Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Greg_E

#1
4 to 5 bars signal and 140/70 from fast dot com. That will work nicely for my lab. Going to be a couple weeks until I get back to this, hoping the construction in my office will be in a better place then so I can start setting things back up and really test this. The IPPT is kind of on my mind right now, want to test it and see what I can see. Removes one layer of NAT so that has to help.
#2
Speeds are interesting, getting 3 bars of 5g and between 150-200mbps down, but only 5-6mbps up. Considering my lab use case, I hope the up gets a little higher, would like to see it least 10mbps, 5-6 with netbird on an RDP or even http remote is a bit tough. Have to try it at the lab tomorrow to see what I can see.
#3
Supposed to arrive today. I've been reading and it looks like the IPPT (ip passthrough) on the ethernet port is what I want. I'll have to pick up another 12v 2a POE power splitter to power this thing when it gets to my lab, then figure out how I'm going to connect everything. Probably going to need a POE injector to go with this.

It does say you can do IPPT with USB tethering, so that might be an answer too, I have a few active extenders and my plan tops out at about 100mbps anyway. There will be much messing around before I find the final solution. Need to go back to the OPNsense docs and see what kind of options I can set for WAN and backup WAN with USB.
#4
In general, flow control is your friend, even for audio/video over ethernet we run this.
#5
Glad I always seem to be behind by a lot of days.
#6
That said, today I was pulling assets that go with a book for Adobe Premiere at almost the full interface speed, across ZA. That almost never happens, even grabbing things from Microslop which is pretty much all blessed.

I need my lab back running so I can mess with this stuff and transfer back to production, this construction is killing me.
#7
This device says it can offer IPPT (IP passthrough) so I think that would be as close to bridge as possible. But it might also be restricted by the carrier, should know more soon. There seem to be a lot of business oriented features in the OS, I'm guessing this is a pretty common thing to use for backup or other remote office.

I wish it had Netbird built in, there are some more common vpn choices, but didn't see anything I'm currently able to use.

Would also be nice if this could be POE powered, but I didn't see that in the manual either. Would just make my lab system easier to handle. It does have a battery that can be removed for in place uses like business backup wan. It also has a battery saver mode for constant power connection that keeps charge between 70 and 80 percent, might end up using this feature.

Bought the 100GB plan, that will probably be plenty as I look at what I actually use in a month at home and this will get less use.
#8
I've only used single port a+e slot i226v cards and no problems so far. The dual cards are interesting for a few reasons, would like to know how this was fixed in case I ever need to go 6 ports in one of my T740.
#9
Anyone use or have tips on using a MiFi device as WAN source? I just bought an Inseego MiFi Pro M4 to use with my lab and for use in the car on trips. It says it has USB tethering, but also has rj45. It's T-Mobile so probably behind CGNAT, but that's the world I live in now, Netbird can get me around that for remote work. Everything I do now is behind multiple NAT of one form or another, yes it is less than desirable, just have to work with what you can get.

The hardware does support static IP, so I might look into that later and pay for an IP if T-Mobile can offer that (then run a local Netbird or other server).

Why did I go with that specific device? It was the only in stock 5g device that they offered that also has external antenna connectors (2 of them). External antenna can be a make or break feature depending on your location.

Any tips to get this working with OPNsense would be appreciated, lots of open USB ports if tethering is the best way forward. Link to the product https://inseego.com/products/mobile-hotspot-routers/mifi-pro-m4/
#10
Thanks.

Suricata is multithreaded, so not a huge performance hit until the rule sets get very large. But ZA as we know, is going to stay single thread until you buy up to the top level.

New production firewall on the way, I'll have to see how it performs with Suricata and ZA. It should have a faster per core performance, so my speeds should go up a little, and still running 16gb of ram to cache the rules (when possible).

Need to find some time to do more research.
#11
I'll have to look at the quote again, I might have seen the wrong version. It's coming as a package so I assume whatever it needs will be installed and working. Either way, $200 for 16gb of ram is crazy!

I paid $200 for 2x16 (used) sodimm not too long ago and going farther back under $200 for 2x32 DDR4 sodimm. My lab is like a gold mine if I decided to sell off the parts and junk the computers. Too bad I still need them to do work.
#12
It will be on a switch port that requires certificate based authentication to allow traffic and assign the port to the correct "lan". Correct "lan" is in theory a logical path back to the ISP, but again, the switches require the certificate in order to pass traffic. Right now they are bypassing this on a port by port basis. I'm waiting for some new and wonderful automation to come through and wipe out my connection. If I have the correct cert, then the automation will at least get my on a network to grab internet while I sort out the rest.

And no, I don't know why they didn't use a Radius server, we have one for other things, and the open version seems to work just fine. But they didn't and I have a feeling it was based on what Extreme Networks suggested (we are an Extreme campus) because it worked better with their fabric system.

And thanks for mentioning the wpa_supplicant. I saw that in documents and was getting confused because I was thinking only wifi. At least I have a path to look into to see if I can get to the end and test.

It also helps because I have an openWRT router that I'm going to need to do the same with. Need wired to get to internet, then internal wireless to connect 3 cameras, a control surface, and an iPad for video production (NDI | HX3) called the Birddog Maki Live. I'm going to assume that the same wpa_supplicant path will allow me to get this openWRT router on the network, don't care how many levels of NAT it uses as it only needs to get out to the web to stream.
#13
Please excuse my cluelessness, this whole Q-Feeds thing slipped past me.

If you can have only one, would it be Q-Feeds, Suricata with feeds, Crowdsec with feeds, or Zenarmor. Probably all of these would be the free tier. I want to put something on my lab, and test this for possible use in production. I have Suricata and Zenarmor running in production, though I never really see any hits on Suricata these days (might not be set up correctly).

Can someone clue me in, I did print the integration document that I'll read later, but help would be welcome. Goal is to block threats that come in from users on the web, and block anything trying to get out that my virus scanner didn't catch.
#14
I'd have to look it up, still hasn't arrived. I can tell you what ECC server ram costs, been pricing out storage servers and it's just stupid high. I could have beaten the cost buying from different places, but not by enough to make it worth my time, that's why we have approved vendors. I think the price I put together was around $850-$875 and then I have no leverage if there is a problem.

If the firmware gives me problems, I'll go back to the reseller and have them push the manufacturer to fix it. Protectli did suggest Coreboot over the AMI BIOS, so I'll set that up when it arrives.

Now here's the part that I found really interesting... The Protectli devices are on government contract, they are being used a bunch of places that we don't know about.

Model is VP4650 with six i226 ports
Single DDR5 16GB of ram was nearly $200usd, $60 for a small NVME, and $35 for a rack shelf. That puts the rest at around $6xx. I don't have the actual invoice in hand yet.
#15
I did a quick search, and most of these topics are about LAN side... Is there a way to configure the WAN to use 802.1x certificates to authenticate on the network? I have a use case where this might be needed, or at least make it nicer for the higher level IT department, and wanted to look into the topic. I looked at the webgui and didn't really see anything there, but certainly could have missed it.

Just thought I would be lazy and ask before I do a deeper dive to try and find the answer.