I made my Internet FASTER with this one simple trick! (moving 03)
Vložit
- čas přidán 31. 05. 2024
- Get an exclusive Surfshark deal! Enter promo code REDSHIRTJEFF for an extra 3 months free at surfshark.deals/REDSHIRTJEFF
Also thanks SO MUCH to Patrick from @ServeTheHomeVideo for sending the little mini PC and advice setting it up!
Mentioned in this video:
- STH video on Fanless Intel N5105 Mini PCs: • NEW 2.5GbE Fanless Rou...
- OPNsense: opnsense.org
- @homenetworkguy Wireguard setup guide: homenetworkguy.com/how-to/con...
- Netgear WAX620 Setup and Review video: • 2.5 Gigabits ought to ...
- Netgear WAX630E Testing with the Raspberry Pi: • WiFi 6E takes Pi to 1....
Gear I'm using for the Internet Crash Cart:
- QNAP 10G/2.5G Switch: amzn.to/43KdwfN
- Linksys EA7500-4B WiFi 5 Router: amzn.to/3JijFb8
- Netgear WAX620 WiFi 6 AP: amzn.to/3NAeHsO
- 4-port fanless mini PC: www.aliexpress.us/item/325680...
- Simplisafe Security System: amzn.to/43Ke8lB
- Shark Costume: amzn.to/441cZGb
- Small wheeled cart (from Lowes): www.lowes.com/pd/Style-Select...
Support me on Patreon: / geerlingguy
Sponsor me on GitHub: github.com/sponsors/geerlingguy
Merch: redshirtjeff.com
2nd Channel: / geerlingengineering
#Homelab #Sponsored
Contents:
00:00 - Networking plans
00:46 - A different kind of VPN
01:50 - OPNsense and Wireguard
04:59 - WiFi 6 AP upgrade
07:05 - Internet IS faster now!
08:56 - Kick - Věda a technologie
I vote for Jeff to from now on wear the SurfShark costume for every video.
Okay, but only on videos sponsored by Surfshark.
Right. When does kernel builds, he needs to wear the penguin suit.
Let's start a petition
I next it... 😉
Would love it!
Jeff, seeing you in a Shark suit made my Monday!
We have reviewed so much of that setup at this point. It made me smile. Great work Jeff!
Serve The Home's archives are truly a godsend for all things homelab! Or... small-office-lab!
new character unlocked
It's so refreshing to watch a VPN advert that isn't misleading... including the bit about the movement of trust.👍
Those are great little boxes. And they get better on a bi-weekly basis! I think we have a lot of those components down to the WiFi APs. Pro-tip: do not stack those fanless units.
Heh, it just helps the top unit go faster and faster!
I haven't purchased one of those router boxes yet, because I have read a lot of posts that they tend to burn out and die within a year.
So I have been researching to build a AMD Ryzen 5 5800 microATX SFF PC instead. If I wait until black friday, I can build something decent just around $300~$350
and not have to worry about it burning out on me. and it should handle anything I throw at it, including IPSec & other stuff without any hiccups. 🤷♀😋
The 🦈 made me NOT skip the sponsor segment for once. Good job mate 😂
If you are using opnsense, you can have unbound use the same blocklists as you would with a pihole, and would save yourself a pi (they're rare these days 😂), as well as have the option of having the firewall force all dns requests on your lan to resolve via unbound, so nothing can leak out by using a specific dns.
I've looked at that, though I like Pi-hole also for it's slightly simpler UI and metrics-plus the fact that it lets me put a Pi into service that I just picked up from Adafruit. First new Pi I bought for myself since mid-2021!
As far as the firewall, it can still force all DNS through Pi-hole running separately, too, so I'll likely do that.
I'm surprised Jeff didn't touch on the bug with Unbound where when you add DNS host override, once applying it, Unbound dies and needs to be started manually after each entry change, or maybe that is not a consistent bug or was fixed after I left opnsense a bit ago due to IPv6 issues, spent weeks on IPv6 and could never get it working reliably, ran an OpenWrt install on my router and IPv6 just worked, 0 hassle
Edit: also as Jeff said he liked overkill networking equipment, I found the DynaLink DL-WRX36, for the pricepoint, the hardware it is packing compared to competitors is crazy
@@JeffGeerling Should've gotten that Proxmox stuff to work, so you can run Pi-hole in a VM 😆
@@JordanPlayz158 I did run into that, didn't realize it was a bug, just thought that was life with OPNsense lol. I'll have to check into how that's going.
@@JeffGeerling ah, yeah, I'm not sure if it is a "bug" but I view it as one, if Unbound does need to restart to apply override entries, it should (imo) restart automatically and not just stop and have you hit start, just seems like weird behavior to me
I appreciate that you don’t try to sell the vpn service as secure unlike everyone else
The VPN setup in OPNsense as well as psSense is always annoying because they don't have good setup wizards or defaults. Ideally, they should have a guided setup that focuses on getting things working in a simple manner, while ensuring good firewall rules. The default should be to ensure more security, with user s being free to dig in to the config and reduce it if they want.
This x100 - it was a thousand times easier with PiVPN, because it basically walks you through the 80% use case, then you can twiddle with it if you really want.
Being integrated into the router, it would be nice if there was a way for the wireguard plugin to just add a default set of firewall rules after review.
@@JeffGeerling If you are using a mini pc for a router, this is why the Promox setup shines. I just have a little 1 CPU/512MB LXC running Wireguard and the WG Dashboard next to pfSense (and HA), all virtualized. I agree with Razor that the OPN/PF packages for VPN are not user-friendly and sometimes aren't updated very much.
I was worried about virtualizing pfSense (I use hardware passthrough for the 2 NICs, but I heard virtual is fine), but it has been rock solid. It just felt so wasteful to dedicate a 'powerful' machine (Dell Optiplex 7050 SFF - i5-6500 in my case) to run a router. Even with all kinds of pfBlocker update scripts, it never bumps above 30% on the 3 vCPUs it's allocated, and the 6GB RAM allocated is also total overkill.
+1
If you want to go full FOSS on your network (if that's important to you), see if your WAP is supported by OpenWRT. It's a very sleek Linux-based firmware for a bunch of equipment.
Love me some OpenWRT but for now at least, just going to stick with Netgear's system since it's simple enough and seems nice and stable.
I have that similar PC as my router (thanks to STH as well - for the review, I bought it) and have a similar experience. It's probably faster than I'll ever need but it's fun to see those max rates on speed tests.
Yeah; I actually just bought the slightly newer N300 model for my home network since I have Gigabit now... It'll be fun having slightly-more-than-1Gbps Internet at home!
Since you install new networking equipment, I highly recommend pulling a few strands of fiber, at least between locations where you know you may want to use higher bandwidth in the future. Patch cables with mounted connectors are not expensive, and since you will pull network cables anyway, you can add them at very little cost. Even if you don't have a plan to switch to multi-gigabit networking right now, just leave them unused. At some point you will realize that 2.5G is not that fast, and you will want to switch to 10GbE or better for transferring large files (like video clips).
In theory you can do 10GbE over copper, but transceivers run very hot, and copper is not a very reliable medium at such speeds.
Yep, planning on at least a couple runs of fiber between front and back, along with a small bundle of Cat5e for PoE cams, and some Cat6A for 10G and PoE++ use.
There will likely be a second switch and small rack in the front office area, and the larger server room with all the equipment in a more secure room and with separate cooling in the back.
@@JeffGeerling Power-hungryness of copper 10GbE will fit well with power efficiency theme.
And the one thing I learned from my install, is that I should have installed one more fiber line :)
I've been wondering: why not put in a conduit and put fibre in it, if you choose the right conduit, you can easily replace/upgrade/whatever when needed.
@@autohmae A drop ceiling like Jeff has here is even more flexible than conduit. Though I suppose you still need some conduit if you want call jacks instead of ceiling drops.
@@eDoc2020 fair
That's the tech channel with the best subtitles I've seen. Thanks for that!
I've been meaning to do a video on it, it's not super hard to do really good subtitles these days, I wish more channels did it!
We NEED to see you hanging drywall wearing that shark costume! :)
Haha maybe at least doing some patching. I'm trying as hard as I can to hire pros for the drywall hanging + taping + mudding. We'll see. I might do some myself!
@@JeffGeerling It’s not terrible to do yourself. The potential entertainment value of an IT guy trying to do drywall might be comedy gold. Nice channel btw. I enjoy the radio stuff as well as your PI content.
@@thetechq Heh, I have done a few rooms hanging, taping, mudding, and sanding, and I hate it every time. It's halfway-decent in the end, but I just hate the whole process.
You in a shark suite was the peak of this Monday! Enjoying this Vlog of the new office, congrats!
I’m amazed how the internet carriers in the USA have slow upload! Here by law we have at least 50% download speed.
That's a law I wholeheartedly would get behind. Even 10% download speed would be a huge improvement!
@@JeffGeerling yeah! Brazil have a huge Internet governance body that made that into law! We are lucky!
Hey Jeff! - I LOVE how you & "Explaining Computers" make it ALL look So easy! -
You Know! - Like "Hey you kids watching! - Don't try this at home! - I'm a Trained Professional!" HAHAHA! 🙂
Heh, in some cases I'll go deeper into the details but honestly, for something like networking, I only like to go deeper into parts that I know I understand... which is a vanishingly small amount.
I might take the Network+ cert exam at some point, but even if I pass that, networking is full of so much strange stuff!
I hope you do this xD I'm clueless
it's do different when someone who understands a VPN advertises a VPN. Privacy and avoiding georestriction rather than security which accurately represents what a VPN does.
I think it's because it's in the advertiser's scripts for CZcams sponsor integrations.
1:09 "you are currently running an experimental version of Earth"
Well, that explains a lot.
Hahaha didn't even notice that
Because of your video I set up my own personal NAS with Jellyfin, it's so cool thank you Jeff !
You're a pretty handy bloke Jeff, you can probably do drywall yourself if install costs are a problem.
oh yeah as something of a heads-up: Charter started upgrading their infrastructure to high split for symmetrical upload and download speeds late last year.
I think St. Louis is the next city they plan on rolling out the new symmetrical packages to, and they've actually already done most of the necessary infrastructure upgrades, though I think currently in the areas where they do offer symmetrical speeds, it's only available to new customers. Existing customers will have to wait before they can upgrade.
I would hope they do it. I just wish St. Louis (being the birthplace of Charter) would get upgrades sooner!
Yeah, I think St. Louis is gonna be the third city to get it. It first launched as a pilot program in Reno, NV, and Rochester, MN was the second to get the upgrade.
Meanwhile I'm in a former Time Warner area, and we're probably not getting symmetrical speeds until next year at the earliest
Hey, I mentioned on the first episode that I really enjoyed these because it helps me envision moving into my own space - I've now moved into that space! I have my own office for my work, and these videos have been such a great help. Thank you!
Good stuff Jeff!. I'm using pfsense at home and openwrt on my cheapo 3G Cellular router (it just shipped with the router and has enough customization for my remote monitoring and basic internet needs). I'm kind of sour on Netgear right now since they are forcibly obsoleting my existing (and expensive) Arlo security cameras by turning off monitoring service. I don't believe they are open-sourcing the firmware so if you have them, you're screwed. At least your fancy new router works without needing a cloud service from Netgear! Also, Pi-Hole is the best!
3:01 "The first turtle was figuring out whether to install os-wireguard or os-wireguard-go." That's one smart-ass turtle! 😁
the first time in a while that i haven't skipped a sponsor 🤣
Cue "Damn it feels good to be a gangsta" from the infamous printer scene from the movie Office Space ;)
I'm frankly glad my electric co-op has been rolling out a fiber optic network. It has been super beneficial for me and a number of rural users throughout the area. Sadly I can't get my mom set up on it because she lives in a very corrupt town. The local government pretty much decided to "lose the paperwork". I'm gonna need to find a good alternative because nothing available is worth the money.
Good afternoon from Spain Jeff, thank you for your video! I suggest that instead of SSL-VPN with split tunneling to connect to your office from your house, try to establish an IPSEC VPN, this way you won't need a client to connect to your other site
It shows the credibility I have for you Jeff, normally when I see such a title I will not watch the video out of principal. For you I clicked in straight away to see what new toys you had been playing with! Thank you
🎵Geerling Shark doo doo doo doo🎶
🎶 Red Shirt Shark doo doo doo doo🎵
Your hands coming out of the shark reminds me of the belly buster scene from aliens.
2:05 I was confused for a moment here when you said "this little guy" but then you added the arrow
I love these videos, can't wait for the next one
That suit is Boss Level!!!!! I live in Cocoa Beach next to KSC and if I ever have extra resources, most likely 4+ months after I finish piecing together a new PC to upgrade my 7+ year old PC, that suit might be my next investment. Can test my AI Drone to follow me around and have some beach fun during launches ^_^!!!! Thanks for the inspiration and Tech Tips.
(0:17) I really feel seen!!!
I switched to a different ISP late last year and the plan the salesperson sold me on (which I subsequently chose) included a unit that combined a modem with a managed network switch. The package was advertised as being 2 Gbps symmetrical, but the switch only has gigabit outputs, so multiple devices can still have fast connections.
Their router thing has a lot of settings locked out and I realised that they have a weird setup that allows their TV service to work (which is a separate subscription that I also signed up for) and they have some additional configuration stuff for the wireless APs they also provided.
Much like I did with the previous ISP my parents and I used, I would just work around the stuff provided by them and add on my own devices.
I'm currently taking notes on how the ISP's installers they assigned to my flat had set up the network combined with what I added later on, so that I can figure out the next moves for my Homelab setup while keeping the ISP-provided stuff working as intended.
I know the back wall install is temporary but if you’re observing poor RSSI in the front of your space, try finding a wall mount bracket (or Jeff you one with the 3D printer) that will allow you to mount the AP on that wall coplanar with the floor. The antenna patterns of those internal antenna APs are optimized for that orientation.
That was my thought the moment he showed where he was going to put the AP. Just the other day I had someone ask about mounting an AP vertical on a panel in the middle of a hall. Pointed out that only the half of the hall in front of the unit would get reliable access.
Ok got me, that shark made me not skip the ad - lmao 🤣
Thanks for the tip about setting channel width to 80 MHz. Doing that on my home UniFi network has nearly trippled speeds to my WiFi6 capable devices!
Nice roundhouse kick. Techie and martial artists - don't mess with this man!
For a moment there I thought you were going to sing a Kathy Perry song 😅.
And as a dev I appreciate the kick to the computer. God knows how many times I’ve felt that urge!
That kick at the end should've been Redshirt Jeff! haha
Looking forward to that pi nvr vid, Jeff. On a somewhat related note, I'd like to ask, will the 1gbe port on the pi limit the 2.5gbe network in any way if it's running only pi hole?
Since Pi-hole is just DNS, and doesn't actually route traffic, it doesn't need much bandwidth. So as long as the router/firewall itself is on faster hardware, the Pi wouldn't hinder anything.
If it is slow enough to delay DNS lookups, that would be an issue, but even an older Pi 2 (maybe even Pi Zero or Pi 1) would be fast enough to not be the source of any delays.
@JeffGeerling thanks Jeff, I've been meaning to upgrade to 2.5g myself but never found an answer to this question until now.
I was able to get Proxmox installed and pass the Intel based NICs through to pfSense on a similar PC. I am guessing the issue you had was you didn't have to compile the kernel and didn't know what to do. I also left the first port alone as the Proxmox port and passed that last three to pfSense.
I like having Proxmox installed on it since now I have PiHole and other network utilities running on it. I created a bunch of Alpine LXC containers that I assign to various subnets for testing firewall rules.
Seeing this comment gives me a possible hint. To use hardware pass-through in PVE you need to add a few options to the kernel command line.
who expected jeff to wear a shark costume😂
kinda cute ngl
My youngest daughter doesn't know what to think yet. She loves "Baby shark doo doo doo" (as she says it), but when I have the costume on, she laughs nervously.
Since I’m too inexperienced to mess with port forwarding for any VPN solution I’m using a spare Pi (unnecessary flex…) and RealVNC’s Cloud Connection feature to turn said Pi into an “access point” from which I can SSH around on my home network.
I have that same QNAP switch (which btw, you can setup vlans on if you're willing to flash a modified fw to it).. I use the SFP+ ports to bridge between it and my mikrotik (which also has 2 SFP+ ports) and the devices i put 2.5G networking on. works well at full ~2.5G speed even w/ USB nics.
A fun lil fact I like to bring up in the pfSense vs OPNsense debate, is that the pfSense team once was so angry at the OPNsense team, they domain sniped OPNsense's website and put a bunch of foul nazi shit on it. Just some food for thought
Hahaha a shark costume for the sponsor, that's great
I’ll be HONEST, Jeff! Most of what you do goes WAY over my head! - But it’s still FASCINATING to watch! - I’m more of a “ Peter griffin“ type! Lol (Family Guy?!?)
That said?!? - The shark costume was TOTALLY up my alley! - HAHAHA! - “LOVED IT!” :-)
I'm assuming you are using some sort of docker container for your internet monitoring. Which one do you like the best?
You assume correctly! The project I'm using is: github.com/geerlingguy/internet-pi
Did you consider installing an open OS on the WiFi AP? Like DD-WRT for example.
For this one, no, but I have set up RaspAP and OpenWRT on a few, plus I run AsusWRT-Merlin on my home router.
DHCP configured all on OpenSense or another sub-router for local clients?
Some people might be getting mixed messages when you have a "Nordic Pure" box in the shot and you're hawking Surfshark. 🤣
Haha! Didn't even think about that.
Keep up the great work! If you need any local help I'm in the area and working on getting my new lab setup in my new basement, it's reminding me I dont care to retrofit places with new cables lol
I'm also curious where the office is located as AT&T is mostly everywhere around here and symmetrical gig is only 80$
For commercial, if the building doesn't already have fiber run, its a lot more expensive since each unit has to have its own 'dark fiber' run from the central switch.
@@JeffGeerling my bad on not clerifying, I was talking about 'residential' the only restrictions I have ran into is not being able to host and email server due to outbound blocks, otherwise I'm on 1GB symmetrical with a /29 of statics from AT&T and will be having spectrum run fiber for a backup isp.
Today's video is sponsored by LeftSharkVPN!
best sponsor spot EVAR!
I feel your pain on the upload speed. All these ISPs advertise their "fast internet" and then hide the "estimated speeds" and the fact that it's only fast in one direction. The fact I can upload anything at all most of the time is a miracle. My download is OK, but is really only a tenth of what is advertised.
the upload speeds are always limited by the docsis standard used in coaxial runs hence why you may get 1 gig down but only at most 50 up, theres way more to it but this is the simplest answer i can give
I don't know what that computer did to you, but I'm guessing it had it coming. I'm sure we've all had that one device that we wanted to go "Office Space" on. As for the drywall, give it a try, it's not that hard to snap a clean line and screw it in place, and if you have any jagged edges that's what the mud is for.
I agree.
I did a drywall ceiling with a friend once. If you are not alone it's one of the easiest things to mount, screwing directly through it into the U profiles we mounted before.
As for clean lines. You just need a ruler and a knife. Then break it like floor tiles. It breaks not always a 100% straight from front to back but it was always good enough. Then you cut the rest of the paper. Also the edge can easily be corrected with a rasp if you really want to.
Do you have a link to that low powered intel 4port 2.5gig mini pc? Seems to be missing in the description. Or is this custom built and can't be purchased?
Sorry about that, thought I had linked it! There's a link to the Topton model now, which is almost identical (just slightly different case layout).
great video. why didn’t you go w/ unifi gear? budget?
Great content as always, Jeff! But hey... no Ansible setup for the OPNSense?😉
not *yet*
The gitd sign will help during fire so that you can see it when its totally dark 😊
Best surfshark sponsorship ever, unique, funny and best of all, accurate information!
i feel you pain with charter/spectrum upload, i got 500/30mbps and just did a 1.6Tb backup, which i had to throttle when i was working or playing games as i would get 200-500ms ping when my upload was pegged. i think it took a full month to backup. luckily my online backup solution does allow for having them ship you a drive one time and copy to the drive and send it back. which ill do when i go to backup the other 5tb of data which is mostly video.
What software are you using for nvr on your raspberry pi?
The single best sponsor spot on CZcams.
great video as always jeff! :D
I love that you called your ISP "Charter". As a fellow St. Louisian, places are not allowed to change their name. We will never adopt it.
Which kind of IPv6 connectivity did you get?
Fire extinguisher is properly a good idea, if you allow Redshirt Jeff in the shop.
Your SHA256 is visible at 2:42, think the blur came off early? Edit, no idea if this is an issue, just thought I'd mention.
Drat! I thought I blurred on that frame but I must've missed it in the final edit. Ah well, regenerating the SHA256 hash is easy enough in the GUI: forum.opnsense.org/index.php?topic=32588.0
It's not a major security risk or anything, just... the less info someone gets the better sometimes.
I can imagine some future quantum computing sidechannel attack that can correlate the season of the year with the "random" generated key and then regenerate a private key based on it and the sound of my voice based on what I ate in the morning.
Based on all the other exotic sidechannel attacks, it's not too outlandish!
I went from running my ISP router on fibre to running an OPNSense VM via a multi-port ethernet card and my throughput dropped by about a third. The host server is hardly sweating but despite trying to tune things I can't get close to the ISP's router throughput.
OK, I admit. I laughed at you for the shark thingy. I just hope it was worth it.
kickboxing computers is a nice deep cut.
something you can do, i do it, create a dummy youtube account, install obs / ivms on a minipc, stream the video on a live channel set to private (important), free cloud that you have control over with easy playback and live view
Please do a opnsense series, that would be awesome!
I have started one on my channel if you are interested!
any idea who might make a pi case that's wide and flat, space for a battery pack, weather resistant so it can be worn on the outside of a pack, ports along the bottom edge probably..?
I'm so shocked redshirtJeff didn't stop by to knock down that wall or kicked off you network yet.
You could also have gone for the Wireshark angle...:)
Woo networking day! My favorite day!
Every day is networking day for a homelabber haha
@@JeffGeerling for sure!
The shark suit took me out!😂😂
Best surfshark ad I have ever seen!
You can set up pi hole as a docker container or a vm as we’ll
Oh no, that last kick.... Red Shirt Jeff was so far, now we have also Yellow Shirt Kill Bill Kung Fu Jeff!
Very handy - it is my next project!!!!
That shark costume confused me so much. I thought you were dressing up as Blahaj for pride and got very confused 😅
Jeff, did you see my comment on the Sony Pi factory video?
"Jeff, great video of this factory that I've been near in Wales, the country which I live in!
Can you come back to the UK and do a broadcast transmitter site tour or two? That content is a bit lacking compared to US ones!"
Would love to, though also check out Ringway Manchester, he has some great videos!
Did not expect to see that from yellow shirt Jeff!
What a sponsor read!!!
i see Jeff is practicing for the case toss at LTT, bring back 1st place buddy!
What do you mean set-up internet monitoring? Just feed the mac address so some yaml and it'll install itself, right?
Yes, I loved the Shark!
Great Video, as always, the only question i have is: why not go with ubiquiti?
Two reasons, mainly:
1. Avoiding the lock-in; once you get into a nice ecosystem like that, you tend to get locked in and go full-Ubiquiti, and that means I'd be less likely to check out and fully production-test other vendor or open source products.
2. Expense; Ubiquiti is nice, and a very reasonable choice, but it is a bit more pricey than DIY networking based on less expensive but as-capable products.
@@JeffGeerlingalso, if you're planning the same idea as shown here, running 2.5Gbe from your modem, to the router, and out of your router...your Ubiquiti router option is the Gateway Professional, UXG-Pro that is $499.00 with 10Gbe SFE ports in and out. The Dream Machine Special Edition has a 2.5Gbe WAN port, but only 1Gbe LAN ports, so no >1Gbe throughput.
Yellow jeff kicking some computer ass
So much going on in this video. I'm just now thinking about changing my home network set up. Do I need wifi 6E or just 6. Do I actually need opensense or openwrt or whatever on my router. Is a consumer router enough or should I get a small x86 PC for all that. So confusing.
How much speed do you need and do you want any special features like VPN?
Where can I get that utility cart? It would be perfect a little setup I’m planning.
I bought it at Lowes-I think it's linked in the description.
@@JeffGeerlingthanks a bunch. I overlooked the video description.
Any idea when Pis will be back in stock?
Gotta love Sepctrum's gigabit only offering 40 upload
You're going to look like "scruffy the janitor" pushing that cart around.
A long time ago I set up a pfsense router an enabled transparent proxy cache which work excellently considering I was on what became a slow ADSL, unfortunately we all had to shift to HTTPS which killed that😞 it's ashame we can't figure out some way to use this fancy crypto technology to bring back transparent proxy cache, it might even be able to be used as a remote content servers caches for terrestrial and non-terrestrial.