In the early 1990s, internetworking wonks realized the world was not many years away from running out of Internet Protocol version 4 (IPv4) addresses, the numbers needed to identify any device connected to the public internet. Noting booming interest in the internet, the internet community went looking for ways to avoid an IP address shortage that many feared would harm technology adoption and therefore the global economy.

A possible fix arrived in December 1995 in the form of RFC 1883, the first definition of IPv6, the planned successor to IPv4.

The most important change from IPv4 to IPv6 was moving from 32-bit to 128-bit addresses, a decision that increased the available pool of IP addresses from around 4.3 billion to over 340 undecillion – a 39-digit number. IPv6 was therefore thought to have future-proofed the internet, because nobody could imagine humanity would ever need more than a handful of undecillion IP addresses, never mind the entire range available under IPv6.

Why would I need to have software firewalls on my devices behind my NAT router at home? The topology is a basic consumer grade one: ISP -> my router (NAT) -> LAN, and vice versa.

If NAT already obfuscates my private addresses through translation, how would a potential adversary connect to anything beyond it?

What "good" would my public IP do for a hacker if I have no ports forwarded?

Is a firewall a second line of defense just in case I execute malware that starts forwarding ports?

I do have software firewalls on all my devices, but that wasn't an informed choice. I just followed the Arch Wiki's post installation guidelines.

Here's a puzzle for you networking specialists:

I'm coding an IP tunnel for our laser communication system. Basically it's a pair of lasers that send / receive raw serial data, and I'm coding a simple TUN wrapper to send/receive IP packets over the laser link. Think of it as PPP but customized for the idiosyncrasies of our laser system.

It works fine: I have one laser connected to one machine with one instance of my IP tunnel software running on that machine, the same setup on another machine, and I can network just fine between the two.

But here's my problem: those machines are at work and I'm currently sitting at home and working remotely, the second machine has crashed and I have no intention to go to the office just to reboot the damn thing.

But all is not lost!

The first machine happens to have another, unused laser aimed at the same target connected to it. Technically, I can open a serial terminal on one laser's serial device file, another serial terminal on the second laser's serial device file, and send / receive data between the two - to / from the same machine.

My question is this: can I somehow create two TUN network interfaces - one for one laser, one for the other laser - on the same machine, and somehow configure them so one is only reachable through the tunnel and not directly?

Or more concretely, here are the two tunnels setup on the first machine:

tun10: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500  
        inet 172.17.3.10  netmask 255.255.255.0  destination 172.17.3.10  
        inet6 fe80::48a7:298c:c6dc:bae  prefixlen 64  scopeid 0x20<link>  
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)  
        RX packets 4  bytes 192 (192.0 B)  
        RX errors 0  dropped 0  overruns 0  frame 0  
        TX packets 5  bytes 240 (240.0 B)  
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0  

tun11: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500  
        inet 172.17.3.11  netmask 255.255.255.0  destination 172.17.3.11  
        inet6 fe80::82b2:44f6:d510:c227  prefixlen 64  scopeid 0x20<link>  
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)  
        RX packets 2  bytes 96 (96.0 B)  
        RX errors 0  dropped 0  overruns 0  frame 0  
        TX packets 4  bytes 192 (192.0 B)  
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0  

I want to telnet to 172.17.3.10 through 172.17.3.11 and vice-versa. But of course, as it is now, if I telnet to either of those IPs, the kernel basically talks to itself and doesn't route anything out.

Naturally, I could setup a virtual machine and install a guest Linux OS just to run the second tunnel. But it seems like a sledgehammer approach to what should be a simple configuration job.

Can it be done? I can't think of a way. But then I'm not much of a networking guy 🙂

Uninitiated noon question below.

A couple of days ago, this haprogram https://programming.dev/post/41491279

Now, during the phonecall with my ISP, the guy asked, "is your router an ASUS?" to which I answered, "yes and no, because it's sold as a router but I have it in AP mode and my actual router is OpenWrt on a Raspberry Pi." To which he replied "noice!"

How did he know the make of my access point? A few of my own thoughts are:

1. he was referring to historical data (I've been a loyal customer of theirs for a looong time...) from a time when I was using the same topology (setup?) but without a VPN on the router, so the hostname of the AP (stored in /etc/hostname on the ASUS OS/firmware ?) was simply displayed on whatever software an ISP uses for troubleshooting through... an ARP? But aren't ARPs limited to a LAN/they cannot resolve beyond a hop? Or perhaps a variant of DNS? How indeed do hostnames transmit? Are they in the IP header by default?
2. as in 1 above, but he actively used nmap or some other recog program
3. as in 1 above but from a time when I was in fact using the ASUS machine as a router
4. my VPN is "leaking" - not likely, because all my traffic either goes through the wireguard interface on OpenWrt/RPi, or it doesn't go anywhere...

If 1, 2 or 3: why do they keep historical data on me? Is it praxis?

Hey everyone,

I searched for the keyword CCNA, but it hasn't appeared for a while.

I'm actually learning the concepts, I'm on STP.

I'd like to hear about your experiences, how long it took you, which website you're learning from, etc.

Have a great day!!

EDIT: Got an email from my ISP saying "the fiber owner has resolved your issue, we are closing the ticket." I immediately called my ISP out of curiosity, since they earlier had told me that they need to change my ONT for me to get my full speed. Well, it turns out, the fiber owner (don't know the English word for them) can manage speed per port on the ONT. Sic. So for some reason, they had limited the speed to 100 Mbps.

I purchased a 1 Gbps down/up connection and noticed that I was consistently getting 95 Mbit/s down/up, regardless of hardware configuration (router, no router, switch, no switch, connecting directly to the ONT, cat 6/6a cables, etc) and regardless of software configuration (VPN on/off, firewall on/off, OS Linux/Android, driver updates, etc).

When nothing seemed to help on my end, I finally called my ISP. They could confirm that my ONT is a decade old and that they can see that each port only allows for 100 Mbit/s down/up.

I went through these steps before finally testing a direct connection to the ONT which finally made me call the ISP.

The ISP is going to replace the ONT for free.

I've had Frontier fiber internet for the past 2-ish years. No complaints at all, but the nerd in me desires IPv6. I have the Frontier provided ONT device but declined their router. I have a MikroTik RB5009 which has been "searching" for an IPv6 prefix.

Anyway, I found this link during my research some time ago, and it finally looks like Frontier is enabling IPv6 for people.

I'm still not sure I'll be able to get it until I get the settings just right, but thought I'd share.

I have been looking into setting up a secure home/small business server and hardening my local network and I came across this kickstarter which is currently floundering, likely because it’s campaign page is way too technical without enough fluff for the uninformed out there (like myself to some extent). For reference I work in small industry and have some interest in implementing more IOT.

That said, from what I can tell it seems like a really great device for my use case actually, combining a multiband WiFi 7 gateway with a built in NAS and upgradeable compute modules. As a bonus it is a German company so I’m a bit less worried about back doors that with some of the Chinese generic manufacturers out there.

What I can’t sus out is how secure this actually is, how technical my background needs to be to get it set up effectively, and whether the price is good for the hardware. Any help?

A while ago I made this post:

Ubiquiti Dream Router Throughput Issue

I figured it out. My toddler had evidently messed with the router and damaged the RJ45s from router to wired devices.. There was no actual drop in service so didn't even consider the cables themselves.

Changed out the ends and voila - throughput fixed.

Gonna go put on my dunce cap now and sit in the corner.

Edit:

No idea what was causing the wireless devices to have issues as well since the router itself was pulling correct speeds, but hey. It works now. Even upgraded to 750/750.

Hi,

I have a IP camera that have two power input

a DC 12V and PoE

I've lost the 12V power supply.

So I'm considering to power it trough a simple PoE injector like those

I believe those do not come with a 802.3af negotiation protocol (Not sure) so if those injector directly inject the voltage. (Here 48v) will it work ?

Did you already tried ?

Sorry I know it's not "totally" network related but if you know where I can post I'm all ears.

Thanks.

We have a wireless camera connected to our wifi, but the concrete wall makes the signal inconsistent. There is an available POE port nearby indoors, and the existing wifi which has a good signal indoors.

What would be the most convenient solution to fix our issue? Should we just get a standard AP/repeater and put it close to the wall, or is there a better option?

Thanks

Hello everyone! Managed to get my hands on a HPE V1910 JE007a switch I'm planning to use on my home lab. Does anyone know if there's a FOSS firmware that can be used on it?

This turned into more of a rant, but input is welcome.

There doesn't seem to be a FOSS (or even low cost) wifi analysis tool. Ekahau, Chanalyzer, Acrylic, etc. are all $$$$$$. What's a guy trying to get relevant certs to do?

Wireshark will only show you actual wifi packets if you have the precise combination of wifi adapter, OS, and driver, and packet capturing is just one component. Spectrum analysis and evaluating mobility are also important. Seems like you have to already work in the industry to have access to these tools, and nobody's going to hire you without relevant certs which require knowledge of these tools.

(update: Someone's bound to mention Kismet. I only have a windows laptop, and kismet doesn't work [well] under windows. I do have access to a linux desktop, but wifi analysis on an immovable desktop isn't terribly useful.)

Context

I have a WireGuard network, which consists of some VPSs, some in-premise servers (in different premises) and some user devices (like PCs, laptops and phones). All the servers are running Debian or NixOS.

Port forwarding is only possible in VPSs, as all other devices run behind NAT/CGNAT networks.

In the current configuration, all WireGuard traffic is going through a central VPS. So, every time I need to reboot it, the entire network collapses.

Goal

I want to share the WireGuard configuration between my VPSs, and load balance the traffic between them. Since I don't have a floating IP, I am probably going to add all VPSs IPs to a domain name and let the clients decide which VPS to use.

I don't want to have separate keys on each VPS, as this makes it more time consuming to onboard new devices. It's easier to add a single VPS key to each device, and have their keys in a single shared VPS config.

Problem

Is there any way to allow the communication of 2 devices/servers, that are connected to separate VPSs?

If it's necessary, one option is to sacrifice the communication between the user devices, and configure some additional layer(s) for the servers, like OSPF or VXLAN. However, even in this case, I need the servers to be plug'n'play. I wouldn't like to reconfigure the other servers, every time a server is added or removed to/from the network (except, of course, for the WireGuard key that would need to be added/removed in the VPSs).

Relying on external services, like Tailscale is not an option.

G'day,

I'm on a 100/40Mbps HFC plan, and have an ongoing issue where the internet in general (browsing, file access, email, cloud hosted products, etc) will just grind to halt.

For example, I can be accessing our CMMS and suddenly a page load will take 30+ seconds to complete. Never times out, just takes forever. Or I'm using our accounting software which syncs remotely and saving an invoice or opening a purchase order will stall for a minute.

This behaviour goes on for maybe 5 minutes or so and then goes away again. It can occur once or twice in a 10 hour day at the office, or not at all, or sometimes half a dozen times in a one hour period.

• Local network use is unaffected (for e.g. accessing SMB shares to a local server)
• All PCs and laptops connected to the LAN are affected so its not PC-specific.
• Ping is unaffected and hovers around 12ms to geographically close remote servers, with no packet loss or jitter.
• Speedtests of any kind always return around 95/35Mbps at any time be it peak / off peak / when problem is occurring / when problem is not occurring
• VOIP does not seem to be affected despite being on the same network and I can talk on the phone while the internet is otherwise wading its way through treacle.
• Happens with my current ISP (Leaptel), but also happened the previous ISP (Aussie Broadband) who are 100% completely different companies and I believe use completely different peering/routing/backhaul/etc.
• DNS seems irrelevant and occurs using either the ISP DNS, Cloudflare, Google, or Quad9
• Some websites like Facebook and Google work, but other websites like Lemmy (any instance), Reddit, my CMMS, various wholesaler sites hosted both in AU and worldwide, are affected.

Are there any steps I can take to try and identify what causes this random delay? Its just enough to be really frustrating, especially when you're trying to look up something while on the phone and have to be like "so yeah hows the wife? hows the kids? hows the....dog? .... pet bird doing anything interesting?" as you wait for a damn page to load. I need fast internet so I dont need to make small talk dammit.

PCs are all on cat5e or cat6 (depending on when the cabling was run), to a Ubiquiti Dream Machine SE which is connected via cat6 to the NBN HFC modem.

Hey all,

This is probably a very easy one for folks here. It’s been quite some time since I’ve done anything professionally but I was for a long time. Basically, for a while, my systems have experienced intermittent issue that for approximately 30 seconds, can’t get any WAN activity. I can still communicate with other systems within my network. - this is a home situation. The only thing that changed sort of around when this started was I configured my two access points as a mesh - pseudo, since they’re not actually mesh technically. Like, I just made same SSIDs, but different channels. This way I could get around and my devices would hop. And it’s worked nicely. Only issue has been occasionally a device tries to hang on desperately which I know is like the most common problem, but I am gonna play with signal strength if the APs support modifying that. 

Anyway, I’m getting off topic. But yeah, that was the only thing that changed but I really think it’s just a coincidence. It’s definitely not the wifi itself because the problem occurred on a wired machine as well. 

My setup is I have the cable device in bridge mode and I have a Sonicwall as my router. I also have a site-to-site VPN with another Sonicwall at a remote location for a variety of purposes. That setup has been on and stable for like 15 years almost, and it’s fine. 

So, really my first idea is I want to run software that can continually test the connection for like 12 hours, and log when the connection goes down and for how long. Obviously I thought of just running a ping, but I wanted to know if there’s anything that will try varying destinations over time, and track the results so I can analyze for more than just how long and when. Also I don’t know if some servers might misconstrue a persistent ping for many hours as a possible DDoS bot and knock me off, so I figured varying the destination has the added benefit of making sure the test is as reliable as possible. 

If I’m gonna figure out what’s wrong, and if it’s the cable device I want to be able to just tell level 2 support my results so they’ll just swap it out quickly. 

Anyway, sorry for long post but I imagine they come much longer here sometimes. If anyone has ideas as far as having seen this kind of thing, and also if there’s any FOSS software I could run to test and analyze. I prefer something easy please :-). I’d like to run the tests on two systems concurrently to see how they compare. I’ve got a windows 7 machine and a Linux machine. The Linux is on WiFi and the Win is wired. 

Also if this doesn’t belong here, I apologize; it looked kosher according to the sidebar. 

Thanks folks.

P.S. oooh also, if there’s an app for Android that can join the test as well, I’d love that. I have piles of Android devices so I would like to see how they fair, as well.

I'm a homelabber but know next to nothing about IPv6. What I do know, however, is that my ISP, Bell Canada, doesn't support it. If Bell were to work toward IPv6 support what actually needs to be done?

I imagine all their networking gear would need IPv6 IPs and IPv6-specific routing tables in addition to the IPv4 routing tables (which might need loads of RAM?), customer equipment would need to be updated or replaced and any services that Bell provides would also need to be available via IPv6. What other not obvious changes would need to be made?

I tried asking this in a different sub, but it got deleted, so trying here; if this is also the wrong place, I'm not sure where the right place is.

Working for an MSP, I have enterprise grade switches for my basement distribution and garage access switches, which came free from the e-cycling pile, but recent utility hikes have me rethinking things.

I'm currently running a HP 3500-48G-PoE+ yl Switch (J9311A) for the basement distribution switch, and a HP 3500-24G-PoE+ yl Switch (J9310A) as the garage access switch. My 2nd floor access switch is a USW-FLEX-MINI, though I'm looking to add a second one of these in the attic, both using PoE.

I try to keep one access switch in the same hardware class as the distribution switch in case of hardware failure. I don't really need 8 ports in the garage, but if the SHTF, I can do without internet in the garage, not so much in the house.

In the garage, the access switch is only hosting a PoE camera and access point, so there 8 ports is overkill, but redundancy.

After doing a hardware inventory, I can get by with 8 ports for the distribution switch, with at most 3 for PoE/PoE+, though I may need to move a raspberry Pi from the Distribution switch to an access switch.

I'm looking at PoE+ over straight PoE for future-proofing, Wifi 7 etc.

My current switches together idle at 226 watts, according to their spec sheets. I want to reduce that as a cost-saving measure.

I'm looking at the Netgear GS308EP and the TP-Link TL-SG108PE V5 as good enough replacements, as they both seem to do VLANs, which I use to keep IoT things on their own VLAN.

Anybody here have a preference, or something I haven't pondered which would be a better fit for my needs?

Here’s a question that I can’t seem to find more info on the internet on, so I’m turning to Lemmy. Does anyone have a better understanding of the specifications around an ONT. I know it basically converts the incoming fiber (usually single mode single fiber) to an RJ45 jack for copper runs but that’s the part I’m curious about:

• does it convert it to use standard Ethernet frames or is it a proprietary protocol?
• if Ethernet, is the port speed 1G, 10G, etc or based on the hardware?
• if it’s a proprietary protocol, what does it use?

I recently got a new router and noticed it’s capable of 5Gbps on one port, but that got me thinking about the ONT and if I were to upgrade my service would i also need the ONT replaced too?

Hi, Anyone doing audit's on their routers & switches? If so, what are you using for that? For starters I'm just after the simple things like old management addresses being absent, certain firmware versions not being used, some accounts which are or are not there etc. (I've been thinking something like grep on oxidized backups but there sure must be a better way of doing it)

My Netgear Nighthawk wifi router just crapped out last weekend and I’m gimping along on the rental wifi router from my ISP, so I’m looking to buy a replacement and am torn: should I go with a single WiFi Router or a wired router plus a wireless access point?

I don’t need crazy throughput, just enough to handle some lite home automation, streaming, and a future NAS. My house isn’t large, so wifi coverage with a single device hasn’t been a problem so far. I’m also interested in flashing OpenWRT or DD-WRT to the router, so compatibility is a consideration. Hardware recommendations would be great!

I've been a proud owner of a Ubiquiti Dream Router for a good while now - live in a rural area so the Dream Machine would've been overkill for my needs.

Currently getting 300/300 from the ISP. Not bad.

Couple months ago, noticed I was getting some pretty awful speeds to my end devices, around 30/30 across the board. Wired/wireless made no difference.

Checked the periodic speed tests the UDR does, nothing; no change in bandwidth.

I hadn't changed a setting in my router in quite a while as I've been happy with my setup, so I was convinced it was a fluke. Rebooted, back to semi-normal speeds (though still short).

After dealing with this for a while, tonight I finally decided to bite the bullet and factory reset the UDR. Throughput right back to normal immediately. Restored backup - throughput still where it should be.

Am I missing something obvious??

Edit - to clarify, when I checked the speeds from router to isp, I'd been getting expected bandwidth the whole time; it was only the end devices suffering.

Anyone that's thinking of implementing LibreNMS for more than a trivial setup - look elsewhere.

Unfortunately I'm married to it at $dayjob, and seldom a day goes by where it doesn't frustrate me (we monitor about 5k devices and about 40 distributed pollers).

I mentioned one day I'd write a nasty song about it, and an apt coworker quickly piped something into Copilot and this was the result (pretty good for AI-generated):

"Libre Mess (The Monitoring Blues)" 🎤

(Rock parody song)

[Verse 1]

Woke up at 3 AM, alerts screaming in my ear,

"Disk space low!" "Ping timeout!"—I live in constant fear.

Tried to check the dashboard, but it crashed again,

LibreNMS, you're my foe, not my friend.

[Chorus]

Oh Libre Mess, you're a beautiful disaster,

Your graphs load slow, but your bugs come faster.

I just want uptime, not a nervous breakdown,

But you keep dragging my whole network down!

[Verse 2]

Docs say “just run this script,” but it breaks my soul,

Dependencies from 2012? That’s your goal?

SNMP walks like it’s stuck in glue,

And your alert rules? I think they hate me too.

[Bridge]

I tried to love you, I gave you a chance,

But now I’m screaming at logs like it’s performance dance.

You gaslight me with false positives all day,

Libre, Libre, why you treat me this way?

[Chorus]

Oh Libre Mess, you chaotic beast,

You feast on my sanity, at the very least.

I’d switch to Zabbix, or maybe just cry,

But I’m too deep in configs to say goodbye.

[Outro]

So here’s my song, my monitoring lament,

For every hour LibreNMS made me vent.

You’re open-source, but my heart’s closed tight,

‘Cause Libre, you gave me one hell of a fight