eth1 is LAN
↧
Re: Redirect all traffic via tunnel interface
↧
Re: OSPF sometimes not getting all routes
Hi
It took me 10s to reproduce:
root@K10Gw1:/home/REDACTED# clear ip ospf process
...wait 1 min
root@K10Gw1:/home/REDACTED# show ip route summary
IP routing table name is Default-IP-Routing-Table(0)
IP routing table maximum-paths : 8
Total number of IPv4 routes : 65
Total number of IPv4 paths : 65
Route Source Networks
connected 7
ospf 58
Total 65
FIB 58
ECMP statistics:
---------------------------------
Total number of IPv4 ECMP routes : 0
Total number of IPv4 ECMP paths : 0
root@K10Gw1:/home/REDACTED# configure
[edit]
root@K10Gw1# set interfaces ethernet eth0 disable
[edit]
root@K10Gw1# commit
[edit]
root@K10Gw1# delete interfaces ethernet eth0 disable
[edit]
root@K10Gw1# commit
[edit]
root@K10Gw1# exit
Warning: configuration changes have not been saved.
exit
... wait 1 min
root@K10Gw1:/home/REDACTED# show ip route summary
IP routing table name is Default-IP-Routing-Table(0)
IP routing table maximum-paths : 8
Total number of IPv4 routes : 1428
Total number of IPv4 paths : 1428
Route Source Networks
connected 7
static 1
ospf 1420
Total 1428
FIB 1420
ECMP statistics:
---------------------------------
Total number of IPv4 ECMP routes : 0
Total number of IPv4 ECMP paths : 0
Since this is testing router for now I can give you SSH access to it trough our primary internet line if it would help. And yes it happens after manually clearing and after reboot (which is the main pain - so if I am able to put the workaround somewhere after start it would solve the issue for now). To what email should I contact you for SSH access if that would help?
↧
↧
Re: OSPF sometimes not getting all routes
This is redacted ospf info
show protocols ospf
area 0.0.0.0 { area-type { normal } network PRIVATE_SUBNET/29 network PUBLIC_SUBNET/29 } parameters { abr-type standard router-id X.X.X.X } passive-interface default passive-interface-exclude eth0
show interfaces ethernet eth0
address IP_FROM_PRIVATE_SUBNET/29
address IP_FROM_PUBLIC_SUBNET/29
description "First ISP Line"
duplex auto
ip {
ospf {
cost 500
network broadcast
priority 1
}
}
speed auto
traffic-policy {
out XXX_QUEUE
}I have even tried to remove traffic-policy but with no luck 
↧
Re: Redirect all traffic via tunnel interface
As eth1 isn't a L3 interface, remove the firewall modify rule on it.
Apply it to switch0 instead.
If only specific devices need to go out on the tunnel:
Give those devices static IPs, (dhcp reservations), and put those addresses in an address group. Use the group in firewall modify rule , instead of entire subnet 192.168.1.0/24
↧
Re: Redirect all traffic via tunnel interface
This did a trick. Silly me.
Thank you
The only thing remain is to reroute also DNS traffic. It looks like it does not apply.
If forwarding dns instead of switch0 to tun0 is does not work.
If adding dns forward to tun0 and switch0, it uses local DNS.
What i missed here?
↧
↧
Re: Redirect all traffic via tunnel interface
DNS is a different issue. ER-X cannot do policy routing for its own traffic, i.e. DNS resolution requests. You can assign public DNS servers to your tunnel clients if that works for you.
↧
Re: Redirect all traffic via tunnel interface
There is another issue with it.
If tun0 goes down and then up, modify rule is not returning (stays on default route).
Why this happens?
↧
Re: OSPF sometimes not getting all routes
Hi
Thanks again for the info. I've sent you a PM.
-Ben
↧
Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!
wrote:
> had a 'Saved Failed' again when making a change from the Web Gui,
> The steps to get this result were:
> 1.Open the WebGui
> 2.ssh to the router
> 3.change the config with the CLI, commit and save.
> 4.Refreshing the WebGui as per the Configuration Changed Dialog.
> 5.Inspect the Changed node.
I'm still not able to reproduce 'Save failed' wven with this scenario. In my case WebGUI config is always synchronized.
- How often can you reproeuce this issue - permanently or randomly?
- Do you see same issue after clearing browser cookies?
With 1. it's random, but I think it only occurs when I am in the configure sh and WebGUI at same time. Saying making a change in the sh committing and saving and then changing something in the WebGUI (after refreshing) and changing. I'm a bit wary of making changes in the WebGUI at the moment.
↧
↧
Re: 4G modem answering pings and messing LB watchdog
That did the trick. I like quick and don't really mind dirty.
↧
Re: 4G modem answering pings and messing LB watchdog
Now I remember why I didn't set it as bridge :
- A) there are gonna be two, and I don't want to have two identical gateways for load balancing
- B) I tried with one, in bridge mode, and although it does give a public IP address to the router and can ping 1.1.1.1, I couldn't get it to route anything.
Routes table, static, stated
0.0.0.0/0 then the DHCP address on my other wan ports, then the ethernet port
Except for the LTE modem, two routes, one from 0.0.0.0/0 to the DHCP address given by said modem, and next line DHCP address then the ethernet port.
Beats me.
↧
L2TP VPN not authenticating when IPSEC Site-to-Site VPN on
I need to get this working without shutting down the site to site VPN, as the other site is 300 miles away and I don't have the time to drive there and fix it. I know my Windows 10 vpn did work until I turned on the site to site. Can someone look at my config and see if there is some glaring issue that I did not do when I setup the vpns?
I used
https://community.ubnt.com/t5/EdgeRouter/Edgemax-L2TP-Server-Setup-For-Client-Use/td-p/891812
to setup the L2TP.
↧
Re: limit one user to login l2tp vpn
Hi
The EdgeOS L2TP server authenticates users based on their credentials, not the device they are using for the VPN. One thing you can do is limit the firewall UDP500 to specific source IP addresses, but this will only limit a location not a device type.
You may be able to offload this functionality to a RADIUS server.
-Ben
↧
↧
Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!
wrote:
Many who are in beta also screamed about 2.0.0 being released when there are so many show-stopping issues flagged and ignored. Some are pissed that we wasted so many hours and efforts to contribute to better releases yet seems ignored and rush to door just because there is a new product (not production release yet) that requires this 2.0.0 firmware.
The ER-12 is (and was already) production release so this is not to support "not production" device: EdgeRouter-12.
The 1.10.x train does not properly support the ER-12. I'm not sure why 2.x.x was not released just for the ER-12, but that is indeed all in the past now and it doesn't help to keep complaining about it. Nobody is forcing anyone to upgrade any other devices to 2.0.0.
Personally I'm leaving everything not in a lab at 1.10.x since it is all working. I also don't generally jump on a brand-new release and blast it out everywhere on day 1, particularly for such a major change.
Unless one has a need to move to 2.0.0 as it has alredady been noted several times it is perhaps better to stay at 1.10.x for now.
↧
Re: How to change the Graph Colors on the Dashboard of an EdgeMax router?
I need this feature ,too
thanks
↧
EoL/EoS for Edgerouters
Good morning,
I'm currently working on a project to list the standard EOL to EOS life of products from companies we purchase equipment from. So, does anyone know what the standard for Ubiquiti is for going EOS after an EOL announcement?
↧
Re: L2TP VPN not authenticating when IPSEC Site-to-Site VPN on
Fast way, could be by using the same PSK for site-to-site and L2TP, otherwise, switch the site-to-site auth method to RSA key or x.509 auth.
Cheers,
jonatha
↧
↧
Re: 4G modem answering pings and messing LB watchdog
wrote: Now I remember why I didn't set it as bridge :
- A) there are gonna be two, and I don't want to have two identical gateways for load balancing
- B) I tried with one, in bridge mode, and although it does give a public IP address to the router and can ping 1.1.1.1, I couldn't get it to route anything.
A) If they're on the same wireless network, they'll end up going through the same gateways, anyway.
B) 1. If you can ping 1.1.1.1, it was routing. 2. In bridge mode it's not doing any routing. Your router is doing all the routing.
Anyway: You've found a solution that works for you. Just wanted to note these things for the record.
↧
EdgeRouter X SFP setup with ISP dedicated Internet Activation Information
Looking for assistance in setting up EdgeRouter X-SFP with the info given by ISP (coming off Port 1 on a Ciena 3916) on a Ethernet dedicated Internet activation Info.
[
Layer 3 IP info :
Link IP Address
Gateway
Layer 3 IP
Layer 3 subnet mask
;
Usable IP info :
Usable IP Block
Usable IP Ranges
Usable Subnet Mask
;
and DNS info :
Primary DNS
Secondary DNS
].
Basically, setup router to provide (DHCP) IP addresses for internal use [not public] and have internet access through any of the four ports (eth1-eth4) using info above provided by ISP.
Followed Quick Startup guide and Beginners Guide to EdgeRouter from the help center with no success. Setup has been done using eth0 port with a laptop. Communications works fine via 192.168.1.10 to 192.168.1.1 I must be missing some parameter settings-configuration on the router. Have not used any of ISP data in the configuration. There is where I need some help.
Your suggestions and recomendations will be greatly appreciated.
↧
Re: Wireguard - internet VPN setup help
Sorry to ping, but anyone with any idea at all?
↧