Re: Edge Router IPSEC VPN to Watchguard
On ER, your esp group (=phase 2 settings) lacks dh-group setting, whereas on watchguard it's set to dh2 set vpn ipsec esp-group FOO0 pfs dh-group2
View ArticleRe: Firewall Policy source Mac address
MAC addresses are being replaced by each router that passes your packet.Filtering on MAC addresses is only usefull for locally attached devices (on the same internal switch , =layer2 network)
View ArticleRe: ERL DHCP Set Primary DNS Suffix
judging from error message, double check pool name you're using.To prevent errors like this, I always do first:"show configuration commands | grep dhcp"and use copy paste to create the new command
View ArticleRe: Release public IP
You can't wait for a lease to end. If the lease is halfway used, it'll be renewed. You can use command below to re-use old MAC address on new ERX port:set interfaces ethernet eth0 mac 12:23:34:45:56:67
View ArticleRe: l2tp Edgemax 1.9 firmware is not working
Which firmware version you were using before upgrading to 1.9.0?What is your ER h/w model? If h/w model is ER-X then you should disable "ipsec-offload" because of is causing problems with L2TP. This...
View ArticleEdgerouter POE and Unifi AP AC light
Hi Im new to Ubnt, im having trouble setting ut my access point to the Edgerouter POE, it will only flash blue and not show up on my controller.If i plug it inn to my service provider router it starts...
View ArticleRe: Need help removing bridge
If you only remove the bridge, you end up with eth1 and eth2 not having an IP address.You have to make multiple CLI changes to remove bridge, and assign IP addresses to eth1 & 2, and then commit...
View ArticleRe: Site-To-Site VPN Communications between Sites
You're also loadbalancingTry:instead of local address any, specify fixed IP WAN address (eth0 address)add static /32 route to ipsec peer, using eth0 gateway
View ArticleStatic Host Mappings Stopped Working after Reboot
Hi all, Had a power loss here at home tonight. Everything rebooted just fine, but now none of my static hosts seem to be working. I had my backup server mapped to "server.example.com" and the...
View ArticleStep by Step Parental control guide
Hi. I have a teenager who is online too much and an Edgerouter Lite running 1.7. I would like to be able to limit internet access for specific mac addresses to certain hours of the day, like 19.00 to...
View ArticleClik here to view.
Re: Restart OSPF daemon
Is it possible to have clear ip ospf processrun in a VRRP transition script, I suspect at the moment its running the bash command "clear" instead
View Articlesite-to-site ipsec and L2TP remote-access at the same time.
I got two EdgeRouter Lite with firmware v1.9.0 and I got an site-to-site ipsec tunnnel that works stable between them.. Now the need for l2tp remote-access ha come on one of the sites but when i add...
View ArticleRoute to remote subnet over IPSec tunnel - Cant get traffic to pass?
So, i have three routers:RTR-A:Lan subnet of 172.16.254.11/24 on Eth0Wan subnet of 11.11.11.11/29IPSec tunnel to RTR C"Hairpin NAT" enabled (By default)"Automatically open firewall and exclude from...
View ArticleEdgeRouter 1.9 DHCP different gateway for a bunch of devices
Hello,I use EdgeRouter Pro 8 for a small network to serve DHCP for all of devices. I use static mappings for majority of them. For a couple of handheld terminals I would like to use different that the...
View ArticleClik here to view.
Re: One to One NAT
Hi dude,Can you show me your masquerade rule as I don't currently have one.. that would be great Cheers,Jacob.
View ArticleRe: One to One NAT
nat { [... all other DNAT / SNAT rules here ...] rule 5500 { outbound-interface eth0 protocol all type masquerade } }
View ArticleRe: Route to remote subnet over IPSec tunnel - Cant get traffic to pass?
How did you configure IPSEC? Classic or VTI mode. In VTI mode, just add routes to tunnel interfaces (or let OSPF do it automatically).In classic IPSEC mode, you need to add second tunnel under peer...
View ArticleRe: One to One NAT
This link shows a 1 to 1 NAT mapping in GUI.The wizard already made a masquerade rule, so you should have oneAlso, see EdgeMAX-SOHO-Example what masquerade looks like in GUI
View ArticleDPI Firewall - No Entries for Top-Sites-Adult but fall within Streaming-Media...
HI Forum, I'm trying to use the DPI Firewall feaure on an ER-X, specifically to block access to a certain Adult category. However on examination this category seems to be empty EdgeRtrX:~$...
View ArticleRe: Setting dhcp-server authoritative removes all dhcp configuration
Wow. Thanks so much for your thoughtful assessment; your observation was spot on. I thought there was some larger problem, but the cause was a problem on 2nd dhcp server, as you suggsted. The "compare"...
View Article