pfblocker blocked the url for me, can you give a direct link?

@@rajilsaraswat9763 I second this one. Direct link please

@@rajilsaraswat9763 there is nothing wrong with the link, it's just an affiliate link to aliexpress

@@marcogenovesi8570 Pfblockerng blocks the redirect and we only get the 1x1 tracking pixel

@@marcogenovesi8570 doesn't work with pihole either.

I thought you use unifi ??

They replaced mine and revoked my warranty. I had time left on mine, they RMA'd it, it's the same hardware, but without the warranty. Basically a ticking timebomb.

I bought a defective already 100 Ohm modded (probably done by Synology on warranty), the degrading continues, and then a 100 Ohm resistor isn't enough. I managed to start it sometimes, I don't remember which resistor I ended up using, the unit was a nightmare, every time I fixed it and it booted every time then I moved it to position to where I wanted it and it refused to boot. also if the clock battery is dead it refused to boot

I've picked up 3 "dead" Synologies with this big that were being thrown out. So far, the resistor is holding up...

Had the same issue. Caught it in the LAST day of my NAS system. Symbology covered me and sent a unit that was repaired.

I could although that is only really suitable for connections within a rack - most of my network cabling runs through the walls where CAT6 is much more practical. Most of the devices connected are also only ever going to support a copper connection (TVs, ames consoles, printers.etc) so there would be limited places where I could actually deploy fibre. Thankfully the CAT6 runs I have are all well under 55m long so can easily run 10 Gigabit connections so fibre isn't required.

ProxMox 8 now supports text based install.

@@Darkk6969 Text based but not over serial console. They said they couldn't fit it into the release schedule. That's coming in a future release.

To be fair, I've always installed Debian first then Proxmox, Proxmox' official installer gives you a weird partition layout that cause ugly issues in the future.

I was definitely pretty surprised, last time I used a machine that required a serial console was some old SunFire SPARC servers so this was my first time using an x86 machine without a video output. I almost wish it was more common - so much easier to just hook up a laptop rather than needing to dig out a monitor and keyboard!

I did wonder that, however as far as I could tell, these chips are the final revision of the i225 where the issues had apparently been resolved.

The latest drivers just disable the EEE support which is the source of the problems and the i226 controllers are not any better.

Would be nice if at least the first two RJ45 ports then support 2.5 Gbase-T

Strange, my shipping was only around £35 and looking at the US it seems to be around $32 - suspect it might be something to do with shipping to certain locations unfortunately.

@@camerongray1515 195 euro shipping for me, Ireland

It was strange when I realised how long it had been since I bough that last machine!

@@camerongray1515 I'm fairly sure it was that video that you mentioned VyOS, and I use it daily at work because of that!

I haven't tested loads of SFP modules but I don't think the DAC cables I'm using are Intel coded, if anything they'd be Cisco coded. If you're buying new modules then may as well get Intel ones (as in, generic modules that are coded for Intel, no point spending a fortune on official Intel ones) but if you already have some non-Intel ones, I can't see them being an issue.

Intel, Dell, HPE are usually very open for SFP use. Cisco, Juniper, Arista, Mellanox tend to be more strict in wanting their own supported SFPs and require you to turn the SFP verification off if you want to run "unsupported" SFPs. If you are really worried you can look at companies like FS. There are a bunch that offer compatible SFPs that are coded to vendors and are usually much cheaper then official parts.

Guys plesse not tight the screws are were leaved like that for a reason. 😂

One should really do that if using ZFS.

Curious why a transformer should limit the frequency. Guess they do have a limit, or there're some other suppressing component(s) in there.

Transformers use coils, so they have different characteristics at different frequencies, so run them at a higher frequency than they are designed for and the losses and cross talk could be significantly higher.

Yeah, I still have some C2000 Atom based Supermicros in service that were RMAed due to the bug and were returned with a "platform fix" and have been running fine since. The machines had never failed by the time we RMAed them but wanted to do it to be on the safe side rather than risking them failing in service. It's my understanding that the bug can be worked around by reworking the motherboard which is what I suspect they have done. That said, I'd still generally avoid purchasing a C2000 based system second hand unless you know for sure that it has the platform fix in place to be on the safe side.

@@camerongray1515 I agree with playing it safe. I happen to have two other identical 'spare' SM C2758's that had the fix from day one. So if it fails, will just swap out the MB.

From my testing it maxed out at around 6.5gbps with the firewall enabled. This is also with several parallel streams, a single stream will max out at around 2.5gbps. AES-NI isn't going to make a difference here as it only accelerates encryption performance which will benefit things like VPNs, but not general routing/firewalling.

It's an option but I'm not sure why this would be better than using an x86 PC. As far as I'm aware, Linux and BSD support on Apple Silicon is still in its early stages and while Thunderbolt is great, you'd be paying an absolute fortune more for Thunderbolt NICs when compared to PCIe NICs and end up with a machine with several different adapters hanging off of it. By contrast, you could get a sufficiently cheap small form factor Intel PC for much less than a Mac Mini and chuck a cheap, second hand PCIe NIC in to get whichever high speed ethernet interface you require. I've previously deployed Mac Minis in a datacentre setting and they really aren't ideal for it - there's no way to force it to power up whenever mains power is applied. All you can do is have it restore it's previous power state so if it was on when the power was pulled, it will turn back on. However, if it was manually shut down, there would be no way to turn it back on without physically pressing the a power button. The most you can do is use a setting in MacOS to power the machine on at a certain time every day but then you could be waiting up to 24 hours for it to power on again. By contrast, most PCs can be set up to power on as soon as mains is supplied allowing it to be powered on by simply cycling the power supply through a remote switch. Then if you went down the server route you'd have full out of band management controllers to give full remote access to the machine.

At current electricity prices though...

Raspberry Pi CM4 with Router Board. Two 1gb NIC's on pci-e Bus. 2-4 Watt.

Eventually yes, don't get me wrong - I love UniFi kit and will still heavily recommend it, but for my home setup, I just fancy something a bit more configurable and flexible. I've had a long enough time with a fully UniFi setup to evaluate it and UniFi will still be my go-to recommendation for where someone who's not a networking expert wants a decent, easy to manage deployment. So stand by for a few more videos coming up on this topic over the next few months!

Nope, not me sadly!

Not recently - when I last bought one of these back in 2017 I have vague memories of ones with super deep cases that had a bunch of spaces to install hard drives behind the motherboard, although they seem to have disappeared from the market. Although, to be honest, the main benefit of these devices is being able to build a router with everything on a single board in a short depth case. When you're looking at installing a bunch of drives, I'd be looking at a second hand enterprise server or building something DIY.

@@camerongray1515 yes thanks, the skylake Dell t330 (8bay) look like a decent option, it’s just 2xGE so you need extra cards

I haven't tested it although I can't see any reason why it wouldn't be possible. HOWEVER, someone else commented pointing out that Proxmox VE doesn't natively support installation over a serial console, so you'd either need to connect some sort of GPU temporarily to do the install, or install Debian first over a serial console and then install Proxmox VE inside of that.

@@camerongray1515 If you haven't already put this router into production, I think you would get a lot of views on a video about installing Proxmox onto it with a pfsense VM while being able to run other VMs, as well.

It's an interesting idea however I personally prefer to keep a device like this running the OS bare metal then run VMs on another server. If I was happy to virtualise my router I'd have probably just stuck it on my existing server which acts as VM host along with being a NAS.

@@camerongray1515 It could be done on either of your systems given the network connectivity available but I think this device would make a unique video as the switch complex is built into the motherboard.

I actually replaced a UDM-Pro with this. The UDM is great for certain situations and worked well for me, I just fancied a change. However, the UDM isn't some sort of "gold standard" for routers, it's use is very much limited to relatively simple home networks and very small businesses, beyond that it's easy to run into feature limitations at which point you have no option other than to replace it with something else. On the other hand with something like this it's easy to install whichever software works best for a given application and change it in the future if needed

Are you talking about electrical tape or is there something that I do not know about yet?

@@NaoPb Mylar sheets works well, unsure if totally right, know another brand but dont recall the name

Kapton tape

All those kinds of Meanwell PSU's I've bought up through the years all came with a transparent plastic protective cover...

it´s so nice seeing @camerongray1515 trying to justify a 6dB increase of noise - sounds a lot like a sunken cost fallacy to me ;)

If he lives in the UK, probably half the price of the unit. The UK must have taken lessons from Greece. They are total crooks when it comes to importing equipment. Prior to the EU approving taxation of goods over 25 euro as well as taxing shipping costs. That is a total ripoff. It is illegal to charge tax on postage from the states. They signed agreements many years ago and the agreement has not been canceled.

It's a soldered SoC

All settings were left as the PFSense defaults, I could have probably performed some further tuning but I wanted to show the "out of the box" performance with a clean install.

Realistically, if you don't really care about networking or advanced features, the ISP's router will be absolutely fine. Now, if you want to start tinkering with more complex features such as VPNs and separating out devices onto isolated VLANs then you'd probably need something more but if all you care about is having a working internet connection, then the ISP's router will be fine. You may of course want to expand this by adding a switch and hardwiring devices where possible or adding some additional access points for better wireless coverage and eventually in the future you may decide you want to tinker and learn and try something more advanced for a router, but as much as people on UKposts bang on about super powerful routers, it's not something you necessarily *NEED*. It's also worth bearing in mind that if you have an issue with your internet connection and need to contact your ISP's support - if you're using your own router, they'll likely try and blame that first so it's always worth keeping your ISP's router around so that you can plug it in when you are troubleshooting any issues with ISP support.

@@camerongray1515 good points just out of interest what qualifications do you have if you don't mind sharing ?

Network adapter. It's a Framework laptop.

Don't get me wrong, MikroTik devices are great and I already use them a fair bit elsewhere. However, they aren't directly comparable since you're tied in to using RouterOS vs an x86 machine which has a worse price/performance ratio but has the benefit of giving total software/OS flexibility. My goal with my home network is to try all manner of different equipment running each option for a period of time to try it out fully, it's likely that I will end up trying a MikroTik router in the future, but they aren't suitable for every situation so I wanted to try an x86 option first.

They switch when the power is cut or when the machine is shut down. Usually with this sort of hardware there would also be some sort of configurable watchdog timer where the relays would also switch to bypass mode if the software were to crash, however I haven't been able to figure this out due to the lack of documentation.

Which ports are you referring to? Would have to be a weird power cut where you wouldn't be able to power a switch but could still power a PC, NAS and this firewall.

I was referring to the fact that the chip in this is still currently sold, not that it's the absolutely latest offering. This is in contrast to many similar machines that use extremely outdated chips such as the D525/D2550. The X series Atoms aren't really directly comparable as they're designed for the likes of thin clients/embedded applications where a video output is required and networking is less important. The C5000 and P5000 series are an interesting one, they are part of the same line as the C3000 chips however have much higher TDPs so I'm not sure if they're expected to be a direct replacement for the C3000 line or not. They also aren't really widely available yet with most devices still being sold with C3000 chips.

I actually installed OPNSense on this when deploying it so that I could try it out and I'm running it now, but to be honest, I'm not overly impressed and doubt I'll roll it out elsewhere. The UI does have some nice improvements over PFSense, but I've had a few issues such as the Unbound service stopping itself after saving config changes and needing manually restarted. I also found a few bugs such as pressing enter in the interface name box when adding a new interface on the assignments page actually triggers one of the "Delete Interface" buttons which could go very badly wrong if configuring a production router while not quite paying attention. Not necessarily huge disastrous issues, but enough for me to not be confident enough in it to deploy it in any sort of critical environment. Additionally, the super frequent updates that some people push as a benefit of OPNSense aren't necessarily ideal for mission critical production applications where I'd much rather have a slower, more predictable update schedule like PFSense has.

Yeah, nobody uses them for devices with affordable prices...

I went with PFSense for this video since I was already experienced with it and it's generally pretty well known amongst people who would be watching this video. I last used OPNSense around 5 years ago so I'd really need to evaluate it properly before I can decide whether to use it over PFSense. It'll be a while before I actually deploy this machine so I'm open to evaluating all manner of different OSs before deciding which to deploy on it long term.

@@camerongray1515 As someone who has used both for many years, I can say OPNSense is much more stable in the long run with updates not breaking things and has a more active community when it comes to plugins (for example Zenarmor).

​@@camerongray1515in my opinion OPNsense is more stable. Releasing more improvement updates then Pfsense. Of course both are based on freeBSD. But still.

The SFP+ ports are both 10 Gigabit, the RJ45 ports are regular gigabit.

@@camerongray1515 Thanks Cameron! Looks super cool!

Don't get me wrong, I love the UDM Pro, but I wanted something that was a bit more configurable and had more potential for tinkering. The UDM is ideal as an easy to manage solution and hides a lot of the complexity but the downside of that is that it can sometimes be a bit limited when it comes to more advanced configuration.

if that's the case, where can they be bought?

Do you have a link? As far as I can tell Noctua do 40mm and 60mm fans but not 50mm.

@@RWL2012 now I feel stupid, I got lots of results when I searched for it before, but it seems like it can't be bought right now, Noctua sells 50mm fan grilles and they have shown a 50mm prototype fan at Computex in 2017 and 2019

I didn't see anything suspicious while testing. I'm running my OS on this and there is no IPMI/network stack in the firmware so any sort of exploit/backdoor would have to be extremely low level, I haven't seen any evidence of devices such as this having these types of exploits. My logic is that this isn't really any higher risk than any other Chinese motherboard, if a company wants to produce a compromised device, surely they'll focus their efforts on complete routers/smart home devices where the device will end up running the supplied firmware which could be loaded with exploits rather than something like this that will run the user's own OS.

The TP-Link looks like an interesting device but isn't really comparable to something like this. As a low cost device that runs the included firmware, that device would be more comparable to devices such as the Ubiquiti EdgeRouters, the UniFi UXG-Pro, various MikroTik options and tonnes of other brands (Draytek, Zyxel.etc). With a device such as the one here I'm not tied into any sort of firmware - with my previous AliExpress box I started off on PFSense before later moving to OPNSense and then finally onto many years of it running VyOS.

The white one plugged into the laptop? That's just a USB-C charging cable to power the laptop.

@@camerongray1515 do you have a product link for the ethernet cable(the white with red)?

@@nikoskatsenis8218 No idea, it's just a generic CAT5e cable that probably came bundled with something over the years, nothing special at all.

I absolutely love MikroTik kit and use it extensively. I actually strongly considered the RB5009 for this project. Ultimately I decided that I'd rather have a bit more choice when it comes to the software side of things, hence going down the x86 route. When compared to other rackmount x86 options, this device is actually pretty cheap - my go-to, similarly specced Supermicro machine that I'd use for this sort of machine in commercial setups costs close to £1000 and doesn't even have the 10 GbE NICs.

As much as I enjoy building machines - it would have been near impossible to build something comparable to this for anywhere close to the price. In particular, building in a 1u rackmount form factor makes things difficult as most coolers and even a standard I/O shield are too tall to fit in the case. As for OPNSense, I'm actually downloading it right now to try it out since I last tried it shortly after it came out, I demonstrated PFSense in this video since it's what I'm more familiar with and use elsewhere however I'm planning on trying out various different OSs on this machine before I deploy it.

@@camerongray1515 come on now - atom is not all that great - depending on the model it may lock up on you and break permanently - yes this was an atom 'feature' - i feel your pain on price but just use a refurb build like z420/z440 - you can get parts cheap and then you have many more options - cheap ram and ability to run 25g cards also cheap - diy is cheaper in the end really for the value proposition, much more powerful processors available, expandability etc - it is really no contest but props to you for going to 10g and trying at least - you can build a diy router with faster networking for half the price

The Atom C2000 issue was bad assuming that's what you were referring to in terms of reliability, however the C3000 models aren't affected by this, I run several of them in production commercial settings as routers and they have worked flawlessly for years. Even some C2000s with "fixed" motherboards after RMAing them due to the bug are still working fine. They are also widely used in many commercial network appliances. This machine is used purely as a firewall/router and is due to be installed in a small wall mounted comms cabinet, a refurbished HP Z420/Z440 workstation would be completely impractical in such a setting and the power consumption would be unjustifiable. I simply don't see myself going beyond 10 gigabit during the lifespan of this machine - the internet connection is 300mbit and at most would potentially be upgraded to gigabit years down the line. I have a 10 Gigabit capable NAS however most of the traffic to it is going to come from the same subnet so won't need to pass through the router, even 10 Gigabit at the router is completely excessive for my needs.

I installed OPNSense on my office firewall and I found that PFSense is much more intuitive to use. PFSense does have a path for better drivers and more recent updates but the licensing does leave much to be desired. I'm going to stick with OPNSense for a while to see if I can get used to it.

@@cheerbeerification Opnsense is a bit better in compatibility and functions. But that comes at the price of not being as easy to work with as pfsense. You can twist opnsense into a pretzel to run exactly how you want but that does require a lot more knowledge. Pfsense can be more drop in and use easily. I admin a bunch of both along with the "big boys: like Cisco FPs and fortinet. I still have custom Linux FW/IDS/IPS deploys running in places. For home or simple office deploys I would say pfsense > opnsense for the ease of setup and it will do what you need simply. For business deploys I would say opnsense > pfsense because it can be more robust and offer additional configuration options for you to customize once you are confident with it. Just my 2 cents from working with both of them for a while now.

It's something to be aware of but not something I'm particularly worried about, it's not like those android TV boxes where you're running the OS image that's provided, this is running a cleanly downloaded OS that I installed myself. The only risk would be a really low level BIOS level compromise which would likely require some level of knowledge around the host OS. I also haven't seen any evidence of devices such as this being exploited and any suspicious network activity would be easily detectable. If a bad actor wanted to release compromised device, they'd likely focus their efforts on devices like TV boxes, smart home devices or cheap home routers where they will end up running the provided operating system rather than this which is essentially just a bare motherboard.

@@camerongray1515 Hey thanks for the reply. I was just wondering which is why I posted. As said I have several usb ic and nfc tag readers and at the time Malwarebytes on my system kept triggering while devices (one at a time) while connected to pc. So I worry lots now about devices I buy. That makes me want to ask people who buy some devices about if they worry about devices doing things they should not from hard coded chips in some devices. Anyways I was just wondering. Thanks

It's not something I'm too worried about myself, to me it's no higher risk than any other sort of off-brand motherboard/mini PC type device. Any vulnerability would have to be extremely low level and would also need to have knowledge of the OS that would be running on the machine. Then, since network traffic isn't magical, it would be easy to inspect network traffic originating from the device to identify anything suspicious. I also haven't seen any reports of devices of this type being compromised. If a malicious actor wanted to push out devices with backdoors, it would make much more sense to spend their time on cheap, commodity devices such as home routers, IP cameras.etc where they would have full control over the entire OS running on them.

@@camerongray1515 Makes sense. Thanks for your reply.

I did some performance tests in this video - when it comes to raw routing with no firewall between interfaces it can handle a 10 Gigabit multi-stream iperf test fine. With the firewall enabled it'll handle around 6.5 Gigabit of traffic. Of course this is testing with multiple streams which can be split over multiple cores, a single stream will top out at around 2.5 Gigabit with the firewall enabled. So not full 10 Gigabit, but still significantly beyond gigabit. Of course these tests are only under PFSense, you may be able to get even better performance under a different OS such as VyOS or Netgate's TNSR.

Only? Those are rookie numbers!

There's no way this has any sort of safety certification. I doubt there is a CE Mark for Europe or UL for US. There's a reason power cords go into power supplies in PCs, and most smaller devices have external transformers. I discovered a similar problem when using a IMSAI computer, the huge transformer in it made it unbalanced, so the fingers needed to go under where the transformer was, and the fuse was right where the thumb would go. This was before there were many required locations for current leakage disconnect (GFCI in the US), and of course the case was grounded. Luckily, with "only" 120V on a dry day, I only got a tickle.