First of I've been loving the show. Thank you for sharing your knowledge, it has been greatly increasing mine. Can we get Jay's audio level boosted to match Tom's please? He's a quite a bit quieter when re-watching it on TH-cam.
I quite like PFSense/OPNsense. But I work with Juniper gear every day at work and was able to pick up an SRX320 firewall and 48-port EX2200 PoE switch on ebay for ~$250 each delivered. The switch does DHCP for the various VLANs, it supplies power to my Ubiquiti APs, and it has been 100% rock solid since I bought it 5 years ago. I had a CCNA back in the day so I'm familiar with IOS. That said, JunOS is orders of magnitude easier to understand and configure.
I looked at a 24P PoE EX3300 for $350 AUD when I was building my homelab but finding info about it was difficult. I wanted the 4 10gb ports, ended up with a HP Flex Fabric 5800 as it had some info about it's power consumption which was reasonable though it's a tad noisy but there is a tut somewhere on how to swap the fans out (I'll never stress it enough to generate the heat those fans are for).
I recently switched from PFsense to OPnsense. The ad/porn/etc blocking in similar to PF but there are a lot more built in lists so you don’t have to worry about scouring the net for maintained lists. Ditto with intrusion protection, 65k+ security patterns without needing an account (120k+ with a free snort account). I liked playing with PF but I have a whole lot less need to constantly tweak in OPnsense to do the same thing.
@@MichaelSmith-fg8xh Practically non existant with Haswell desktop cpu and 8-16 ram. I-340 T4 on PCIE and SSD. For most needs free edition is sufficient if you have manageable swtiches to separate the clients in different networks and filter out only desired ones.
Quick point about the USW Flex Mini's is that they don't support custom port profiles for VLANS. So you can only used the native VLANS created in Unifi. I found this out while trying to learn VLAN tagging in Proxmox.
Any reason you didn’t mention dd-wrt or OpenWRT? These support vlans, big MTU, firewall, inspection, radius, etc...they’re perhaps a little funky in that you’ve got to flash a consumer router to use them but that’s not significantly more complicated than virtualizing of pfsense. They do everything I’ve ever needed to do in a home lab and the great thing is they’re not power vampires like an x86 box! The worst things I can say are that updating certainly isn’t as straightforward and performance/stability are slightly more suspect than with pfsesne or ubiquiti.
Oooh, I like the idea of individual use cases. Preferably if the titles of the videos are labeled appropriately so we can quickly determine whether the content is relevant to us. Everyone has different hardware and needs, after all. :) You have the interested and enthusiastic complete noob (which is great!), the home network engineer who understands the networking aspect, but may not be familiar with firewall rules and vpns. You also have the guy who needs server assistance, like evaluating hardware and chassis. There's room for lots of good stuff.
I liked unifi but have recently gone off them.A few key reasons, moving to pfSense and selling my USG, their insistance on a cloud account and more recently wanting to upgrade to 2.5/5G ethernet. It seems they are a good entry point for home users and enterprise - their prices and systems are great, but there is no middle ground. Maybe that will change over time, but I've more or less decided to go with Netgear and their newer MS510... range. This will give me a nice mix of SFP+, 10,5,2.5,1G and PoE and I could not find any way to do this with Unifi at a similar price point.
"Protectelli"? 😳 Almost didn't get what you were talking about. 😂And yeah, they're Qotom boxes and Protectli just sells them with their own sticker, of course.
Thank you Sir for everything. I’m an IT guy for 15 years now. But now I’m overwhelmed with so many business ideas. But finally I settled on two. Start my IT business or doing e-commerce business. Do you suggest one over the other? Thanks in advance
How'd this venture end up going, if you dont mind my asking? I saw that I'd somehow missed this one, and as I'd been enjoying them since the first episode, came across this while catching up. I ask as I'm in a similar situation now to where you were a year ago in this comment - I've been in IT for 17 years now, devops role these days, and after helping a few folks out on an ad-hoc basis, they've been asking about getting a "more permanent relationship" going... Feels like MSP/service only provider is the way to go, at least from the perspective of financial/tax management, especially as a one man show... Hope alls well, and also hope to hear some great news re: your business starting up!
I was in a windy situation where I had to turn up the volume a lot but it was kind of loud at some point, and still it was hard to hear Jay. I hope you guys can consider that for next episodes
That’s the default. After install the wizard will get you set up with basic firewall/router. Packages like radius are something you would have to choose to install. I would suggest installing it, get it working as a router, take a backup, then one by one install any add-ons at a leisurely pace (try something, make sure it’s right before adding something more)
A lot can go on in a home lab, different needs, etc. I just hope focus stays on that this is a homelab to learn and discover towards improving skills in career. Options in hardware, etc., great things to learn, etc. Not so much home entertainment lab, tho one can learn a thing or two from that too. Maybe id also say something like, Mikrotik being hell, and not something you gain much from.. holy cannoli, the amount of weird invalid nonsense VLAN and Trunk configurations you can make on that thing(sure could be learning too).. But then, its cheap 10gig and improves homelab performance to do more stuff with systems maybe, backup experiments, etc.
Please fix mic levels imbalance, it is so hard to heard Jay on speakers. You don't even need a mixer, I would have said check out Voicemeter Banana (it is damn awesome), but I believe it is Win exclusive, though I'm sure Linux has something similar to offer, probably even kernel built-in.. The idea is to create a virtual audio device that you will choose for playback in your video conferencing software so that you had it separate control over its level and then mix that with your main DAC device.
Doh, missed it. Got carried away with tidying up me main home comms with keystone jacks, keystone panels and monoprice thin/short patch cables, it's looking better. I mostly spent time in orgs that have specific needs such as stacking etc. all CLI no GUI. I've kept same at home as my lab (well actually I run it like production) is complicated with IPv6, OSPF internal routing etc. I've 4 Aruba 2930f switches in a stack at home then I use MikroTik to give me higher capacity of 10Gb ports, the MikroTiks have split LAG uplinks between each 2930f . I've built the lab/network to be as redundant as I can or want to budget :-)
Unless you are actively trying to learn Cisco/Juniper for a job, then take that CLI and shove it. I just need my vlans and added complexity can just go away. And if you think MikroTik's UI is bad, then you've obviously not used the UI on any other managed switch that isn't Unifi.
Probably going to get hate for this, but to me Unifi is the apple of network gear. Nice looking, easy to use but dumbed down and restricted. Surprised they jumped right to Unifi and then Microtik as cheap - why not used? I have 48Port gigabit POE w/4x 10Gbit S3500 / redundant power supply if you want and they are cheaper used then the microtik 5 port they talk about. If the homelab is to learn, why not use something a larger business would use. Seems like I've only ever seen Unifi in a small 20 person office where their IT person uses them at home.
@@LAWRENCESYSTEMS Alright, sorry! Didn't have time to watch more than 12 minutes before I left, I probably should've done that before commenting! My bad.
Been watching/listening to these while building the server room. Great info, thanks guys!
First of I've been loving the show. Thank you for sharing your knowledge, it has been greatly increasing mine. Can we get Jay's audio level boosted to match Tom's please? He's a quite a bit quieter when re-watching it on TH-cam.
PLEASE make jay's voice louder, and have him use a better mic
I quite like PFSense/OPNsense. But I work with Juniper gear every day at work and was able to pick up an SRX320 firewall and 48-port EX2200 PoE switch on ebay for ~$250 each delivered. The switch does DHCP for the various VLANs, it supplies power to my Ubiquiti APs, and it has been 100% rock solid since I bought it 5 years ago.
I had a CCNA back in the day so I'm familiar with IOS. That said, JunOS is orders of magnitude easier to understand and configure.
I looked at a 24P PoE EX3300 for $350 AUD when I was building my homelab but finding info about it was difficult.
I wanted the 4 10gb ports, ended up with a HP Flex Fabric 5800 as it had some info about it's power consumption which was reasonable though it's a tad noisy but there is a tut somewhere on how to swap the fans out (I'll never stress it enough to generate the heat those fans are for).
I recently switched from PFsense to OPnsense. The ad/porn/etc blocking in similar to PF but there are a lot more built in lists so you don’t have to worry about scouring the net for maintained lists. Ditto with intrusion protection, 65k+ security patterns without needing an account (120k+ with a free snort account). I liked playing with PF but I have a whole lot less need to constantly tweak in OPnsense to do the same thing.
There is an addon called Sensei. Very neat filtering :)
@@satamototo What’s been your experience? Speed/latency? Is the free version enough?
@@MichaelSmith-fg8xh Practically non existant with Haswell desktop cpu and 8-16 ram. I-340 T4 on PCIE and SSD. For most needs free edition is sufficient if you have manageable swtiches to separate the clients in different networks and filter out only desired ones.
Quick point about the USW Flex Mini's is that they don't support custom port profiles for VLANS. So you can only used the native VLANS created in Unifi. I found this out while trying to learn VLAN tagging in Proxmox.
My thermostat once used 1.2TB one month according to my USG before I dumped it LOL.
it probably had camera built-in ;D
Any reason you didn’t mention dd-wrt or OpenWRT? These support vlans, big MTU, firewall, inspection, radius, etc...they’re perhaps a little funky in that you’ve got to flash a consumer router to use them but that’s not significantly more complicated than virtualizing of pfsense. They do everything I’ve ever needed to do in a home lab and the great thing is they’re not power vampires like an x86 box! The worst things I can say are that updating certainly isn’t as straightforward and performance/stability are slightly more suspect than with pfsesne or ubiquiti.
Oooh, I like the idea of individual use cases. Preferably if the titles of the videos are labeled appropriately so we can quickly determine whether the content is relevant to us. Everyone has different hardware and needs, after all. :) You have the interested and enthusiastic complete noob (which is great!), the home network engineer who understands the networking aspect, but may not be familiar with firewall rules and vpns. You also have the guy who needs server assistance, like evaluating hardware and chassis. There's room for lots of good stuff.
Watch out for the newer CIsco switches - anything running 16.9.x needs to be smart licensed so needs to call home to Cisco.
I liked unifi but have recently gone off them.A few key reasons, moving to pfSense and selling my USG, their insistance on a cloud account and more recently wanting to upgrade to 2.5/5G ethernet. It seems they are a good entry point for home users and enterprise - their prices and systems are great, but there is no middle ground. Maybe that will change over time, but I've more or less decided to go with Netgear and their newer MS510... range. This will give me a nice mix of SFP+, 10,5,2.5,1G and PoE and I could not find any way to do this with Unifi at a similar price point.
"Protectelli"? 😳 Almost didn't get what you were talking about. 😂And yeah, they're Qotom boxes and Protectli just sells them with their own sticker, of course.
I love Juniper EX2200-C or EX2300-C switches for home use.
Thank you Sir for everything. I’m an IT guy for 15 years now. But now I’m overwhelmed with so many business ideas. But finally I settled on two. Start my IT business or doing e-commerce business. Do you suggest one over the other?
Thanks in advance
How'd this venture end up going, if you dont mind my asking? I saw that I'd somehow missed this one, and as I'd been enjoying them since the first episode, came across this while catching up.
I ask as I'm in a similar situation now to where you were a year ago in this comment - I've been in IT for 17 years now, devops role these days, and after helping a few folks out on an ad-hoc basis, they've been asking about getting a "more permanent relationship" going... Feels like MSP/service only provider is the way to go, at least from the perspective of financial/tax management, especially as a one man show...
Hope alls well, and also hope to hear some great news re: your business starting up!
I was in a windy situation where I had to turn up the volume a lot but it was kind of loud at some point, and still it was hard to hear Jay. I hope you guys can consider that for next episodes
Protect-li. It's a lot less French than you want it to be Tom. :D
I think you mean Italian! :D
So speaking of home lab and learning. How practical is it to not use pfSense for things like freeRadius but still using it for your firewall?
That’s the default. After install the wizard will get you set up with basic firewall/router. Packages like radius are something you would have to choose to install. I would suggest installing it, get it working as a router, take a backup, then one by one install any add-ons at a leisurely pace (try something, make sure it’s right before adding something more)
First. You guys are both great. Best router/firewall: OpenBSD.
nothing about IPFire? a linux-based distribution for firewalls and routers
A lot can go on in a home lab, different needs, etc. I just hope focus stays on that this is a homelab to learn and discover towards improving skills in career. Options in hardware, etc., great things to learn, etc. Not so much home entertainment lab, tho one can learn a thing or two from that too.
Maybe id also say something like, Mikrotik being hell, and not something you gain much from.. holy cannoli, the amount of weird invalid nonsense VLAN and Trunk configurations you can make on that thing(sure could be learning too).. But then, its cheap 10gig and improves homelab performance to do more stuff with systems maybe, backup experiments, etc.
Please fix mic levels imbalance, it is so hard to heard Jay on speakers.
You don't even need a mixer, I would have said check out Voicemeter Banana (it is damn awesome), but I believe it is Win exclusive, though I'm sure Linux has something similar to offer, probably even kernel built-in..
The idea is to create a virtual audio device that you will choose for playback in your video conferencing software so that you had it separate control over its level and then mix that with your main DAC device.
Jay can't get a word in
Tom may have just sold me on untangle 🤣
I use the quotom at home
Doh, missed it. Got carried away with tidying up me main home comms with keystone jacks, keystone panels and monoprice thin/short patch cables, it's looking better. I mostly spent time in orgs that have specific needs such as stacking etc. all CLI no GUI. I've kept same at home as my lab (well actually I run it like production) is complicated with IPv6, OSPF internal routing etc. I've 4 Aruba 2930f switches in a stack at home then I use MikroTik to give me higher capacity of 10Gb ports, the MikroTiks have split LAG uplinks between each 2930f . I've built the lab/network to be as redundant as I can or want to budget :-)
Goôd stuff👍🏻
Unless you are actively trying to learn Cisco/Juniper for a job, then take that CLI and shove it. I just need my vlans and added complexity can just go away. And if you think MikroTik's UI is bad, then you've obviously not used the UI on any other managed switch that isn't Unifi.
Quick question, have you two heard of or looked at Firewalla? I just want to here your thoughts. Thanks!
Tom you talk waaay too much lol. Let Jay talk more.
Jay doesn’t talk much even in his own videos
Not a fan of unifi switches at all
Probably going to get hate for this, but to me Unifi is the apple of network gear. Nice looking, easy to use but dumbed down and restricted.
Surprised they jumped right to Unifi and then Microtik as cheap - why not used? I have 48Port gigabit POE w/4x 10Gbit S3500 / redundant power supply if you want and they are cheaper used then the microtik 5 port they talk about. If the homelab is to learn, why not use something a larger business would use. Seems like I've only ever seen Unifi in a small 20 person office where their IT person uses them at home.
iperf
Why don't you let Jay talk? I've listened for 12 minutes now, and he barely gets to say anything at all. Isn't this a collab between the two of you?
I know a lot more about firewalls, you will see the roles reversed when we talk about Ansible or Kubernetes 🤣
@@LAWRENCESYSTEMS Alright, sorry! Didn't have time to watch more than 12 minutes before I left, I probably should've done that before commenting! My bad.
@@DanielLandsverk0 engage brain before opening mouth (typing) lol, at least you were man enough to come back with your bad lol. Cheers.