Re: ERL v1.9.0 Slow WAN
What router are you talking about?Do you have HW offload enabled?Make sure you don't have any config that would disable HW offload i.e. SW bridge or QoS.Best post your config show configuration | no-more
View ArticleRe: EdgeRouter with Avaya H.323 VPN remote phones
Nope, nothing special to make the phone work on my end. I have observed the condition you are referring to once or twice, but I just wrote it off as transient network issues. I believe its trying to...
View ArticleRe: EdgeRouter with Avaya H.323 VPN remote phones
You could try to decrypt ipsec tcpdump packets to figure out if phone is reaching out to something that isn't there.
View ArticleRe: Load Balancing problem
Thanks for the update. The default count failure and options should be okay.
View ArticleRe: Unable to use IPsec over IPv6 [Bug]
Thanks for your response. OK, I understand!( I realize to use IPv6 VTI needs Linux Kernel 3.13 or later. )I hope you will support IPv6 VTI when Kernel will be upgraded.
View ArticleRe: Site-To-Site VPN not running on one end (both ERL with highly similar...
I'm going to give both of those a try. Notably, though, it turns out that the "ubnt" ERL lost all internet connectivity for the hosts in the 192.168.2.0/24 network. I was still able to access the web...
View ArticleRe: IPSec VPN one end with Dynamic IP
When I do sudo ipsec up peer-10.0.0.113-tunnel-1 I get the following output: initiating Main Mode IKE_SA peer-10.0.0.113-tunnel-1[1] to 10.0.0.113generating ID_PROT request 0 [ SA V V V V ]sending...
View ArticleRe: ER-Pro L2TP - VPN Clients Can't Ping Network After 1.8.0 to 1.9.0 Upgrade
can you post your config file too. Two of l2tp threads are using load-balance. Is you're load-balance too? It might be interesting to try removing the new l2tp kernel modules to see if that is the...
View ArticleRe: IPSec VPN one end with Dynamic IP
Instead of using "local-address any" I'd suggest either "dhcp-interface" or "local-address 0.0.0.0". For some reason that "local-address any" seem problematic. Aslo when using FQDN I find that using...
View ArticleRe: Update to 1.9 broke my l2tp/ipsec
It seems OK on my macbook pro but I may not be connected as long as you are at a time. Do you have a more exact amount of time? I can probably work on my macbook tomorrow over VPN to test that out
View ArticleRe: EdgeRouter with Avaya H.323 VPN remote phones
Would the 'ip xfrm state' command need to be run on the client? In my case the VPN client is the phone.16again wrote:You could try to decrypt ipsec tcpdump packets to figure out if phone is reaching...
View ArticleRe: Update to 1.9 broke my l2tp/ipsec
I don't think we've seen your config file. Are you also using load-balance?
View ArticleRe: Load Balancing problem
I don't mean or want to hijack this thread, but its along the same lines. How do you make it so that the failover will happen faster?? I'm testing it out right now with an ERL and the standard...
View ArticleRe: DynDns problems
1. web and web-skip These two are used in case the IP on your interface (eth0 in your case) is not your external IP (your router is behind NAT). Then you put the address of some site that will give...
View ArticleRe: Load Balancing problem
Default "interval" = 10 seconds, default failure count = 3. 10 x 3 = 30 seconds, but all those parameters are changeable.
View ArticleRe: Add VLAN
Thank you!switch0 has an ip assigned by the wan+2lan2 wizard, but each of the vlans I assign to it can have seperate ip ranges for guest, IOT right?
View ArticleRe: L2TP/IPSec default negotiation [3DES vs AES, SHA1 vs SHA2 etc]
I've long dealt with this on Vyatta/VyOS. If this is on Windows, max hashing is SHA1. Windows clients don't ask for SHA-2. 3DES and AES-256 will allowed on maximum encryption. Require encryption...
View ArticleRe: 1.9.0 broke dashboard for me (using Firefox)
I've tried attaching the log file, but the forum doesn't want to accept it. Have you an email address I can send it to?
View Article