Meta: Deleted and blocked on my network for 10 years running!

I took the networking TCP/IP fundamentals class for my first MCSE in 99, and the instructor wouldn’t shut up about how IPv4 would be replaced within 5 years.

I need to get a new VPN setup. Been using OpenVPN through OPNsense for years but I’m fed up with the abysmal performance of the OpenVPN client on iOS. Open to suggestions but it has to be fully self hosted.

The right drugs will get you a real girlfriend.

I guess you are saying you only run Kodi? Yes it is Kodi with the jellyfin plugin talking to a jellyfin server that is the source of the few woes I have with it. Honestly it works really well, but when something is wrong I would say due to the UI it’s beyond most non-technical people to sort it out easily.

I mean, it’s free and it does work, so I won’t complain, but I wouldn’t push this on any but my most technical friends.

I use Kodi with the jellyfin plugin, but I can’t recommend that for ‘normies’ because the interface is not simple, and I still have glitches with it.

I’m also looking for a solution like yours, but wanted you to have that feedback.

Acting on your principles isn’t always easy.

Gotta disagree, for home use at least. I have found it to be the opposite of a nightmare.

Moving my home routing and firewall to a VM saved me hours, and hours, and hours of time in the long run. I have a pretty complex home network and firewall setup with multiple public IPs, multiple outbound gateways, and multiple inbound and outbound VPN setups for various purposes. I’m also one of those loons that does outbound firewall with deny by default on my network, except the isolated guest VLAN. With a complex setup like that, being in a VM means it’s so easy to tweak stuff safely and roll back if you mess something up or it just doesn’t work the way you expected. Turns what would be a long outage rebuilding from scratch into a 30 second outage while you roll back the VM. And being able to snapshot your setup for backup is incredibly useful when your software doesn’t behave properly (looking at you, PFsense).

All that said, I run redundant, synced hypervisors which takes care of a lot of the risk. A person who is not well versed in hypervisor management might not be a good fit for this setup, but if you have any kind of experience with VM management (or want to), I think it’s the way to go.

I’ve been doing it for probably 8 years now without any major issues related to being a VM. In fact, that made recovery extremely easy the two times my PFsense VM shot itself in the head. Just load the backup of the VM taken the day before and off to the races. After switching to OPNsense a couple years ago I haven’t had a single issue.

These days I run two identically spec’d hypervisors that constantly sync all my VMs to each other over 10GB NICs, so even a hardware failure won’t take out my routing. That is something to consider if you don’t have redundant hypervisors. Not really any different than if your physical router died, just something to plan for.

In the last 25 years working with approximately 700 servers that used RAID 5 I saw two of them lose an entire volume. Once was due to a malfunctioning HP RAID controller, and the other was due to a second disk dying while the rebuild from the first failure was still ongoing. There turned out to be a systemic problem with that drive model’s firmware which almost certainly contributed.

So in my experience it’s rare but it definitely does happen.

It can get worse. About 20 years ago the company I was at had an EMC tech yank the wrong power supply from a Symmetrix rack, where the other supply had earlier in the day caught fire! We lost that entire rack’s data (customer’s personal email accounts) due to data corruption. It was probably around 300 10k SCSI disks in that rack, a multimillion dollar expense at the time, and we had to restore all of it from tape over many, many days. Really, really sucked.

I solve it by paying way too much for a block of static IPs.

It’s a solution for me. 🤷

He’s right we need laws. He’s wrong that it’s a relief valve or that we take pressure off the heinous privacy violators. We aren’t even a rounding error to them. They don’t care.

That’s new, it didn’t used to do that back in the days when I used it but that was a couple years ago. Sounds like it’s just getting worse.

Eh, I’ve forgotten a lot of the details and it’s drama that I don’t care to relearn about. Easy to find online with some basic searching if you want to read about it.

It make network go very good.

Man, I haven’t seen a reference to that protocol in a very long time.

When I was studying for my first MCSE back in ancient times, my girlfriend heard me mention ‘netbeui’ and thought it was the funniest damn thing. She used to catch me throwing out all the computer jargon and just yell “NET… BOOEEEEEY” at me.

It’s a VM so technically none I guess, but my hypervisor hosts have a 4 port gigabit card and a 10 gig fiber card, plus another gigabit port on the motherboard.

OPNsense is using 6 interfaces, 2 WAN and 4 LAN, but it’s all virtualized.

Yeah I hinted at it but didn’t feel like going into it. It’s why I switched though, and happily I found OPNsense to just be better anyway.

The only one I haven’t seen mentioned here that is a requirement for me is OPNsense. I’ve been using it for a couple years, and pfSense before that for a very long time. Never going back to commercial routers and their shitty / buggy / backdoored software. I highly recommend OPNsense over pfSense for the UI improvements alone, but there are other reasons to use/support OPNsense over pfSense.

On my network it handles internet firewall, internal firewall, and all routing across 5 VLANs and between two internet gateways. It does 1-1 NAT for my public IPs, inbound VPN, outbound VPN for my *arr stack, and RDNS blocklists with the data source being a script I wrote that merges from several sources and deduplicates the list. It is my internal certificate authority (I don’t miss you at all, Windows CA), DHCP for the guest wifi, and does pihole-like ad blocking via DNS for my entire network. And it does all that running in a VM with 2GB of RAM, of which it only uses about 60% on my install.

It is an incredibly powerful tool, not terribly difficult to learn, has a pretty damn good UI for FOSS, and in my opinion is a fantastic foundation for a complex home network / homelab. Unlike pfSense, which corrupted itself twice over the years I ran it, it has never let me down. And every update has been painless over the years.