, however they're a completely different product. When I first planned this project it was a tossup between this option, an RB5009 and a CCR2004. I decided to go with this option for now however I'm totally open to looking at MikroTik devices in the future. With a MikroTik router you are relying on their proprietary RouterOS operating system whereas with this you have the flexibility to run whichever OS you want. A MikroTik would be fair comparison against another embedded router type device such as an EdgeRouter, Cisco ISR.etc but an x86 device will almost always cost more for the same level of performance but has the benefit of complete software flexibility.
Unifi has become way too much like apple, the problem is, it's in the wrong sector to become like apple. I'd expect them soon to remove the settings section in the controller
Super interested in this video series and seeing your experiences. In my network i ended up rolling my own routers using Debian with nftables/frr/unbound and some Ansible to get it all running as I was starting to find all the pre-canned solutions being pretty limiting. I'm currently getting stuck into looking for new access points, as i own both a Unifi Access Point and a TP-Link access point and both of them have very specific differing problems i can't seem to solve, so I'm looking at options outside of those 2.
Put Proxmox on your machine, virtualize OPNsense and a Unifi controller ;) I run an Aliexpress machine with Intel N5105 and it runs all my Network related applications without skipping a beat including OPNsense and a Unifi controller for my Access Point.
I could do although I prefer keeping my router as simple as possible and run it bare metal. I already have a server that I run VMs on however since I already need to use the CloudKey for UniFi Protect, I may as well run the controller on it as well. In other places where all I use are UniFi APs, I do run the controller in a VM.
I get the desire to steer away from a single company having dominance over your entire lifestyle, but this does give me the whole feeling of a member of the Mac household getting an Android smartphone; total _chaos_ for everyone. 😆 I mean... you undeploy the UDM Pro... then you need to replace your NVR, Unifi controller, and firewall, all in one fell swoop. You can't just get rid of Unifi, cause you're already relying on it for the security cameras and access points. Which means you need to have a Unifi controller, hence the redeployment of the Cloudkey. At least in this case, the Cloudkey handily serves for _both_ Unifi controller and NVR. But if you _ever_ wanna ditch that... you'll need another NVR solution, not mention a whole new fleet of access points. I guess the best option _really_ is just not to get into the walled ecosystem in the first place; that being Apple or Unifi. 😔 Not saying it's a bad decision, I actually really respect and admire the desire to not get locked into an ecosystem. Just saying... it's also quite brave! Marching through the chaos of cascading replacement of interlocked proprietary solutions!
OPNsense is pretty great It has some things that PFsense doesn't have well it may now but when I switched 3 plus years ago. It was for two reasons better driver support for non-intel NICs . And also ZeroTier support.. The updates are all so much more frequent.
Props to you, Cameron, but personally I am incredibly reluctant to swap even a patch cable in my rack. So many things are just waiting to brick themselves lol.
Interesting project - would be good to see the setup screens next time to see all the different VLANs, etc. Thanks for explaining re the massive temporary switch, I'll confess I did wonder slightly 😂
Yeah, would have been better if I'd had time to record the screen and actually explain what I was doing but at that point it was probably around 1am and I was in "just get it working and go to bed" mode 😅
@@camerongray1515 haha fair call esp given you had work the next day - bet you were delighted when the cloud key dropped off and couldn't see any of the kit 😂😂😂
This series comes at the perfect time for me. Im moving house in a few weeks and ive been looking at my UDM Pro and thunking that this would be a good time to move away from it. I use pfsense professionally, but may take a look at opnsense instead. I got an utter bargain on a dlink 1520 poe switch, so assuming it turns up, i think ill go down that route for switching. 4 10 gig ports and 4 2.5 poe ports too. Ot the best brand but ultimately still overkill for home use.
For a client with =8GiB RAM. A second machine would provide you with some CARP fun and a spare UniFi controller ready to start just in case. I already found the UniFi infrastructure in place, except the controller was running, more or less, on a wind0w$ server VM... go figure ))). I must say that I like it a lot from a purely technical standpoint, mostly for its layer two and "almost layer three" features. Similar functionalities with enterprise products would be much, much harder to implement and maintain, and thus are often unavailable to small networks. Just don't ask UniFi for complex firewalling, routing and filtering... Layer 3 and above, in my humble opinion, are best left to specialized products such as pf/opnSense...
@camerongray1515 Have you considered running Proxmox Virtual Environment (PVE) on the 1U Atom and then virtualising OPN as a VM, and use a PVE LXC container for the UniFi controller?
I actually already have plans to deploy a Proxmox server soon and I'm sitting on the hardware waiting on getting around to making the video on it! However, it's not something I'd really want to run on my router, I'm probably a bit old-fashioned however I personally prefer to run my router bare metal on a dedicated machine and then have a separate VM host. In terms of the UniFi controller - if all I needed was the controller then I would definitely run it in a VM (and already do in other environments), however I currently use UniFi Protect as an NVR which needs to run on a Cloud Key, Dream Machine or UNVR. Based on my current plan, I'll have retired all my UniFi hardware before I get around to replacing the NVR so there isn't really a point in time where I'd need to run the UniFi controller without also running UniFi Protect.
Be interesting to see what switches you go for. If you want an out there idea the Brocade/Rukus ICX7250 is decent second hand full layer 3 switch. There is a good thread on STH about them. The spanning tree on them is a bit flaky and can cause you to have to work from 5 in the afternoon until 6 in the morning sometimes :P but i don't think that will be an issue for you. Its not possible on most things to configure the speed of a DAC, it just runs at what it runs at.
While it would involve rearranging your cabinet, you could move the pdu to the back ,would give you space for a 1u brushplate in front of it to help with cable management upfront
Very interesting and well put together. Assume next vid will be config in OPNSense, looking forward to it. What made you choose OPNSense over pfSense? OPN seems more updated, but pf has such a large community.
I just fancied a change, I use PFsense extensively elsewhere but those are all production systems, my home setup was the safest place to give OPNsense a go in a "production" environment but not where it would be a disaster if it caused problems.
unifi is lagging, 2.5G port should be standard now and it doesn't make sense to have 2.5G into unifi AP but only have 1G port on switch or router. Also unifi put super weak processor in their router, not able to handle 10GbE traffic.
LoL.... i also using OPNsense and *UniFi controller (on a Proxmox).... * you need unifi controller at the very least to keep the WIFI ROAMING function.... also i really missed the GATEWAY MONITOR/WAN SPEEDD MONITOR on USG/UDM/....
I’m running Unifi controller and Untangle as VMs inside Proxmox. Considering moving to either OPNsense or Unifi UDM Pro SE. Afraid the UDM would feel like a toy compared to OPNsense?
not everyone can afford a $700-900 router like that dont get me wrong id love to get that opn sense box but pretty sure id lose my wife if i spent that much on a router. Edit I stand corrected I thought this was official OPNsense hardware. which rackmount start at 700. Interesting tho link you provide doesnt have that OPNsense sticker on it on the right. and i like that dark color LOVE the design of the DEC4200 series but those guys start at $3500
Yeah, this isn't an official appliance - the logo on the right hand side is just a sticker that I printed myself on a Brother label printer. With these "Open Source Firewalls" you're completely fine to run it on your own hardware, even a cheap old desktop PC would work. The "official" appliances are there either for people who want to support the project or for businesses who want to buy a solution where they can receive complete hardware and software support from the same vendor.
My Cloud Key Gen 2 plus failed the other day. PoE failed but the USB-C worked (once I got a QC2/3 compatible charger). I ripped the battery out. There was talk of someone on a Unifi forum who accidently knocked a transistor off (I think ) and apparently the PoE started working again be interested to explore that route to restore PoE ;-).
Are you still using OPNsense? I have a few pfSense Plus licenses for a few of my datacenters but now looking for an alternative for a few newer datacenter deployments I'm rolling out.
I am, although I'm not sure I necessarily recommend it and having used it at home, I'm continuing to use PFSense elsewhere and I'll likely move my home router to PFSense or something completely different like VyOS in due course. OPNSense has some nice improvements in terms of UI over PFSense but I've found a few reliability/stability issues/bugs that put me off using it long term. In particular - the Unbound service seems to stop itself and need manually started after making configuration changes, bit of a nightmare if you don't realise! I also found pressing enter in the new interface box will instead trigger one of the "Delete Interface" buttons, not ideal if you don't read the confirmation message properly and accidentally delete an interface! OPNSense also has a much more frequent update schedule which some see as an advantage, however it often requires updates to be installed before installing new addons which can be annoying on a production router.
I use my UDMP for Protect and as a controller for my AP's. I use pfSense for a firewall and router. The UDMP still works with all the remote apps as I have the WAN port setup on a different subnet and vlan. It doesn't appear to know that it's behind pfSense. It's a simple and effective solution if you already own the UDMP.
"...and then I frbdhsbndlkjjnajkbasdfljkb here and also fbldlbrthfbsdlfnkjlndfsgkjbsd this way...." that's about what I can sometimes make out of the explanations :D:D But I love your videoooooos :D:D:D:D
I actually have a similar 1U firewall similar to your old one and it has a PCIE slot on it. I am actually tempted to buy a 10gbe card for it and some how make a nice cutting at the front for the ports... not sure how I'd achieve that though without it looking an absolute mess and annoying my OCD 😂
Just wondering if all units are wall mountable then you could use a radiator cover to hide all the networking equipment and make for a nice tidy room, unless you have server equipment.
Cameron, your affiliate link for AliExpress is giving me privacy errors on both Vivaldi and Brave. Clicking past the error results in a blank page on both browsers. Obviously I don't know if it's just me but maybe something you should take a look at. EDIT I am an idiot as ironically I run pfsense with pfBlocker installed. Your link was blocked in my router!
The links seem fine to me - AliExpress Affiliate links tend to trip up ad blockers as I suspect they operate on the same domain as some of their ad serving stuff.
Generally they are not liked because 10Gbps RJ45 SPF modules like to run really hot and can self destruct and burn at higher power-levels on longer runs or poorer quality cat6 cable. It's a lot of electronics to be shoved into a small space with no cooling. So fiber or DAC is preferred.
opnsense is the way - the only downside is you should have more 10g ports but that is sort of thing you will get around to - please followup and get a full time 24/7 pkt cap device going
I've already installed some new switching that has a bunch of 10GbE ports in various places, can't see me needing any more ports on the OPNsense box however. OPNsense seems nice and I do prefer the UI to PFSense, however I've found a few weird bugs which I can deal with, but I can't see myself using it commercially for a while. Not sure what you mean about having 24/7 packet capture though, it's not something I have any need for. The built-in Netflow stuff in OPNsense is more than sufficient
I had Unifi everything initially... found a few shortcomings with the routing side of things so slowly been migrating away with things, still have 6 AP's from them and they're great. I did try OPNsense but they did updates every 2 weeks and every other one seemed to break something, needed something more stable and have been on PFsense for a couple of years now. OPNsense has a much better interface, but I need the stability.
When it first launched I had a lot of issues with stability as well but I can tell you the last 2 years of updates. I do some pretty advanced stuff with VPN tunnels zerotier bridging. Some pretty crazy firewall stuff aliases all the normal stuff and I haven't had a single issue in almost two years and I've installed every update that's came out. But I understand where you coming from
Yeah, it'll be interesting to see how stable it is long term. I use PFsense elsewhere, the extremely rapid updates on OPNsense has definitely put me off using it in more critical situations. For those I'd rather slower feature releases with regular security patches.
I think a while back you mentioned you might have a video on what the smaller switch was doing? Since in this video it seems to just go into the main switch, was it just a way to expand and get more ports?
All will become clear in a future video I've never been able to get around to making 😉 (it's also probably not nearly as exciting as my secrecy makes it seem!)
Yeah, it'll be interesting to see how I find it long term since I use both PFsense and now OPNsense in different places so can compare them pretty well. So far I do prefer the OPNsense interface - the search feature is a huge time saver! However, I've found a couple of bugs which are a bit concerning - saving the Unbound DNS settings causes the service to stop and needs manually started again and pressing enter in the box to add a new interface on the interface assignment page pops up a "are you sure you want to delete this interface" box which is a bit concerning! It definitely has potential but I can't see myself using it commercially in its current state.
@@camerongray1515 For some reason I had some real trouble with OpenVPN config in OPNsense, and site-to-site VPNs too. Went black to a clean install of Pfsense and I had no bother configuring it. I will admit there was probably something I was missing but after spending a couple of evenings on it, I just wanted it to work so went back to Pfsense. Though it had to be a dev build for the Intel I225 support, which I wasn't totally keen on using but it's been fine so far. The other driver for Pfsense for me is just the ease of using pfBlockerNG. I know OPNsense has it's own methods. Will be interesting to see your thoughts on OPNsense going forward. Maybe I should have given it more time, or more likely I'll install it on my Proxmox server in the future to have a good play with it in an isolated manner.
I love MikroTik and use it a fair bit elsewhere, they're my "go-to" device where I need a low cost device, usually in some sort of really strange, bodgy situation. This project was actually a toss up between this setup and an RB5009. However, I just fancied trying OPNsense this time, this isn't a learning lab, it's my production home network so I'm not too fussed about how much I can do with it from a learning perspective. Although for learning, you can definitely do a tonne with a few cheap MikroTik devices!
Will watch the video, but I think pfSense Plus+ will be a better option. Can also go with the CE version they have just released 2.7 but the Plus version has those handy boot environment snapshots, in case you really mess things up.
One of the reasons why I use pfSense Plus on physical hardware. For those who run it as a VM don't need it as they can create snapshots before upgrading.
It's an interesting option but I'd rather stick with open source options where possible. PFsense Plus makes sense for where you want the business support but if rather use CE instead of the "free for homelab" plus version. I ended up using OPNsense purely to give it a proper go, I already use PFsense extensively elsewhere.
@@camerongray1515 Ah ok, I watched the vid now, sure give it a spin see how it plays. Yes it's a fork of pfSense so worth having a look. Just on the Plus+, you can now install it on any hardware, just register, nothing to pay, then upgrade. I'd suggest it's worth knowing the features, then just play around with. I'd be curious on how you tweak opnsense / pfsense to get a more "snappy" web experience, I've applied fixes for bufferbloat but feel my connection could be better. BTW came across your vids when wiring my home with ethernet, they were handy thanks. Would be interested in hearing your take on using LAGGs between devices also.
@neogrid9999 Yeah, I'm not a fan of the direction they seem to be going where they are adding in new features to PFSense Plus as a proprietary product and not CE, makes me worry about the future of CE. I much prefer the idea of an open source product with commercial support offerings. PFSense now seems to be starting to split into two separate products.
Only flaw with that placement is the test button protrudes from the front of it and is the perfect level to hit with the top of my head when working in the rack... 🤦♂️
Before do you talks only "I love UniFi!!!!1" ... now do you talk differently. Why we all should belive you? Why do you can not once say the truth "This is *MY* opinion, how I known after reading a book."? 😂
I do love UniFi, but I also like other platforms too. I pride myself on being relatively platform agnostic compared to many TH-camrs who act as if UniFi is the only option out there. The idea behind this project is to allow me to try out other technologies which offer some interesting features that UniFi lacks. UniFi is still an excellent option and is my go-to recommendation for people who want an easy to manage, relatively simple network deployment. I'm not quite sure what you mean about reading a book though?
@@camerongray1515 I *think* the commentor above is saying that because you "changed your mind" with regards to Ubiquiti gear, then why should a viewer believe your opinion. the book part seemingly is saying that to make a video talking about something, you first must have read up on it, seemingly, the commentor believes that a field such as technology can be distilled into books to read and learn the entirety of, without that book being terribly out of date by the time it is published. I'd argue, instead, that you having changed your mind on something shows that you have got a solid understanding of the subject at hand. Not because Ubiquiti gear is good or bad, but because you're willing to adapt and learn and find new things out. That aspect of a person makes them infinitely more trustworthy than someone who would read up information and regurgitate it, as if that makes something an original opinion.
Buy the BKHD 1U Atom C3558 Server from AliExpress (Affiliate): geni.us/3pUQBn5
That unit now seems to be gone, what would be your pick if you were choosing today?
I actually found out about this video while browsing on eBay for Ubiquiti gear! I am subscribed to you, but it seems youtube hasn't been suggesting your videos to me for a while, as I hadn't seen your videos in a bit. Was really nice to be reminded of your channel and come back to see your channel not only surviving, but also thriving!
BTW. If you were wanting to keep the UDM, you can turn off the firewall and NAT features and just static the device to something and then plug in the LAN into your unifi switch. But then again, the CloudKeyGen2 is probably a better idea long term
I recently moved to OPNsense on a small fanless server (i3 N305, quad 2.5 gbit nic) but instead of installing it bare metal Proxmox is running on the hardware and OPNsense is a virtual machine (NICs passed through as pci devices)
I'm not using UniFi but TPLink Omada which is very similar (ok extremely similar) and also need a controller. Instead of a controller appliance I'm running a container on the proxmox server that hosts the controller. The server has far more cpu and memory and bandwith than is needed for OPnsense anyway.
Cameron! I've finally found a solution! You can keep your talking/speaking speed, the x0.75 settings is just perfect for me and now you sound like these guys from BBC. Perfect!
I've unplugged my Unifi switch, cloudkey, and wifi recently. I didn't like the interface. I replaced the switch with a cheap Mikrotik which handles my VLANs just fine, but I need a better one to handle POE+ out. I'm just using a WiFi hotspot until then. I've been pfSense for years, I don't want to learn anything weird like Unifi or MikroTik router/firewall admin. My pfSense LAN's are all IPv6.
I always end up with hybrid networks that are not necessarily easy to manage but hey... it works great.
My router is pfsense, my AP is Unify, my switches are netgear managed switches... not the most integrated thing in the world but it does what I want.
Pretty well spot-on with "Maturity" statement. UBNT's biggest issue is trying to too fancy. The fork of UniFi Vs. Edge is a PITA but then when UniFi keeps changing, adding more bugs than fixing. The UDM-Pro were a rip-off that should have had a lot more including dual HDD's, PoE on the 8 front ports with a 10GbE bridge for the front switch ports and of course, A LOT MORE CPU AND RAM. Very underpowered.
I wonder what’s your UPS power setup? And which UPS brand/model you recommend? I hope you could do a video on UPS, that will be great 👍🏻
I don't have any sort of UPS - power issues are pretty rare around here and I don't have anything that's super sensitive to power loss. Both racks are just fed from surge protected PDUs. I had a UPS many years ago however the batteries failed, got extremely hot and started producing gas. While this can generally mitigated with regular maintenance, I don't feel it's really worth the risk and additional maintenance/costs for my particular setup.
@@camerongray1515 I see, glad that you have a stable power connection. Last time my SD card on my RPi stopped working after a power outage. While the power outage is massive, but there is only 1 to two power outage every 2 to 3 years. But if you have Routers / servers or nas it’s better to have UPS, because sometimes the power will went out for 1 to 3 seconds thus causing the access point and router restart.
This is going to be a great series, thanks!
I was looking for this kind of stuff but got unifi everywhere. I am searching for better, open and flexible options for my home. Glad I stumbled across your channel. Will follow this series. Can I request you to create a playlist for this?
What rack are you using, looking for something similar for my install
Hey Cameron, what did you use to make the OpnSense sticker?
I used a Brother PT-E550W label printer - video coming soon on that one! It has desktop software that can print graphics so I used that and printed on to 24mm white on black tape. There's also a slightly tricky to find option to print at a slower, higher resolution so needed to use that too. I love how it turned out!
@@camerongray1515 Looking forward to that one, thanks!
Selling any of your Unifi kit?
Keep meaning to look at opnsense myself, switch between firewalls too, Sophos XG, pfsense these days. Used to use Untangle, but they're stagnent these days with the Untangle. I've got a 24 port Cisco CBS switch that I replaced a unifi with due to Unifi's awful RMA process. I miss the dashboard etc. but it's so much more when you use the CLI. Such a shame Cisco CBD is poor, they had a prime opportunity to smash Unifi. I have Sophos XG 135 and XG210 units
im tired of the low gaming performance of hte UDM PRo so I think I am going to do the same thing.
I find sometimes Unifi, as great as it is, has restrictions that you don't get on things like OPNSense. The Central Management of Unifi is great for sure, and it is not difficult to setup. However, for more complex situations, Unifi does have some restrictions. Sometimes you do just need to look further.
I had a failed battery in the CloudKey 2 and Ubiquiti replaced it under RMA with no questions, even though it was well out of normal warranty. The battery is no longer needed and the new Cloudkey 2 Plus devices do not have batteries. The database corruption issue is long resolved.
I swap out stuff all the time :P I had a VyOS VM one time, EdgeRouter X, Juniper SRX210, SRX300, then Fortinet Fortigate 60E, pfSense/OPNsense sprinkled in, and now VyOS on a Supermicro server
That's my plan for this setup, UniFi was great but with this setup I can easily swap out different parts and try out new things. I always make a conscious effort to try out different technologies and learn new things rather than becoming siloed into a single set of technologies that I never venture outside of.
In which video did you setup WAN2 with sta WiFi access point please?
This one here th-cam.com/video/hSk2VLt_T5c/w-d-xo.html
@@camerongray1515 Thank you!
thank you for sharing this upload with a n00b like me
I have Eero Pro 6 + NOKIA ONT and using a 12 way network switch that works at 100GB/s works with 10/100/1000 network adapters.
I can't lie, your videos always make me want to spend money 😂😭
Well said mate, I see these instagram "network engineers" all the time. They know some unifi products and plug them in and thats it.
Have zero clue on how things actually work
Has someone experienced problem with the aps broadcasting more than one ssid? If I have 2 ssid broadcasting from one ap, eventually one of the ssid stops broadcasting. I have a cloud key gen 2 and I don't see anything weird... the solution I come to is removing the ap from the network and then adding again the ap, when i do that the ap works but I don't understand why this is happening, have somebody experienced something like this?
Great video man! I just switched from pfsense to opnsense due to pfsense doesnt have realtek drivers (1G card)
I'm not sure if I mis-heard this, but did you say here that you use your mobile phone as a backup internet connection for your house ? If so, how? I have a 4G router, but it would be far better to use my phone as a hotspot for the house.. great vids by the way..
I made a video about it here: th-cam.com/video/hSk2VLt_T5c/w-d-xo.html. Essentially all I have is a cheap access point configured as a station to connect to my phone's hotspot connected to my router's secondary WAN interface. If my primary connection goes down, all I need to do is turn on my phone's hotspot which the AP will connect to and provide a connection to the router which is configured to fail over to it. Works really well!
What wall mounted rack do you have?
Second most viewed video on the channel.
It was the best thing you could do. UniFis firewall is a joke. You have no control. But i think you should keep the switches and so on.
At this moment i'm interest on the omada solutions... but I don't know really well at this moment...
I also need to create a new home network in a home without, at the moment, internet... so I'm searching a managable not too much money system for wifi, would like vlan, capable of minimum 2.5gb down/1gbit up internet and routing... so right now i'm in search mode
OPNsense is a firewall. But its a cool piece of software.
Because I referred to it as a router? Realistically it's both a router and firewall (and NAT gateway, DHCP server, DNS resolver... the list goes on) - most people will happily use the terms interchangeably - in this situation it is being used both as a firewall and performing routing functions.
@@camerongray1515
I see a lot of people mix up routers and firewall, even see people call routers modems. Firewalls are more powerful at filtering, and is restricted by default, until you allow things. While routers allow by default untill you deny thing. Routers are not good firewalls, and firewalls are not good for advanced routing. Simply a matter what the device is optimized for.
@kjakobsen I get the frustration with people getting mixed up with terminology - try living in the UK where many ISPs have started referring to their supplied all in one modem router type devices as "hubs" however ultimately it's just terminology and as long as the other person knows what you mean, it doesn't really matter! Likewise, if I ask someone for their WiFi password and they say "it's on the back of the modem" I'm not going to go all "Well, actually it's not a modem, it's a firewall, router, switch and access point combined into a single device connected to your fibre ONT"
Sure, back in the day when you would explicitly buy separate routers and firewalls.etc the distinction was a bit clearer - if you wanted a router you'd buy something like a Cisco ISR, if you wanted a firewall you'd buy something like a Cisco ASA. However, nowadays with x86 boxes it's just a server running a UNIX-like OS with a mix of routing and firewalling software. Sure, OPNsense comes pre-configured with more of a firewall focus, but it still includes standard static routing functionality from FreeBSD and can easily be configured with packages to support all manners of dynamic routing, you could even disable the firewall if desired. Likewise an OS like VyOS comes out of the box configured more as a "router" however it also supports a pretty powerful netfilter based firewall.
In my case here, is "firewall" potentially a more accurate description of what the device is doing? Sure, maybe. Is it a big deal? Not really.
I would also like to buy your UDM pro
Il buy your switch if your selling it 😂
This chat is about to be a bidding war lol
That atom costs more than proper Mikrotik router or switch…
MikroTik devices are great and I use them myself, however they're a completely different product. When I first planned this project it was a tossup between this option, an RB5009 and a CCR2004. I decided to go with this option for now however I'm totally open to looking at MikroTik devices in the future. With a MikroTik router you are relying on their proprietary RouterOS operating system whereas with this you have the flexibility to run whichever OS you want. A MikroTik would be fair comparison against another embedded router type device such as an EdgeRouter, Cisco ISR.etc but an x86 device will almost always cost more for the same level of performance but has the benefit of complete software flexibility.
What a st*pid design to put a power switch at THE BACK of a rack unit?!!?!?!?!
Good riddens!
Unifi has become way too much like apple, the problem is, it's in the wrong sector to become like apple. I'd expect them soon to remove the settings section in the controller
Super interested in this video series and seeing your experiences. In my network i ended up rolling my own routers using Debian with nftables/frr/unbound and some Ansible to get it all running as I was starting to find all the pre-canned solutions being pretty limiting.
I'm currently getting stuck into looking for new access points, as i own both a Unifi Access Point and a TP-Link access point and both of them have very specific differing problems i can't seem to solve, so I'm looking at options outside of those 2.
Put Proxmox on your machine, virtualize OPNsense and a Unifi controller ;) I run an Aliexpress machine with Intel N5105 and it runs all my Network related applications without skipping a beat including OPNsense and a Unifi controller for my Access Point.
I could do although I prefer keeping my router as simple as possible and run it bare metal. I already have a server that I run VMs on however since I already need to use the CloudKey for UniFi Protect, I may as well run the controller on it as well. In other places where all I use are UniFi APs, I do run the controller in a VM.
@@camerongray1515100%. It's always better on standalone hardware
I get the desire to steer away from a single company having dominance over your entire lifestyle,
but this does give me the whole feeling of a member of the Mac household getting an Android smartphone; total _chaos_ for everyone. 😆
I mean... you undeploy the UDM Pro... then you need to replace your NVR, Unifi controller, and firewall, all in one fell swoop.
You can't just get rid of Unifi, cause you're already relying on it for the security cameras and access points.
Which means you need to have a Unifi controller, hence the redeployment of the Cloudkey.
At least in this case, the Cloudkey handily serves for _both_ Unifi controller and NVR.
But if you _ever_ wanna ditch that... you'll need another NVR solution, not mention a whole new fleet of access points.
I guess the best option _really_ is just not to get into the walled ecosystem in the first place; that being Apple or Unifi. 😔
Not saying it's a bad decision, I actually really respect and admire the desire to not get locked into an ecosystem.
Just saying... it's also quite brave! Marching through the chaos of cascading replacement of interlocked proprietary solutions!
OPNsense is pretty great It has some things that PFsense doesn't have well it may now but when I switched 3 plus years ago.
It was for two reasons better driver support for non-intel NICs .
And also ZeroTier support..
The updates are all so much more frequent.
Props to you, Cameron, but personally I am incredibly reluctant to swap even a patch cable in my rack. So many things are just waiting to brick themselves lol.
They need to spend less time on fancy packaging and the fluff that goes with that packaging that gets thrown away in a week or 2.
Any concerns with these China routers having firmware rootkits in them?
Interesting project - would be good to see the setup screens next time to see all the different VLANs, etc. Thanks for explaining re the massive temporary switch, I'll confess I did wonder slightly 😂
Yeah, would have been better if I'd had time to record the screen and actually explain what I was doing but at that point it was probably around 1am and I was in "just get it working and go to bed" mode 😅
@@camerongray1515 haha fair call esp given you had work the next day - bet you were delighted when the cloud key dropped off and couldn't see any of the kit 😂😂😂
There may have been some swearing.... 😅
Its funny Raid Owl migrates from pfsense to unifi and you other way aroud :D
This series comes at the perfect time for me. Im moving house in a few weeks and ive been looking at my UDM Pro and thunking that this would be a good time to move away from it. I use pfsense professionally, but may take a look at opnsense instead.
I got an utter bargain on a dlink 1520 poe switch, so assuming it turns up, i think ill go down that route for switching. 4 10 gig ports and 4 2.5 poe ports too. Ot the best brand but ultimately still overkill for home use.
For a client with =8GiB RAM. A second machine would provide you with some CARP fun and a spare UniFi controller ready to start just in case.
I already found the UniFi infrastructure in place, except the controller was running, more or less, on a wind0w$ server VM... go figure ))). I must say that I like it a lot from a purely technical standpoint, mostly for its layer two and "almost layer three" features. Similar functionalities with enterprise products would be much, much harder to implement and maintain, and thus are often unavailable to small networks. Just don't ask UniFi for complex firewalling, routing and filtering... Layer 3 and above, in my humble opinion, are best left to specialized products such as pf/opnSense...
@camerongray1515 Have you considered running Proxmox Virtual Environment (PVE) on the 1U Atom and then virtualising OPN as a VM, and use a PVE LXC container for the UniFi controller?
I actually already have plans to deploy a Proxmox server soon and I'm sitting on the hardware waiting on getting around to making the video on it! However, it's not something I'd really want to run on my router, I'm probably a bit old-fashioned however I personally prefer to run my router bare metal on a dedicated machine and then have a separate VM host. In terms of the UniFi controller - if all I needed was the controller then I would definitely run it in a VM (and already do in other environments), however I currently use UniFi Protect as an NVR which needs to run on a Cloud Key, Dream Machine or UNVR. Based on my current plan, I'll have retired all my UniFi hardware before I get around to replacing the NVR so there isn't really a point in time where I'd need to run the UniFi controller without also running UniFi Protect.
Be interesting to see what switches you go for. If you want an out there idea the Brocade/Rukus ICX7250 is decent second hand full layer 3 switch. There is a good thread on STH about them. The spanning tree on them is a bit flaky and can cause you to have to work from 5 in the afternoon until 6 in the morning sometimes :P but i don't think that will be an issue for you.
Its not possible on most things to configure the speed of a DAC, it just runs at what it runs at.
Afaik on Mikrotik switches (on SwitchOS) you can force any port to run at 1gb/100mb/10mb, even the SFP+ ports
Juniper EX3300-48P with Noctua fan mode is move IMO.
While it would involve rearranging your cabinet, you could move the pdu to the back ,would give you space for a 1u brushplate in front of it to help with cable management upfront
Very interesting and well put together. Assume next vid will be config in OPNSense, looking forward to it. What made you choose OPNSense over pfSense? OPN seems more updated, but pf has such a large community.
I just fancied a change, I use PFsense extensively elsewhere but those are all production systems, my home setup was the safest place to give OPNsense a go in a "production" environment but not where it would be a disaster if it caused problems.
unifi is lagging, 2.5G port should be standard now and it doesn't make sense to have 2.5G into unifi AP but only have 1G port on switch or router. Also unifi put super weak processor in their router, not able to handle 10GbE traffic.
I do have one question, this device can be connected to a network switch? Or between BKHD receiver and transceiver using CAT 5/6 only?
Boxes of thingies
Loved the video
😂😂😂😂 Talk about a cluster f......
LoL.... i also using OPNsense and *UniFi controller (on a Proxmox)....
* you need unifi controller at the very least to keep the WIFI ROAMING function....
also i really missed the GATEWAY MONITOR/WAN SPEEDD MONITOR on USG/UDM/....
I’m running Unifi controller and Untangle as VMs inside Proxmox. Considering moving to either OPNsense or Unifi UDM Pro SE. Afraid the UDM would feel like a toy compared to OPNsense?
not everyone can afford a $700-900 router like that dont get me wrong id love to get that opn sense box but pretty sure id lose my wife if i spent that much on a router.
Edit I stand corrected I thought this was official OPNsense hardware. which rackmount start at 700. Interesting tho link you provide doesnt have that OPNsense sticker on it on the right. and i like that dark color LOVE the design of the DEC4200 series but those guys start at $3500
Yeah, this isn't an official appliance - the logo on the right hand side is just a sticker that I printed myself on a Brother label printer. With these "Open Source Firewalls" you're completely fine to run it on your own hardware, even a cheap old desktop PC would work. The "official" appliances are there either for people who want to support the project or for businesses who want to buy a solution where they can receive complete hardware and software support from the same vendor.
My Cloud Key Gen 2 plus failed the other day. PoE failed but the USB-C worked (once I got a QC2/3 compatible charger). I ripped the battery out. There was talk of someone on a Unifi forum who accidently knocked a transistor off (I think ) and apparently the PoE started working again be interested to explore that route to restore PoE ;-).
Are you still using OPNsense? I have a few pfSense Plus licenses for a few of my datacenters but now looking for an alternative for a few newer datacenter deployments I'm rolling out.
I am, although I'm not sure I necessarily recommend it and having used it at home, I'm continuing to use PFSense elsewhere and I'll likely move my home router to PFSense or something completely different like VyOS in due course. OPNSense has some nice improvements in terms of UI over PFSense but I've found a few reliability/stability issues/bugs that put me off using it long term. In particular - the Unbound service seems to stop itself and need manually started after making configuration changes, bit of a nightmare if you don't realise! I also found pressing enter in the new interface box will instead trigger one of the "Delete Interface" buttons, not ideal if you don't read the confirmation message properly and accidentally delete an interface! OPNSense also has a much more frequent update schedule which some see as an advantage, however it often requires updates to be installed before installing new addons which can be annoying on a production router.
I use my UDMP for Protect and as a controller for my AP's. I use pfSense for a firewall and router. The UDMP still works with all the remote apps as I have the WAN port setup on a different subnet and vlan. It doesn't appear to know that it's behind pfSense. It's a simple and effective solution if you already own the UDMP.
"...and then I frbdhsbndlkjjnajkbasdfljkb here and also fbldlbrthfbsdlfnkjlndfsgkjbsd this way...." that's about what I can sometimes make out of the explanations :D:D But I love your videoooooos :D:D:D:D
I purchased an Intel N5105 mini pc with 4x 2.5G ports for the same purpose but I am still hesitant since I miss the Unfi UI and simple configuration.
I actually have a similar 1U firewall similar to your old one and it has a PCIE slot on it. I am actually tempted to buy a 10gbe card for it and some how make a nice cutting at the front for the ports... not sure how I'd achieve that though without it looking an absolute mess and annoying my OCD 😂
Just wondering if all units are wall mountable then you could use a radiator cover to hide all the networking equipment and make for a nice tidy room, unless you have server equipment.
Cameron, your affiliate link for AliExpress is giving me privacy errors on both Vivaldi and Brave. Clicking past the error results in a blank page on both browsers. Obviously I don't know if it's just me but maybe something you should take a look at.
EDIT I am an idiot as ironically I run pfsense with pfBlocker installed. Your link was blocked in my router!
The links seem fine to me - AliExpress Affiliate links tend to trip up ad blockers as I suspect they operate on the same domain as some of their ad serving stuff.
What was upsetting people about the SFP to RJ45 adapter?
Generally they are not liked because 10Gbps RJ45 SPF modules like to run really hot and can self destruct and burn at higher power-levels on longer runs or poorer quality cat6 cable. It's a lot of electronics to be shoved into a small space with no cooling. So fiber or DAC is preferred.
opnsense is the way - the only downside is you should have more 10g ports but that is sort of thing you will get around to - please followup and get a full time 24/7 pkt cap device going
I've already installed some new switching that has a bunch of 10GbE ports in various places, can't see me needing any more ports on the OPNsense box however. OPNsense seems nice and I do prefer the UI to PFSense, however I've found a few weird bugs which I can deal with, but I can't see myself using it commercially for a while. Not sure what you mean about having 24/7 packet capture though, it's not something I have any need for. The built-in Netflow stuff in OPNsense is more than sufficient
shout out for the Dyson!
love the whole video! :)
I had Unifi everything initially... found a few shortcomings with the routing side of things so slowly been migrating away with things, still have 6 AP's from them and they're great. I did try OPNsense but they did updates every 2 weeks and every other one seemed to break something, needed something more stable and have been on PFsense for a couple of years now. OPNsense has a much better interface, but I need the stability.
When it first launched I had a lot of issues with stability as well but I can tell you the last 2 years of updates.
I do some pretty advanced stuff with VPN tunnels zerotier bridging. Some pretty crazy firewall stuff aliases all the normal stuff and I haven't had a single issue in almost two years and I've installed every update that's came out.
But I understand where you coming from
Yeah, it'll be interesting to see how stable it is long term. I use PFsense elsewhere, the extremely rapid updates on OPNsense has definitely put me off using it in more critical situations. For those I'd rather slower feature releases with regular security patches.
I think a while back you mentioned you might have a video on what the smaller switch was doing? Since in this video it seems to just go into the main switch, was it just a way to expand and get more ports?
I think he was just testing it. He has another identical 24 port Unifi switch in his office for more ports
All will become clear in a future video I've never been able to get around to making 😉 (it's also probably not nearly as exciting as my secrecy makes it seem!)
After years on pfsense, I decided to try OPNsense when I upgraded to a 2.5G router. Within a week I moved back to pfsense, I was not a fan.
Yeah, it'll be interesting to see how I find it long term since I use both PFsense and now OPNsense in different places so can compare them pretty well. So far I do prefer the OPNsense interface - the search feature is a huge time saver! However, I've found a couple of bugs which are a bit concerning - saving the Unbound DNS settings causes the service to stop and needs manually started again and pressing enter in the box to add a new interface on the interface assignment page pops up a "are you sure you want to delete this interface" box which is a bit concerning! It definitely has potential but I can't see myself using it commercially in its current state.
@@camerongray1515 For some reason I had some real trouble with OpenVPN config in OPNsense, and site-to-site VPNs too. Went black to a clean install of Pfsense and I had no bother configuring it.
I will admit there was probably something I was missing but after spending a couple of evenings on it, I just wanted it to work so went back to Pfsense. Though it had to be a dev build for the Intel I225 support, which I wasn't totally keen on using but it's been fine so far. The other driver for Pfsense for me is just the ease of using pfBlockerNG. I know OPNsense has it's own methods.
Will be interesting to see your thoughts on OPNsense going forward. Maybe I should have given it more time, or more likely I'll install it on my Proxmox server in the future to have a good play with it in an isolated manner.
Nothing like Mikrotik to learn networking.
I love MikroTik and use it a fair bit elsewhere, they're my "go-to" device where I need a low cost device, usually in some sort of really strange, bodgy situation. This project was actually a toss up between this setup and an RB5009. However, I just fancied trying OPNsense this time, this isn't a learning lab, it's my production home network so I'm not too fussed about how much I can do with it from a learning perspective. Although for learning, you can definitely do a tonne with a few cheap MikroTik devices!
I don't know Cameron, this is to me like throwing out Margot Robbie to move in Nora Batty. But each to their own :)
Will watch the video, but I think pfSense Plus+ will be a better option. Can also go with the CE version they have just released 2.7 but the Plus version has those handy boot environment snapshots, in case you really mess things up.
One of the reasons why I use pfSense Plus on physical hardware. For those who run it as a VM don't need it as they can create snapshots before upgrading.
It's an interesting option but I'd rather stick with open source options where possible. PFsense Plus makes sense for where you want the business support but if rather use CE instead of the "free for homelab" plus version. I ended up using OPNsense purely to give it a proper go, I already use PFsense extensively elsewhere.
@@camerongray1515 Ah ok, I watched the vid now, sure give it a spin see how it plays. Yes it's a fork of pfSense so worth having a look. Just on the Plus+, you can now install it on any hardware, just register, nothing to pay, then upgrade. I'd suggest it's worth knowing the features, then just play around with. I'd be curious on how you tweak opnsense / pfsense to get a more "snappy" web experience, I've applied fixes for bufferbloat but feel my connection could be better.
BTW came across your vids when wiring my home with ethernet, they were handy thanks. Would be interested in hearing your take on using LAGGs between devices also.
@@Darkk6969 yep that's a lifesaver feature which I see they haven't put into 2.7 CE as yet
@neogrid9999 Yeah, I'm not a fan of the direction they seem to be going where they are adding in new features to PFSense Plus as a proprietary product and not CE, makes me worry about the future of CE. I much prefer the idea of an open source product with commercial support offerings. PFSense now seems to be starting to split into two separate products.
also appreciate the location of the smoke alarm :)
Only flaw with that placement is the test button protrudes from the front of it and is the perfect level to hit with the top of my head when working in the rack... 🤦♂️
Before do you talks only "I love UniFi!!!!1" ... now do you talk differently. Why we all should belive you? Why do you can not once say the truth "This is *MY* opinion, how I known after reading a book."? 😂
I do love UniFi, but I also like other platforms too. I pride myself on being relatively platform agnostic compared to many TH-camrs who act as if UniFi is the only option out there. The idea behind this project is to allow me to try out other technologies which offer some interesting features that UniFi lacks. UniFi is still an excellent option and is my go-to recommendation for people who want an easy to manage, relatively simple network deployment. I'm not quite sure what you mean about reading a book though?
@@camerongray1515 I *think* the commentor above is saying that because you "changed your mind" with regards to Ubiquiti gear, then why should a viewer believe your opinion. the book part seemingly is saying that to make a video talking about something, you first must have read up on it, seemingly, the commentor believes that a field such as technology can be distilled into books to read and learn the entirety of, without that book being terribly out of date by the time it is published.
I'd argue, instead, that you having changed your mind on something shows that you have got a solid understanding of the subject at hand. Not because Ubiquiti gear is good or bad, but because you're willing to adapt and learn and find new things out. That aspect of a person makes them infinitely more trustworthy than someone who would read up information and regurgitate it, as if that makes something an original opinion.