Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | ... | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | ... | 42
792 posts

Ultimate Geek


  # 2034738 13-Jun-2018 02:08
Send private message quote this post

Alpha s/w on a productive system?

 

There's no reason (except for tests in a related environment) to use anything else for a productive system earlier than (bold): pre-AlphaAlphaBeta Release CandidateRelease.





- ISP1: T-OneBox FTTH modem, 1/.5G, full DS, VLAN7, VoIP + ipTV streaming flat

 

- ISP2: 4G/LTE USB modem + TL-MR3020, 100/40M data plan (wireless fallback)

 

- NET: ZBOX nano router, 2 C2960X-48TS-L, 2 GWN7630, GWN7610, EL1600usb

 

- SVR: E3C236 32G/20TB, 2 H2 16G/500GB, HC2 4TB, 2 C2 1TB | 2 HC2 14/1TB

 

- IoT+3D: LoRaWAN, 5G, CCU3 (openHAB/MQTT), 2 Ender-3, UM2E+, UM3, CNC

 

- USR: NUC8i7HVK, EliteBook 840, Aspire E5, N2, X300, tablet, mobiles, 2 4K TVs

 

- ipPBX: GRP2613, GO-Box 100, SPA112 (Fax and W-48, a 1948 Siemens phone)


126 posts

Master Geek

Trusted

  # 2039135 17-Jun-2018 15:12
Send private message quote this post

After upgraded to the latest firmware, V1.10.3, I tried to connect through both eth1 and eth2 ports (Fibre comes into eth0). It works through eth1 but not eth2. Configuration is as the pic below.

 

 

Yes, I did change my IP address accordingly when switching to different subnet. What could be the problem? Thanks 


 
 
 
 




Mr Snotty
8905 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 2039143 17-Jun-2018 15:44
One person supports this post
Send private message quote this post

@GeekRay Have you got a DHCP server listening on the 192.168.2.1/24 range?





126 posts

Master Geek

Trusted

  # 2039218 17-Jun-2018 19:28
Send private message quote this post

Bang on, Michael. I changed the IP range for 2nd subnet without updating associated DHCP sever.

 

Thanks for the advice and it's working now. 

 

By the way, is that possible for Plex client app to access Plex serve on different subnet? I did a bit research online but couldn't find much info (not a common case I reckon) 


126 posts

Master Geek

Trusted

  # 2039221 17-Jun-2018 19:35
Send private message quote this post

Also, regarding hardware offloading, I have three "enabled" under ipv4 but it says "disabled" under "system". Does it mean there is something I need to do there?

 

System level:

 

 

IPv4

 

 

Thanks heaps. 

 

 




Mr Snotty
8905 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 2039310 17-Jun-2018 23:13
One person supports this post
Send private message quote this post

@GeekRay For Plex it "just works" - it'll detect your Plex server as nearby assuming it is not firewalled off. It is not wise to use the 2nd port of the Edgerouter to extend your network unless if you were wanting to create a guest network or something.

 

For the likes of hardware offloading it is best to do it in the CLI - "show ubnt offload" to get a proper answer. Don't set it in both places as this is often a double-up caused by Ubiquiti using the same software across all their routers.





336 posts

Ultimate Geek


  # 2040784 19-Jun-2018 22:20
One person supports this post
Send private message quote this post

EdgeMAX EdgeRouter software hotfix version v1.10.4 has been released!  [ New ]    19 hours ago

 

New firmware release 1.10.4 is available here:

 

!!! IMPORTANT NOTICE for ER-12 users !!!

 

ER-12 supports only 1.10.4 and 2.0.0-alpha.1 firmwares.

 

Do not downgrade ER-12 to any older firmware as this will brick ER-12 for good. Firmware compatibility check for ER-12 will be added in upcoming 1.10.5 and 2.0.0-alpha.2 firmwares

 

Note: The ER-X/ER-X-SFP/EP-R6 has more limited storage, and in some cases, an upgrade may fail due to not enough space. If this happens, remove the old backup image first (using "delete system image" command, see here for more details) before doing an upgrade.

 

More details can be found in the release notes below. Please give it a try if you are interested in the new features/changes to help us test them so that we can get the release out sooner! Thanks very much!

 

[Release Notes v1.10.4]

 

Changelog

 

Changes since v1.10.3

 

New features:

 

  • Offloading - Added CLI commands to resize flow table on Octeon-based routes. Discussed hereset system offload ipv4 table-size 65536Prior to 1.10.4 firmware, table-size was hardcoded to 8192 for all platforms. Default table size of 8192 buckets was ok for ER-lite (that has 512Mb of RAM) but totally not ok for ER-Infinity (that has 16GB of RAM). Now admins can tune offload ipv4 table-size to improve forwarding performance.General recommendation is following - if you see that coutner ipv4_create_flow_not_found_replaced_non_expired is constantly growing then it means that table-size is too small for your traffic profile and you are advised to increase it past default 8192 value:
    $ show ubnt offload statistics |grep replaced_non_expired ipv4_create_flow_not_found_replaced_non_expired 357345 <------------ !!!! ipv6_create_flow_not_found_replaced_non_expired 0Right now the only limitation for table-size is that it should be power of 2 (8192, 16384, 32768, 65536...)

Enhancements and bug fixes:

 

  • PoE - Keep POE status during reset for ER-X-SFP/EP-R6/EP-R8/ER-12 devices
  • DHCP - Fixed DHCPv6 failure with VIF-0 interface. Discussed here
  • SSH - Disable weak ARCFOUR ciphers
  • SSH - Disable SSH port forwarding for operator user
  • Interface - Fixed bug when SFP interface link was down after upgrade on ER-X-SFP
  • BGP - Fixed bug when commit failed when setting inactive BGP peer. Discussed here
  • DNS - Upgraded Dynamic DNS client to support cloudflare API v4. Discussed here
  • Interface - Fixed random bug when interface stopped passing traffic after changing speed/duplex
  • Interface - Fixed bug when eth0 speed/duplex could not be changed on ER-Infinity 
  • System - Fixed bug when processes randomly crashed with SIGBUG on ER-X
  • System - Fixed bug when PoE status was not reset when doing "factory-reset"
  • System - Fixed bug when "ubnt-util" crashes with SIGFPE if smart-queue rate was less than 1kbps. Discussed here

Updated software components:

 

  • none

Known issues:

 

  • Bug with corrupted downloads via PPPoE interface is not fixed for ER-8-XG (it is fixed on all other ER models). Workaround - disable PPPoE offloading on ER-8-XG:configure set system offload ipv4 pppoe disable
    set system offload ipv6 pppoe disable commit sa

    NOTE:
     We will publish this 1.10.4 firmware in main EdgeMAX forum, download site and UNMS on Monday June 25th 2018

 
 
 
 


336 posts

Ultimate Geek


  # 2045832 29-Jun-2018 07:24
One person supports this post
Send private message quote this post

New firmware release 1.10.5 is available here:

 

 Note: The ER-X/ER-X-SFP/EP-R6 has more limited storage, and in some cases, an upgrade may fail due to not enough space. If this happens, remove the old backup image first (using "delete system image" command, see here for more details) before doing an upgrade.

 

More details can be found in the release notes below. Please give it a try if you are interested in the new features/changes to help us test them so that we can get the release out sooner! Thanks very much!

 

[Release Notes v1.10.5]

 

Changelog

 

Changes since v1.10.3

 

New features:

 

  • Offloading - Added CLI commands to resize flow table on Octeon-based routes. Discussed hereset system offload ipv4 table-size 65536Prior to 1.10.5 firmware, table-size was hardcoded to 8192 for all platforms. Default table size of 8192 buckets was ok for ER-lite (which has 512Mb of RAM) but totally not ok for ER-Infinity (which has 16GB of RAM). Now admins can tune offload ipv4 table-size to improve forwarding performance. General recommendation is following - if you see that coutner ipv4_create_flow_not_found_replaced_non_expired is constantly growing then it means that table-size is too small for your traffic profile and you are advised to increase it past default 8192 value:
    $ show ubnt offload statistics |grep replaced_non_expired ipv4_create_flow_not_found_replaced_non_expired 357345 <------------ !!!! ipv6_create_flow_not_found_replaced_non_expired 0Right now the only limitation for table-size is that it should be power of 2 (8192, 16384, 32768, 65536...)

Enhancements and bug fixes:

 

  • PoE - Keep POE status during reset for ER-X-SFP/EP-R6/EP-R8/ER-12 devices
  • DHCP - Fixed DHCPv6 failure with VIF-0 interface. Discussed here
  • SSH - Disable weak ARCFOUR ciphers
  • SSH - Disable SSH port forwarding for operator user
  • Interface - Fixed bug when SFP interface link was down after upgrade on ER-X-SFP
  • BGP - Fixed bug when commit failed when setting inactive BGP peer. Discussed here
  • DNS - Upgraded Dynamic DNS client to support cloudflare API v4. Discussed here

     

    • Following DDNS providers require manual configuration changes:

       

      • Cloudflare - server www.cloudflare.com should be removed from config:delete service dns dynamic interface eth0 service custom-cloudflare server www.cloudflare.com
      • Namecheap - config entry  host-name should not contain second level domain name. For instance for eatmyshorts.bart.com you should remove the bart.com suffix from host-name and leave only eatmyshorts:
        delete service dns dynamic interface eth0 service namecheap host-name eatmyshorts.bart.com set service dns dynamic interface eth0 service namecheap host-name eatmyshorts
  • Interface - Fixed random bug when interface stopped passing traffic after changing speed/duplex
  • Interface - Fixed bug when eth0 speed/duplex could not be changed on ER-Infinity 
  • System - Fixed bug when processes randomly crashed with SIGBUG on ER-X
  • System - Fixed bug when PoE status was not reset when doing "factory-reset"
  • System - Fixed bug when "ubnt-util" crashes with SIGFPE if smart-queue rate was less than 1kbps. Discussed here
  • UNMS - downgraded ubnt-udapi bridge to v0.3.13 to get rid of bug when UNMS connection freezed

Updated software components:

 

  • none

Known issues:

 

  • Bug with corrupted downloads via PPPoE interface is not fixed for ER-8-XG (it is fixed on all other ER models). Workaround - disable PPPoE offloading on ER-8-XG:configure set system offload ipv4 pppoe disable
    set system offload ipv6 pppoe disable commit save

1759 posts

Uber Geek

Trusted

  # 2048228 3-Jul-2018 12:37
Send private message quote this post

So I seem to be making progress.

 

I can now receive IPv6 address on my devices (windows and linux)

 

I can't ping v6 on the internet, i.e. ping -6 google.com fails. but it does resolve the ipv6 address

 

I'm on 2degrees and looking at the fritz!box it showed a /48 was allocated so trying with that...

 

 

 

 

set interfaces ethernet eth0 vif 10 pppoe 0 ipv6 enable
edit interfaces ethernet eth0 vif 10 pppoe 0 dhcpv6-pd pd 1
set prefix-length /48

 

set interface eth2 host-address ::1
set interface eth2 prefix-id :2
set interface eth2 service slaac
set ipv6 address autoconf
top
commit

 

set protocols static interface-route6 ::/0 next-hop-interface pppoe0
commit
save

 

edit firewall ipv6-name WAN6_IN
set default-action drop
set rule 10 action accept
set rule 10 description "allow established"
set rule 10 protocol all
set rule 10 state established enable
set rule 10 state related enable
set rule 20 action drop
set rule 20 description "drop invalid packets"
set rule 20 protocol all
set rule 20 state invalid enable
set rule 30 action accept
set rule 30 description "allow ICMPv6"
set rule 30 protocol icmpv6
top
edit firewall ipv6-name WAN6_LOCAL
set default-action drop
set rule 10 action accept
set rule 10 description "allow established"
set rule 10 protocol all
set rule 10 state established enable
set rule 10 state related enable
set rule 20 action drop
set rule 20 description "drop invalid packets"
set rule 20 protocol all
set rule 20 state invalid enable
set rule 30 action accept
set rule 30 description "allow ICMPv6"
set rule 30 protocol icmpv6
set rule 40 action accept
set rule 40 description "allow DHCPv6 client/server"
set rule 40 destination port 546
set rule 40 source port 547
set rule 40 protocol udp
top
set interfaces ethernet eth0 vif 10 pppoe 0 firewall in ipv6-name WAN6_IN
set interfaces ethernet eth0 vif 10 pppoe 0 firewall local ipv6-name WAN6_LOCAL
commit
save
exit
reboot now

 





CPU: Intel 3770k| RAM: F3-2400C10D-16GTX G.Skill Trident X |MB:  Gigabyte Z77X-UD5H-WB | GFX: GV-N660OC-2GD gv-n660oc-2gd GeForce GTX 660 | Monitor: Qnix 27" 2560x1440

 

 




Mr Snotty
8905 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 2048241 3-Jul-2018 13:02
Send private message quote this post

Here is my configuration snippit for IPv6 on 2degrees (working) - setting "prefix-only" is important on 2degrees also. This configuration is literally taken from my OP.

# show interfaces ethernet eth0 vif 10 pppoe 0 dhcpv6-pd
pd 0 {
interface eth1 {
host-address ::1
no-dns
prefix-id :1
service slaac
}
prefix-length /56
}
prefix-only
rapid-commit enable
[edit]

 

# show firewall ipv6-name WAN6_IN
default-action drop
rule 10 {
action accept
description "allow established"
protocol all
state {
established enable
related enable
}
}
rule 20 {
action drop
description "drop invalid packets"
protocol all
state {
invalid enable
}
}
rule 30 {
action accept
description "allow ICMPv6"
protocol icmpv6
}
[edit]

 

# show firewall ipv6-name WAN6_IN
default-action drop
rule 10 {
action accept
description "allow established"
protocol all
state {
established enable
related enable
}
}
rule 20 {
action drop
description "drop invalid packets"
protocol all
state {
invalid enable
}
}
rule 30 {
action accept
description "allow ICMPv6"
protocol icmpv6
}
[edit]

 


# show firewall ipv6-name WAN6_LOCAL
default-action drop
rule 10 {
action accept
description "allow established"
protocol all
state {
established enable
related enable
}
}
rule 20 {
action drop
description "drop invalid packets"
protocol all
state {
invalid enable
}
}
rule 30 {
action accept
description "allow ICMPv6"
protocol icmpv6
}
rule 40 {
action accept
description "allow DHCPv6 client/server"
destination {
port 546
}
protocol udp
source {
port 547
}
}
[edit]





87 posts

Master Geek


  # 2048559 3-Jul-2018 20:50
Send private message quote this post

I have the exact same settings about but it doesn't work for me, is there anything else I need to do?


1759 posts

Uber Geek

Trusted

  # 2048617 3-Jul-2018 21:38
Send private message quote this post

@michaelmurfy

 

I've updated my config to align to your output, but still having issues.

 

 

So when I have prefix-length /48 all my devices are given IPv6 addresses but can't reach the outside world. I cant even ping6 google.com from the edgerouter lite.

 

 

If I have prefix-length /56 I can ping6 google.com from the edgerouter lite but devices are not provided with a ipv6 address at all.

 

 

can you please share the output from or ssh the file to your local device to share it...

 

[code]cat /config/config.boot[/code[

 

 

Of course remove your passwords from user account at the bottom and pppoe password and user-id

 

 

The prefix-only for example isn't in OP so I'm wondering if there is other config you've made along the way without noticing?

 

 

Also if I run show firewall ipv6-name WAN6_LOCAL or WAN6_IN from the normal command line (not within configure)

 

the below line is included in the input...

 

 

Inactive - Not applied to any interfaces, zones or for content-inspection.

 

 

if I try and run the below again i get the warning it's already configured...

 

 

set interfaces ethernet eth0 vif 10 pppoe 0 firewall in ipv6-name WAN6_IN

 

set interfaces ethernet eth0 vif 10 pppoe 0 firewall local ipv6-name WAN6_LOCAL

 





CPU: Intel 3770k| RAM: F3-2400C10D-16GTX G.Skill Trident X |MB:  Gigabyte Z77X-UD5H-WB | GFX: GV-N660OC-2GD gv-n660oc-2gd GeForce GTX 660 | Monitor: Qnix 27" 2560x1440

 

 




Mr Snotty
8905 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 2048654 3-Jul-2018 22:23
2 people support this post
Send private message quote this post

@BlackHand @mentalinc Here you go - this is very heavily sanitized but I've left the configuration there for my internet connection / firewall / IPv6 settings. Afraid my configuration is far too big (and sensitive) to fully post and you likely don't need to know about my site to site VPN's etc :) - https://files.murfy.nz/config.boot.sanitized.txt

 

This configuration gives me the following (tested on a Chromebook - same goes for Windows / Linux and any other device on the network):

 

Click to see full size

 

Sidenote - the no-dns is not needed. I've got that as I run my own resolver on this network. You may want to leave that one out.







Mr Snotty
8905 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 2048667 3-Jul-2018 23:42
Send private message quote this post

I also found I had MSS clamping enabled;

This is not needed on 2degrees UFB if you're using a MTU of 1500 on the PPPoE side and a MTU of 1508 on the underlying interface like I have on my configuration. Not sure why I had this enabled in the first place as it would have been limiting things for me so thanks @mentalinc for getting me to dump my configuration and look through it!





87 posts

Master Geek


  # 2048692 4-Jul-2018 07:23
Send private message quote this post

What's the benefit/use of ip { enable-proxy-arp }, I couldn't find a proper answer on the ubiquiti forums?

 

 


1 | ... | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | ... | 42
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08


Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55


Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48


CarbonClick launches into Digital Marketplaces
Posted 6-Nov-2019 11:42


Kordia offers Microsoft Azure Peering Service
Posted 6-Nov-2019 11:41


Spark 5G live on Auckland Harbour for Emirates Team New Zealand
Posted 4-Nov-2019 17:30


BNZ and Vodafone partner to boost NZ Tech for SME
Posted 31-Oct-2019 17:14


Nokia 7.2 available in New Zealand
Posted 31-Oct-2019 16:24


2talk launches Microsoft Teams Direct Routing product
Posted 29-Oct-2019 10:35


New Breast Cancer Foundation app puts power in Kiwi women's hands
Posted 25-Oct-2019 16:13


OPPO Reno2 Series lands, alongside hybrid noise-cancelling Wireless Headphones
Posted 24-Oct-2019 15:32


Waikato Data Scientists awarded $13 million from the Government
Posted 24-Oct-2019 15:27


D-Link launches Wave 2 Unified Access Points
Posted 24-Oct-2019 15:07


LG Electronics begins distributing the G8X THINQ
Posted 24-Oct-2019 10:58



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.