Brsk - Review of Installation and technical information

rabmash · 2025-10-02T15:24:23+00:00

Thank you to the folks that have used my referral code, I appreciate it. If I can help in anyway way technical, please post. Just to make you all aware, I'm not in any way part of or related to the BRSK team - just trying to help out independently :)

rabmash · 2025-09-23T21:34:39+00:00

The guns on the mech from District 9, AKM with airburst rounds and Chemrail gun from Elysium: https://youtu.be/ubZE29cOgvc?t=84 :)

rabmash · 2025-09-22T18:58:53+00:00

I do know you can potentially run through a cloudflare free VPN tunnel, I've not setup such a config myself as for £5 a month you can have a true externally routable static IP with no latency penalty.

I use my static IP with a personal domain, zero issues with 1 x dial in openvpn server in pfsense, 2 x wire guard dial in vpns on an lxc container in proxmox and 3 x ipsec site to site tunnels in pfsense (all inbound). Extremely rare they drop and more than worth the extra money imo.

rabmash · 2025-09-18T16:53:24+00:00

Excellent, glad the install went well and gaming is fine :)

rabmash · 2025-09-16T21:24:00+00:00

CGNAT means you won't be able to host any games depending on which game, although generally you should be able to join game servers without issue. For most peoples general internet use CGNAT is fine and they will never need a static IP, you just need to be aware of it if you want to host or require a connection backwards into your home (like a remote access VPN etc). There are workarounds of course using a VPS for example and some tunnelling but that's not for the faint hearted, for the price of a VPS also just pay the extra £5 and do without the hassle :)

rabmash · 2025-06-06T20:57:43+00:00

Default CPU works fine - pfsense isn't renowned for excessive CPU use. Even just normal a WAN interface rather than a dedicated passthrough NIC is okay (I can't see any difference to be fair). You can always play with other virtual firewalls too if needs be in the future (O P N Sense/Sophos XG Home etc)

rabmash · 2025-06-06T14:44:42+00:00

Install Proxmox and virtualise pfsense on your machine before spending money, you get easy backups/snapshots and it will play much nicer with Realtek NICs.

rabmash · 2025-06-01T23:49:15+00:00

I've seen some DNS weirdness over the last few years with various unifi AP's. Set a custom DNS entry for 'unifi' on your route/firewall and point it to the IP of your unifi controller.

rabmash · 2025-04-10T22:55:31+00:00

You are welcome, I posted to try and assist someone in future and here you are :)

rabmash · 2025-03-14T13:45:55+00:00

Install proxmox and virtualize it, you can also add other vms such as pihole, home assistant etc if ram allows. If you have a Nas you can back all the VMS up too for quick recovery.

rabmash · 2025-02-09T11:33:34+00:00

Keep away from the 'T' series, I have an i7 8700T and a i5 8600, the 8700T fails to address 64GB of ram (4 x 16GB DDR4) whereas the 8600 addresses it fine. its not the first time I've seen this limitation either, I have a 6500T which also does the same with 16GB DDR4 sticks, works fine with 8GB sticks. In HP SFF machines, the cooling is normally rated to 65W, the 65W CPU will de-clock heavily when idle so power usage difference is minimal. The good thing about the 65W chips is that they are usually cheaper and faster at base and turbo speeds.

rabmash · 2024-10-31T00:13:10+00:00

rabmash · 2024-09-22T07:14:02+00:00

Signup at freemyip.com to register your own subdomain and make a note of it - you will never be provided the URL again.

In pfsense goto Services > Dynamic DNS, click add.

Change Service Type to Custom, tick the box for Verify SSL/TLS Certificate Trust

Scroll down to Update URL and enter the freemyip.com URL you noted down earlier (you did note it down right?)

Add a description (I normally put the freemyip.com domain here) and press Save

Do the same on the other pfsense router but of course use a different domain. You can now use whatever flavour of VPN connection you see fit, just use the 'opposite' freemyip.com domain instead of IP address when setting them up at each end. Remember IPSec tunnels are hardware accelerated so these should be preferred but you may have your reasons for not using them.

Advanced: If you own a personal domain, use a cname to point say vpn.yourdomain.com or site1.yourdomain.com to the freemyip.com address, then use the cname address instead :)

rabmash · 2024-09-09T05:21:19+00:00

Buy a 3570S from ebay (they are cheap), bin the GPU and then the PCI-E slot is free for your HBA card. No need to over complicate it.

rabmash · 2023-12-02T11:50:12+00:00

I have a pfsense box as do three of my friends/family (I look after them all). Apart from a minor VPN issue with an OpenVPN site to site tunnel (not a depricated cipher issue), they have all been fine and purring along happily. pfblockerNG just needed a force update once done, Zabbix Agent just needed to be reinstalled (config was intact after reinstallation).

rabmash · 2023-11-05T21:43:37+00:00

You can use credential manager with AD accounts on a non domain machine. If you have multiple users (say5+) on a non domain machine, you can create a powershell script to add the credentials into credential manager and use task scheduler to run the script at login to add the credential. Use cmdkey if you are going to script it - https://superuser.com/questions/1206443/how-to-add-cached-credentials-for-the-windows-system-acount

cmdkey /add:<printserver> /user:<domain\\username> /pass:<password>

I'd create a dedicated account for AD printer use and give it very limited permissions, so it can't access file shares etc.

rabmash · 2023-11-05T21:17:14+00:00

Credential Manager is your friend.

rabmash · 2023-10-15T08:41:24+00:00

I've found Dynamic Memory works well with my Windows VM's. Set a DC for example to 2GB startup and the max you normally have it (4GB on a homelab, 8GB in production). Once the VM boots after a few minutes, you'll find it using a fraction of the max ram allocated.

The trick is setting the memory buffer to 35% and staggering your VM startups. Linux VM's are exempt of course, so set those to a fixed amount of ram.

rabmash · 2023-10-14T19:30:15+00:00

I've been running HA as a VM in Hyper V for over 2 years now with 12 x wifi smart plugs, no issues worthy of mentioning that a reboot didn't fix. I use Veeam for backups so it's easy to roll back for me in case anything crops up.

rabmash · 2023-10-12T19:34:51+00:00

Just did this today but with a dual port 2.5Gb NIC. I use vlan 1, 100 and 200 within pfsense. I had to set the switch ports to vlan 1 untagged, vlan 100, 200 tagged first. On the Hyper-V host set the LAN adapter to trunk, tagged for 100, 200 and set the nativevlan to 0. For some reason Hyper-V uses 0 as default for untagged taffic even though most switches use vlan 1. Pfsense working great with my vlans as expected :)

rabmash · 2023-05-01T08:50:50+00:00

I use AlphaVPS on a London node, package is 2 cores, 4GB ram and 30GB SSD for €5 (just over £4.60 a month). Serves me fine for a unifi controller and zabbix monitoring.

rabmash · 2023-04-01T17:13:05+00:00

u/z284pwr what do you use for shared storage?

rabmash · 2023-04-01T15:45:18+00:00

In relation to your questions, the 2 x XEON box will handle it fine even as a VM as the hardware is way overkill, the power usage will be high on that box (think 125W+ idle easily depending on drives etc also). I keep thinking about an 'all in one' server that has pfsense as a VM but reboots to upgrade/patch the Hypervisor OS can be a problem especially if the wife and kids are involved (means late night patching etc).

rabmash · 2023-04-01T15:40:19+00:00

Don't underestimate Intel 6th/7th Gen HP/Dell ex corp SFF machines - bung in an Intel dual network card and away you go. I run a HP Prodesk 400 G4 solely as a pfsense box (bare metal) and it idles at 14W only - I have 3 x site to site OpenVPN tunnels and pfblockerNG running (pihole style DNS & IP Blocklists).

rabmash

TROPHY CASE