• 0 Posts
  • 19 Comments
Joined 1 year ago
cake
Cake day: June 6th, 2023

help-circle

  • Agreed. First playthrough should 100% be vanilla. I do mod a few things on subsequent playthroughs though. Personally I like to give myself infinite paragon/renegade (through a save editor), because I like being able pick a renegade option when I think my Shepard would do that, without having to worry about maxing my paragon for important choices. I also prefer playing biotic classes because they’re more fun, but want a sniper rifle, so I mess with the save to give sniper rifle competency to my class in ME1. Finally I’m trying the happy ending mod this playthrough to see if I like it.



  • Mass effect is one of my favorite series ever! I’ve played through the trilogy at least half a dozen times now. It’s my cozy game I always have a playthrough going in.

    Mass effect 1 was incredible for its time, and still pretty good today. The biggest mistake I see people make is not talking to everyone on the ship in between missions (this is true for the whole series); if you don’t you’ll miss the best part of the game. Also make sure to pick an interesting class, probably something with biotics. Infiltrator and soldier are boring to play compared to sentinel or biotic.

    Mass effect 2 was the game that shifted the series from an RPG to a cover shooter. The mechanics were much better, but it removed some of the fun. I remember the first time I played it I was heartbroken the citadel was so much smaller than in the first game. I’d say 2 has the best DLCs of the trilogy (Shadowbroker is unrivaled). I love the structure of 2 as well, but there’s definitely a few gotchas where if you do a mission too soon it’ll lock you out of finishing important side quests if you want a good ending.

    Mass effect 3 is great, the mechanics are more mature than 2, the story and “omg” moments are the best in the series; and (especially with the DLCs) it really fleshes out the backstory of the galaxy and races in a way the first two games didn’t. I do wish the team on the ship was a bit bigger, but the citadel dlc is definitely a close second best in the series; and makes up for it imo.

    As for the ending of 3 (mild mood spoilers):

    spoiler

    I like my games to have a happily ever after ending, and that there really isn’t one kinda bums me out. I get why the writers did it, and I don’t fault them for it; but I’m looking forward to my current playthrough using the happy ending mod for a non cannon ending that won’t leave me kinda sad after finishing the game haha

    So all in all, I think the trilogy is incredible, and everyone should try it. That said you’ve gotta go in with an idea of how to play it (this is true for all the games, but especially 1), because the games will let you miss a lot of stuff (like crew interactions, important side missions that affect the ending of the game and encounters in later games, etc.). It’s definitely a trilogy that’s better the second time through bc of it, or just find a good non spoiler guide/video for tips.







  • I’ve been really enjoying the new expansion for Cyberpunk 2077. I personally loved the game when it came out, specifically for the tone and environment and the main story. I did stop playing pretty quickly though because the progression didn’t click for me and different parts felt too shallow.

    I really think the 2.0 update fixed a lot of game mechanics I didn’t like the first time through, and the expansion has a great tight storyline I’ve really enjoyed sinking my teeth into. I’m going back and doing all of the side quests I didn’t get to before I stopped playing too. And so excited to see what the alternate ending they cooked up is. If you had fun with the game, definitely consider picking it back up!









  • For sure, love talking about my home lab! And it’s an easy way to help get a bit of content on Beehaw, albeit a bit scatterbrained haha

    First, the OSI model! Yeah, this is a very “first you must invent the universe” moment, sorry (not sorry). Basically for you the important bits are layer 2 and layer 3 (though I HIGHLY recommend knowing the OSI model forwards and backwards in its entirety).

    Layer 2, the datalink layer, uses MAC addresses and is how to computers on a LAN communicate directly with one an other. Layer 3, the IP layer, uses (you guessed it) IP addresses and is what allows you to communicate between networks (it’s where we get the term internet: inter-network). Layer 2 is where switching takes place, layer 3 is where routing takes place.

    So, if two computers are in a single LAN (or vLAN), they will communicate through a switch only. If two computers are not in the same LAN/vLAN, they can only have connectivity through a router. It’s really important to understand a switch only sees MAC addresses, so you can’t firewall at the switch level.

    If some of this is new to you, I highly recommend reading networking 101 and 201 from this site. It seemed like a good resource.

    Okay, with that in mind, next you really need to understand bridges. Any *nix box can be act as a switch and/or router. By default when you install Proxmox it creates a bridge on the machine’s default network interface. This bridge interface is effectively a switch. Every VM then “plugs” into this switch, giving it access to your network’s router, and fetches its IP via DHCP. You can use ip link and brctl show to see it. Take a look at the related debian docs too.

    Setting up OPN in Proxmox

    So with OPNSense, you have a few ways of setting it up, but you always need at least two LANs. One which is shared by OPNSense and your edge router (the ActionTek), and the other is shared by OPNSense and the VMs running in Proxmox. I’d recommend just using two vLANs as the best solution for now. One vLAN will be for your edge router, and the other will be for your OPN router.

    First I’d setup your new switch so that every Proxmox host is on a trunk port. This allows tagged traffic from the host, meaning you can specify a vLAN for each VM network interface. Make sure you get this working first, here’s a decent guide, and make sure to read the proxmox network docs too. Now everything should be on the native vLAN (special vlan 1, containing untagged traffic).

    Next just add a second interface to your OPNSense with a different vLAN (maybe 100), this’ll be your OPN vLAN. Now you can move VMs to your OPN network by changing their vLAN to the OPN network’s vLAN in Proxmox. Easy peasy!

    Finally you’ll want to setup proper connectivity between your routers. If you were running a cooler edge router you could setup BGP, but for now static routes will suffice. Setup a static route for your OPN network in your edge router, and point it to your OPN VM’s IP address (the IP the edge router assigned it, 192.168.1.X). Finally create the opposing route in your OPN router for the edge router network. This way you don’t need a double NAT.

    Okay, really sorry if none of that made sense. I really did try to keep it concise :S


  • This sounds like a fun project! I recently just ripped out and redid the network segmentation on my 3-node proxmox cluster too.

    Originally I had everything in a /16, but that was causing some routing problems because I actually needed to static route a /24 that was in the /16 to a VM for VPN. Anyways, I’m going to try to dig through your post and give some advice. This is all just personal opinion on how I’d set stuff up after over a decade of homelabbing/home infra, so ya know, take and leave what you want.

    It sounds like you want to use one of your Proxmox nodes with a VM running OPNSense as your router? I’d highly discourage this. I know you call your setup a lab, but it’s running the *arrs and probably a streaming server; and there’s nothing worse than planning a movie night and having your networking be down. Also, it’ll make it easier to recover from a power outage or hardware failure, keep your network config much simpler, and provide physical boundaries between machines increasing security.

    So, I’d say unless you’re fine with the possibility of extended outages, use dedicated hardware for network. I’m partial to pfsense’s netgate, it’s a good price and a lot of bang for your buck, and it comes from an awesome open source project. I use Unifi, though I wouldn’t necessarily recommend it due to some shady stuff the company has done/said over the last few years.

    OPNSense looks neat, but the only reason I see to use it over pfsense is the integrated IDS/IPS, which is just a nice gui over suricata and a proofpoints subscription. Personally I’d run suricata in a VM and mirror WAN traffic to it via pfsense. This way a VM isn’t in your critical network path, but IDS is available and easy to manage.

    Don’t forget, when you separate stuff into VLANs, it forces the traffic to go up to the router, and back down to the switch. This means any inter-VLAN traffic has a 1gb limit on it. So if you ever upgrade your servers with 10gb nics, if you setup VLANs incorrectly, you won’t get that performance. Or if you just have a lot of traffic, you’ll start getting TCP slow starts and retransmissions and it may play havoc on your network. That’s why many usually just don’t bother with VLANing, it gives you network isolation, but comes at the cost of increased routing.

    As for routing, all VLANs will route between eachother automatically. As obvious as it is, just think of two VLANs as two separate physical switches plugged into the same router. By default those two switches will be able to communicate with each other through the router, but they can’t directly communicate with one an other (which would have higher throughput/bandwidth).

    DMZ is interesting, in my mind it basically came from a time when networks had a hard shell and a soft interior (wrt security). I don’t DMZ because I have host level firewalls and network firewalls to do LAN segmentation. But, that isn’t to say it’s a bad idea if you’re up for it. Basically a DMZ (demilitarized zone) is a VLAN where you’d put stuff like a mail server, DNS servers, and maybe an HTTP server. Stuff you’d want to expose to the internet, as well as into your local network. The idea is that if one of those servers were compromised, you wouldn’t want it to have full access to your local network. So instead you split off a DMZ network so if a host in it gets compromised, it wouldn’t provide the attackers a good base to pivot into your local network from. I don’t expose any services to the internet, except a VPN, and that VPN definitionally needs a lot of access to my local network to be useful, so I don’t partition it off into its own DMZ. I’m not a network admin, so that’s just my interpretation of it.

    As for structure, this is where I ended up:

    • 10.0.0.0/24 - LAN management - Stuff like Unifi/Pfsense admin panels
    • 10.0.1.0/23 - LAN - Where most of my normal stuff goes, desktops, laptops, phones, etc.
    • 10.99.0.0/24 - OOB Administration - Things like IPMI and BMCs end up here
    • 10.99.1.0/24 - Administration - Things like Proxmox VMs end up here
    • 10.99.2.0/24 - Core network - Things like VPN, DNS, backups, basically important network services.
    • 10.99.3.0/24 - Services - Things like *arr, etc. end up here. I actually run K8s via kubespray in Proxmox, so for me this is actually my metalLB service IP range.
    • 10.99.100.0/24 - VPN IP pool - I static IP my VPN clients instead of masquerade, so they get an IP out of this pool, the VPN instance acts as a router, and I static route from my main router back to the VPN instance.

    And I have a separate /24 for my 10gb network for Ceph.

    So yeah! I don’t know if that helps at all, feel free to ask questions to clarify. If you still really want to install OPNSense in a VM I can give you some tips on that as well.