Skip to content

Robin van Bruggen Posts

My home lab setup

My current homelab in ESXi

The last few days I have been busy with creating my new home lab. For years I had the possibility to use my employers or customers test/lab environments, to test new technology and reproduce/troubleshoot issues. I have started working as a freelancer earlier this year and needed my own test environment.

Why a home lab

For me, I use my home lab almost daily. To try and reproduce customer issues and verify their setup or to setup and test new software/settings but most of all to study and gain/improve my knowledge and get my certifications. I will combine my home lab with an Azure environment.

My gear of choice

I want my lab environment to be available 24/7 with low power consumption and I want it to be (very) quiet. I also wanted it to have a dedicated GPU. I did not want to build my own custom computer (takes to much time for me) so I wanted a pre-build computer. Intel offers a large choice of pre-build hardware with good specs!

I have chosen to buy the Intel NUC Hades Canyon. The Hades Canyon offers a good dedicated GPU, fast CPU, M.2 SSD and 32/64GB of memory and a small form factor. The exact specifications of my NUC:

CPU: 3.1GHz Intel Core i7-8705G (quad-core, 8MB Cache, up to 4.1GHz)
Graphics: Radeon RX Vega M GH graphics (4GB HBM2 VRAM), Intel UHD Graphics 630
RAM: 2x Kingston HyperX 16GB DDR4
Storage: Samsung 970 EVO Plus 1TB M.2 SSD

The Intel NUC Hades Canyon

The Hades Canyon is in my opinion currently one of the best pre-build systems to get for a homelab environment. The dedicated GPU allow me (for example) to configure and play with GPU Passthrough in an RDS environment.

My laptop

Besides my homelab I have a 2019 Apple Macbook Pro and a Microsoft Surface Pro that I take with me at work. In my homeoffice I have an extra Intel NUC with Windows 10.

  • Apple Macbook Pro 15″ Touchbar (mid 2019)
  • Intel Core i7 (2,6GHz QuadCore)
  • 16 GB RAM 2400Mhz DDR4
  • 265GB SSD
  • Radeon Pro 555x 4GB

This laptop is running a Windows 10 Virtual Machine and applications like Edge Chromium (love it!), Office 365, RoyalTS, 1Password..

My current VM’s

My current homelab is running 6 VM’s with enough space/memory available to run more. This NUC will be able to run roughly +- 8 VM’s easily.
Currently i’m running a full (hybrid) RDSH environment with a few Azure components. All the VM’s are running on Windows Server 2019 except for the Ubiquiti VM, which is a Ubuntu VM.

  • 1x Domain Controller/DNS/Azure AD Connect/SQL Server.
  • 2x RDS Server (RemoteDesktop and RemoteApps).
  • 1x RD Web/RD Gateway.
  • 1x Management/Fileserver/RD Broker.
  • 1x Ubiquiti Unifi and UNMS server (which currently manages 3 different sites with routers/access points).

Besides this I have a Site2Site VPN to from my homelab to Azure, AD Connect and a few virtual machines, like a Windows 10 desktop for Windows Virtual Desktop and Azure storage for FSLogix profile containers.

4 Comments

Unifi Access Point SSH upgrade

I was in the process of upgrading a few Unifi Access Point firmware’s and ran in to a problem where the AP’s would not (re)connect to the Unifi Controller when I initiated the firmware update. It was stuck in the update state without actually updating the firmware. The controller showed them as offline/updating.
It was still able to ping it and it was reachable over SSH.

I needed a way to update the firmware using SSH. I looked up the exact firmware download URL on https://www.ui.com/download/. I connected to the specific AP using SSH (Putty) and was able to perform the update manually by running the following command:

((`which nohup` /usr/bin/syswrapper.sh upgrade http://dl.ui.com/unifi/firmware/U7PG2/4.0.42.10433/BZ.qca956x.v4.0.42.10433.190518.0923.bin >/dev/null 2>/dev/null)&) ; sleep 1

This command took a few minutes to start running and successfully completed the firmware update. I was able to manage them again in the controller with it’s new firmware.

If the AP is on a low firmware level, it may come back with a error that it could not download the firmware because of a certificate error. In that case you can simply change https:// to http://.

Leave a Comment

EdgeRouter OpenVPN Setup

In this post, I will help you through configuring an OpenVPN connection. I have found out that could not find a good configuration guide that configures everything I wanted in one post. I had to use 4-6 different websites to configure my OpenVPN on the EdgeRouter.. so i’ve decided to create a guide myself.

So about VPN.. In short, what is a VPN? You can think of a VPN connection like encrypted tunnels used to connect computers on different networks over the internet. VPNs can be used to provide yourself with a secure connection when using the internet on a public network, like a public wifi hotspot. They are also being used a lot to create a secure, remote connection to your (work or home) local network.

I have chosen to use the OpenVPN protocol instead of other well known protocols like PPTP (older, more insecure, easily detacable and blockable) or L2TP/IPSec (easily detacable and blockable but available on most operating systems).
I like the OpenVPN protocol because it is easy to setup, open source, more secure than PPTP and can be used with port 443 (https) which makes it almost undetectable and shown as normal HTTPS traffic. The downside of OpenVPN is that it uses a third-party app instead of the built-in software from Windows or your phone.

Different types of VPN tunneling

When configuring the VPN, you will need to chose how you want to use it. You can chose to use a split-tunnel or a full-tunnel.

  • Split-tunnel allows you to access your local network resources but normal internet traffic is not going through the tunnel and is not encrypted
  • full-tunnel allows you to access your local network resources and your normal internet traffic is going through the tunnel and is encrypted. But you can probably cannot access local resources, unless you are already connected to them.

I have chosen to use the full tunnel, because I want secure internet access and access to my local resources. You can also add a route to your work network to access its resources through vpn. I haven’t tested that.

Click the READ MORE button to start going though the actual configuration

5 Comments