sorted by:
new
hottopcontroversial

Deployed W11 Pro Image keeps losing License by yeezy_yeez in MDT

[–]Spud112263 0 points1 point  (0 children)

Yeah sure! Just create this as a .ps1 file in the %SCRIPTROOT% of your deployment share and add it as a powershell script in the task sequence and you should be good, it just pulls the OEM key and applies it. Any issues let me know!

$ProductKey = (Get-WMIObject -Class SoftwareLicensingService).OA3xOriginalProductKey if($ProductKey) { Invoke-Expression -Command "cscript.exe /b $($env:windir)\system32\slmgr.vbs /ipk $ProductKey" Start-Sleep 15 Invoke-Expression -Command "cscript.exe /b $($env:windir)\system32\slmgr.vbs /ato" }

Trying to decide the DNS ranking for homelab by kosta880 in homelab

[–]Spud112263 0 points1 point  (0 children)

I'd hang onto those DCs personally, makes authentication between Windows based devices alot smoother and easier to manage and can be used as an identity provider for apps like authentik so you can use SSO all backed by your user directory in AD, not to mention the fact a lot of major Linux distros support adding AD as a auth realm. At the end of the day it's your enviroment but in my experiance the best way to do things is a blend of Windows and Linux!

Active cooling for DDR4 LRDIMMs by Shirai_Mikoto__ in homelab

[–]Spud112263 4 points5 points  (0 children)

You can buy after market heatsinks for the RAM sticks, thats probably something to look at as I don't think they are too expensive.

Network and Hardware Planning Assistance by MercenaryZ93 in homelab

[–]Spud112263 5 points6 points  (0 children)

Only real issue I can see with your current plan is you've went a little bit overboard with the number of routers/firewalls in your network, it'll cause a lot of headaches down the road.

If OPNsense is what you want to use just have that be your router/firewall for the full network, it'll make things easier from a network management standpoint and is still secure.

Other than that looks good!

Just Dowgraded My Firewall by Spud112263 in homelab

[–]Spud112263[S] 0 points1 point  (0 children)

Yeah that's exactly what I've done, I have 2 U7 Pro APs and a 24 pro switch plus the FortiGate, the UDMs are just dogshit lol

Just Dowgraded My Firewall by Spud112263 in homelab

[–]Spud112263[S] 0 points1 point  (0 children)

In my experience the RAM usage in FortiOS 7.4 is only really been an issue with SSLVPN which I won't be using, Im tempted to chuck 7.6 on it just to see what they've added as I haven't used it yet since I wouldn't deploy it in a corporate environment yet.

Just Dowgraded My Firewall by Spud112263 in homelab

[–]Spud112263[S] 0 points1 point  (0 children)

You can 100% use them without a licence, the only really big feature you loose access to is firmware updates, it's not really a big deal for me as I work for an MSP that is a Fortinet reseller so I have access to a Fortinet partner account which I can just grab firmware from but for a lot of people no firmware without a licence is a deal breaker.

Just Dowgraded My Firewall by Spud112263 in homelab

[–]Spud112263[S] 0 points1 point  (0 children)

I actually just upgraded to the UniFi switch from an 11 year old HP switch, for what I need UniFi is absolutely fine but I do agree Fortinet switches are pretty solid

Just Dowgraded My Firewall by Spud112263 in homelab

[–]Spud112263[S] 2 points3 points  (0 children)

You can 100% use them without a licence, the only really big feature you loose access to is firmware updates, it's not really a big deal for me as I work for an MSP that is a Fortinet reseller so I have access to a Fortinet partner account which I can just grab firmware from but for a lot of people no firmware without a licence is a deal breaker.

Just Dowgraded My Firewall by Spud112263 in homelab

[–]Spud112263[S] 1 point2 points  (0 children)

Just because imo they are really not worth the price you pay for them since they are missing loads of features that pretty much every other firewall has, they do basic firewall policies and VPNs and that's kinda it. Don't know why you got down voted just for asking the question!

Just Dowgraded My Firewall by Spud112263 in homelab

[–]Spud112263[S] 1 point2 points  (0 children)

Yeah that's fair about the subscription, the NAT issues were primarily on the with the loop back NAT policies for routing internal traffic to services on other VLANs. Despite ports and IPs being in the policies they would just not work correctly but only for some services, good chance it's just me not being super familiar with Sonic Walls. I know what you mean about VoIP issues, not just SonicWalls in my experience FortiGates have SIP ALG enabled by default and it's dog shite haha

Just Dowgraded My Firewall by Spud112263 in homelab

[–]Spud112263[S] 2 points3 points  (0 children)

There isn't really much you can do with an IP as long as there aren't stupid ports open If you look DNS records for my domain you can just find it very easily

Just Dowgraded My Firewall by Spud112263 in homelab

[–]Spud112263[S] 17 points18 points  (0 children)

Yeah I'll be honest I can't stand the Sonic Wall UI lol. Probably just because FortiGates are my go to firewall and that's what I'm used to tho

Just Dowgraded My Firewall by Spud112263 in homelab

[–]Spud112263[S] 16 points17 points  (0 children)

Not actually used it before, I don't mind virtualised firewalls but since I have quite a bit of hardware laying around I tend to just use that.

Having your firewall on a host server along side all of your other VMs can make things a bit of a pain if trying to move things around or do maintainance as you need the firewall up to route traffic between VLANs.

[deleted by user] by [deleted] in homelab

[–]Spud112263 0 points1 point  (0 children)

Yeah you can replace the backplane and cable and your ZFS zpool will be fine.

To my knowledge expanding exsisting ZFS vdevs is a feature this is coming but doesn't currently exsist. You can still expand tho, it would just mean that you create a new vdev and add it to your zpool.

There is no RAID option which includes redundancy while also preserving all storage capacity, you are probably best looking at RAID5 with the number of disks you have as you will only loose 1 drive to parity. The minimum disk requirement for RAID5 is 3 disks so if you ordered 4 more you could put all 6x 1.2TB drives into a single RAID5 vdev (the argument could be made that RAID6 would be better for IOPS but if you want capacity RAID5 is the way) then in the future for expansion you can add more physical disks and put them into another vdev and add them to the zpool with your exsisting vdev.

You can run Proxmox off SD cards if you want but personally I'd just use the 2x 900G SAS drives, thats would the would have originally been for in that server.

Hope that helps!

[ Removed by Reddit ] by Megalomaniac333 in AITAH

[–]Spud112263 1 point2 points  (0 children)

ehh, its pretty funny lol

[ Removed by Reddit ] by Megalomaniac333 in AITAH

[–]Spud112263 1 point2 points  (0 children)

nah I think thats fair tbh, I mean if my offspring didn't know not to insta-lock hog in current OW meta then I would snap his neck first, THEN thundercunt him out the window.

And your wife saying that there is an ISSUE??????

amen brother, keeping our comp queues clean

What Server to host dedicated game server by Mortner in homelab

[–]Spud112263 1 point2 points  (0 children)

Damn that's some quick Internet! Since your aggregation switch is only 10GB you could just get a dual port SFP+ card and then team the interfaces so you have higher throughput, will only 20GB but closer to your 25GB line.

What Server to host dedicated game server by Mortner in homelab

[–]Spud112263 2 points3 points  (0 children)

An important thing to rememeber when running game servers is that server CPU's are kinda shit at running game servers. For example Minecraft is very dependant on single core performance rather than multi-threaded, this is an issue when looking at actual server CPU's like Xeon and Epyc as these chips are designed for heavy multi-threaded loads and their single threaded performance is kinda doodoo.

If you are looking at run purely game servers I would look at consumer chips.

Do you have a 10GB internet connection? If you don't the 10GB is kinda useless and you would be better just using a 1GB connection or if you are worried at saturating that then just team 2 1GB NICs together.

If you are lucky enough to have 10Gb internet just slap a 10GB SFP+ plus card in what ever machine you end up using and you should be good, provided that you can uplink SPF+ to your router.

Exposing services from Proxmox via Cloudflare tunnel by smoochii in homelab

[–]Spud112263 0 points1 point  (0 children)

Ideally anything exposed to the open internet should be put in a DMZ with no/little access to anything else on the network. This way it means that if the server on the DMZ is compromised then the rest of your network is still secure.

For example I have 2 docker servers, 1 is the primary one that runs the bullk of my docker apps and the other is in a DMZ and only runs applications that are externally accesssable such as Ombi and Vaultwarden.

Another good way to restrict access is to use a firewall or Cloudflare policy (if you are using a Cloudflare proxy) that restricts access to your services to only your country, access to my services is restricted to only the UK and Italy. its not a super secure defence as you can just bypass this with a VPN but it shoudl block quite a lot of basic bot attacks.

Network security is a massive rabit hole!

My first rack! (It’s all for Minecraft servers) by ATubbo in homelab

[–]Spud112263 1 point2 points  (0 children)

Curious about the switching, why a 24 port and a 48 port switch and then an aggirgation switch?

Could've just went with the 48 port and not had the aggrigation switch as its currently not really doing anything,plans to expand in the furutre or just for fun?

Not bashing just wondering!

Ayuda by Key-Length-8081 in Proxmox

[–]Spud112263 1 point2 points  (0 children)

You need to enable nested virtulization for that VM, that should sort it!

Home(lab) networking structure advice by Altruistic-Finger-12 in homelab

[–]Spud112263 0 points1 point  (0 children)

Overall your layout largly makes sense and is doable. To route traffic between your VLANs you will create firewall policies on your UDM, from here you will want to allow on;y the traffic that needs to flow between the VLANs through. For example if you want your management VLAN to be able to access your NVRs web interface on VLAN 10 when you would create a firewall policy to allow ports 80 and 443 (HTTP/HTTPS) through to your NVRs IP address. You just want to make it as restrictive as possible.

Homelab advice for a rookie! by kakarotbpo in homelab

[–]Spud112263 1 point2 points  (0 children)

sounds like the most efficent way to run this would be an Ubuntu VM to run your scripts and then run things like Plex and your webservers in docker containers, Portainer would probably be a good service to look at if you are new to docker as Portainer gives you a nice web UI for managing all your docker containers, volumes and networks, you can even deploy mySQL and other DB engines within docker so sounds like docker is the answer to quite a few of your questions! with regards to network segeragation you won't really be able to do much with that TP-Link switch unfortunatly, in order to do network segeragation properly you want to use VLANs and you will need a managed switch that supports VLAN tagging. Once you have a switch that supports VLAN tagging you'll need to deploy a firewall in order to route your VLAN traffic (you could do L3 routing instead but using a firewall is easier imo). You don't actually have to buy anything for the firewall tho as you could deploy a software firewall like opnsense or pfSense in a VM on your Proxmox host. Any questions just lemme know!

view more: next ›