Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | ... | 28
39 posts

Geek
+1 received by user: 5


  Reply # 1827638 23-Jul-2017 16:25
Send private message quote this post

michaelmurfy:

 

Swemoph:

 

Thanks for the tutorial! Got it all working but just a quick question. My firewall configuration was set to pppoe/in and pppoe/local rather than eth0.10 like in your screenshot - is this a issue or can I leave it as is?

 

Yep pppoe0 is what you want to have it set to if you're using an ISP with PPPoE. I have it set as eth0.10 since that is what my ISP provides me.

 

 

 

 

Got it, thanks laughing


57 posts

Master Geek

Lifetime subscriber

  Reply # 1828009 23-Jul-2017 22:18
Send private message quote this post

Spyware:

 

https://community.ubnt.com/t5/EdgeMAX/OpenVPN-Client-Setup-for-Private-Internet-Access/td-p/1154803

 

 

Thanks for this, it's close but like most things it's the variations and exceptions that's getting me stuck.

 

The ExpressVPN config for OpenVPN doesn't use seperate .ca, .key or .pem files, with all the associated information contained in-line in the .ovpn file.

 

Through reading links (thanks a lot for those by the way), and some continuing (and patient) help from forums (again.. thanks), I am most definitely making progress, albeit tremendously frustrating.

 

So, I have managed to get the .ovpn and userpass file in the relevant folders in the root of the router. I've made sure the permissions are ok (a little lax at the moment, but just want to ensure permissions isn't a problem and can tighten that up afterwards).

 

Unfortunately... as soon as I try create the interfaces and commit... this is what happens:

 

root@ubnt# commit

 

[ interfaces openvpn vtun0 ]

 

OpenVPN configuration error: Cannot open config file "/config/openvpn/expressvpn.ovpn".

 

Commit failed

 

 

 

 

 

 

As I said, I think locations and permissions are correct...

 

 

 

root@ubnt:~/config/openvpn# ls -Artl

 

total 12

 

-rwxrwxrwx 1 root root 6139 Jul 23 09:07 expressvpn.ovpn

 

drwxrwxrwx 1 root root 4096 Jul 23 09:07 auth

 

 

 

 

root@ubnt:~/config/openvpn/auth# ls -Artl

 

total 4

 

-rwxrwxrwx 1 root root 49 Jul 23 09:07 userpass.txt

 

 

 

...so I now need to try find what part of the ovpn file is causing it to fall over. (unless someone happens to be able to have the super-secret answer that I haven't stumbled upon yet).

 

 

 

I'm trying folks... definitely trying...

 

 

 

 

 

 


 
 
 
 




Mr Snotty
8181 posts

Uber Geek
+1 received by user: 4168

Moderator
Trusted
Lifetime subscriber

  Reply # 1828020 23-Jul-2017 22:38
Send private message quote this post

The problem here is you're doing it all under Root. Vyatta runs under its own user of which your default user (ubnt or otherwise) has access to and thus your commit will never work due to permissions errors.

 

Never use Root with the Edgerouters. Always use your standard user (without sudo) else you risk breaking your configuration. I would strongly recommend if you've been using root to factory reset your router and start again.





392 posts

Ultimate Geek
+1 received by user: 81


  Reply # 1828064 24-Jul-2017 00:53
Send private message quote this post

One other thing to check - the .ovpn file is likely in Windows format (CR/LF at the end of a line) and will need to have its line endings converted to Linux format (single LF character at the end of a line).  Without conversion, most Linux software will give some sort of error when reading Windows format files.

 

I checked and the dos2unix command is installed on an ERL, so this should work to convert the file in place:

 

dos2unix -u dosomething.ovp


316 posts

Ultimate Geek
+1 received by user: 78


  Reply # 1831818 26-Jul-2017 19:39
Send private message quote this post

Firmware v1.97 just released

 

Release notes and download links here

 

So far no issues


57 posts

Master Geek

Lifetime subscriber

  Reply # 1833109 28-Jul-2017 21:35
Send private message quote this post

Thanks to everyone for all the help, I've had some great advice and guidance.

I now have a functioning router based VPN service (ExpressVPN OpenVPN configuration) that is used specifically by one device, which is determined by a policy against its static IP.

Awesome stuff.

All of this hasn't actually quite solved the problem I was trying to resolve, but now I know I need an additional part of the solution.

Thanks again

1664 posts

Uber Geek
+1 received by user: 188

Subscriber

  Reply # 1833120 28-Jul-2017 22:02
Send private message quote this post

michaelmurfy:

 

IcI: Hi. Any opinion on using the USG (Security Gateway) vs. the EdgeRouter? Regards.

 

I've done a few installs with the USG and it is a great product - more suited towards beginners. It is essentially the Edgerouter but all management is done via the UniFi controller (and is far more basic).

 

 

Is it possible to get into the USG and do the same sort of config as you can on Edgerouter, or is there no CLI at all?

 

I already run a local instance of the Unifi Controller to manage my 3 UAPs so the idea of controlling my network router via the same interface is appealing. But not if I will lose functionality.

 

I have a Mikrotik 750GL + Draytek 130 on VDSL currently and am about to get BigPipe UFB installed on Monday. From what I have read the Mikrotik will be fine for UFB and I have already setup the PPoE client in readiness.

 

I have learnt alot playing around with the Mikrotik and thanks to some posts/guides from @sbiddle I have got a pretty robust firewall setup. E.g. syn flooding and port scanner detection to auto-block etc. Is this sort of thing possible with a USG? 

 

Interested in your expert opinion :)




Mr Snotty
8181 posts

Uber Geek
+1 received by user: 4168

Moderator
Trusted
Lifetime subscriber

  Reply # 1833159 29-Jul-2017 00:27
Send private message quote this post

@SumnerBoy You can indeed however you need to format it into a JSON file and shove it on the UniFi server. You have to also be sure it parses as real JSON else your router will go into a "provision loop". The default configuration is pretty darn secure even to the point of not allowing external ICMP. There is many more things you can configure since I wrote that and it seems Ubiquiti are adding more and more into the controller.

 

I love the USG as a product now. The fact you can do a site-to-site VPN with 2 clicks (assuming both USG's are on the controller) and also have granular control over the firewall makes it a darn good product for even geeks who want a good router. I've recommended them to a few people now and they love them.





1664 posts

Uber Geek
+1 received by user: 188

Subscriber

  Reply # 1833171 29-Jul-2017 07:37
Send private message quote this post

Hmmm, you may have just convinced me! Thanks for getting back so promptly.

12 posts

Geek
+1 received by user: 1


  Reply # 1837003 4-Aug-2017 09:56
Send private message quote this post

It's cool to see these routers work well with the Chorus ONT! :D Got my ER-X flying at my new house! The Chorus guys kept asking me "where's your modem?", they wouldn't believe me that "small thing" was a kickass router... 

 

Signed up using the Bigpipe referral link for some shared savings, thanks!


316 posts

Ultimate Geek
+1 received by user: 78


  Reply # 1843660 10-Aug-2017 16:38
2 people support this post
Send private message quote this post

Firmware v1.97 + Hotfix 1 just released 

 

Release notes and download links here

 

Not tried it yet


1664 posts

Uber Geek
+1 received by user: 188

Subscriber

  Reply # 1844908 11-Aug-2017 08:31
Send private message quote this post

Ordered a USG + 24 port Unifi Switch from GoWifi. There goes my weekend...




Mr Snotty
8181 posts

Uber Geek
+1 received by user: 4168

Moderator
Trusted
Lifetime subscriber

  Reply # 1844934 11-Aug-2017 08:58
Send private message quote this post

@freakngeek thanks very much for posting that. Would have missed it :)

@SumnerBoy let me know if you'd like access to the cloud controller (far better in terms of telling you when your internet is down) but you'll enjoy it!




1664 posts

Uber Geek
+1 received by user: 188

Subscriber

  Reply # 1844937 11-Aug-2017 09:04
Send private message quote this post

Thanks @michaelmurfy but I am running my own instance of the Unifi controller here (have been for years to look after my UAPs). That is half the reason for upgrading the USG - so I can maintain all my network devices from that one interface. I have a mate who is looking to beef up his WiFi however, and I have suggested he look into some UAPs. If he pulls the trigger on those I might look to use your cloud controller.


241 posts

Master Geek
+1 received by user: 18


  Reply # 1844950 11-Aug-2017 09:15
One person supports this post
Send private message quote this post

SumnerBoy:

 

Ordered a USG + 24 port Unifi Switch from GoWifi. There goes my weekend...

 

 

I've had mine 3 weeks, still need to install it, maybe this weekend. plugged in the TP Link 24 port last weekend works great, thanks ;)


1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | ... | 28
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.