Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | ... | 28
24 posts

Geek
+1 received by user: 1


  Reply # 1809038 29-Jun-2017 16:14
Send private message quote this post

Nice work.

 

I have actually been thinking about moving the existing patch panel, and putting in a bigger rack setup so I can do something similar.

 

The photo gives me some ideas.


24 posts

Geek
+1 received by user: 1


  Reply # 1813106 5-Jul-2017 10:39
Send private message quote this post

I ended up going with a CloudKey, USG, and a PoE switch.

 

I haven't added the wireless yet, but process was seamless getting everything running and updating the various firmwares.

 

I see they've dropped a 5.5.x version of the controller so will look at updating to that before I configure too much more.


 
 
 
 


57 posts

Master Geek

Lifetime subscriber

  Reply # 1819189 10-Jul-2017 21:18
Send private message quote this post

michaelmurfy:

 

You can do this via timed Firewall rules: https://community.ubnt.com/t5/EdgeMAX/Time-control-parental-controll/td-p/1035259

 

I've never tried this nor have any need to however.

 

 

 

 

So, without abusing your generosity... I'm looking for help on how to apply a policy-based vpn service to the router.

 

I'm quickly learning that this incredibly powerful router is somewhat limited in its configurability if one purely relies on the GUI. Which then means it is severly limited by me and my inability to work out how to use the CLI.

 

I have an AppleTV (Gen 4)which has a static IP. I want all of its traffic to route through to a VPN service. I currently used expressVPN, and which has a username/password/shared plus server configuration when applied through a manual setup.

 

Whilst some of this information can be entered through the GUI, there's no where to add the logon type details, then I end up lost. I've tried locating some EdgeMax wizards to download in the hope that would simplify things for me, but I failed at that too.

 

Any ideas of how to make this idiot proof for me?




Mr Snotty
8180 posts

Uber Geek
+1 received by user: 4164

Moderator
Trusted
Lifetime subscriber

  Reply # 1819230 10-Jul-2017 22:10
Send private message quote this post

ArdRigh:

 

I ended up going with a CloudKey, USG, and a PoE switch.

 

I haven't added the wireless yet, but process was seamless getting everything running and updating the various firmwares.

 

I see they've dropped a 5.5.x version of the controller so will look at updating to that before I configure too much more.

 

 

How are you finding it?

 

dmartora:

 

 

 

So, without abusing your generosity... I'm looking for help on how to apply a policy-based vpn service to the router.

 

I'm quickly learning that this incredibly powerful router is somewhat limited in its configurability if one purely relies on the GUI. Which then means it is severly limited by me and my inability to work out how to use the CLI.

 

I have an AppleTV (Gen 4)which has a static IP. I want all of its traffic to route through to a VPN service. I currently used expressVPN, and which has a username/password/shared plus server configuration when applied through a manual setup.

 

Whilst some of this information can be entered through the GUI, there's no where to add the logon type details, then I end up lost. I've tried locating some EdgeMax wizards to download in the hope that would simplify things for me, but I failed at that too.

 

Any ideas of how to make this idiot proof for me?

 

I wish I could help here but I really can't. The only thing I've done is a site-to-site VPN from my router to another router that I manage via OpenVPN. The only thing I can really recommend here is to ask on the Ubiquiti forums as the guys there are very helpful and there is bound to be somebody who has done what you're wanting there.





57 posts

Master Geek

Lifetime subscriber

  Reply # 1822956 15-Jul-2017 17:03
Send private message quote this post

michaelmurfy:

 

 

 

I wish I could help here but I really can't. The only thing I've done is a site-to-site VPN from my router to another router that I manage via OpenVPN. The only thing I can really recommend here is to ask on the Ubiquiti forums as the guys there are very helpful and there is bound to be somebody who has done what you're wanting there.

 

 

 

 

Thanks for your guidance, I've tried the forums, I'm really coming up against a brick wall. If anyone has any insights I would appreciate it.

 

It's taking me ages just to understand bits but I am still trying though, and I have managed to get the router set up and working. I just want to take the next step in configuring it and now I'm lost in a world I clearly don't (yet) understand.

 

I have an expressVPN account subscription, which allows OpenVPN configuration. I have downloaded the OpenVPN configuration file (single file *.ovpn - let's call it: doessomething.ovpn). No idea what to do with it really.

 

What I am trying to do is have all the traffic from a particular device (and only that device) on my internal network (let's call that device 192.168.10.223) routed through to use the VPN. All other traffic can merrily fall out of the router through what ever my ISP decides.

 

The router is set up  fine (I think). It does its job well. The router is set up as shown in this pic:

 

Click to see full size

 

Any advice from anyone would be (really, really... really) appreciated. If I need to remove it from this thread and create another, let me know.

 

Thanks in advance


392 posts

Ultimate Geek
+1 received by user: 81


  Reply # 1823024 15-Jul-2017 21:00
Send private message quote this post

I don't think you can do OpenVPN in an Edgerouter from the GUI - you have to use the CLI.  Depending on what is in the .ovpn file, it may be as simple as storing the file somewhere under your /config directory (I have mine in /config/auth/openvpn) and then adding some CLI commands to set up a tunnel interface with that file, something like this:

 

set interfaces openvpn vtun0 config-file /config/auth/openvpn/dosomething.ovpn
set interfaces openvpn vtun0 enable

 

You would then need to set up routing so that the traffic to and from the IP address of the device you want to have using the OpenVPN connection is routed via the vtun0 tunnel - that may be able to be done from the GUI once you have created the vtun0 interface in the CLI.


10 posts

Wannabe Geek


  Reply # 1824426 18-Jul-2017 14:39
Send private message quote this post

I am switching over to Bigpipe UFB with a static IP, and this presents me a chance to do some hardware upgrade as well. Been using a Fritz 7490 and now planning to get an ERL-3 and repurpose the Fritz as an AP. I currently run a Synology NAS , accessible via VPN and using DynDNS. My question is, do I plug the NAS onto the ERL or onto the ERL-3 ? Which option is 'easier' to configure (port forwards, f/w rules, etc..) and achieved  on the ERL ?

 

 

 

Thanks!


24 posts

Geek
+1 received by user: 1


  Reply # 1825971 20-Jul-2017 15:54
Send private message quote this post

michaelmurfy:

 

ArdRigh:

 

I ended up going with a CloudKey, USG, and a PoE switch.

 

I haven't added the wireless yet, but process was seamless getting everything running and updating the various firmwares.

 

I see they've dropped a 5.5.x version of the controller so will look at updating to that before I configure too much more.

 

 

How are you finding it?

 

 

 

 

So far it has been good. Applied a couple of CloudKey updates that have been released.

 

I changed my configuration a couple of times, so the network devices aren't on the default range, which caused some dramas adopting the USG. A couple of commands via SSH got around that.

 

So now I have 3 VLANs; an untagged management range, a tagged DMZ range for port forwarding devices, and a tagged general range. With WiFi tagged on the general range.

 

Using VLAN tagging and DHCP from the USG has been interesting. I had to set switch ports to specific VLANs so DHCP worked, otherwise hosts wouldn't get addresses. I m not sure if there's a better way to get that working?

 

 

 

The web interface is pretty slick and the Ubiquiti forums and community site have been helpful. I am considering whether to try the Beta channel 5.6.x releases for some of the feature updates.

 

 

 

 

 

 


21709 posts

Uber Geek
+1 received by user: 4484

Trusted
Subscriber

  Reply # 1825974 20-Jul-2017 15:57
Send private message quote this post

Ive added a second wifi network on a vlan to start moving devices off the general lan again line I had before I got all the unifi stuff.

 

Finding that the vlans are not making it thru all the switches to all the APs, and since there is no IP on the vlan interface of the AP, its hard to go plugging in at various places and seeing what responds and what doesnt. Also DHCP seems to not be getting thru all the switches on the vlans since the phone which is statically configured will work fine in the shed on the speaker network, but the speakers when out there will connect but not get an IP so just sit there flashing their light. Bring the speaker into the house near an AP plugged into the main switch and they connect up and work just fine.

 

Im at the CBF troubleshooting it stage with the unifi stuff and have just moved the SSID back to the untagged lan and things are working, but the LG crap speakers seem to freak out with something else on the network most of the time and crash. When on their own vlan with just them and the phone, they worked great for days.





Richard rich.ms

3718 posts

Uber Geek
+1 received by user: 1435

Subscriber

  Reply # 1826005 20-Jul-2017 16:47
Send private message quote this post

I really don't like the VLAN implementation on the Unifi switches. They have just made it too simple, which actually makes it hard to achieve what you want. When you have had years of terms like edge, trunk, tagged, untagged etc. It gets kind of annoying when you have to go configure a "network" and then set that on the ports you want. And then I haven't managed to make it do what I would call a normal "edge" port - ie the VLAN might be tagged on the trunk port, so you set an edge port with the VLAN so egress packets get untagged as they leave the edge port. But no, doens't work like that.

 

The UBNT EdgeSwitch is how I like it. Or just ol' faithful Allied Telesis if the customer is willing to pay.


21709 posts

Uber Geek
+1 received by user: 4484

Trusted
Subscriber

  Reply # 1826012 20-Jul-2017 17:03
Send private message quote this post

My old tenda switches were simple how I liked it, add vlan numbers and then a crapload of checkboxes to choose what went where. The dropdown list and edit thing on the unifi is confusing as to what it will actually achieve. I also think the dhcp guard is on even tho I didnt choose it since it breaks DHCP. Motivation to play exhausted with other things needing to be done.





Richard rich.ms

39 posts

Geek
+1 received by user: 5


  Reply # 1826859 21-Jul-2017 23:50
Send private message quote this post

Thanks for the tutorial! Got it all working but just a quick question. My firewall configuration was set to pppoe/in and pppoe/local rather than eth0.10 like in your screenshot - is this a issue or can I leave it as is?




Mr Snotty
8180 posts

Uber Geek
+1 received by user: 4164

Moderator
Trusted
Lifetime subscriber

  Reply # 1826863 22-Jul-2017 00:46
One person supports this post
Send private message quote this post

Swemoph:

 

Thanks for the tutorial! Got it all working but just a quick question. My firewall configuration was set to pppoe/in and pppoe/local rather than eth0.10 like in your screenshot - is this a issue or can I leave it as is?

 

Yep pppoe0 is what you want to have it set to if you're using an ISP with PPPoE. I have it set as eth0.10 since that is what my ISP provides me.





57 posts

Master Geek

Lifetime subscriber

  Reply # 1827505 23-Jul-2017 11:05
Send private message quote this post

fe31nz:

 

I don't think you can do OpenVPN in an Edgerouter from the GUI - you have to use the CLI.  Depending on what is in the .ovpn file, it may be as simple as storing the file somewhere under your /config directory (I have mine in /config/auth/openvpn) and then adding some CLI commands to set up a tunnel interface with that file, something like this:

 

set interfaces openvpn vtun0 config-file /config/auth/openvpn/dosomething.ovpn
set interfaces openvpn vtun0 enable

 

You would then need to set up routing so that the traffic to and from the IP address of the device you want to have using the OpenVPN connection is routed via the vtun0 tunnel - that may be able to be done from the GUI once you have created the vtun0 interface in the CLI.

 

 

 

 

This must be really painful to read for most of you. So, what you mentioned does make more sense to me, but...It's all taking some (significant) time to click with me.

 

In reality, I am prepared to pay for support now and would kill for some step by step instructions to make it simpler for me and was wondering if anyone knew of any out there, or might even provide some (paid) support, I am certainly not looking to take advantage of goodwill. If I asked a builder mate to do a job... he'd likely charge me something, so I don't see the difference.

 

The challenge I have is that whilst everywhere I have asked for help have been helpful and tried to guide me, they all assume that I'm not the idiot that I obviously am. Believe it or not, I have searched the net quite extensively but I'm either not getting something glaringly obvious (quite likely) or there's a some secret black-art to doing this for which I haven't learned the appropriate handshake.

 

 As mentioned:

 

  • We can assume the router works fine and dandy (which it does).
  • I have an expressVPN account subscription which allows OpenVPN configuration. I have downloaded the OpenVPN configuration file (dosomething.ovpn) and has also provided a username and password for wherever that might be needed. I've no idea what to do with it now, and no idea if it is the only file I need or whether I have to create/generate/find some others.
  • I have no idea how to get the file(s) onto the router

At a basic level, I'd simply like to know what to do with the *.ovpn file, whether I need (to create) any other files, the easiest way to get the file(s) on my router, and how to configure the vpn service using the command line (accepting the router gui isn't capable). In reading that, it still seems like I'm asking a lot.

 

Once that bit is done, I'll then worry about the policy based usage.

 

Again, any help at all from anyone would be appreciated. Feel free to patronise, I clearly need small words and limited syllables.

 

 


2120 posts

Uber Geek
+1 received by user: 376

Lifetime subscriber

  Reply # 1827513 23-Jul-2017 11:29
One person supports this post
Send private message quote this post
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | ... | 28
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.