Ubiquiti Edgerouter Tutorial

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Ubiquiti Edgerouter Tutorial

1 | ... | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42

dklong

100 posts

Master Geek

# 2319565 18-Sep-2019 07:19

@No4 The only difference between the settings you have listed and mine are that I'm using 1500/1492 MTU size instead of 1508/1500. I'm only running IPV4 so, as per the comments from @fe31nz above, it isn't an issue, however his comments suggest either should work on the Edgerouter. I'm getting full speed (950Mbps/450Mbps) from my fibre so pretty happy.

No4

14 posts

Geek

# 2320066 19-Sep-2019 07:56

One person supports this post

Found the problem - it was more hardware related I think, although I did correct the location of the ipv6 firewall.

Turns out the ethernet cable to the old laptop (running Mint) was dodgy so it had connected via wireless instead. So very old laptop plus wireless at reasonable range was the issue for speedtest. Once I changed the cable, speeds were 80/9 or so, compared to 100/18 for my standard windows 8 pc on the HG659 (I'm only on basic fibre which is 100/20). I then tried my work laptop on the ERX/UAP Lite and got 100/19 wired and 80/18 wireless, so any limitations are not in the config.

On to the next step of commissioning - checking voip. Almost there.

chrislaing

41 posts

Geek

# 2327299 30-Sep-2019 20:39

Hello friends,

I am having some (quite odd) problems with my ipsec/L2TP vpn on my ERX (firmware version 1.10).

I have been through literally every post on the topic on the Ubiquiti forums, and I'm wondering if I need to upgrade to 2.x firmware for this to work.

Firstly, the relevant part of my config:

ipsec {
auto-firewall-nat-exclude enable
ipsec-interfaces {
interface eth0
}
nat-networks {
allowed-network 0.0.0.0/0 {
}
}
nat-traversal enable
}
l2tp {
remote-access {
authentication {
local-users {
username <redacted> {
password <redacted>
}
}
mode local
}
client-ip-pool {
start 192.168.100.244
stop 192.168.100.249
}
dns-servers {
server-1 1.1.1.1
server-2 1.0.0.1
}
ipsec-settings {
authentication {
mode pre-shared-secret
pre-shared-secret <redacted>
}
ike-lifetime 3600
}
mtu 1492
outside-address xxx.xxx.xxx.xxx
outside-nexthop xxx.xxx.xxx.xxx
}
}

I am able to connect to the vpn from my Mac, inside my WLAN, when specifying outside-address to be my external ip (set via a cronjob, as is outside-nexthop).

I am unable to connect from my iphone inside my WLAN.

I am unable to connect when I replace outside-address with 0.0.0.0. (This is the recommended solution from the Ubiquiti forums).

I am unable to connect using my dynamic dns (which resolves correctly with nslookup).

I have tried various combinations of specifying/removing nat-traversal, nat-networks, ipsec-interfaces, auto-firewall-nat-exclude.

Any suggestions at all, from anyone, or do I just have to try the 2.x firmware?

As always, many thanks for your help!

dklong

100 posts

Master Geek

# 2328765 3-Oct-2019 09:04

@chrislaing

Your config looks pretty good based on my limited knowledge but you don't mention updating your firewall rules as well to allow L2TP/IPSec traffic through? I found the article below and some of it's links quite useful when setting up something similar.

https://help.ubnt.com/hc/en-us/articles/204950294-EdgeRouter-L2TP-IPsec-VPN-Server#3

Cheers

chrislaing

41 posts

Geek

# 2331561 6-Oct-2019 21:00

Hey, thanks for the link. That article is where I started my long trudge through the Ubiquiti forums.

Firewall should be fine, but I'll nuke it anyway and start from scratch.

It's a funny old problem.

wratterus

739 posts

Ultimate Geek

# 2333186 9-Oct-2019 09:02

Bit of a basic question here sorry - setting up an ER-X for a Vodafone connection (will be bridged VDSL). Just sorting out firewall & want to setup upnp2 as well- should the WAN interface be set to eth0 or eth0.10?

I know on a pppoe connection with vlan10 the WAN interface needs to be set to pppoe0, but am not sure with a DHCP/IPoE connection. Thanks.

1 | ... | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42