Get 2 years of NordPass with 1 month free for a personal account: nordpass.com/hardwarehaven Or, use code hardwarehaven at checkout!

You made the right decision by separating your processes into containers or virtual machines. When your environments are virtualized, you can easily restore snapshots or backups of them, whereas when they are bare metal, you must start from scratch. Don't pay attention to the naysayers. Also, you are free to try out other things. It is important for people to realize that not everyone will have the same needs, but in the end, you must choose the settings that work best for you and your environment.

@HardwareHaven

Жыл бұрын

EXACTLY! (Not that I’m right, but that needs and preferences are different) Thanks for the comment!

@panininavghare

Жыл бұрын

For bare-metal there ways to not have to start from scratch. There are backup solutions. I wont act like I know them as when i faced it, the backup team restored the server.

@zeddy893

Жыл бұрын

@@panininavghare There are solutions for every situation; however, starting over with the pfsense operating system is necessary unless you have a hard drive on a network share with replications active. Working in a virtualization environment has many more advantages than just backup, which was just one as an example. An intricate configuration would not be completed by a typical user.

@clintoncronin2504

Жыл бұрын

Maybe it would have made sense to wrap your head around this project before putting a video out there ? At least run the device in production for a bit and be certain that you’re giving people good advice.

@johnmichaels4330

Жыл бұрын

@@clintoncronin2504 what was the bad advice?

The explanation for why you separate processes into vm's or containers is spot on. This is exactly why I use Proxmox as the hypervisor for every single host I want to run in my home network. One additional point I would add is the ease of restoration due to snapshots and individual backups per container/vm in case of a failed update or misconfiguration incident.

I would love to see you do more videos with dell optiplex and lenovo think stations! Those older pc's are very popular and I love seeing the community engaged in reusing older hardware! Keep up the good work, your videos are awesome!

@HardwareHaven

Жыл бұрын

I've covered a few dell and lenovo prebuilts, and I'm actually working on two videos with an Optiplex 790 right now! Thanks for the input, and yeah, I love reusing older stuff like that

@truthdoesnotexist

Жыл бұрын

@@HardwareHaven I built a computer with an optiplex 790 motherboard for my parents work running linux, its a pretty capable computer for web tasks

@montecorbit8280

Жыл бұрын

​@@HardwareHaven At 5:52 Talking head.... On your newer videos, can you get rid of the talking head please?? It takes up space on people's screens, some people use small screens to watch your videos. This is starting to become a big thing with other KZreadrs and it is annoying. It works better for us if you just either voice over or if you narrate while you are doing what ever you are doing. I am still enjoying your channel more than a year after I subscribed....so you're doing good, just trying to help you get better. Thank you for your time; Monte

you forgot to update the title graphic..

@HardwareHaven

Жыл бұрын

It was bound to happen... hahaha

Yes it's fine to use whatever you want. It's just that you mentioned in your previous video that you wanted to reduce resources usage. So i was one of the people who suggested pfblocker instead of pihole. So as you said you can run most things in pfsense. Just a summary of what pfsense can do. IPS/IDS VPNs, wiregguard tailscale, IPsec openvpn DNS filtering. Reverse proxy with HAproxy Traffic analyzer with Ntop. Packet capture. Traffic shaping

@HardwareHaven

Жыл бұрын

I don't think I said that reducing resource usage was my main goal or anything like that. I said that I wanted to use lxc vs VMs to cut down on resources because that's a pretty obvious way to cut down overhead. And like I've said now multiple times, I was already aware that pfsense could do some of these things, and now know that it can do all of what you just said. And to be clear, I appreciate people letting me know because I genuinely want to learn more about all of this stuff. But I don't see why it keeps needing to be brought up over and over lol

@rethinking3289

Жыл бұрын

@@HardwareHaven hardcore pfsense fan that's all. Lol won't stop taking about it. Here's more. As you have ports open on your WAN you can still use pfblocker for inbound blocking. Like geo blocking.

Thanks for the video. I am going to upgrade to another router myself. I am glad you show the in and outs and all the things that could happen. I am that guy that has those things happen.

I run vaultwarden in docker on my home server...then tunnel thru to cloudflare to ensure end 2 end encryption Loving the vids! Keep em coming!!!!

Used to virtualized it, now running baremetal due to power consumption reason, from former 42watts down to 12watts at idle.

@HardwareHaven

Жыл бұрын

Wow, I didn't imagine the overhead of a hypervisor would be that significant. Were you running other containers/VMs on it?

@lukasbruderlin2723

4 ай бұрын

Oh wow, thanks for the numbers! Power consumption would also be the biggest concern of mine... because the added complexity also comes with the enough mentioned benefits that are super worth considering (actually might do the same)... but yes, any hypervisors usually have a ton of overhead... which is the downside of virtualization :/

6:25 (For future reference.) When you copy from a table like this. Open Excel Click on the top LEFT side on the down-right pointing arrow. (This selects all rows of the grid) Then, paste the contents of your data list. This will put everything into its own column, making readability much better than seen here.

Just starting this myself. Just got pfsense up and running. Great tips in here thanks

@HardwareHaven

Жыл бұрын

Nice, and thanks Nigel!

Totally get your reasons for seperation and the flexibility and such. AMF I've been running similar setups for a couple of years.. I've now switched to a dedicatd minipc pfsense firewall but am actually considering going back to a proxmox / container setup.. Also because I want to play with proxmox again.

another interesting tidbit, is you can mac spoof your wan port to avoid having to change with isp. It is difficult to change mac with alot of different ISP. also you can use a port with a separate vlan on a switch to connect your isp to. and then a single trunk port for both wan and lan traffic back to pfsense. I do this so i only have to connect 1 10G sfp port to my router.

@HardwareHaven

Жыл бұрын

Good thoughts! Fortunately I remembered not having too many issues setting up the IP passthrough, and I didn't want to have to remember the mac address if I moved to opnsense or something later on. And as much as I should be good with VLANs (it's one of the only networking things I actually sort of deal with at work), I don't trust myself unless I have a lot of time to double check things haha. Plus I had plenty of NICs to use so not a big issue, Thanks for the input! Also I have a feeling your network rack is super clean haha

I know im late but if you go to your router's page about update and factory reset im pretty sure theres going to be a little button that allows you to download/upload router configuration!

I bought a Mikrotik RB3011AS because I wanted to have a ultra stable core router, has the ability to run containers etc. And it's 8 ports, rack mount which works well with the rest of my setup, 16 port switch, 8 port POE router for cameras, diy rack mount server I'm building.

@HardwareHaven

Жыл бұрын

Sounds sick!

Another good application to run is Lancache to cache all of your video game and windows updates. Also i will send you one of custom the m.2 to pcie adapters i am building for the M715q to do something interesting with. Also for your switch, the aruba s2500 is very inexpensive used. they have versions that you can selectively enable poe on different ports.

@HardwareHaven

Жыл бұрын

Cool, thanks! And if you really want to, let me know. i can get you my PO box. (email is probably best)

You should look at the HP t730 thin client. Its a neat little box. just bought one for $50 and you can add a nic without modding

I have the same chassis without the third NIC running PFsense. The only issue i have is running snort... when doing so the interface just hang and i have to restart. i wonder what is your experience with the third NIC under heavy load

this channel is one of the best subscriptions i did last year

Windows does in fact have a command to renew dhcp lease, it is "ipconfig /renew" (without the quotes)

@HardwareHaven

Жыл бұрын

Good to know! I still wish there was a button in the network settings though

@realminecraaftt

Жыл бұрын

@@HardwareHaven There actually used to be a button in the network settings, but they removed it at some point

This whole video feel like a monologue of my internal thoughts when I try to do anything, especially at 10:40

Did you notice any speed or latency improvements after switching or was it purely for more control?

@HardwareHaven

Жыл бұрын

Not really. Performance was never really an issue though, so maybe there is a small change one way or the other, but I can’t really notice it. I ran a few Internet speed tests, and up, down, and latency were all about what they usually are

curious why you set all your IPs on the machines rather than setting them on the router with static leases?

You should avoid using ifconfig(8) and instead use ip(8) instead, as it is the new standard for linux, and it can do much more then ifconfig(8). The router should work. So less software added will make it easier to administrate and less software that can interfere with the routers work. So it is a great way to remove software from the router into virtual machines. As that is easier to administrate and upgrade the software. If you know you will not sink your router because of bugs or if your service being hacked. ISP:s usually have a timed lock on the router you have on it's mac address. If you want to change, you might need to wait a day for it to change. Or phone your ISP and ask them to reset the lock. And yes, your videos are great.

Why dont you use omada controller for your tplink staff?

i think you can spoof a MAC address on an interface so u can just paste in the mac of ur former router in there and it should work

So how’s it going? Still good with the virtual machine?

I have run firewall/router solutions that had everything in one device. When that device dies it will all die. Not putting all your eggs in one basket is a smart way to go. Great video

@HardwareHaven

Жыл бұрын

Thanks as always Johnny!

I love this type of setup. I personally went with an Arch Linux host and installed OpenWRT as a Systemd-nspawn container. Everything else I run is a docker container or another nspawn container (such as my e-mail server). I don't think you're wrong in choosing the setup you run. I think each setup is unique and you certainly shouldn't force yourself into a setup that you feel uncomfortable maintaining. Either way, well done and I hope to see further development of the setup! :)

@HardwareHaven

Жыл бұрын

Nice! Sounds pretty lightweight. And yes it’s definitely unique 😂 and thanks for the comment

Yay new hardware haven video

Can you do a review on the throughput on that router? Does it have enough cpu to run pihole,wireguard, and still route at full 2.5gbps?

@EE12CSVT

Жыл бұрын

Agreed. I'd be most interested in that. This is giving me ideas.

@HardwareHaven

Жыл бұрын

I honestly don’t know if I’m qualified or trust myself enough to give solid data on something like that. I imagine you can find similar data for other PFSense routers on j4125s

Thanks for the video and showing us around your migration. You quickly mention that you have "reasons" to use 192.168.10.1 instead of 192.168.0.1. Would you be able to elaborate on some of those reasons? I'm really curious to get your pov on this.

@HardwareHaven

Жыл бұрын

Primarily because I had some issues accessing devices on my network through a VPN when I was on a 192.168.1 subnet somewhere else. There might be some security benefits by getting away from common subnets, but realistically NMAP exists lol

Have you tried the Firewalla products?

i wonder, how more or less complicated is to setup mikrotik with routeros compared to pfsense. never tried pfsense, but as powerfull as it is routeros is just pure hell to setup.

Cool project box but you better have a backup one for when the main goes down. For quite less that price, you can get a fully enclosed device with same cpu and 4 Ethernet ports, ready to go.

@HardwareHaven

Жыл бұрын

Yep, that’s why I have a backup config for PFS and have the ability to boot it bare metal if proxmox has issues. I’ll probably setup the previous router to be on the correct subnets and settings to be a drop in in a pinch.

@HardwareHaven

Жыл бұрын

And this was DEFINITELY not a good deal or a recommendation haha, just something I already had

@mintymus

Жыл бұрын

With a home setup it's not that difficult to just reinstall everything if something goes wrong...

Good video, need some information about the ssd connector 5v for diy truenas I'm building. Thank you

@HardwareHaven

Жыл бұрын

What info?

@mouhssinemhe4194

Жыл бұрын

@@HardwareHaven the connector type or the link where to buy

@HardwareHaven

Жыл бұрын

@@mouhssinemhe4194 Are you talking about the sata power cable adapter specificaly for the odysee? If so, I think they're on digikey.

The ultimate router for the ultimate channel?

I have a separate Pfsense and Pi-Hole server myself and let Pfsense take care of the static IP address and the DHCP for when the kids visit and they connect... Lol I run everything on hardware as the virtual stuff is above my pay grade.... My provider sent me a message and wanted to know if things were working because all they could see was one computer and no DHCP stuff. I said it must be working perfectly then... 😄👍 Thanks for the videos! LLAP 🖖

I only have a 100mbps connection so a archer c5v2 flashed with open wrt works great as my router I run qos cake/peice of cake. I don't run pihole because some sites hate being addblocked and I am not ready to deal with complaints from the family. Vlans work but I haven't had a need for a reverse proxy yet. Apparently its supported but the resources are quite limited on a consumer device

how do you use that lenovo mini pc to stream gaming?

@HardwareHaven

Жыл бұрын

Parsec streaming from my gaming pc. Works great!

Great video How about making the Ultimate Router Hardware and offering for sale?

What do you think about pfSense vs OPNsense?

@HardwareHaven

Жыл бұрын

Sorry! I dont have enough experience with OPNSense to really form an opinion. I think Lawrence Systems has a good video on it though

@MarcoGPUtuber

Жыл бұрын

@@HardwareHaven ...but I wanna see your opinions....

on windows its ipconfig /release and ipconfig /renew, but disable and enable interface is also fast 😉

Call me crazy but i will go out of my way to use power shell and ssh into any machine. The perfect copy paste is game changing compared to any other terminal. If you know of a better one for Linux please let me know!

Nice! You can run wakinator on this if you want!

@andrewmcewan9145

Жыл бұрын

I understand what it is but i can find zero documentation the gits don't have a readme.

@thejonte

Жыл бұрын

@@andrewmcewan9145 I know, I'm working on that

@andrewmcewan9145

Жыл бұрын

@@thejonte ah nice didn't catch your the dev. I would heavily recommend promoting it as your name/product as just searching the name on google it wasn't obvious.

@thejonte

Жыл бұрын

@@andrewmcewan9145 I've had previous conversations with Colten about it. To be perfectly honest I just hacked it together in a weekend, so documentation was the least of my concerns. I will be allocating 50% of my time to this, starting now.

@thejonte

Жыл бұрын

@@andrewmcewan9145 Git now has a quite OK-ish readme.

Good video !

Seems like an Omada controller running in LXC would be a very prudent addition to that box….

@HardwareHaven

Жыл бұрын

Yeah, I actually used omada for a bit, but I remember there being one super annoying thing about it, however I can't remember what it was... Maybe worth a shot again!

@Rockwolf50

Жыл бұрын

@@HardwareHaven It will allow you to control that managed switch and access point to set up VLANS in PFSense.

@HardwareHaven

Жыл бұрын

@@Rockwolf50 yep I'm aware!

I love youre videos!

Is the 5 dollar PSU still up and running?

@HardwareHaven

Жыл бұрын

Yep, almost a year!

You should use tab key in linux terminal.

@HardwareHaven

Жыл бұрын

I do, just not enough haha

What assurance is there that the Seeed, a Chinese manufacturer, hasn't included China government sponsored back doors into the BIOS when they don't include the full source code, without any precompiled binaries, to the firmware?

In this router need add wifi 6e access point card

You forgot to blur your Mac addresses at 7:00

@HardwareHaven

Жыл бұрын

I don’t think I was too worried about those

@HardwareHaven

Жыл бұрын

Thanks though!

My setup is working fantastically, but I am thinking about moving piHole into a container from a full-on dedicated VM. Also set up a container-based job for a backups.

@mintymus

Жыл бұрын

I'm eagerly awaiting another video from you. I followed your video completely, but I am using pihole in a container, it's working perfectly after 10 days.

@DIYDaveOK

Жыл бұрын

@@mintymus Thanks Minty! I needed to assemble some pieces for a follow-up but have been tied up with some car repair for a friend. Hope to get that out this week!!

@HardwareHaven

Жыл бұрын

I got through part of it, and need to go back and finish it!

@mintymus

Жыл бұрын

@@DIYDaveOK Looking forward to it!

I wouldn’t touch Nord-anything with a barge pole.

I want to build that router too

@HardwareHaven

Жыл бұрын

I wouldn't do the exact thing I did, as it's not the most cost efficient. You can probably fins some used mini PCs and do something similar. Or if you want tiny and new, and you're not looking to virtualize necessarily, check out the linkstar from seeed. You can run OpenWRT and docker containers to do something similar but for cheaper and in a super tiny form factor (plus it has built in wifi). I'm actually doing a video on it soon.

HH uses an optiplex W

I see nothing wrong with this. My opnsense is virtualized, the same box runs a small Linux server and dual adguard homes. Also able to have nightly backups.

@HardwareHaven

Жыл бұрын

Why dual adguard homes?

@nick-leffler

Жыл бұрын

@@HardwareHaven for patching now. I used to have two on separate hosts on a cluster, but I don't anymore.

@mintymus

Жыл бұрын

I'm new to this but I have no idea why some people are so paranoid about virtualizing their router. If mine stops working, even fully reinstalling Proxmox it would take maybe 30 minutes to get back up and running.

@nick-leffler

Жыл бұрын

@@mintymus it's also nice so I can restore a backup at the push of a button.

@mintymus

Жыл бұрын

@@nick-leffler Definitely, I'd like to learn more about how to do that.

the ultimate router in my view is ha opnsense - better licensing and redundancy - use the rev proxy on a vps - much faster

@HardwareHaven

Жыл бұрын

That would be sweet!

@shephusted2714

Жыл бұрын

@@HardwareHaven you should do a followup on this and go bigger but stay cheap - get like a used z440 rev2 mb and do 2 10g dual port (100bucks) and then like a few 2.5gbe over usb - total outlay maybe 400 bucks - this is appealing to smb and prosumer and home labbers and everybody just stops short of going all the way with 'ultimate' home router - you should do a followup and then ultimate ultimate home router - maybe even thik about going to 40g since you could have wire speed over 40g to nas and server - no switch needed - 40g cards are affordable on ebay - less than 50 bucks sometimes - you could followup with 100g and raid0 nvme with a pic-e card since z440 support bifurcation #swr matching

I am late but watched full video. ❤

Why don't you use openwrt? I understand it is much better than pfsense

@HardwareHaven

Жыл бұрын

Because I didn’t. Not every tech video can feature every option, and not using a given option doesn’t imply there is a reason. I’ve used PFSense a bit before so I’m familiar with it. Not sure how it’s “much better”. That seems like it could be pretty subjective and dependent on the needs and use case

@AviDarks

Жыл бұрын

@@HardwareHaven thank you for the answer. In the end we use what we know.

@HardwareHaven

Жыл бұрын

Especially when most of our time is consumed making videos and not having time to learn new things lol 😅 Thanks for the question by the way. Sorry if I came off a little rude

Haha I could tell my clients to get rid of all the 8000 series catalyst routers. And go for a much cheaper setup. I do think once it is installed. They will kill me for the awful throughput speed. And do think it will already run out of breath with only 40-50 clients connected. No 80 or 40 GBPS connections. How can you call this the ultimate router?

@ernestoditerribile

Жыл бұрын

What is you use a SAN setup such as NetApp or Oracle. 1 or 2 devices would totally saturate the Network.

@HardwareHaven

Жыл бұрын

I'm still figuring out how to be more clear, but I was definitely being a bit facetious with the naming, hence the "s Obviously a janky slapped together solution like this is the best router on the market, but it was fun and has some cool features for a home user like myself. I probably should've been more clear, especially in the first video, that this isn't even close to being the best router in terms of performance.

@ernestoditerribile

Жыл бұрын

@@HardwareHaven yeah I was making fun. Of the word choice “Ultimate router”

It is sad to see that you don't have IPv6 from your ISP. Then you should get a IPv6 /48 or /56 network, with 2¹⁶ or 2⁸ /64 LAN public networks. You should never accept just one IPv6 LAN address. Notice they are all are public addresses, and your firewall should protect your LAN, as it is with NAT. NAT is not computer security, firewall is. Recommend you learn Emacs for editing files. If you open the file /ssh:user@machine:/etc/motd will edit that file from your local machine. You can also open the file with /sudo::/etc/motd you will edit the file as root. Without running Emacs as root. And you have org mode and magit which are great tools for editing documents and to manage git repositories from Emacs.

New Patreon here! Woohoo! First

@HardwareHaven

Жыл бұрын

Nice congrats haha

Or you can just buy a mini PC from Ali we express that has 6 2.5GbE ports, N5105 CPU, 32 giga ram, pcie SSD, SATA SSD in a small fanless case at a cheaper price...

@drinkoldcoke

Жыл бұрын

Cheaper, no way. Anything with even 4 1gig nics is overpriced.

@HaimPeretz

Жыл бұрын

@@drinkoldcoke only 192$ (without the SSD and ram I had )

did yuo know: youre intro ist mor thann 10 minets long

@HardwareHaven

Жыл бұрын

Haha yeah whoops.

Hi

@HardwareHaven

Жыл бұрын

Hello Will

I love your videos, congrats for almost 80k now! Its me TheLeoDeveloper btw

@HardwareHaven

Жыл бұрын

Hey, thanks!

can u make an odysee channel?

@HardwareHaven

Жыл бұрын

Probably not anytime soon... I barely have time to make KZread happen lol

@srgantmoomooo

Жыл бұрын

@@HardwareHaven its just creating the account... you hook it up to your youtube directly and it'll automatically pull all thee videos for you, you dont have to do anything different when uploading, it does it all for you. idk, would be nice for people like me... foregoing all the youtube bs

30th

forgive me for complaining, but one picture can explain 1000 words, and in your case there are 100k words and not a single diagram or picture to explain your idea, only config screens and blah blah blah. Are you targeting your video only to those who understand everything without additional explanations?

@HardwareHaven

Жыл бұрын

I love feedback/criticism so thanks for this! I felt like, on this video and the one prior, I didn’t want to explain too much of what I was doing in great detail because I had done very similar projects in the videos prior (which I think I mentioned). That being said, I do think I could probably work harder to incorporate some better visual aids/diagrams/etc.. This wasn’t necessarily targeted at people with an understanding, but I think I filmed it with the assumption the viewer had seen at least the first video and maybe the others that were referenced. Hope that made sense and thanks again for the feedback.

@michalp.1484

Жыл бұрын

​@@HardwareHaven thank you so much for your response 🙂 of course I gonna check your previous videos, the topic seems very interesting

Windows refresh dns: ipconfig /release /renew

@echo off ipconfig /release timeout /t 10 ipconfig /renew Nifty bat file to release and renew your IP in Windows.