In-depth tutorials, discussions on network engineering, security, and technology solutions.
Lawrence Systems offers a look at how we run our company, the products we use and solutions we provide for our clients. We discuss and create tutorials for firewalls, storage solutions, MSP tools, security tools and open source topics. We do a live show every Thursday where we engage with our audience and have some laughs about working in the IT industry.
Shipping Address:
14140 Pennsylvania Rd.
Southgate MI, 48195
Content Creation Ethics and Guidelines can be found here:
www.lawrencesystems.com/content-ethics/
Пікірлер
Followed everything, worked well, but when I restrict one use to connect only to specific network, it loses internet. If I assign any permission, then Internet works. How to fix that ?
do you know if the UDM pro has a build in balancer for connecting another wan internet source in order to have cumulative speed ? thanks
Great video, agreed... internet gold, genius use of the tags feature, thank you! Got stuck at timestamp 10:39 where the "translation" address was not selected before saved. However, at time stamp 11:51 the "NAT Address" field is set to "PIA_SWISS address" so he must of gone back and corrected it, and clipped the video. Just a fyi, if anyone else struggled for a bit on this. As of the date of the message below, wireguard config not available for pfsense using PIA: ========================================================================= May 13, 2024, 1:07 PM GMT+8: Thank you for reaching out to Private Internet Access Support. I understand that you wanted to know how you can set up Wireguard on your PFSense. Allow me to assist. Regarding your inquiry about the WireGuard file, I regret to inform you that we currently do not have a configuration file tailored for router usage. Our available configuration options are exclusively designed for OpenVPN. As a result, we are unable to provide the necessary files for setting up WireGuard, and there are no immediate plans to introduce future. No worries! Your opinions matter to us, and your feedback is used to improve how we work and ensure we deliver a consistently high-quality service. We'll pass this on to our feature request. I trust this provides clarity on the matter. Should you require further assistance or have any additional questions, please don't hesitate to let me know. Regards, Private Internet Access Support =========================================================================
Towards the end of the video I tried to vlan hop as well. Maybe they patched it? I can't ping the IP or get to the web interface configuration page like you did on port 8 with your laptop.
Looking at the UI and the shiny bits. it looks a lot more user friendly that wireguard. Would this be usable for remote access to a small home lab setup or is it complete overkill?
Isn't the point of a home lab to have a place that can be overkill?
@@LAWRENCESYSTEMS I guess 🤣
Netbird's Android app is a little buggy (from my experience prior to Aug 2023). But it works and is cool.
Several RAIDs have a hot spare, (or cool by powering down the drive). I would like to have a cold spare for my zpool that gets automatically used so resilvering can kick off without me knowing a thing. I realize that this is sometimes dangerous because we don't know what killed the drive, and may kill another one while resilvering, but most of the time, drives themselves are the problem. Doez ZFS support the hot or cold spare concept?
Yes, you can have a hot spare.
the combination of both is also a good opportunity, advanced functions of the pfsense firewall, in particular for the VPN and Wireguard functions...and the entire UI part of Unifi for the advanced management of switches, access points and other equipment of the brand.....great job anyway !
I'm wondering if the new FS RJ45 SFP+ module that says the power is less than 1.8W: SFP-10G-T-100. Do you have any of these SFPs to test them? I'm interested especially for the temperature. I have a Zyxel XMG1915-10E switch which performs very well with optical SFP on 10GbE, but I want to use my RJ45 infrastructure. Because is a passive cooling switch I'm looking for low power SFP+.
Awesome video, but if you just use pure wireguard, you don't need any overlays
This is insanely cool, absolutely nerding out.
Thanks for the video Tom, sorry for the basic question but what is it about devices that cost so much additional $? And to be clear this is for Unifi Devices not client devices right? Thanks again!
I don't understand the question.
@@LAWRENCESYSTEMS Thanks for the quick response, Tom! To clarify, I'm trying to understand why adding more UniFi devices to a network increases costs significantly. Is this due to the additional network management overhead, hardware requirements, or something else? Essentially, I'm curious about what factors contribute to the increased expense when scaling up the number of devices on a UniFi network. Thanks for helping me understand this better!
@@blitzio Yes, each individual device talks to the controller which is why it scales that way.
Thank you for your video Lawrence! Im migrating my lab from esxi to xcp-ng and i knew that you eould have a helpful video for xcp-ng. Also, cicada 1337 reference?
No, Leet (or "1337") is not a Cicada 3301 reference.
What i hate about wireguard is that you are unable to remote on linux from local network.
Love these takes you do on this setups ❤
This explanation, to ly understanding, seems at least incomplete. For this vulnerability to work the DHCP server also has to become the gateway. Know this vulnerability is extremely easy to execute on non authznticated networks like most public networks, many corporate networks and many private networks. However. This attack does require to be present on the network as the target which does introduce a challenge.
Great vid! thanks
Hello, is it still worth it in 2024? Thanks!
nope
@@LAWRENCESYSTEMS what would be a good option then?
@@macromaker I prefer pfsense.
When will there be a 2.5 Gbit+ model of such thing? :(
Great video, thanks! I was already able to successfully create the first backups with Synology. But when I want to restore folders and files, only folders are restored successfully. I get an error saying I don't have rights to restore the files. The user can create files manually without any problems. Do you have any idea what it is?
Alright, that was actually crazy easy to setup. Converted from manually managed Wireguard, what a chore it's been...
I might be switching from core to scale to fix some problems I'm running into. Change is hard though.
hello I found about pfsense on your youtube channel for the first time. i have small office with 2 DSL modem one for internet connection and the other for vpn (remote desktop connection) to connect with head office to access ERP (Microsoft Dynamics SL), since we don't have a router we manually change the ip address and default gateway when ever we need to access internet or vpn (remote desktop connection) and it's very frustrating changing manually . After seeing your video on youtube about pfsense(software based router and firewall ) I decided to use pfsense as a router so that users can access both the internet and the VPN (for Remote Desktop Connection) without needing to change their IP addresses manually. This can be achieved by properly configuring the router to route traffic to the appropriate gateway based on the destination IP address or port number using policy-based routing (PBR), traffic is routed to different gateways based on the destination IP address. This means that users can access both the internet and the VPN without needing to change their IP addresses or perform any additional steps. I installed pfsense on my desktop computer with 3 NIC and I would greatly appreciate it if you could provide me with iformation on how to configure and set up the pfsense for my office based on my scenarios .
Does it have LACP LAG LAN aggregation ?
i love how the world of live sound and professional lighting leaks into the world of IT and server labs somehow 😅 (ADJ)
first
static IP on my pfsense WAN = I'm safe yeah?
Not really an issue there.
Cool t-shirt 🐱
Why no cold aisle containment?
I've been using Quad9 since I setup a pihole and it seems great.
I hate the unifi firewall rules ui/options.
Nice explanation.... but slow down your delivery 10%
Can you automate the config/key backups?
Been running the zimaboard 832 as pfsense firewall for a couple of weeks and whenever I transfer a large file between networks the LAN interface stops responding and I have to reboot it. Have had to reboot it 3-5 times for no apparent reason as well because my network connectivity would suddenly stop working while doing everyday normal things such as watching youtube or browsing the web.
Great video Tom. One of the things that occurred to me right from the get go is the importance of data structure and how to organize all of the dependencies. I think you should do a video covering this topic in more detail and reasoning behind why you structure things a certain way.
"if you don't know what it is go ahead and read about it" would've been nice to get a 5 second explanation instead, i think.
Is this possible with NordVPN?
Not that I aware of
@@LAWRENCESYSTEMS dang its the vpn i have im not trying to have 2 vpns
Thanks for explaining this. Great job!
Thx
Thank thank you SOO much. I have been BEATING my head on this for hours. Missed the final step.
Subscribed and liked. I've got to watch more of your videos for some steps to setup blocking. I have everything wide open. All my experience has been with sonicwall in the past. But I had a need for this netgate at a small 5 person office.
I think my ISP broke my Protectli. I was still running + but they pulsed my router and i could no longer get to the internet. Looks like this method no longer works. There is only an option to upgrade over the net. I tried several times and always ended up with my old version of +. I tried to create a boot USB but the unit doesn't see USB as a valid drive. Trying to reorder boot devices in the bios and now the only device I see is BIWIN SSD. When it boots, it goes so far and then I end up at a mountroot> prompt. I did a cross reset - didn't help. I've been trying different things for hours nut no luck. Any ideas?
CMOS reset, that is.
great system for the basic/generic use home user I guess if you wanted to have something that is capable for connectivity but also have a decent vpn or routing rules I guess you could get a raspberri pi to do that part of your network for you if it allows you to set a static IP to the pi
Hello, wondweful tutorial! Does it work with multi-wan in load balance mode? If so how to configure the gateway?
One major difference. UniFi sucks you into their ecosystem. Like Apple. 😄
This is well documented. Appreciated.