Compiling pfsnse and some more thoughts
-
Sounds like a fun project!
In the words of someone else on the Forum: Think big, but start small.
Try this one step at a time.
I think your on the right track, but definitely consider subdividing your design into different subnets to give you smaller "chunks" to work with.
If you're seriously considering handing out WiFi in the neighborhood (a laudable goal) then that's definitely it's own subnet.
Cameras are another one, and your own internal LAN is a third.
Personally I like to put my home Wifi on its own subnet as well, but that's me.So I would plan on at least three subnets plus your WAN connection.
If you haven't got four NICs, your Zyxel switch supports VLANS which makes it easy to separate out your networks.The more I look at your setup, the more a VLAN implementation makes sense.
There is no such thing as wireless security or surveillance. I know this.
The only important cameras I have are my two PoE-wired outside cameras. (Sricam ap004).
I'm thinking my NVR can handle this.Yah wired is good in general, but especially for cameras.
The security issue is one thing, but the reliability of the network is another and my earlier comment(s) about separating the networks still stands.One side thought, you might want to consider looking at DigitalWatchdog's SpectrumVMS software for your setup.
The software is free and the NVR runs on both Windows and Linux boxes.
The only cost is a one time license per camera (~$85/camera?) to allow recording.
You can load the software and get a free 30 day trial license to test it out with your cameras.
Given your NVR hardware I think this could be a very good fit especially as Ubuntu on that box will probably give you some reasonable performance.Good luck, let us know how it goes….
-
VLANS it is :-)
The reason I did not go for VLANS is that I also have an IPTV service coming into my house (multicast). And as long as you are on the same LAN you also get free tv on your phone/tablet.
This is of course illegal! So I'm not doing that ;-)And thanks for the NVR software link.
I have been looking for an Open Source NVR that runs on linux for a long time.
But so far nothing seems to match iSpy.
https://alternativeto.net/software/ispy/I actually limit some of my cameras to record in 10 fps, and that seems to be fine.
For the last 1,5 years I have been running iSpy on an old
pentiumCore 2 laptop. And this seems to be doing fine.
As of now it contains over 90000 video files :-) Attachment 1.Here are some examples (All wireless cameras):
http://motionthings.no/upload/3_2014-07-22_20-17-20.mp4 (My grandfather)
http://motionthings.no/upload/4_2014-08-27_10-22-38.mp4 (Me, getting a cup of coffee*)
http://motionthings.no/upload/4_2014-09-24_17-45-15.mp4 (Me, in my "Batcave")
http://motionthings.no/upload/5_2014-08-01_09-17-01.mp4 (Always post a video of cats! This is after all the internet)The audio is pretty good!
I'll have a serious look at what you're recommending.
edit
*This camera is for catching cats on my kitchen counter.
At first I played a foghorn sound every time there were cats on the counter, but that almost gave my grandfather a heart attack.
Luckily his hearing is not what it used to be, so I replaced the sound with a 15KHz sound that the cats, but not my grandfather can hear :-) I can promise you that they run out of the kitchen pretty fast when I play the sound.And since I now am using a sound that my grandfather cannot hear I can automate this process.
"For every motion alarm in kitchen, play sound 15Khz.mp3"
/editI am doing a "buildlog" of this entire project. Hoping that it can land me some work within networking.
Using it as an addition to my CV :-)In other words. I would love to talk alot about every step on my "journey".
This thread will be referenced in the documentation. Along with all my other questions elsewhere.
PS. I'm really looking forward to getting my NIC's tomorrow :-)
-
Well FML!
Got my compatible intel NIC cards delivered two days ago (Yay).
Guess what I woke up too. No internet connection!
Attachment 1 and 2.Turns out there was a problem with my fiber. All good now!
pfSense is running!
Attachment 3Starting a new thread with a buildlog if anyone wants it?
edit
Sorry for the ginormous attachments again.
/editedit2
In my third attachment (see the red arrow). pfSense asked for two DNS servers. I said, use yourself (192.168.3.1), and google (8.8.8.8) as DNS.
The two that are already there I got from my ISP via DHCP.Isn't my first entry 192.168.3.1 as DNS unnecessary/redundant? It already uses loopback interface for DNS?
/edit2
 -
Hmm. I only pay for a 100/100 line.
Took a speedtest today:
Lets hope they don't find out :-)
-
Hmm. I only pay for a 100/100 line.
Took a speedtest today:Lets hope they don't find out :-)
Whoah. :o
I felt kinda lucky that I was paying for 6 and getting 7.2, lol. :\
:)
-
This is after I got my bridged connection for the first time :-)
I was thinking that this was some sort of cached result. I know my ISP is using alot of cache servers.
But I FTP'd into one of my webhotels (in Norway). And I got the same results :-)Shhh. Don't tell anyone! Ever!!
I'm afraid that this will balance out over time, and that I will end up with a 100/100 line in a few days.
They probably opened up everything when they were diagnosing my connection.
They replaced a 3-inch piece of fiber that was "spliced" badly.Hoping it never changes, but I'm not optimistic…
-
You can probably get that Atheros NIC going with this kernel module: https://forum.pfsense.org/index.php?topic=78932.msg434620#msg434620
That code is in the alc driver though so you might also try the alc module from FreeBSD 10 stable.Steve
-
Thanks Steve. I have tried that a couple of times, but always ended up with a machine that would not boot.
Did it again yesterday. Without making a backup first :'( Overconfidence is a bitch!
My steps for making a non bootable box ;)
-
Copy 'if_alc.ko' from a FreeBSD 11 ISO to /boot/kernel/ (*)
-
chmod -x 'if_alc.ko'
-
edit 'loader.conf' to include the line 'if_alc_load="YES"' (**)
-
I tried copying the same file from a running FreeBSD 11 install too, with the AR8161 NIC working.
** Don't use the webinterface editor! This put some "artifacts" in my 'loader.conf' file. Fixed it with 'ee'. I should probably report this as a bug.
Here is what I end up with after these steps (Video of my box "booting" in slow-motion):
https://www.dropbox.com/s/ncx880gyj4d17m5/2015-06-16%2000.05.34.mp4?dl=0Last time I just reformatted the box.
But now I have actually done some meaningful configuration, that I would hate to loose.PICNIC
OK
-
Boot single user mode. Not Working
-
Boot safe mode. Not Working
-
No options are working! (load/unload modules, list modules. Nothing is working)
OK
-
Boot from CD (pfSense)
-
Mount harddrive to /mnt/
-
edit 'loader.conf' (remove 'if_alc_load"YES"')
-
remove 'if_alc.ko' from /boot/kernel/
Reboot.
Results… Same as the video above^^ A "slow-motion" boot.
So, what is happening here?
What am I doing wrong, or forgetting?I'm now running a live pfSense CD :)
I have read this: https://forum.pfsense.org/index.php?topic=88511.msg488963#msg488963
And many other posts about the AR8161How can I get my system to boot again? I don't care about the Atheros NIC at the moment.
Simon
PS. "He who laughs last, probably has made a backup!"
edit
Lesson learned:
Never think; "I'll setup backup once configuration is done"
Instead think; "Setup backup before configuration"
/edit -
-
Hmm, I wouldn't expect a FreeBSD 11 module to load. Perhaps when those other users tried it was still close enough to 10 to work.
Have you tried the alx module I linked to? That was compiled against FreeBSD 10, others have reported success with that.
Try a module from a FreeBSD 10 recent snapshot that should have that code in it: http://ftp.freebsd.org/pub/FreeBSD/snapshots/ISO-IMAGES/10.1/Steve
-
Thanks again Steve.
But I don't really need it at the moment.
My original network plan was to use the third NIC (Atheros) on my pfSense box to send traffic to Snort.
https://cacoo.com/diagrams/y2rMw37kzlzcHzZyNow that I have found out that Snort runs just fine on my pfSense box, I don't need the third network card anymore :)
And given my previous experience (ending up with a non bootable box) I don't want to experiment with this on a "live" system.
I'll just wait till pfSense gets updated to FreeBSD 11.
Maybe then I will do something fun with it.Simon
-
VLANS it is :-)
The reason I did not go for VLANS is that I also have an IPTV service coming into my house (multicast). And as long as you are on the same LAN you also get free tv on your phone/tablet.
This is of course illegal! So I'm not doing that ;-)And thanks for the NVR software link.
I have been looking for an Open Source NVR that runs on linux for a long time.
But so far nothing seems to match iSpy.
https://alternativeto.net/software/ispy/I actually limit some of my cameras to record in 10 fps, and that seems to be fine.
For the last 1,5 years I have been running iSpy on an old
pentiumCore 2 laptop. And this seems to be doing fine.
As of now it contains over 90000 video files :-) Attachment 1.Here are some examples (All wireless cameras):
http://motionthings.no/upload/3_2014-07-22_20-17-20.mp4 (My grandfather)
http://motionthings.no/upload/4_2014-08-27_10-22-38.mp4 (Me, getting a cup of coffee*)
http://motionthings.no/upload/4_2014-09-24_17-45-15.mp4 (Me, in my "Batcave")
http://motionthings.no/upload/5_2014-08-01_09-17-01.mp4 (Always post a video of cats! This is after all the internet)The audio is pretty good!
I'll have a serious look at what you're recommending.
edit
*This camera is for catching cats on my kitchen counter.
At first I played a foghorn sound every time there were cats on the counter, but that almost gave my grandfather a heart attack.
Luckily his hearing is not what it used to be, so I replaced the sound with a 15KHz sound that the cats, but not my grandfather can hear :-) I can promise you that they run out of the kitchen pretty fast when I play the sound.And since I now am using a sound that my grandfather cannot hear I can automate this process.
"For every motion alarm in kitchen, play sound 15Khz.mp3"
/editI am doing a "buildlog" of this entire project. Hoping that it can land me some work within networking.
Using it as an addition to my CV :-)In other words. I would love to talk alot about every step on my "journey".
This thread will be referenced in the documentation. Along with all my other questions elsewhere.
PS. I'm really looking forward to getting my NIC's tomorrow :-)
Thanks for sharing this. openipcam is another nice little alternative which provides open source web cam.
-
Hi,
Nice project, I Have something like that at home but smaller, only 5 cameras (cheap chinese foscam), asterisk voip, video+audio streaming (Plex + SqueezeBox). Some Apple TV, Some Kodi boxes, a Supermicro 1U Rangeley Atom server with some virtual machines and a Qnap 2 bay NAS.
For NVR I use Blueiris (http://blueirissoftware.com/). It is only 59.95 and you can add as many cameras as your hardware can handle. The nice thing is that if you want you can buy the apps for your smartphone (iOS and Android), you can set push notifications, email notifications and more. You can access the cameras and recordings from internet publishing the Blueiris Web Portal.
I hope this helps you to evaluate options.
Regards.
-
Thank to everyone taking the time to read and respond to my overly long posts.
As of now everything is working great!
But I always have new questions…."The Dude" is all of a sudden picking up a node with gigabits of traffic on a node ending with *.255 (see attachment).
Is this something internal to pfSense? DNS (ubound)?
My actual pfSense box is 192.168.3.1.
Any and all suggestions appreciated :)
Simon
