Yes you can do that. I do with opnsense. The username and passwd are not obvious though - they’re probably not what you use to login to the ISP portal with.

Most ISPs will have a brief FAQ on how to use third party equipment with the basics of what settings are important for your connection. You just need to enter them in to pfsense correctly. Also, sometimes searching for “<ISP_name> pfsense” can find useful blogs and articles.

It’d be nice if email clients automatically checked for public keys for any email you enter in the To fields. With a nice prompt that keys have been found to Encrypt the message with. It doesnt sound too difficult and it could lead to much wider adoption of secure emails.

Unfortunately most people get their email free because companies like reading it and stopping that means it might become a paid for service. Something I’m happy to pay for, but many wouldn’t be.

You can download the public key from the web interface. I then imported it in to gpg with a gpg --import public.asc and then used the above commands to generate the WKD structure.

No worries, I thought it was pretty interesting and I’d never heard of it before so thought I’d share.

The most difficult part for me was configuring nginx to properly serve the files. The gpg part was actually the easy bit.

There’s 2 methods, one uses a subdomain and one doesn’t. Without is called ‘direct’. No special DNS entries required really. I have a wildcard subdomain entry which works for me. Just so long as the key is available over HTTPS using one method.

I’ve been using it for a few years. Really handy way if avoiding cooperate firewall rules.

How’d you set that up with Opnsense fail over? I have an opnsense VM with input straight from the ISPs FTTP box to the NIC on my server. So I can’t fail over to my second proxmox box without swapping the cable over.

Run your own DNS server on your network, such as Unbound or pihole. Setup the overrides so that domain.example.lan resolves to a local IP. Set your upstream DNS to something like 1.1.1.1 to resolve everything else. Set your DHCP to give out the IP of the DNS server so clients will use it

You don’t need to add block lists if you don’t want.

You can also run a reverse proxy on your lan and configure your DNS so that service1.example.lan and service2.example.lan both point to the same IP. The reverse proxy then redirects the request based on the requested domain name, whether that’s on a separate server or on the same server on a different port.

I imagine they use it in much the same way as any enterprise. Running servers and workstations, mostly.

F16’s run Kubenetes clusters.

Lots of individual bits of hardware on specialized devices will be running embedded operating systems. QNX is big in automotive for the same reasons it’d work on a rocket.

As someone who worked on a pre-systemd linux system with multiple NICs and needed them all configured automatically from an OS image based on where it was in the rack, I can’t stress enough how good deterministic interface names are.

Booting up a system and each time having different names for each NIC was a nightmare.

Frankly 90+% of what systemd has done is tremendously positive and makes linux a better operating system to use, both for sys admins and end users.

I don’t understand it either. On one hand people say don’t remember addresses, use DNS and on the other DNS relies on static addresses but then every device is “supposed” to have random addresses via SLAAC or privacy addresses. It just doesn’t seem to tie together very well, but if you use them like IPv4 addresses you’re apparently doing it wrong.

What about it is fiddly?

The insane addresses. The reliance on DNS, the unpredictability of addresses, that each device can have so many addresses and you need to know what each does and is used for and how that impacts inter-network routing and firewall rules. Privacy IPs, what the hell? Its a solution to something that’s fixed by tried and understood IPv4 NAT.

If you just want a flat simple network where everything on your lan is equal, everything has a globally unique and trackable IP I’m sure it’s fine. But if you have something more sophisticated it becomes much more complicated. And I genuinely can’t see how IPv6 advocates can’t see the problems it introduces.

What we need is a larger address space and fast adoption, that’s it. If after 30 years of awful adoption rates and only when people have a gun to their head they begrudgingly might adopt it, then you have a bad protocol.

But at that point there’s no difference other than it’s less familiar and more fiddly with v6. Why even bother.

Here’s my story of trying to use IPV6 for the past 3 days, and I know I’m not a typical user.

I use Opnsense as a router firewall. Using IPv4, 5/6 VLANs, almost all devices statically addressed with alias’s configured for each. This lets me have firewall rules like “block youtube on the kids devices”, or “use a different DNS server for the wife”, only allow the fire stick to access the internet after 7am. That sort of thing.

First problem is working out how to even get IPv6 on the WAN and what it even means that my ISP has given me a /48 and a /64. Loads of reading and some cobbling together later I have it. But no clients are getting addresses. Eventually fix that and now they have an address. But I don’t want to use SLAAC as that’s a nightmware to keep track of, DHCPv6 doesn’t work for android devices so they’ll be on IPv4 anyway. I don’t want each client to have a globally unique address as that just allows insane tracking. I don’t know if my IPv6 address will ever change, but it seems likley it will and that would be a nightmare to fix. I manage to get private fd00/8 addresses allocated to clients, but I don’t know how to configure IPv6 NAT so devices have an IPv6 IP, but can’t access through the WAN using it. And by that point I just don’t see the point any more. I’d just be duplicating all my rules that would be far too time consuming, confusing and I don’t see the point.

I want local private IP addresses. I don’t want clients to have unique IPs. I want the addresses to be known and static. I want my firewall rules to be tied to specific addresses for 90%+ of devices.

RAID IS NOT BACKUP RAID IS NOT BACKUP RAID IS NOT BACKUP

Don’t use Red drives for a NAS!! You need the Red Plus (or is it red pro) disks as they’re CMR.

I’d go for Ultrastar drives personally. There’s a few really good videos online analyzing the backblaze stats for different drives that are well worth watching.

EndeavourOS on my desktop and laptop. Works like a charm. By far the happiest I’ve been with a desktop distro.

On my server VMs I’m running Ubuntu Pro because it’s absolutely impeccably stable, Pro is free and I like the idea of having the option of not upgrading them for 10 years.

All running on Proxmox. I have a few appliance type VMs like opnsense and 3CX and they’re nice and stable too.

Or save yourself a character and just yay

I received so much spam and abuse of my network from .xyz domains that they are fully blocked in every conceivable way from being accessed or accessing my network.

Just because a DE looks sparse doesn’t means it also uses less resources. In imagine KDE would actually run well as it doesn’t need all the bells it offers and is actually a well written performant DE.