TNSR | Netgate Forum

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Subcategories

TNSR Announcements

Discussions about TNSR

16 Topics

54 Posts

M

We're happy to announce the release of TNSR software version 25.02. This regularly scheduled release includes additional hardware support, updates, and bug fixes. Here's what's new: Unicast Reverse Path Forwarding: Introducing Unicast Reverse Path Forwarding (uRPF) to prevent IP spoofing attacks. Both "loose" and "strict" modes available. Enhanced BGP Protection: New BGP Roles implementation (RFC 9234) to prevent route leaks and hijacks. Powerful Threat Detection: Multi-threaded Snort 3 integration for advanced IDS/IPS. NETCONF: The NETCONF service has been made available starting with this release. Regular Updates and Maintenance: Updated VPP and DPDK versions and made over 30 bug fixes and stability enhancements. Learn More: Release Notes Blog Video
TNSR Feedback

Discussions about TNSR

61 Topics

134 Posts

J

@johnpoz I know I thought maybe he could be my study buddy for a while but never responded so I gave up .
Problems Installing or Upgrading TNSR Software

Discussions about installing or upgrading TNSR software

52 Topics

191 Posts

A

@Said.Fathy , Hi Said .. I'd strongly recommend Lawrence Systems' youtube channel... it's the best as far as pfsense is concerned.. from beginner to pro https://www.youtube.com/@LAWRENCESYSTEMS

G

TNSR adventures on my home network

Watching Ignoring Scheduled Pinned Locked Moved
4

3 Votes

4 Posts

3k Views

A

@tman904 said in TNSR adventures on my home network: Thank you for posting this. This is hands down the best post around TNSR usage I've seen. I've also really wanted to try TNSR for myself without any of the hand holding/hoops to jump through etc. Hopefully this starts a discussion to make TNSR easier for the community to access and use as a whole. I think it would be a good idea to separate TNSR into a free home version VS enterprise support offerings at the very least. Netgate you could always use the model that vyOS uses: https://www.vyos.io/rolling-release/ That is to give the bleeding edge rolling release version out to the whole community for no charge. Then keep the licensing/support services etc for the stable version of what would be your TNSR codebase. If you could implement that change to TNSR. It would really help everyone in the community embrace it. Thanks @tman904. Good ideas for sure.
0

Deterministic NAT mode breaks VPP

Watching Ignoring Scheduled Pinned Locked Moved
4

0 Votes

4 Posts

974 Views

J

Deterministic NAT is a "CG-NAT". The design goal is to scale out against a very large number of endpoints with reduced (need for) logging. See, for example, RFC 7422. As noted, (thought the docs could be more clear), there isn't much chance of making inbound services work on the outside interface for the interface address in deterministic NAT mode. It could possibly work for services on the inside interfaces if the in2out node becomes an output feature on the outside interface, but that work isn't currently contemplated. If it's important to your use case, please get in-touch so we can help determine how to best proceed.
G

Question regarding ACL memory footprint and stateful connections

Watching Ignoring Scheduled Pinned Locked Moved
3

1 Votes

3 Posts

602 Views

G

Thanks for the response! I ran the prescribed commands and got very similar numbers. In layman's terms, it looks like the answer to my questions is "an insane number" for both. I'm not employing my TNSR instance in a large enterprise or corporate network. Would be very curious to see memory and session numbers for someone who is and who has a robust number of ACLs. Thanks again for the response!
G

Error when attempting to issue show packet-counters command

Watching Ignoring Scheduled Pinned Locked Moved
14

0 Votes

14 Posts

1k Views

G

@audian no problem at all! I'm enjoying the TNSR experience and look forward to seeing the fixes and improvements you all are working on.
G

No mDNS on TNSR?

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

715 Views

J

Nothing like that available yet and I'm not seeing anything in open feature requests either. If you are already in contact with someone from Sales/CSE, make sure they know it's a feature you'd like to see.
G

Firewall/ACL aliases??

Watching Ignoring Scheduled Pinned Locked Moved
9

0 Votes

9 Posts

2k Views

G

I will certainly give it a read and a watch and look for reasons to learn and practice. Really appreciate your insight and perspective. I'm sure we'll interact again soon assuming you're ok with questions/complaints/feature requests. I'm trying to be diligent about researching before asking for help but, as you have witnessed personally, I've hit a wall a few times now.
G

command to monitor acl activity?

Watching Ignoring Scheduled Pinned Locked Moved
6

0 Votes

6 Posts

965 Views

J

Not at the moment, it's all in an internal bug tracker. Every once in a while we revisit making that public but so far it's mostly private with internal chatter. If anything changes there, it will be in the release notes and related posts around a new release.
G

Question on VLANs on TNSR

Watching Ignoring Scheduled Pinned Locked Moved
3

0 Votes

3 Posts

623 Views

G

Thanks! I wasn't aware that I could do that without assigning an IP address etc to that interface.
X

OpenVPN

Watching Ignoring Scheduled Pinned Locked Moved
4

0 Votes

4 Posts

827 Views

N

@jimp has the same question, thank you for the answer :))
M

This topic is deleted!

Watching Ignoring Scheduled Pinned Locked Moved
1

3

0 Votes

1 Posts

6 Views

No one has replied
L

OSPF config change not updating FRR

Watching Ignoring Scheduled Pinned Locked Moved
1

0 Votes

1 Posts

290 Views

No one has replied
J

TNSR with ESXI VMXNET3 -- not recognized

Watching Ignoring Scheduled Pinned Locked Moved
10

0 Votes

10 Posts

3k Views

D

@leoan we tried that at one point and it loaded successfully, but as shown in my screenshot only the virtual NIC would load properly. I initially named this thread wrong, not realizing the NIC naming convention came from the driver. Our VMX3 virtual side loaded just fine, it was the PCIpassthrough of a BCM driver that is not currently implemented or supported in TNSR. Thanks for your help.
L

Can only use certain interfaces based on uio_pci_generic or vfio-pci

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

379 Views

L

So, I did a package update and after reboot, it immediately Kernel panics. Since this is isn't in production, I just did a fresh install from the latest version ISO. Now all the interfaces populate as expected.
T

DDNS update from KEA dhcp server

Watching Ignoring Scheduled Pinned Locked Moved
1

0 Votes

1 Posts

253 Views

No one has replied
M

IPSEC tunneling status stuck on Connecting

Watching Ignoring Scheduled Pinned Locked Moved
1

0 Votes

1 Posts

429 Views

No one has replied
T

This topic is deleted!

Watching Ignoring Scheduled Pinned Locked Moved
1

0 Votes

1 Posts

4 Views

No one has replied
L

This topic is deleted!

Watching Ignoring Scheduled Pinned Locked Moved
1

0 Votes

1 Posts

4 Views

No one has replied
S

This topic is deleted!

Watching Ignoring Scheduled Pinned Locked Moved
1

0 Votes

1 Posts

8 Views

No one has replied
A

This topic is deleted!

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

8 Views
D

TNSR on ESXi 6.7u3 PCI passthrough BLANK after adding to dataplane dpdk dev 0000:0b:00.0 network

Watching Ignoring Scheduled Pinned Locked Moved
3

0 Votes

3 Posts

1k Views

D

Changing the OS Guest version to CentOS 7 64bit made the Virtual Adapter visible, but as you can see here, the PCI passthrough is not taking... [image: 1575920896303-screenshot-from-2019-12-09-13-48-05.png]

15 / 17