As you're on pppoe, most likely mss-clamp issue.
Try:
set firewall options mss-clamp interface-type pppoe set firewall options mss-clamp mss 1452
↧
Re: ports 0-7 on ER-12 not doing anything
↧
Re: PortForwarding - some ports not working
any further ideas?
cannot believe, that a simple portforwarding is such a problem 
↧
↧
Re: PortForwarding - some ports not working
Can you open two concurrent SSH sessions, in the first, issue
sudo tcpdump -ni eth0 host <your.public.ip> and dst port 30110
And in the second one
sudo tcpdump -ni switch0 host 192.168.1.50 and port 30110
Then connect from outside on that port, what tell the tcpdump outputs ?
Cheers,
jonatha
↧
Re: ports 0-7 on ER-12 not doing anything
Thanks 16again,
No idea what that means, but after applying those lines in the cli, everything started to work, including the TLS handshakes that seemed slow and IMAP.
Thanks!
No idea what that means, but after applying those lines in the cli, everything started to work, including the TLS handshakes that seemed slow and IMAP.
Thanks!
↧
Re: Edgerouter 4 -openvpn client not routing traffic over vtun0
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2> - selected route, * - FIB route, p - stale info
IP Route Table for VRF "default"
S *> 0.0.0.0/0 [1/0] via 172.83.240.193, eth0
C *> 0.0.0.0/24 is directly connected, vtun0
C *> 10.0.0.0/24 is directly connected, eth1
O *> 10.10.10.0/27 [110/2] via 10.0.0.2, eth1, 08:17:31
O *> 10.10.10.32/27 [110/2] via 10.0.0.2, eth1, 08:17:31
O *> 10.10.10.64/29 [110/2] via 10.0.0.2, eth1, 08:17:31
O *> 10.10.10.72/29 [110/2] via 10.0.0.2, eth1, 08:17:31
O *> 10.10.10.80/29 [110/2] via 10.0.0.2, eth1, 08:17:31
O *> 10.10.10.88/29 [110/2] via 10.0.0.2, eth1, 08:17:31
O *> 10.10.10.96/28 [110/2] via 10.0.0.2, eth1, 08:17:31
O *> 10.10.10.112/28 [110/2] via 10.0.0.2, eth1, 08:17:31
O *> 10.10.10.128/28 [110/2] via 10.0.0.2, eth1, 08:17:31
O *> 10.10.10.144/28 [110/2] via 10.0.0.2, eth1, 08:17:31
O *> 10.10.10.160/28 [110/2] via 10.0.0.2, eth1, 08:17:31
O *> 10.10.10.176/28 [110/2] via 10.0.0.2, eth1, 08:17:31
O *> 10.10.10.192/26 [110/2] via 10.0.0.2, eth1, 08:17:31
O *> 10.10.20.0/27 [110/2] via 10.0.0.2, eth1, 08:17:31
S *> 10.10.30.0/24 [1/0] via 10.0.0.2, eth1
C *> 10.128.96.0/24 is directly connected, vtun0
C *> 127.0.0.0/8 is directly connected, lo
C *> 172.83.240.192/27 is directly connected, eth0
O *> 192.168.2.0/24 [110/2] via 10.0.0.2, eth1, 08:17:31
Gateway of last resort is not set
↧
↧
Re: Edgerouter 4 -openvpn client not routing traffic over vtun0
This ovpn file was copied from an ER-X. It worked without issues on that router.
↧
Re: Edgerouter 4 -openvpn client not routing traffic over vtun0
You haven't mentioned which EdgeOS version you have on your ER4.
I think that the version of OpenVPN shipped with 2.x OS version is much higher than used in 1.x. The syntax of the directives may have changed, hence the error messages in the log.
↧
Re: Edgerouter 4 -openvpn client not routing traffic over vtun0
This is running v1.10.9
↧
Re: Edgerouter 4 -openvpn client not routing traffic over vtun0
This is the contents of the ovpn file <minus the certificates>
remote us-dal.privatevpn.com 1196 udp nobind dev tun # Options tun-ipv6 remote-cert-tls server client comp-lzo persist-key persist-tun verb 3 route-nopull auth-nocache # Crypto cipher AES-256-CBC auth SHA256 auth-user-pass /config/auth/userpass.conf
↧
↧
Re: Edgerouter 4 -openvpn client not routing traffic over vtun0
looks like it was this option in the ovpn file.. not sure why it worked in the ER-X, but the definition of the setting makes perfect sense.
route-nopull
–route-nopullWhen used with –client or –pull, accept options pushed by server EXCEPT for routes, block-outside-dns and dhcp options like DNS servers.When used on the client, this option effectively bars the server from adding routes to the client’s routing table, however note that this option still allows the server to set the TCP/IP properties of the client’s TUN/TAP interface.
↧
Configuration for ER12 on AT&T Fiber
I just had AT&T 1Gbps fuber installed on Saturday and ordered an EdgeRouter 12 to use and basically disable all routing and firewall functions on the AT&T modem/router and just use it as a modem like I had been with my Surfboard cable modem using Spectrum.
What is the best way to setup the router for a relatively basic home network, don't plan on running any subnets, VPNs etc. just want the high performance of the ER12. Also, what settings do I need on the AT&T gateway to make it operate only as a modem and not router etc.
Any help is appreciated as this is my first time dipping my toes into the Ubiquiti waters.
↧
Re: Custom DNS resolver with PPPOE Server
This has nothing to do with edgerouter, so not sure why your posting here. If you don't know how to use unbound's ACL's then maybe you should post on their forum or switch back to dnsmasq
↧
Re: Custom DNS resolver with PPPOE Server
Unbound is working fine on ER-X's LAN. But when I try to query Unbound from a device that is behind the ER-X's PPPoE server, Unbound does not log any query. Which should mean that my ER-X is not propagating DNS queries to Unbound that it receives from the pppoes0 (the pppoe-server) interface.
I am also able to catch queries using
tcpdump -i pppoes0 udp port 53
on my ER-X, but somehow they seem to be missing from unbound's logs
↧
↧
Re: Edgerouter 4 -openvpn client not routing traffic over vtun0
To add some back story.. I had the ER-X configured to only route traffic from a specfic subnet over vtun0. The ER-4 was working just like it should and NOT pull routed from openVPN. I needed to add the following <which I forgot to do>
set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface eth0 set protocols static table 2 interface-route 0.0.0.0/0 next-hop-interface vtun0 set firewall modify SOURCE_ROUTE rule 10 action modify set firewall modify SOURCE_ROUTE rule 10 description 'Traffic from Internal to WAN' set firewall modify SOURCE_ROUTE rule 10 modify table main set firewall modify SOURCE_ROUTE rule 10 source address 10.10.10.0/24 set firewall modify SOURCE_ROUTE rule 20 action modify set firewall modify SOURCE_ROUTE rule 20 description 'Traffic from VLAN 200 to vtun0' set firewall modify SOURCE_ROUTE rule 20 modify table 2 set firewall modify SOURCE_ROUTE rule 20 source address 10.10.20.0/24
Now everything is working as advertised. Thanks for your help!!
↧
ER-X How to Create a static route for multicast IP address of 234.46.30.7
Good day All,
I have configured my ER-X router such that it has two WAN ports and the remaining are LAN. I have to route multicast packets on ip address 234.46.30.7 to the 2nd WAN port, but I am unable to do so. If I add a static route and enter the following:
Route Type: Interface
Destination network: 234.46.30.0/24
Next hop interface: eth1 (2nd WAN)
Description: Test
Distance: 10
Enable: <checked>
When I select the "save" button I receive an error stating "Invalid IPV4 address".
Can someone direct me as to what I am doing wrong?
Thanks in advance!
Cheers,
Sam
↧
Re: EdgeRouter OpenVPN client
Wait, are you saying that ERL can act as OpenVPN client and then route all traffic originated internally (from the ERL's private LAN network) via the OVPN tunnel instead of translating it against the ERL's public WAN IP?
So that all traffic originated internally (from the ERL's private LAN network) appears with the OVPN public IP?
Thanks
~B
↧
Re: IPv6 and BGP
In the hope a dev might see this we have confirmed it is a bug with Quagga (tested using upstream code on software linux router).
No idea if when it is fixed UBNT will include in any timly fassion or if I am up for a forklift to some Juniper equipment.
↧
↧
Re: edge router poe 5 reset loops?
Any one else with a solution, other members in the @ubnt-team?
I really want the router up and running again.
Regards Emil
↧
ER-12 not routing between interfaces 0-7 (removed from switch)
Help. I can not get ER-12 to route between eth0 and eth1 (interfaces removed from switch).
The setup:
I have wan on eth9 and have removed eth0 and eth1 from switch0.
I have assigned ip addresses: eth0 - 192.168.100.254/24; eth1 - 192.168.110.254/24 eth8 - 192.168.99.1/24; eth9 - dhcp (wan -- passthrough of public IP address)
These interfaces are connected to an edgeswitch (eth0 is UNTAGGED vlan 100 subnet 192.168.100.0/24; eth1 is UNTAGGED vlan 110 subnet 192.168.110.0/24). I'd like all L3 traffic to route between these vlans and I'd like to to do this routing on the ER-12. I beleive I could do the router on a stick thing (assign eth0.100 - 192.168.100.254/24; eth0.110 - 192.168.110.254/24; feed eth0 a trunk port from edgeswitch ), but I'd like to get this to work (if possible).
The complication:
From the ER-12 commandline I can ping into both 192.168.110.0/24 and 192,168.100.0/24 hosts.
From hosts in 192.168.110.0/24 I can ping other hosts in 192.168.110.2/24, 192.168.110.254, 192.168.99.1 (eth8), and my public IP address, BUT i can not ping 192.168.100.254; nor can I ping any other host on 192.168.100.0/24. (Destination Host Unreachable error).
My config is in the spoiler (ex the system parts at the end). I reset the ER-12 (running 2.0.3), and ran the basic setup wizard. I then removed eth0, eth1 from the switch and assigned IP addresses.
What to do / try? Thank you
firewall {
all-ping enable
broadcast-ping disable
ipv6-name WANv6_IN {
default-action drop
description "WAN inbound traffic forwarded to LAN"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
ipv6-name WANv6_LOCAL {
default-action drop
description "WAN inbound traffic to the router"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow IPv6 icmp"
protocol ipv6-icmp
}
rule 40 {
action accept
description "allow dhcpv6"
destination {
port 546
}
protocol udp
source {
port 547
}
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.100.254/24
description Local
duplex auto
speed auto
}
ethernet eth1 {
address 192.168.110.254/24
description Local
duplex auto
speed auto
}
ethernet eth2 {
description Local
duplex auto
speed auto
}
ethernet eth3 {
description Local
duplex auto
speed auto
}
ethernet eth4 {
description Local
duplex auto
speed auto
}
ethernet eth5 {
description Local
duplex auto
speed auto
}
ethernet eth6 {
description Local
duplex auto
speed auto
}
ethernet eth7 {
description Local
duplex auto
speed auto
}
ethernet eth8 {
address 192.168.99.1/24
description Local2
duplex auto
speed auto
}
ethernet eth9 {
address dhcp
description Internet
duplex auto
firewall {
in {
ipv6-name WANv6_IN
name WAN_IN
}
local {
ipv6-name WANv6_LOCAL
name WAN_LOCAL
}
}
poe {
output off
}
speed auto
}
ethernet eth10 {
duplex auto
speed auto
}
ethernet eth11 {
speed auto
}
loopback lo {
}
switch switch0 {
description Local
switch-port {
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
interface eth5 {
}
interface eth6 {
}
}
}
}
protocols {
static {
}
}
service {
dns {
}
gui {
https-port 443
}
nat {
rule 5010 {
description "masquerade for WAN"
outbound-interface eth9
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
}
↧
Re: ER-12 not routing between interfaces 0-7 (removed from switch)
Config looks fine
Check:
-gateway on hosts not able to be pinged
-firewall settings on internal hosts. Windows might only allow incoming ping from its own LAN segment, not from other addresses.
↧