Відео

Hi there, yip you will only need a firewall rule to allow DNS into the Management network. So you will have a rule that is something like the following: Protocol = IPv4 (TCP/UDP) Source = ALL or Management Net Source Port = ALL Destination = This Firewal Destination Port = 53 (DNS) So this will allow local DNS queries from the Management network in to the firewall. Then for non local DNS requests. Since the port forwarding is done internally, so forwarded to 127.0.0.1 ( “This Firewall”) no firewall rule is needed for that. I hope that make sense

@@jonomoss so in addition to the NAT/forwarding step shown in the video, I also need the firewall rule which you described?

Hi, yes it should.

Hi, I'm not too sure if it will work for the T710, you could try it. It will only install updates if it finds supported hardware. So you won't hurt your server. However, I would rather suggest you check out the following video: ua-cam.com/video/ki78B4A_XkI/v-deo.html Allen Sampsell goes through how to create a bootable ISO with all the updates for a specific server. That way you can get the exact updates you will need for your T710. I hope this helps.

@@jonomoss Thanks - That will be a big help

Hi, I'm not too sure if it will work for the T710, you could try it. It will only install updates if it finds supported hardware. So you won't hurt your server. However, I would rather suggest you check out the following video: ua-cam.com/video/ki78B4A_XkI/v-deo.html Allen Sampsell goes through how to create a bootable ISO with all the updates for a specific server. That way you can get the exact updates you will need for your T710. I hope this helps.

Hi, I use draw.io. The offline version can be downloaded from: www.drawio.com/

Thank you very much, I'm glad you found it helpful.

Thank you, I can look into doing that for you, I have a few planned videos I want to do. But I will definitely add OpnDNS. to the "todo" list

Thank you, I will be making videos / guides on this very soon.

Hi, when using the CLI, the PAM user has to have root permissions (be in the root group). However If you want to change that / give your user access to it. You can see the following guide: www.dell.com/support/manuals/en-us/openmanage-server-administrator-v10.0.1/omsa_10.0.1_users_guide_pub/editing-server-administrator-user-privileges-on-linux-operating-systems?guid=guid-167f8744-21ed-4399-82aa-eabb7a706a23&lang=en-us I hope that helps you.

Aye! Thanks! Meanwhile I found a jankier solution by using docker directly on the machine. The problem was that the user I was using in Pam it's root

I'm glad it helped.

Hi there, Yes this will work for any OpenVPN connection type, which NordVPN supports. You can follow their User guide here on how to get it to work on OpnSense: support.nordvpn.com/hc/en-us/articles/20397569418129-OPNsense-21-setup-with-NordVPN The above support article has the Certificate Data for NordVPN. If you want to know how to find the certificate data / where it comes from, You can get the Certificate Data from their OpenVPN Configuration files: nordvpn.com/ovpn/ So for example, You can download and open the Configuration file for the "ad1.nordvpn.com" file: downloads.nordcdn.com/configs/files/ovpn_legacy/servers/ad1.nordvpn.com.udp1194.ovpn Then if you open the ovpn file in a text editor, you will find the certificates Data under the <tls-auth> section if you look in the videos description box, I have a link there where to find SurfSharks Certificate Data. The link is: support.surfshark.com/hc/en-us/articles/12434921071890-How-to-set-up-Surfshark-on-an-OPNsense-router I hope this helps you.

@@jonomoss Thank you very much for the reply and those links. Will definitely go through those links and test it out...👍👍👍👍👍👍

You're welcome, I'm glad it helped.

Hi there, Sorry I don't see myself doing a ZenArmor guide any time soon. I tried ZenArmor in the passed and was never a fan of it. PS I'm not saying ZenArmor is bad, each to their own, however I personally prefer using the mix of "IPS/IDS (Suricata)", "Unbound Block lists" and custom firewall rules. Doing it this way, in a sense has "taught" me a lot more and I feel that I have more control over my network. Where with ZenArmor, I never felt like I had "Control" over my network.

Hi there, Thank you so much for your kind words. Nope, you are not doing anything wrong. In the previous video of the series ua-cam.com/video/dCRhCrokeSo/v-deo.html I created a new "management" network. If you don't want / need a "management" network, having just LAN, WAN and Loopback is correct.

​@@jonomoss I just watched that video and I didn't see any instructions on setting up the "management" network (source) Do you have another video on that? Stuck at 6:18 as I can't select multiple interfaces. Looks like I'm adding an Alias but not sure as to what I'm adding to the alias. Just port 53 on WAN, LAN, Loop & VPN's?

Hi @davemck1936 Sorry my mistake, I have edited that comment, if you see this video from ua-cam.com/video/dCRhCrokeSo/v-deo.html I renamed the default LAN network to "Management". If you are not worried about having a separate "Management" network, you will have a single "LAN" network. With regards to the "Portforwarding" section you are stuck on, If I understand your question correctly, you will only forward "Local" networks DNS, so for example if you have "WAN, LAN, VPN" networks, you will only use the "LAN" interface and "VPN" interface, that is if you want to also block websites / DNS on the VPN. You don't do it on the WAN. So you will then create two separate "Portforwarding" rules. One for "LAN" interface and one for "VPN" using port 53, you don't select multiple interfaces on one rule. I hope this make sense.

Nice, I'm glad it helped you.

@mandeepmails I saw you asked about getting the R70 update ISO, but for some odd reason I cant find that comment any more. I do see that forum.allenscloud.com is not online anymore which is a shame. I have however uploaded the ISO to archive.org/details/r-710-bootable So hopefully that helps you.

@@jonomossthanks Jon. Literally I tried a lot on my own but couldn’t reach anywhere. Yeah UA-cam was acting weird, I felt like I I’m on targeted to some canary release 😂rofl

confirming everything works great. for the first time i can feel peace with the fans controlled. you're a life saver. before finding this channel i saw people are ordering noctua fans, playing with wires, compaining about connectors and now i'm just laughing out loud that i didn't follow that route. i used ubuntu mate, my bios and everydriver is updated with your help. you're a star ⭐

Thank you very much for the kind words, and I am extremely happy that you got it all working in the end, 😂 I agree that it is definitely a better method then having to worry about buying Noctua fans and trying to get them to fit correctly.

Hi @coolricksanchez, that is awesome I'm glad it guided you. I'm very excited to see your final script, what you are doing is very cool and definitely will be a huge contribution to others. Yeah my script still works perfect for me. I have had no issues at all with it. It has honestly been a set and forget script. Thank you for the heads up about the link not working any more, I have updated it to the correct link now. I do appreciate that.

It also works for newer servers, the only different step is in idrac setup

Thank you for the kind words, I'm really glad it helped.

Hi there, you will have to check the "Log File" to see what it is doing. So under VPN->OpenVPN->Log File. That will give you an idea of what is happening. Usually the "reconnecting" status is if there is a credential (user name / password or certificate) that is incorrect, or if the "Encryption algorithm" is incorrect. But I would start by seeing what the logs say. With regards to not being able to browse, that is usually due to the NAT outbound rules being incorrect or having issues. I also created a video: ua-cam.com/video/27pOKBEoJBU/v-deo.html Where an old bug on OpnSense has returned and NAT Outbound rules do not get generated. So you can maybe see if that is your issue. I hope this helps you out with finding why yours is not working.

Hi, yes you can.

​@@jonomoss Do I need an iDRAC Enterprise license? Because mine has expired

Hi there, no it is not required. However some features will not work. I did a quick google search just to make sure and found the following: www.dell.com/support/manuals/en-us/dell-openmanage-enterprise/ome_p_310_users_guide_drop2/licensing?guid=guid-615a018a-ebd8-4352-92e0-f7b532dbfa7f&lang=en-us

Thank you very much, you are welcome!

Hi, sorry for the late reply, UA-cam had your comment marked as spam for some reason. If I understand you correctly, you need to tell the client to not use the VPN as a gateway. So something like this: pull-filter ignore "redirect-gateway" //dosn not consider the server redirect-gateway in order to avoid all traffic through VPN Gateway route 192.168.1.0 255.255.255.0 vpn_gateway //re-add the first network you need to reach from client through VPN Gateway You can try go through the following support / forum post on the OpenVPN site: forums.openvpn.net/viewtopic.php?t=27618 The other option is to uncheck the "Redirect IPv4 Gateway" option in the "OpenVPN Server" settings on PFSense. Here is the PFSense documents page for more info about the Redirect IPv4 Gateway: docs.netgate.com/pfsense/en/latest/vpn/openvpn/configure-server-tunnel.html Hopefully this guides you in the right direction.

Hi there. So it is basically the same setup as Surfshark, the main difference will be the certificates and remote server host. NordVPN also uses OpenVPN for its connection, so it is the same settings. Here is a link to NordVPN's help guide with the certificate details / data: support.nordvpn.com/hc/en-us/articles/20382523899281-pfSense-2-5-Setup-with-NordVPN Unfortunately I see a lot of people complaining about struggling to get a refund when they just wanted to test it out / trial. So I don't feel to comfortable creating an account with them at the moment. You can let me know if you have issues with using their guide. If so I can probably get a one month subscription to help you out. I will however only be able to do that next month.

@@jonomoss understanble there costumer supp is pretty amazing been from my end at least but ya if you do get it trust me the speeds you get over it won’t disappoint that I can definitly say

Thank you, I'm glad you liked it.

Thank you for the kind words, I'm really glad it helped.

Hi there, no it is fine if it is already connected to the internet.

@@jonomoss also just wondering can I use this as a direct router plugged into my ont from fios

Hi, yes you can, I use a similar setup as my main network, so ONT goes straight into OPNSense. So Fiber -> ONT, then ONT Ethernet (CAT 6) straight into OPNSense. The ONT that my ISP provided hands out a single IP via DHCP. So it was "plug and play" for me. I Hope that answered your question.

your amazing yes thats what ima do today but ima try it with a virtualize opnsense so i can consolidate stuff now my next question if i wanted to run 2 opnsense firewalls in HA with 1 switch would this still be possible im trying to follow a youtubers guide on how to do this but hes using the isp router in modem only mode to make this happen i cant find a answer if its posible.

@@jonomoss awesom last question I promise 😆 if I virtualize my router like you did I can follow that setup to fiber-ont-proxmox virtualized opnsense or does it have to be a baremetal opnsense

Always a pleasure, I'm glad it helped.

Thank you very much for your kind words, I really do appreciate it.

In my opinion and for me personally, if you are using it for personal and home lab purposes (Media server, backup server, hypervisor, router, SQL server, security server etc). I can see it working for another 5 - 7 years, it is still very powerful hardware that will be able to run 90% of the workloads you would want to run. Spare parts (depending where you live) can also be relatively not too difficult to get (of course the parts will be second hand as well). The only issue would be the operating systems themselves, for example if windows requires new CPU instructions that the old CPUs don't have, then you will have issues. But I am sure OS's in the Linux/unix/BSSD family will still work perfectly and be updated for many years to come (Proxmox, BSD, Debian etc). For production use, 0 years. With it being EOL the security implications is not worth the risk. But at the end of the day, always do as much research as possible before buying older hardware. I myself am still very happy using this server for many years to come.

Hi, so overall no, I only use RAID 0 in my home lab. I don't really do any work on it that will require RAID 1 (mirroring) as I don't require redundancy. I prefer to use the disks individually, RAID 0 (So on my server that is 6 ) and rather have backups on external drives if needed. This allows me to separator virtual machines and containers on their own drives. Since I test and change software so often, RAID is not something I really use / rely on. What you can do: It will be beneficial for you to have your main OS installed on a RAID 1 Virtual Disk, this will give you redundancy so if one disk fails, your server carries on running and you can replace the failed disk without downtime. And if the data you will be storing on your new drives are important, I would recommend running them in RAID 10, if you like. Two Set up examples: 1. So for example you can setup 3x RAID 1 Virtual Disks. So you can use 1x RAID 1 for your OS, and then you can have 2x RAID 1 Virtual Disks you can use for storage. 2. Or you could create 1x RAID 1 for your OS, and use the last 4 HDD's to create a RAID 10 Virtual Disk. I hope this makes sense and helps you.

@@jonomoss I appreciate the feedback. I should add some clarification, I will have total of 6 drives, the 5 on the way are in addition to my 1 drive I have in my server now. I am not worried about my drive failing with the OS on it, that's an easy fix for me in a lab environment. The reason being is I want to keep my storage data separate (movies, music, photos etc) on the RAID10 array, so if I ever decide to move it over to a potential QNAP NAS I would like to swap the physical drives over to that easy if that is achievable without having to format the drives to a QNAP format partion as it may not use NTFS

Hi, I had a quick go at it and I think I have managed to do it correctly. I just want to do a few more test as I expanded a single RAID 0 disk with 3 extra disks. However I want to test if data is destroyed when the expansion happens, So give me a few hours to test it a little more then I will create a quick blog post on how to do it for you.

thank you sooooo much ! @@jonomoss

Hi, thank you for your patience, I have created a quick guide of how to do it here: jono-moss.github.io/post/h700-raid-controller-how-to-expand-a-raid-0/ I will try make a video of the process as well, I will try work on it this weekend and upload it ASAP. Hopefully this helps you.

Hi, yes I did.

@@jonomoss Did you have to register the OPNSense port MacAddress with your ISP? If not, how are you getting the Internet into OPNsense? I'm new to all this, so please excuse my ignorance. Thanks.

Hi, sorry unfortunately I don't have a Dell R720 to test it on, so I don't really know. the Dell R720 uses iDRAC7 so it is possible that the values you get from IPMI could be different. I would recommend breaking the script down and see if you get the correct values back from each step. So for example run: ipmitool -I lanplus -H <ip> -U <user> -P <pass> -y <enc> sdr type temperature if you get an "Ambient Temp" value in the table that is returned from the above command. Then I would say that the script will also work on the R720. But that is what my advice would be, test the script line my line and if all the commands work, then you can use the entire script. But hopefully you come right with it.

I want to know how you got idrac to work on a web browser! It's a real struggle with everyone running idrac6.

Hi @philiparmstrong3286 , So iDRAC 6 web UI still works fine in the web browser, but I am assuming you are talking about the "Virtual Console" function that requires old java run times to work. For that I have used this docker image in the past: github.com/DomiStyle/docker-idrac6 It works very well if you want to use the "Virtual Console" functionality. I hope I understood your question properly and that this helped. If you need me to create a video on how to create and use the docker image, you can let me know.

@@jonomoss thank you! I think what really matters is ipmi, idrac enterprise and actually any machine can control it using this way! I do not think why itr won't help me on T630.... the only thing is, my idrac wont allow me speeds below 10% in the web interface. can you confirm what is your effective fan speed range in idrac settings? can you set a value below10%?

You can use this for R-Tx20 + R-Tx30 series but with 40/50/60 series ipmi will not work longer. They have shut down this option in IDrac

Awesome, I'm glad it helped.