Thanks for the reply, we don't have any support or access from Adva as it's supplied by the carrier. This circuit is also being terminated at the end of next month (the entire reason I've been using it to test, as we've already moved traffic away from it).

I've done further tests, I put a Mikrotik between the TNSR box and the Adva and I can verify via a pcap that the traffic is being transmitted out of TNSR, I can verify it's also leaving the Mikrotik to the Adva - and in Wireshark it looks in no way obviously different to the none dropped pings. Where it gets odd is the Mikrotik now gets packet loss to the other side of the Adva. It didn't used to, so I am thinking the issue is very much on the adva/carrier side and not the tnsr side. Just it only manifested itself when we started to test tnsr. So we jumped to the conclusion that it was an issue in tnsr.

I think in this situation I'm going to have to ask the carrier to investigate.

@jimp Looking forward to the early realization of 10 Gigabit home network is being popularized

@meatprofit So I had it on 12 before for no particular reason other than there is too many cpu cores on the system, but I reduced it to 6 to get rid of the memory/crash problem in 23.06-3.

@paolobyte average 5 min speed will added soon under "show interface"

@jimp Sorry for being so slow. Forgetting to check in to a new forum :)

I think in iptables --syn actually only hit packets with SYN and ACK,RST and FIN bits cleared.

Do I understand correctly if the rule,
Iptable -A <chain> -j Deny -s <network> -p tcp --syn

Translates to ,
action drop
ip-version ipv4
source destination <network>
protocol tcp
tcp flags value 2 mask 18

Reason being "tcp flags value 2 mask 18" will only hit if SYN flag is set.
It can't match the whole mask, that is to say ACK must not be set.
Illegal combinations like SYN+RST will be ignored as it's not part of the mask.
Other flag combinations will not be a hit as a SYN flag is not set.

I guess I have a hard time getting that it's not like this.
Value nominates what flag need to be set to start a match against the mask.
The mask must be fulfilled to trigger the rule.
This gives that "tcp flags value 2 mask 18" would only start check if SYN is set, and the rule would only trigger if the packet have SYN+ACK.

@michmoor we use elastic with filebeat module for netflow collection

No current limitations that I'm aware of, but we haven't had a similar update come up to get feedback about yet.

@Derelict said in TNSR Home Lab Newbie need some support:

@robbiett @remi_imer TNSR does not yet support DHCP6 in any fashion. Not on outside/client interfaces nor inside as a server.

I do not believe it is possible to get it to work on this circuit given the ISP provisioning strategy.

Is this still the case? Given that DHCPv6 PD seems to be the most common way for ISPs to provision IPv6 to at least residential customers, I'm a bit surprised it isn't supported yet. Are all business IPv6 customers simply using static configuration?

VPP seems to support it since 2018 from what I can tell (both according to the wiki and git commit history), so in that case I'm guessing that the rest of the plumbing to hook it up to the CLI etc. hasn't been implemented yet? 🙂

https://wiki.fd.io/view/VPP/DHCPv6#DHCPv6_prefix_delegation
https://github.com/FDio/vpp/commit/81119e86bdf47f41f06218f91e52024bc4d00e7c

@sentein Did you end up trying this out? If so, what were the results? 🙂

You can setup a cron job and pull /var/tnsr/running_db file using Ansible

@paolobyte What adapter? Please be more descriptive in describing what exactly you are doing and what exactly is happening. A complete description of the hardware involved would also be a big help.

@paolobyte Appreciate the reply, I actually ended up nuking this VM though so I'll have to spin up a new one and test it again to see. I'll report back once I do that but it might be a bit.

Usage of PRTG & Kentix SMS Gateway together may be informing you by SMS and eMail.
Perhpas not the or a low budget solution, but very well working and able to set up in 30
minutes for everybody

The pki commands in the docs are meant to be run from within the TNSR CLI, not at a shell prompt. There is no need to install any additional packages for that to work.

@tkerr Amazing job on the GUI!
I'm not an expert linux user, but i was able to follow your documentation and I did just as you said.
I set up TNSR on wmare esxi 7 using cli, setup wireguard for testing and experimenting, and setup the gui.
Again, beautiful job, and I learned alot.
tnsrgui.PNG