One Year Later... What I learned about building my own NAS

About a year ago, in the Summer of 2017, I build my first ever NAS (or Network Attached Storage). I had a considerable amount of money saved and was willing to make an investment into using and learning more about enterprise networking and hardware.

In the end of my research journey and budgeting, I ended up choosing:

  • CPU + Motherboard: Supermicro X10SDV-4C-TLN4F

    • Intel Xeon D-1518 (2.2GHz Quad-Core, Hyperthreaded - 35W - 6MB Cache)

  • RAM: Kingston 16GB DDR4-2133MHz ECC RAM

  • HDD: 3x - 4TB - WD (Western Digital) RED

  • MISC:

    • Fractal Design Node 304 Mini-ITX Case (Case)

    • Cooler Master V550 80+ Gold Fully-Modular Power Supply (PSU)

    • 2x - 32GB - Sandisk Cruzer Fit (Boot Drive)

For my OS of choice, I decided going with FreeNAS since it was the all-in-one package for a BSD/UNIX based OS with the ZFS file system installed.


In my quest to learn more about enterprise networking and hardware while still getting something useful out of this build, I learned a lot!

  • UNIX File System - This was something I struggled understanding. I’ve always used chmod, chown, etc. on Linux but I never understood what the numbers really meant. In FreeNAS, I learned about user, groups, and everyone else. I learned to lockdown certain datasets from the network and expose datasets correctly without errors.

  • Networking - I learned how to direct connect to the NAS over Ethernet. This was especially useful because whole-home 10GbE networking is expensive.

  • OpenVPN - My FreeNAS is setup to connect over OpenVPN. This was somewhat complicated to setup but it ended out working out after a few tries

  • Plex - Plex is useful! I cancelled my Hulu subscription and bought all of the seasons for the three TV shows I only needed Hulu for and kept my free T-Mobile x Netflix subscription.

  • ZFS - The ZFS file system is really unique and robust. This was something worth learning on how it worked.

  • rsync - I learned about rsync and how to backup FreeNAS securely.

In conclusion, I’m really glad I built this NAS over purchasing something off the shelf. It really improved my *nix skills.

I hate the new (2017) MacBook Pro's

People probably know me as the Apple Fanboy because I own Every. Single. Apple. Product but people also know me for hating Apple for some of the things they do especially recently with their new products. 

Now, don't get me wrong, the MacBook Pro is a fantastic laptop and it gets all the work that I need it to do especially for school, work, and personal projects. However, I haven't had to have a laptop serviced so quickly. 

I have to give a testament to Apple Support because they've serviced my laptop in such a short amount of time. I walked into an Apple Store, had my laptop shipped overnight to a third-party Apple Repair center, and had it shipped overnight to my home. Furthermore, the repair center actually sent me the correct laptop unlike Dell... (which is another story for another day). However, what happened having repairs done in store? The only thing I needed replaced was my speaker and keyboard. I understand that the newer MacBook's are complicated due to their thin form-factor but even having top cases in stock for same-day repair would be nice. From what I've heard and understand is that Apple is afraid of their parts leaking out into the world and being used by unauthorized repair shops. For example, from AASPs (Apple Authorized Service Providers) themselves, they are only allowed purchase parts double their standard pricing and must return the damaged part if they want to receive a refund. If a MacBook Pro top-case costs $800, they must pay $1600 in order to get the part then return the damaged part to receive the part for $800. It's ridiculous that AASPs are required to do this in order to get parts for repair. I don't understand why Apple is so afraid of their parts leaking into the wild other than that they won't be able to do repairs themselves or sell the customer a new computer even if the fix is an easy repair. 

Some may ask why I use a Mac over a Windows or Linux based computer. Here are the reasons why I don't use Windows or Linux:

  • Windows does not have a UNIX command-line interface that supports Git, SSH, and other tools out of the box.
  • Windows is not POSIX-certified or compatible out of the box without special third-party tools.
  • Windows 10 is a privacy monster with a lot of bugs and issues. 
  • Linux does not support proprietary software such as Adobe Creative Cloud and Office 365 which I use for school and work.

At the end of the day, I am a programmer and I need the tools that I rely on to work without issues. I still use every Windows and Linux every day but they're used for their own specific applications. 

I still hate the new (2017) MacBook Pro's but I will never see the perfect laptop until someone designs something that actually catches my eye. Hopefully, some day, the Linux subsystem on Windows 10 gets better. 

Homebridge with Nest & Apple HomePod

I'm not a huge smart home fan due to privacy concerns but I will consider and allow certain smart home products in our home. When we were renovating our condo, we decided to pickup a Nest Learning Thermostat since American Express was offering a double points deal at the Nest Store and Nest was offering a two-pack of Nest Learning Thermostat's for $450. (Basically, $50 off with double points). 

Fast forward a couple months later, Apple finally releases the HomePod. A smart (eh...), Siri-enabled speaker which can act as an Apple HomeKit hub and really great speaker in any home. However, anything tech related has issues. Google (a subsidiary of Alphabet, the parent company of Nest) doesn't allow nor have HomeKit support with Nest products. The only real solution was to build your own HomeKit Bridge device and thanks to a few developers, you can easily do that for under $50 using a Raspberry Pi.

I purchased a Raspberry Pi 3, Model B+ with case from adafruit for $40 and a 32GB microSD card on Amazon for $8. 

 Raspberry Pi 3, Model B+ with Adafruit Raspberry Pi Plastic Case

Raspberry Pi 3, Model B+ with Adafruit Raspberry Pi Plastic Case

 SanDisk 32GB microSD Card

SanDisk 32GB microSD Card

With the hardware in hand, everything was put together and Raspbian Linux was installed. I followed the directions from the Homebridge wiki and all of the plugins I wanted to install.

  • Homebridge - https://github.com/nfarina/homebridge
  • Homebridge-Nest - https://github.com/chrisjshull/homebridge-nest
  • Homebridge-Samsung-Remote - https://github.com/nitaybz/homebridge-samsung-remote

And... everything worked!

IMG_3998.PNG

With the Nest and Samsung TV operating in HomeKit, we can control the thermostat or TV using Siri anywhere around the house or around the world.

Building a pfsense router

Background

I needed a new router for my home. I was previously using Google WiFi which did the job but I felt that it was limited for a home that has over 50 devices. Generally, I believe Google WiFi is great for people who just want a simple and easy wi-fi solution. However, as a power user, you will need to build your own router. 

I currently have over 50 devices on my network and Google WiFi is super limited to controlling and managing these devices.

The default IP range is 192.168.86.XXX /24 and you cannot change this to a 10.X.X.X /8 or even to a simple 192.168.1.XXX /24 range. UPDATE: Google finally allows you to change your IP Range in the Google WiFi app! 

Furthermore, there are major problems with how Google WiFi is a fully cloud-based solution and how a simple mistake on Google's end can destroy your entire network configuration.

Why I wanted a new router?

  • Future Smart Home Capability
  • Control & Customization
  • Static Caching
  • Increased Speed

In my opinion, Google WiFi has decent hardware compared to competitors. However, I have over 50 devices and these packets need to be moved. Building a router seemed to be the best option and I wanted to build something that was powerful but small and efficient. 

The Hardware

I decided to go with the PCEngine's APU2 board which is based on an AMD quad-core APU. 

I purchased the APU2C4 board directly from PCEngines. It features 4GB of RAM, 3 Intel NICs, 2 USB 3.0 ports, 3 mSATA slots. With my purchase, I decided to add a black enclosure and US power adapter.

On Amazon, I decided to go with an ADATA SP310 128GB SSD. It features MLC NAND which is great and it was only $69. It has plenty of storage for the pfsense operating system and was a bit overkill but I planned on using the extra storage space for Squid Caching.

The Build

The build was as simple as installing the heatsink, screwing everything together, and inserting the SSD. This part only took me about 15 minutes to put together and everything came together nicely.

However, this is where we hit our first roadblock. When I purchased this board, I wasn't thinking about the console port. For some reason, I kept thinking that this board had a VGA port and it would be as simple as creating a USB Installer using Terminal and installing using a monitor. I ended up ordering a USB to DB9 cable on Amazon.

The Install

I installed the latest version of the pfsense_amd64_usbmemstick_console image. I used an application called "Serial" by Decisive Tactics to connect to my APU2 box. This was the hardest part of the installation as many of the console apps work and don't work with the APU2. PuTTy works best with Windows! 

After you're connected to the console, it's as simple as booting off the USB and going through the default settings of installing pfsense. It will automatically configure the ports as WAN, LAN, and OPT1 for all APU2 boards. 

The Setup

Screen Shot 2017-05-03 at 10.28.14 PM.png
Screen Shot 2017-05-03 at 10.31.42 PM.png

The Aftermath

My setup is as follows:

Motorola Surfboard (Modem) ---> pfsense Appliance (Router) ---> Google WiFi (Access Point)

I have Squid Caching acting as a cache server for iOS software and app updates, Mac software and app updates, Windows updates, and a basic HTTP cache. You can intercept HTTPS traffic by installing your own security certificate but I would do this at your own risk. I have a few other basic security packages but I haven't done anything amazing with pfsense, yet.

UPDATE: Enterprise Networking at home is amazing. I watch iOS app updates download in seconds.