Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | ... | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28
316 posts

Ultimate Geek
+1 received by user: 78


  Reply # 2015082 13-May-2018 12:28
Send private message quote this post

Not sounding great at all

 

Can you measure voltage coming out of power adapter, might be low?
Try another AC adapter with similar voltage/amps out specs, doesn't have to be exact but not too far from original
Leave off for a while, plug back in

 

I would be prepared for the worst.


mdf

2106 posts

Uber Geek
+1 received by user: 635

Trusted
Subscriber

  Reply # 2015123 13-May-2018 14:09
Send private message quote this post

@AKLWestie & @freakngeek nailed it

 

 

Dug through my box of transformers. For the first time in the ~decade I've been keeping it I managed to find one with the holy trio:

 

- right size barrel connector

 

- right polarity on the pin

 

- right voltage and amps

 

EdgeRouter seems to be alive! 

 

Edit: fixing image


 
 
 
 


591 posts

Ultimate Geek
+1 received by user: 76

Trusted
Lifetime subscriber

  Reply # 2016042 14-May-2018 20:45
Send private message quote this post

mdf:

 

@AKLWestie & @freakngeek nailed it

 

Dug through my box of transformers. For the first time in the ~decade I've been keeping it I managed to find one with the holy trio:

 

- right size barrel connector

 

- right polarity on the pin

 

- right voltage and amps

 

EdgeRouter seems to be alive! 

 

Edit: fixing image

 

 

Glad to be able to help.

 

I always keep a couple of those power supplies in hand.  Just in case.  =-D


mdf

2106 posts

Uber Geek
+1 received by user: 635

Trusted
Subscriber

  Reply # 2025951 30-May-2018 21:24
Send private message quote this post

So I think I have managed to rehabilitate my ERL with a new power brick.

 

Which seems to be the perfect opportunity to attempt to break it trying something new.

 

Are there any downsides to using DNSMasq and the Blacklist ad-blocking package? I've currently got the kids set up on their own VLAN and SSID with their DNS set to cleanbrowsing.org to filter out obvious/accidental objectionables. But they insist on mucking around with cr@ptastic flash shovelware. I'd like to (at minimum) be able to block ads on their VLAN and potentially add some of the more egregious ones to a blacklist so they can't access it them any more. They use chromebooks and old non-simmed phones so local blocking is difficult.

 

If I'm doing this anyway, I'd probably also revert to the Vodafone domain name servers and manually block malware sites for the grownups (currently using quad 9). Microsecond-level performance edges aren't really required but things do feel slightly snappier using vodafone's DNS records.

 

I appreciate that none of this isn't a substitute for good parenting; I'm just aiming to make parenting a bit easier around the margins. I also appreciate that ads are important to support content creators and I'm happy not to block unintrusive ads on the grown up machines. 


316 posts

Ultimate Geek
+1 received by user: 78


  Reply # 2025956 30-May-2018 21:34
Send private message quote this post

I use this to force all DNS via router:

 

#Force LAN DNS requests to Router
set service nat rule 4000 description 'Policy DNAT: Force LAN DNS Requests to Router'
set service nat rule 4000 inbound-interface eth1
set service nat rule 4000 destination address !192.168.0.1
set service nat rule 4000 destination port 53
set service nat rule 4000 inside-address address 192.168.0.1
set service nat rule 4000 protocol tcp_udp
set service nat rule 4000 type destination
set service nat rule 4000 log disable

 

Router uses OpenDNS Family shield:

 

set system name-server 208.67.222.123
set system name-server 208.67.220.123
set system name-server '2620:0:ccc::2'
set system name-server '2620:0:ccd::2'

 

Then you can setup exemptions like this 192.168.0.6 uses OpenDNS normal DNS servers:

 

set service nat rule 4010 description 'Google DNS for 192.168.0.6'
set service nat rule 4010 destination address '!192.168.0.6'
set service nat rule 4010 destination port 53
set service nat rule 4010 inbound-interface eth1
set service nat rule 4010 inside-address address 208.67.222.222
set service nat rule 4010 log disable
set service nat rule 4010 protocol tcp_udp
set service nat rule 4010 type destination


294 posts

Ultimate Geek
+1 received by user: 14


  Reply # 2026801 1-Jun-2018 11:13
Send private message quote this post

I'm with Bigpipe and was using IPoE (always had been on this connection, been solid). Today I just did the change over to PPoE (mandatory) on my Ubiquiti Edgerouter X SFP and it wasn't quite as straightforward as I had hoped...

 

I didn't want to do a clean setup (and follow the tutorial) as I have a bunch of settings e.g. DHCP reservations, POE settings etc I didn't want to lose.

 

     

  1. Disconnected from ONT (for 15 mins as suggested here).
  2. In the web interface

     

       

    1. Added ppoe linked to eth0 which is my WAN port, with bigpipe as user and password
    2. firewall > wan in changed from eth0 to ppoe
    3. firewall > wan local > changed from eth0 to ppoe
    4. nat > masquerade for WAN > changed from eth0 to ppoe

     

  3. Connected ONT to etho
  4. We have a connection, over PPoE, complete with my original static IP.

 

Router connected quickly but not many websites were working, speedtest wouldn't load, generally not good. GRC Shields up would load and pass.

 

Bunch of reading on mobile later, and a comparison to someones config they posted here (thanks!) and turns out I was missing "mss-clamping"

 

     

  1. In the web interface

     

       

    1. config-tree > firewall > options > mss clamp > mss set to 1452

     

 

This immediately fixed the issues I was having. Websites load, speedtest works, the internet is "back to normal".

 

I'm still doing some reading as don't fully understand mss clamping or MTU, so if anyone has bright ideas of a better way to do things please say!


316 posts

Ultimate Geek
+1 received by user: 78


  Reply # 2026895 1-Jun-2018 13:29
Send private message quote this post

I have MSS clamp set to 1452 also for pppoe, there will be some technical reason why pppoe needs that, probably to do with headers
I did play with other setting but 1452 is largest

 

But I assume only needed for IPv4, you would have only seen IPv6 capable websites before and not IPv4


294 posts

Ultimate Geek
+1 received by user: 14


  Reply # 2026898 1-Jun-2018 13:34
Send private message quote this post

freakngeek:

 

I have MSS clamp set to 1452 also for pppoe, there will be some technical reason why pppoe needs that, probably to do with headers
I did play with other setting but 1452 is largest

 

 

Is yours specifically set for just ppoe? I couldn't seem to manage to do that, and assume mine might be more general. Its working atm but keen to make sure it is correct.


316 posts

Ultimate Geek
+1 received by user: 78


  Reply # 2026904 1-Jun-2018 13:42
Send private message quote this post

I'm on VDSL and pppoe no other option, but setup should be the same as my modem is bridged
I could show my setup, if needed would need to wait till after work


24 posts

Geek


  Reply # 2029929 5-Jun-2018 17:36
Send private message quote this post

I'm wondering if anyone can help me spot the obvious. I setup the edgerouter-X using the wizard and it connects to  internet with no issue. I then went on to setup Nordvpn by putting ovpn and password files in place followed by.
 configure
 set interfaces openvpn vtun0 config-file /config/auth/client.ovpn
 commit
 save

 

As soon as that is enabled internet access stops but I assume the VPN is connecting because it gets an IP address and looking at the log seems to confirm it. However I do seen an error which may be the problem if I could work out what it's telling me.

 

 

 

Jun 5 04:31:29 ubnt openvpn[3096]: SENT CONTROL [us1878.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Jun 5 04:31:29 ubnt openvpn[3096]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,route-gateway 10.7.7.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.7.7.206 255.255.255.0'
Jun 5 04:31:29 ubnt openvpn[3096]: OPTIONS IMPORT: timers and/or timeouts modified
Jun 5 04:31:29 ubnt openvpn[3096]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Jun 5 04:31:29 ubnt openvpn[3096]: Socket Buffers: R=[131072->1048576] S=[131072->360448]
Jun 5 04:31:29 ubnt openvpn[3096]: OPTIONS IMPORT: --ifconfig/up options modified
Jun 5 04:31:29 ubnt openvpn[3096]: OPTIONS IMPORT: route options modified
Jun 5 04:31:29 ubnt openvpn[3096]: OPTIONS IMPORT: route-related options modified
Jun 5 04:31:29 ubnt openvpn[3096]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jun 5 04:31:29 ubnt openvpn[3096]: ROUTE_GATEWAY ON_LINK IFACE=pppoe0 HWADDR=00:00:00:00:00:00
Jun 5 04:31:29 ubnt openvpn[3096]: TUN/TAP device vtun0 opened
Jun 5 04:31:29 ubnt openvpn[3096]: TUN/TAP TX queue length set to 100
Jun 5 04:31:29 ubnt openvpn[3096]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Jun 5 04:31:29 ubnt openvpn[3096]: /sbin/ip link set dev vtun0 up mtu 1500
Jun 5 04:31:29 ubnt openvpn[3096]: /sbin/ip addr add dev vtun0 10.7.7.206/24 broadcast 10.7.7.255
Jun 5 04:31:29 ubnt openvpn[3096]: /sbin/ip route add 196.245.9.19/32 via 0.0.0.0
Jun 5 04:31:29 ubnt openvpn[3096]: ERROR: Linux route add command failed: external program exited with error status: 2
Jun 5 04:31:29 ubnt openvpn[3096]: /sbin/ip route add 0.0.0.0/1 via 10.7.7.1
Jun 5 04:31:29 ubnt openvpn[3096]: /sbin/ip route add 128.0.0.0/1 via 10.7.7.1
Jun 5 04:31:29 ubnt openvpn[3096]: Initialization Sequence Completed


316 posts

Ultimate Geek
+1 received by user: 78


  Reply # 2029950 5-Jun-2018 18:19
Send private message quote this post

Did you follow instructions as per here:
https://nordvpn.com/tutorials/edgerouter/openvpn/


24 posts

Geek


  Reply # 2029957 5-Jun-2018 18:26
Send private message quote this post

freakngeek:

 

Did you follow instructions as per here:
https://nordvpn.com/tutorials/edgerouter/openvpn/

 

 

Yep and log seems to indicate that bit is working. Just used my own filename i.e. client.ovpn
Only changes I've tried in the file (other than setting path to username/password file) is toggling "dev tun" to "dev-type tun" 


316 posts

Ultimate Geek
+1 received by user: 78


  Reply # 2030066 5-Jun-2018 19:34
Send private message quote this post

Been meaning to setup OpenVPN via NordVPN for ages
So have just tried and having same issue as you are
How ever I'm posting this via the VPN as only IPv6 seems to work
Just need to sort IPv4, I'll pug away at it.

 

Here is my log

 

Jun 5 19:24:00 ERLite3 openvpn[12434]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Jun 5 19:24:00 ERLite3 openvpn[12434]: Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Jun 5 19:24:00 ERLite3 openvpn[12434]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Jun 5 19:24:00 ERLite3 openvpn[12434]: Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Jun 5 19:24:00 ERLite3 openvpn[12434]: Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA
Jun 5 19:24:00 ERLite3 openvpn[12434]: [nz5.nordvpn.com] Peer Connection Initiated with [AF_INET]103.231.90.138:1194
Jun 5 19:24:02 ERLite3 openvpn[12434]: SENT CONTROL [nz5.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Jun 5 19:24:02 ERLite3 openvpn[12434]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.61 255.255.255.0'
Jun 5 19:24:02 ERLite3 openvpn[12434]: OPTIONS IMPORT: timers and/or timeouts modified
Jun 5 19:24:02 ERLite3 openvpn[12434]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Jun 5 19:24:02 ERLite3 openvpn[12434]: Socket Buffers: R=[131072->1048576] S=[131072->589824]
Jun 5 19:24:02 ERLite3 openvpn[12434]: OPTIONS IMPORT: --ifconfig/up options modified
Jun 5 19:24:02 ERLite3 openvpn[12434]: OPTIONS IMPORT: route options modified
Jun 5 19:24:02 ERLite3 openvpn[12434]: OPTIONS IMPORT: route-related options modified
Jun 5 19:24:02 ERLite3 openvpn[12434]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jun 5 19:24:02 ERLite3 openvpn[12434]: ROUTE_GATEWAY ON_LINK IFACE=pppoe0 HWADDR=00:00:00:00:00:00
Jun 5 19:24:03 ERLite3 openvpn[12434]: TUN/TAP device vtun0 opened
Jun 5 19:24:03 ERLite3 openvpn[12434]: TUN/TAP TX queue length set to 100
Jun 5 19:24:03 ERLite3 openvpn[12434]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Jun 5 19:24:03 ERLite3 openvpn[12434]: /sbin/ip link set dev vtun0 up mtu 1500
Jun 5 19:24:03 ERLite3 openvpn[12434]: /sbin/ip addr add dev vtun0 10.8.8.61/24 broadcast 10.8.8.255
Jun 5 19:24:03 ERLite3 openvpn[12434]: /sbin/ip route add 103.231.90.138/32 via 0.0.0.0
Jun 5 19:24:03 ERLite3 openvpn[12434]: ERROR: Linux route add command failed: external program exited with error status: 2
Jun 5 19:24:03 ERLite3 openvpn[12434]: /sbin/ip route add 0.0.0.0/1 via 10.8.8.1
Jun 5 19:24:03 ERLite3 openvpn[12434]: /sbin/ip route add 128.0.0.0/1 via 10.8.8.1
Jun 5 19:24:03 ERLite3 openvpn[12434]: Initialization Sequence Completed


24 posts

Geek


  Reply # 2030132 5-Jun-2018 19:42
Send private message quote this post

freakngeek:

 

Been meaning to setup OpenVPN via NordVPN for ages
So have just tried and having same issue as you are
How ever I'm posting this via the VPN as only IPv6 seems to work
Just need to sort IPv4, I'll pug away at it.

 

Here is my log

 

Jun 5 19:24:00 ERLite3 openvpn[12434]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
'''''
Jun 5 19:24:03 ERLite3 openvpn[12434]: /sbin/ip link set dev vtun0 up mtu 1500
Jun 5 19:24:03 ERLite3 openvpn[12434]: /sbin/ip addr add dev vtun0 10.8.8.61/24 broadcast 10.8.8.255
Jun 5 19:24:03 ERLite3 openvpn[12434]: /sbin/ip route add 103.231.90.138/32 via 0.0.0.0
Jun 5 19:24:03 ERLite3 openvpn[12434]: ERROR: Linux route add command failed: external program exited with error status: 2
Jun 5 19:24:03 ERLite3 openvpn[12434]: /sbin/ip route add 0.0.0.0/1 via 10.8.8.1
Jun 5 19:24:03 ERLite3 openvpn[12434]: /sbin/ip route add 128.0.0.0/1 via 10.8.8.1
Jun 5 19:24:03 ERLite3 openvpn[12434]: Initialization Sequence Completed

 

 

You can change sbin/ip route add 103.231.90.138/32 via 0.0.0.0 to sbin/ip route add dev vtun 103.231.90.138/32 via 0.0.0.0

 

and it will go in and out without error. Doesn't help thoughsmile


591 posts

Ultimate Geek
+1 received by user: 76

Trusted
Lifetime subscriber

  Reply # 2031080 6-Jun-2018 21:14
Send private message quote this post

freakngeek:

 

I have MSS clamp set to 1452 also for pppoe, there will be some technical reason why pppoe needs that, probably to do with headers
I did play with other setting but 1452 is largest

 

But I assume only needed for IPv4, you would have only seen IPv6 capable websites before and not IPv4

 

 

Or you can try setting the MTU to 1508 on the pppoe interface, eth0, eth1, and eth2 to 1500.  Then you should not need to use MSS clamp.

 

I had a similar issue back in the early days of Bigpipe IPv6 trial over pppoe, I could not get many pages to load.  @michaelmurfy came to my rescue by suggesting setting the MTU to the above.


1 | ... | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.