Homelab Chronicles 04 – Power Outages and Conditional Forwarding on USG

Homelab

I’m typing this from my new digs. “New” is relative; I’ve been here three months already, yet still living out of boxes to an extent. Though all the important stuff is up and running like my computers, the network, the TV, and my bed.

My network diagram needs to be re-done, as I’ve had to move switches and routers around to make the physical infrastructure work for this apartment. The Google Fiber jack is in the living room, but some computers and network equipment are in bedrooms. Logically speaking, however, the network is still the same.

Main difference is that I have more lengths of cable running along the carpet than I did before, so I’ve had to secure the Ethernet cables to the baseboards so that I or my cat don’t trip over it. It actually looks pretty good!

Cat 5e cable cleanly secured to baseboard

As part of getting a new place, I did some additional home automation upgrades. My electric company was offering free Smart Thermostats, so I took advantage. I also replaced and added additional TP-Link Kasa Smart Plugs to control lamps around my apartment.

However, a peculiar situation arose when the power went out briefly a couple times from a bad storm. After everything came back on and online, the smart plugs stopped working properly. Only a hard power cycle—literally unplugging and re-plugging in the smart plug—seemed to fix it.

I won’t go into the whole ordeal, but after asking around on reddit, someone suggested the solution possibly lay with DNS. Because of course it’s always DNS.

DC01, a VM on my server, is the primary DNS on the network. When the power goes out, DNS becomes unavailable. Everything loses power, of course. However, everything else comes back online faster, including my router, the AP, switches, computers, and the smart plugs. The server, on the other hand, takes several minutes to boot RAID, boot ESXi, and finally boot Windows Server and make the DNS available.

I’m assuming that when the network goes down, the computers maintain their DHCP lease information, including DNS settings. However, that didn’t seem to be the case with the smart plugs. They may keep their dynamic IPs, but DNS settings do not appear to stay. Not entirely sure what goes on.

So this was a perfect opportunity to attempt Conditional Forwarding on my Unifi Secure Gateway. Conditional forwarding, as the name suggests, allows for DNS requests to go to specific DNS servers depending on the request itself.

Why will this fix my problem? Because I have an AD domain on the network, which requires DNS. Some computers are on the domain, while other computers aren’t, along with all the IoT devices. But all use the same internal DNS servers, with the DNS settings being handed out via DHCP from the router.

I found some resources on how to do this and it’s relatively easy. I won’t go into the how-to, but I’ll share the guides:

The short of it is that I had to create a new JSON file called, config.gateway.json, with the following settings:

{
	"service": {
    	"dns": {
        	"forwarding": {
            	"options": [
                    "server=/home.jcphoenix.com/192.168.32.252",
                    "server=/home.jcphoenix.com/192.168.32.242",
                    "server=8.8.8.8",
                    "server=9.9.9.9"
                ]
            }
        }
    }
}

The first two options lines associate AD domain references with the internal DNS servers. The last two options denote that any other requests should go to Google Public DNS or Quad9, another public DNS.

After placing it on the Controller (“UniFi – Where is <unifi_base>? – Ubiquiti Support and Help Center“), and setting the “DHCP Name Server” in the Controller to “Auto,” I restarted the USG and tested it out.

Powershell Results of NSLookup

As you can see, when host name GRSRVDC01 was queried with nslookup, the result came back from the internal DNS server. Same with the FQDN of the AD domain. But when JCPhoenix.com—this website—was queried, it went outbound.

So mission success!

There were a couple other ways I could have fixed this. Buying a UPS for the server was probably the easiest. Which I still need to do. I also could have manually set DNS on domain computers, while letting the USG give out public DNS settings to the rest of the devices. But neither would have been as fun and also free.

I also don’t like using static network settings, aside from a device IP. Since this is an experimental homelab, some computers that are on the domain today might not be tomorrow and vice versa. I want systems to automatically receive necessary settings based on new or changing conditions or attributes.

The last thing I’ll mention is regarding uploading the config.gateway.json file. I host my Unifi Controller on an Ubuntu VM. So instead of using SSH to get in and upload the file, I simply dragged and dropped the file in to the correct folder. Unfortunately, finding the folder proved tougher than expected. Because the folder didn’t exist.

The trick to get the folder created was to go into the Controller UI, and upload an image of a floorplan. In the old UI, the path is:

Map > Floorplan (Topology dropdown top left) > Add New Floorplan > Choose Floorplan Image.

Any image will work, since the goal is simply to get the folder created. After that, the floorplan can be deleted, if desired.

That’s it for this round. I’m thinking that my next project will be to set up a VPN server to allow me to remote-in to the network when I’m away. Though we’ll see if I have the motivation anytime soon!

Homelab Chronicles 03 – I Need a UPS ASAP

Homelab

The power went out recently in my neighborhood. Neighboring buildings were completely dark, as was mine. I was cooking dinner at the time, so not only was I hungry, but I was also in the dark.

And so was the server. Now I don’t host any crucial services on there. It’s a Homelab; it’s just for funsies. But I still need to get an uninterruptable power supply (UPS), at least to allow for graceful shutdown when these rare outages happen. Twice the power tried to come on minutes after the outage. That means power went out three times; two of those times, the server got power for just a moment before turning off again, since I have the machine set to automatically start after power failure. I don’t know what that does to a machine, but it can’t be good. Especially an old boy like mine.

That said, I don’t expect I’ll get a long-lasting UPS. The outage was long: 45 minutes. There’s no way I could keep a server going for that long on a UPS. At least one that I could afford. Plus, it’d be worthless to do so since everything else was unpowered: my computers, the router and switches, the fiber jack, etc. So I only need something that can last 10-15min. It’d also be nice if it the UPS had someway to trigger a shutdown of ESXi, but that might be asking too much.

I’ve researched this before, but I think I’ll get back on it. Maybe even a refurbished one is good enough.

On a side note, this will lead to my next task: setting up those Conditional DNS Forwarders I mentioned in my previous post. When the power did come back on, the router and Internet fiber jack came on quickly. But since DNS is on the server, and the server takes like 10 minutes total to boot, then for ESXi to boot, then the Window Server to boot, I didn’t have Internet during that time. First World Problem at home, sure, but in a business environment, that could be pretty annoying, especially if the issue is a server being down, while everything else is up.

Yes, that was my view above during the outage. Yes, those buildings had power, while I had none. I guess I live on the edge of a neighborhood grid. The buildings to the side and “behind” me had no power, while those in “front” of me did.

Honestly, it was kind of nice to sit in the darkness for 45min. I had my phone, so it wasn’t terrible. But I was still hungry.

Homelab Chronicles 02 – Admin Giveth and Taketh Away…the Domain Controller

Homelab

One of my plans at work is to properly remove an older physical servers from the network. This server once functioned as the primary – and only – domain controller, DNS, fileserver, print server, VPN server, Exchange server, etc. It was replaced in 2018, but was never really offlined. It existed in limbo; sometimes on, sometimes off. During the pandemic, my “successor/predecessor” turned it back on so staff could VPN in to the office from home.

Long story short, it’s time to take it down. To start, I want to remove it’s DC role. But I’ve never done that before. I’ve added DCs, but never taken one out of the network. So that’s why I did this.

I started by creating a new Win2016 VM in ESXi. This would be my third Windows Server instance, and I named it appropriately: DC03.

I set a static IP and added the domain controller role to it via Server Manager. The installation went off without a hitch, so I completed the post-installation wizard and added it as a third domain controller. Again, no issues. In a command prompt, I used the command repadmin /replsummary to verify that links to the other two DCs were up and that replication was occurring. After that, I checked that DNS settings had replicated. All DNS entries were present, including the DNS Forwarders.

Wait, what?

In a moment of serendipity, I had a couple weeks prior created an impromptu experiment setup. I added DNS forwarders to DC01 after DC02 was added as a DC. I had seen guides and best practices saying that DNS settings either coming from a router via DHCP or statically put on a workstation shouldn’t mix internal and external servers. So DNS1 shouldn’t be an internal DNS server, while DNS2 points to a public DNS like Google’s 8.8.8.8. So that’s how I found out about DNS fowarders in Windows DNS mananger.

I expected the DNS forwarders to eventually replicate from DC01 to DC02, but they never did, even after multiple forced replications. At the time, I didn’t understand why that was the case. In the end, I manually added the forwarders to DC02.

And then a few days after that, I added another forwarder on DC01, but not to DC02. And of course, that last entry didn’t replicate, leaving a discrepancy.

Apparently, DNS forwarders are local only and they don’t replicate. Conditional forwarders will, but not full-on external forwarders. This has something to do with the fact that DCs in the real world may be in different geographical locations, with different ISPs, that require the use of separate external DNS forwarders at each location.

So imagine my surprise when DC03 automatically had the DNS forwarders that I had placed on DC01. But I quickly stumbled upon the answer:

By [adding DNS roles], the server automatically pulled the forwarders’ list from the original DNS servers, and it placed these settings in the new DNS server role. This behavior is by default and cannot be changed.

Self-Replicating DNS Forwarders Problems in Windows Server 2008/2012 | Petri IT Knowledgebase

That’s why DC03 had the DNS forwarders. When a new DC is added that has a DNS role, it will do a one-time pull from the other DNS server; in this case, my “main” DC. But after that, DC03’s forwarders will forever be local.

Case closed!

With the new DC03 in place, with its proper roles, I left it for 24hrs. Just to see if anything weird would happen.

And wouldn’t you know it, nothing weird happened. Sweet!

I ran nslookup on a few different computers on my network, including domain- and non-domain joined ones.

It looked like that on all the computers. All three DCs/DNSs were present.

After confirming that everything was OK, I started removing the newest DC from the environment. I attempted to remove the role via Server Manager, but was prompted to run dcpromo.exe first. Since it wasn’t the last DC, I made sure not to check the box asking if it was last DC in the domain. Once again, everything went smoothly.

To confirm that DC03 was no longer an actual DC, I did another nslookup on various computers. The IP address of DC03 was no longer showing. In addition, I checked DNS Manager on DC01 (and DC02) and saw that DC03 was no longer a nameserver. Though a static host (A) record was still present, as was a PTR in the reverse lookup zone; both expected results. I left the AD role on the server, but I could completely remove it if I wanted.

Pretty simple and straightforward.

This gave me the confidence to do this at work. Consequently, I removed the DC role from the old server last week with no issues whatsoever. No one even knows it happened. Which is all a sysadmin can ask for!

Homelab Chronicles 01 – The Beginning, Sorta

Homelab

So this is a new thing I want to try. It’s been over a year since I’ve posted, so why not?

Over the last 12-18mo, I’ve had the opportunity to set up a Homelab. I worked at an MSP for almost a year and a half and got a bunch of old client equipment, including a couple Dell servers.

My lab isn’t really segregated from the main network, but that’s because of what I’m trying to do; I’ll explain soon. But before I get to that, here’s the main gear I’ve been playing with:

  • Ubiquiti Unifi Security Gateway (USG)
  • Cisco SG200-26 Managed Switch (24 port)
  • Ubiquiti U6-Lite AP
  • TP-Link TL-SG108E Managed Switch (8 port)
  • Dell PowerEdge T620

I also have a bunch of other gear, like a Dell PowerEdge R610 and another 16- or 24-port switch that are sitting around collecting dust. At one point, however, I was playing with Unraid on the R610. Also had a desktop PC that had pfSense or OPNsense functioning as my router/firewall, before getting the USG. I don’t know enough about firewalls to really use those though.

Anyway, here’s a crappy diagram of the network.

Things in red are the main devices. Not all devices shown; I think I have like 10 physical computers, though not all used regularly. And there a bunch of other WiFi and IoT devices. I included some of the extra devices like the PS4 and iPhone so it doesn’t look like I just have these extra network switches for no reason. I live in a 2-Bdr, 900 sq. ft. apartment, but the extra switches are so I don’t have 3+ cables running to a room that I’m tripping over (thank god for gaffing tape).

Initially, I was going to have a separate lab subnet and VLAN. And I started it that way. But I’m one of those that if I don’t have a real “goal,” it’s hard for me to just play around with things. I need an actual project to work on. It wasn’t enough to have a separate, clean sandbox. I wanted the sandbox that already had all the toys in it! So I’ve already redone the network environment once.

In the end, I decided that I’d create a Windows Active Directory Domain environment for home. I want to have a domain account that I use across my computers. Ideally, I’d have folder redirection, offline folders, and maybe even roaming profiles, so that any computer I use will have my files. The server(s) will also function as a fileserver, with network shares shared out to accounts via Group Policy.

On the network side, some of my goals are:

  • Stand up a VPN service, probably using WireGuard
  • Create a management VLAN and another for everything else
  • Set up conditional DNS forwarding
  • Replace the switches with Ubiquiti gear to really take advantage of the Unifi software

I could go on, but what I’m trying to emulate at home is a small business environment, from the bottom to the top, from the router all the way to the workstation. I work for a small biz, so this is the perfect place for me to mess around with and screw things up before I try on my employer’s live environment.

All in all, this is a great learning experience and I’m excited to share what I’m doing. Maybe this will help others who are trying to build their own Homelabs.

I know I’ll be screwing things up along the way – and I can’t wait to do so!

AAR: 8 Mar. 2020, Deklein — Whoring on the Penultimate GOTG Keepstar

Gaming

Having already been on a few GOTG Keepstar killmails last month and having already hit my PVP kill requirements for March, I wasn’t really planning on getting on another. But when you’re up at 4:00 am, finishing up some 5+ hours of mining, a free opportunity to pad zKillboard isn’t a bad idea. Especially since it requires little thought from the sleep-deprived brain.

Our fleet to EU3Y-6 in Deklein – through two advantageously-spawned Thera wormhole connections – was quick as we flew up in a fast Jackdaw fleet. As expected, there were hundreds other players in system ready to whore on the kill, along with the main Titan damage dealer fleets. Our allies in NC. were there, along with the “bluetral”-for-this-eviction TEST, among others. Enemies were absent in major numbers since technically GOTG has disbanded. Who would show up to defend a structure of a dead coalition of alliances? No one would. The enemies barely defended them when they were still a semi-organized group.

There’s not much else to say, other than our Jackdaw fleet did get Doomsday’d by the Keepstar, though I think we only lost eight or so ships. I didn’t take any damage from it.

The following photos tell the story better.

The main Titan fleet doing the vast majority of damage.
The Titans started getting ballsy, knowing they couldn’t be killed.
Is this a Michael Bay movie?

Killmail of the Keepstar. And I believe there’s another one, the last Keepstar to destroy, in a few hours. We’ll see if I’m awake for that one.

Going down the Rabbit Wormhole

Gaming

While I’ve dabbled in Wormholes before, I’ve never really gone too deep. Once in a blue moon, I’d spend a few hours scanning an anomaly down, jumping into a wormhole, and then kinda putz around aimlessly.

I’d attempt to hack a data or relic site or engage in some “ninja mining:” relatively quick and short sessions of mining or gas harvesting before PVE enemies (“rats”) or other players show up. I’ve certainly never solo explored chains of wormholes, for fear of getting lost. Boredom would set in quickly and I’d drop exploration again for several months.

I didn’t really learn or retain much as a result. This time, however, I wanted to really get a good taste of what wormhole exploration had to offer. To do that, I put together a basic fitting for a Prospect, a T2 expedition frigate.

[Prospect, Gas Ninja Speed Prototype]
Warp Core Stabilizer I
IFFA Compact Damage Control
Nanofiber Internal Structure II
Warp Core Stabilizer I

5MN Microwarpdrive II
Survey Scanner II 

Covert Ops Cloaking Device II
Expanded Probe Launcher I
Gas Cloud Harvester II 

Small Processor Overclocking Unit I
Small Processor Overclocking Unit I 

Combat Scanner Probe I x16
Nanite Repair Paste x50

This fit comes in at under 50 million ISK. Since my goal was exploration and ninja mining, I focused on cloaking, probe scanning, and resource gathering Defensive capabilities were nil; speed and the ability to run away would be my means of staying alive. It should be noted that this fit is very tight for me: CPU utilization is at 96%, even with CPU Management V.

Probe Scanner window in EVE; shows a system map of the wormhole, with list of 20 anomalies or cosmic signatures.
Lots of sites for gas harvesting in this C4 wormhole!

So far, all is going pretty well. I’ve only come across a handful of people in the wormholes I’ve visited, and only once did someone warp on to grid with me. Luckily, I scanned at the right time, saw the unfamiliar ship on the directional scanner, and MWD+Cloaked away about 30 seconds before an Eris landed and bubbled. I was able to jump out with the enemy pilot none the wiser.

Since I’m mostly solo, I’ve been using Tripwire to help me explore. I can jot down cosmic signatures, record what they are once fully scanned, and track my journey so I know how to get back to high-sec. It even takes some of the work away by auto-tracking and noting where I’m jumping to and from. Pathfinder is another site that provides a similar service that I may try.

Tripwire says I’ve added 262 signatures and added 75 wormholes so far. The longest chain I’ve taken from my “starting” high-sec system is 5 wormholes. I’ve been lucky that I’ve been able to get back to my start each time.

Screenshot of the browser-based Tripwire service. Shows a diagram of connected systems, statistical graph, list of found anomalies/sites, and some of my notes.
The UI of Tripwire from a recent excursion.

In terms of profit, I’m probably ISK-positive, having harvested somewhere between 100-150 million ISK worth of gas. Ninja mining, however, in a single Prospect doesn’t seem to be particularly profitable, especially given how much time I’m spending scanning down the gas harvesting sites or new wormholes. I’ve likely spent at least fifteen hours in wormholes in the last week.

Nor is it without danger. About half of the gas sites I find already have scary Sleeper rats on them. For the rest, I get between five and twenty minutes to harvest before the Sleepers appear. With no offensive or defensive capabilities, I have no choice but to run.

I should also mention that I’m on my second Prospect. I lost one to sentries at a gas site when I accidentally and stupidly decloaked on grid to launch scanning probes. My poor ship, the aptly named, “Junior Prospector” was obliterated instantly. So I’m down about 50 million ISK already.

Screenshot of in-game Mining Ledger, showing graphs of what gas types I've harvested and the amounts.
Definitely harvested more gas than I thought I did.

Overall, however, I’m having a lot of fun exploring wormholes and learning a lot. Aside from breaking the monotony of ice mining or “getting blueballs” in null-sec fleets, I’m finally taking the time to participate in this side of the game. W-Space (or J-Space) is one of four main areas of space in Eve. I play in high- and null-sec all the time — while mostly avoiding low-sec, other than travel — so it’s great to finally get my toes wet here. I’ve even convinced a buddy to join me. Maybe one day I’ll set up shop in a wormhole. I certainly see the allure.

In the meantime, it’s time to get back to exploring the unknown. Back to going down the rabbit hole.

An Assassin With a Soul? A Short Review of ‘Hitman: Absolution’

Gaming

This was initially written on and submitted to the Steam store page for Hitman: Absolution, with some additional edits and commentary.

This is the first game I’ve played in the Hitman series. It took me two attempts to finally complete it (got bored the first time around a few years ago). I played on the Normal difficulty. I beat the game right before writing this review. I won’t give a synopsis, since the Wikipedia article does a good job.

If you’re into stealth action games like Deus Ex: Human Revolution and Mankind Divided or the Spinter Cell series, HM:A definitely satisfies that “itch” since those two series are currently on hiatus. Gameplay wise, it’s mostly fun, but the AI is rather dumb. The challenge is that there are often tons of enemies on the map that you have to sneak around instead of fewer NPCs with decent AI to contend with. That’s not to say it’s always easy to do so. Though how to complete the mission is up to you; full stealth or full rampage or anywhere in between.

Screenshot of an enemy NPC above main character; main character is hanging off the bridge ledge.
Really, dude? You don’t see Agent 47, or at least his hands? OK…

As such, you can often just blast your way through a mission, quite easily. For a stealth game, it’s quite odd that that’s a legitimate option, and often times the easiest and quickest option. During the final missions, I was definitely rampaging. And thinking about it now, it seemed like Absolution “forced” me to go into that mode. There weren’t enough places to hide bodies or even hide, period. There were less items to throw or other things like radios to distract enemies, nor opportunities to take down enemies one by one.

The setting is average at best. I expected a more realistic setting. Instead, it’s like some modern-day but noir-ish alternative universe, with over-the-top stereotypical characters and events. Add in the villains and it felt like I was in a comic book or pulp fiction novel. Again, not at all what I was expecting.

Screenshot of Agent 47 walking away like a badass, as the town in the background burns.
The former town of Hope, South Dakota. The bad guys burned down a town; NBD.

With regards to the story, it was just OK. It’s easy to follow and makes sense, but it’s nothing that makes you think hard and deep. I think my biggest complaint is that characters would be introduced – often they’d need to be assassinated – but there’s no real backstory or explanation as to who they are and why I need to assassinate them (other than they’re working for the bad guys). 

I didn’t try any of the online Contracts stuff, since I guess it no longer exists due to GDPR compliance issues *shrug*.

I’ll leave the rest of my review to the checklist below. Would I recommend this game? Yeah, probably. But I wouldn’t buy it at full price. Wait for a sale or get it as part of a bundle. Like I said, it definitely satisfied my stealth game needs. And if that’s what you’re looking for, Hitman: Absolution will do.

–{Graphics}—
☐ Is this real life?
☐ Beautiful
☑ Good
☐ Average
☐ Paint.exe

—{Gameplay}—
☐ Excellent
☑ Good
☐ Average
☐ Staring at walls is better
☐ Just don‘t

—{Audio}—
☐ Eargasm
☑ Very good
☐ Good
☐ OK
☐ Ear rape

—{Audience}—
☑ Adults
☐ Teens
☐ Kids
☐ Human

—{PC Requirements}—
☐ Ask NASA if they have a spare Cray
☐ RTX 2080
☑ Decent
☐ Toaster
☐ Potato

—{Difficulty}—
☐ Dark Souls
☐ Frustrating, but not impossible
☑ Easy to learn / Hard to master
☐ Significant brain usage
☐ So easy a child could do it
☐ Just press ‘A’

—{Grind}—
☐ Asian MMO
☐ Western MMO
☐ Average amount of grind
☑ Only if you care about leaderboards/ranks
☐ Nothing to grind

—{Story}—
☐ National Epic
☐ NYT Bestseller
☑ Average
☐ Bargain Bin
☐ There’s a story?

—{Game Time}—
☐ To infinity and beyond
☐ Long
☑ Average
☐ Short
☐ Long enough for a cup of coffee

—{Price}—
☐ It’s free!
☐ Worth the full price
☑ Wait for a sale/Humble Bundle
☐ You could also just burn your money

—{Bugs}—
☑ Clean Room, Biosafety Level 4
☐ Minor and/or few non-gamebreaking bugs
☐ Many bugs; some serious
☐ ARK: Survival Evolved
☐ Ant Farm/Hive/Termite Mound

Probably my favorite disguise.

AAR: 6 Mar. 2019, Lonetrek

Gaming

I was just about to get off the computer and go to bed when an urgent ping went out:

BURN TO HAKONEN DREADS TACKLED

-ASP

Well, shit. Might as well log back in. We had been camping an NPC station housing enemy dreads and subcaps earlier in the night, so I figured we finally tackled some. Either that or it was our Dreadnoughts that were tackled.

So I jumpclone’d back to our SIG staging, got into an Osprey (sounded like we were lacking in Logi; not that we needed it), then burned to Hakonen.

Once I landed on grid, I was treated to the beautiful site of two neutral Revelations and a couple of Moros, all tackled. In addition, we were next to an Astrahus that was already into structure. And these weren’t the same guys from earlier.

I made sure to bring some drones so I could whore on these kills. And whore I did. I only missed out on one Moros.

In the end, all targets were destroyed, quite easily, including the Astrahus. We did lose two Revelations of our own, along with a Naglfar. But given how blingy the enemies were — they also lost a Vindicator somehow — I’m pretty sure we were ISK-positive.

All that in about twenty minutes.

Moments before the explosion of the Astrahus

AAR: 28 Feb. 2019, Branch

Gaming

Our evening began with a Slasher gang roam in Geminate that ended with us staring at the Oijanen sun and attempting to fly into said sun for at least fifteen minutes. Yeah, it was one of those nights. I believe the only kill we managed to snag was an Impairor piloted by a non-blue alt of a completely newbie Newbean, along with his accompanying pod. Hey, he was neutral. He should’ve known better (or not).

A lavender sun in the Oijanen system of EVE. In the foreground, a small Slasher frigate gazes upon it.
The mesmerizing violet sun in Oijanen. Courtesy of Briggens Dingus, who was there probably fifteen minutes longer than the rest of us.

Sensing that the gang was getting bored, Lolz and I suggested that we go on a real roam to some other parts of null-sec. Five of us — Heinrich, Gary, Lolz, Swiggity, and I — agreed.

After debating the finer points of a Warp Disruptor versus a Warp Scrambler, we set off north in Thrashers, with Heinrich in a Svipul for cloaky probing.

Our target was Branch.

I was familiar with the Branch region since I was deployed up there last fall in a campaign to harass GOTG. There were always tons of ratters. Hell, even I ratted up there during lulls in action.

We took the “ansiblex highway” up to Tribute, through Venal, and then into Branch via MA-VDX. It was relatively quiet the whole way through. We stopped here and there to try to probe down neutrals in system with us, but nothing came of it.

From MA-, we moved to 1G-MJE. Dotlan was showing high amounts of NPC kills in this area of the pocket. We immediately detected several ships on D-Scan, including some caps. Heinrich probed them down, and warped on to them…

…Only to find they were all in a POS bubble.

We, not entirely understanding the mechanics of POS’s, hung around figuring out what to do, and even fired a few shots into the thing. We had a strong suspicion that these were bots, so we bookmarked the location for a return at a later date, perhaps with some Mobile Warp Disruptors.

From there, we dove deeper into Branch, trying to probe or shotgun sites to find ratters. Unfortunately, they were all paying attention so we never caught any.

By this point, our presence was known and we started seeing more of the locals flying around. No one ever engaged us, but we knew we were being tracked. Heinrich started jumping into systems first to probe down ships without scaring them as much. However, he couldn’t scan them down quick enough before they docked or tethered-up.

Next, we flew into the CX-1XF pipe, heading towards south-central Branch. This pocket had the highest concentration of ratting activity in the region according to Dotlan.

This, however, was a dangerous gambit. While the pipe was very long, it was exactly that, a pipe with only two exits. Just like our recent excursion in Catch, we could be camped quite easily on either or both ends of the pipe, slowly getting boxed in.

After hanging around 3-TD6L for too long, I felt we needed to keep moving. I had us start freeburning towards 9-B1DS. The more time we spent in this pipe, the higher chance of a gatecamp being formed.

And formed it was. We met the gatecamp in J52-BH. Upon landing on the 5-P1Y2 gate, a handful of ships were there to meet us. It was time to fight.

There were a couple of frigates, so we focused on a Claw and won. However, we lost Lolz before that. Our next target was a VNI, which we managed to force into armor, but with more enemies jumping in, we didn’t stand a chance. Each of us was promptly destroyed and podded.

Except for Heinrich.

He somehow managed to cloak up in the thick of it and evade getting decloaked. Though he said they got dangerously close to doing so. He slowly burned out of the bubble, then waited for things to quiet down before bee-lining it to nearest friendly station for repairs, several jumps away. He set course back home – twenty-something jumps – and made it back in one piece.

Overall, I thought we did pretty good. We stuck together this time and people followed my orders. Plus we got a kill! The last few roams were either content droughts or situations where we ended up as the “content,” so it was good to finally score a kill again.

My personal highlight was my call to take on the Claw. In battles, it gets chaotic quite quickly. With multiple targets, people tend to panic and just attack whatever. I took a few seconds to look through the enemies on grid and evaluate the situation. Since the Claw was the smallest thing on grid — and we were in destroyers– it was the perfect target. The gang listened, adjusted their targets, tackled him, and followed through to completion.

Lessons learned: Be quick. The more time we spend in one place, the more time we’re giving the enemy to prepare.

Communicate accurately and quickly. We didn’t actually have to enter that fight in the manner we did (we warped in at zero from a freeburn). Had the person that landed first accurately relayed the situation, we might have been able to enter the fight differently.

That said, there’s something to be said about chaos. They were probably caught off guard just as we were.