Re: VPN IPSec Site to Site + Load Balance
Yeah, this is a known issue, there are routes missing for the return traffic.Try executing /usr/sbin/ubnt-add-connected.pl ... it should fix the issue. To add this permanently see LINK.
View ArticleRe: VPN IPSec Site to Site + Load Balance
tnx for your answare let me try it at the mondayGN
View ArticleRe: ER PoE - dual WAN, port forward problem
you're missing the firewall rule that corresponds to the DNAT rule You need to add these two rules to WAN_IN: rule 40 { action accept description "Accept SSH" destination { port 22 } protocol tcp }...
View ArticleRe: Need help setting L2TP over IPSEC
I have a similar configuration as you do (with PPPoE), and also problems getting L2TP over IPSEC. The commit fails when I try to commit the L2TP settings I've entered. Could you tell me what IP you...
View ArticleRe: VLAN - no internet access
Why would the traffic need to go to the switch? The router is the default route for the VLAN and eth2 is the internet interface where 0.0.0.0/0 is pointing. I am pinging using the IP on eth0.5 or 10Are...
View ArticleRe: VLAN - no internet access
because I assumed you're using a switch to handle the dot1q tagging / untagging for the spare VLAN port PVIDs are properly set in the TS?
View ArticleIPsec site-to-site issues
Using a pair of ERLite routers, version 1.9.0. I can't for the life of me get a site-to site IPsectunnel established. I've tried both purely command line and through the GUI, and neither method works....
View ArticleRe: VLAN - no internet access
I found the problem, incorrect source masquerade. Instead of specifying the interface I specified the source address range. I have a lot to learn about routing, Im in the weak souce category for...
View ArticleRe: VLAN - no internet access
your masquerade rule shouldn't trigger on anything. It should just be a catch-all rule. rule 5010 { outbound-interface ethX protocol all type masquerade }(where "ethX" represents your WAN interface)
View ArticleRe: Every second: COMMAND=/usr/bin/vtysh.pl -c show ip route summary json
Anyone want to take a stab at why my ER-L is executing this every second?
View ArticleRe: IPsec site-to-site issues
Try using same PSK for site-to-site and L2TP ... I'm gussing the tunnel will come up.
View ArticleRe: IPsec site-to-site issues
I run 1.8.0, but I do a NAT exclude for VPN traffic. Starting points are show vpn debug and looking at your logs.
View ArticleRe: IPsec site-to-site issues
You can do NAT exclude and firewall rules manually (that's what I do too), but you can use simplified approach with auto-firewall-nat-exclude enablewhich is the case here.
View ArticleProblem with DHCP servers on vlans
Hello, am having problems with the implementation of a wireless network. The scheme of connection is the following: The access points (Rocket PRISM) are configured in bridge mode. Each access point is...
View ArticleRe: Problem with DHCP servers on vlans
Without DHCP server present, clients should fall back to APIPA addresses, in 169.254.x.x range.Since they get 192.168.10.x addresses, this seems more like a rogue dhcp server to me. When having an...
View ArticleRe: Can't Connect to Work VPN
did not see "set system conntrack modules pptp disable" in the system config when i used CLI.
View ArticleRe: Prevent/restrict access to the router from subnet.
Setting the listen address doesn't really block access to CLI from other subnets....as long as client knows the correct IP. A VLAN_IN ruleset is always required. The mentioned access list has a major...
View ArticleRe: Strange behavior: device networking ok, but lost networing after start...
My 1st question: Why do you need multiple VLANs on the laptop? You have a router, use routing to access the other VLANs
View Article