Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | ... | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | ... | 56
Affiliate link
 
 
 

Affiliate link: Trade NZ and US shares and funds with Sharesies.
ArdRigh
25 posts

Geek


  #1809038 29-Jun-2017 16:14
Send private message

Nice work.

 

I have actually been thinking about moving the existing patch panel, and putting in a bigger rack setup so I can do something similar.

 

The photo gives me some ideas.


ArdRigh
25 posts

Geek


  #1813106 5-Jul-2017 10:39
Send private message

I ended up going with a CloudKey, USG, and a PoE switch.

 

I haven't added the wireless yet, but process was seamless getting everything running and updating the various firmwares.

 

I see they've dropped a 5.5.x version of the controller so will look at updating to that before I configure too much more.


  #1819189 10-Jul-2017 21:18
Send private message

michaelmurfy:

 

You can do this via timed Firewall rules: https://community.ubnt.com/t5/EdgeMAX/Time-control-parental-controll/td-p/1035259

 

I've never tried this nor have any need to however.

 

 

 

 

So, without abusing your generosity... I'm looking for help on how to apply a policy-based vpn service to the router.

 

I'm quickly learning that this incredibly powerful router is somewhat limited in its configurability if one purely relies on the GUI. Which then means it is severly limited by me and my inability to work out how to use the CLI.

 

I have an AppleTV (Gen 4)which has a static IP. I want all of its traffic to route through to a VPN service. I currently used expressVPN, and which has a username/password/shared plus server configuration when applied through a manual setup.

 

Whilst some of this information can be entered through the GUI, there's no where to add the logon type details, then I end up lost. I've tried locating some EdgeMax wizards to download in the hope that would simplify things for me, but I failed at that too.

 

Any ideas of how to make this idiot proof for me?




michaelmurfy

/dev/ttys0
10974 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1819230 10-Jul-2017 22:10
Send private message

ArdRigh:

 

I ended up going with a CloudKey, USG, and a PoE switch.

 

I haven't added the wireless yet, but process was seamless getting everything running and updating the various firmwares.

 

I see they've dropped a 5.5.x version of the controller so will look at updating to that before I configure too much more.

 

 

How are you finding it?

 

dmartora:

 

 

 

So, without abusing your generosity... I'm looking for help on how to apply a policy-based vpn service to the router.

 

I'm quickly learning that this incredibly powerful router is somewhat limited in its configurability if one purely relies on the GUI. Which then means it is severly limited by me and my inability to work out how to use the CLI.

 

I have an AppleTV (Gen 4)which has a static IP. I want all of its traffic to route through to a VPN service. I currently used expressVPN, and which has a username/password/shared plus server configuration when applied through a manual setup.

 

Whilst some of this information can be entered through the GUI, there's no where to add the logon type details, then I end up lost. I've tried locating some EdgeMax wizards to download in the hope that would simplify things for me, but I failed at that too.

 

Any ideas of how to make this idiot proof for me?

 

I wish I could help here but I really can't. The only thing I've done is a site-to-site VPN from my router to another router that I manage via OpenVPN. The only thing I can really recommend here is to ask on the Ubiquiti forums as the guys there are very helpful and there is bound to be somebody who has done what you're wanting there.





Michael Murphy | https://murfy.nz | https://keybase.io/michaelmurfy - Referral Links: Sharesies | Electric Kiwi
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation.


  #1822956 15-Jul-2017 17:03
Send private message

michaelmurfy:

 

 

 

I wish I could help here but I really can't. The only thing I've done is a site-to-site VPN from my router to another router that I manage via OpenVPN. The only thing I can really recommend here is to ask on the Ubiquiti forums as the guys there are very helpful and there is bound to be somebody who has done what you're wanting there.

 

 

 

 

Thanks for your guidance, I've tried the forums, I'm really coming up against a brick wall. If anyone has any insights I would appreciate it.

 

It's taking me ages just to understand bits but I am still trying though, and I have managed to get the router set up and working. I just want to take the next step in configuring it and now I'm lost in a world I clearly don't (yet) understand.

 

I have an expressVPN account subscription, which allows OpenVPN configuration. I have downloaded the OpenVPN configuration file (single file *.ovpn - let's call it: doessomething.ovpn). No idea what to do with it really.

 

What I am trying to do is have all the traffic from a particular device (and only that device) on my internal network (let's call that device 192.168.10.223) routed through to use the VPN. All other traffic can merrily fall out of the router through what ever my ISP decides.

 

The router is set up  fine (I think). It does its job well. The router is set up as shown in this pic:

 

Click to see full size

 

Any advice from anyone would be (really, really... really) appreciated. If I need to remove it from this thread and create another, let me know.

 

Thanks in advance


fe31nz
818 posts

Ultimate Geek


  #1823024 15-Jul-2017 21:00
Send private message

I don't think you can do OpenVPN in an Edgerouter from the GUI - you have to use the CLI.  Depending on what is in the .ovpn file, it may be as simple as storing the file somewhere under your /config directory (I have mine in /config/auth/openvpn) and then adding some CLI commands to set up a tunnel interface with that file, something like this:

 

set interfaces openvpn vtun0 config-file /config/auth/openvpn/dosomething.ovpn
set interfaces openvpn vtun0 enable

 

You would then need to set up routing so that the traffic to and from the IP address of the device you want to have using the OpenVPN connection is routed via the vtun0 tunnel - that may be able to be done from the GUI once you have created the vtun0 interface in the CLI.


LordFarthing
10 posts

Wannabe Geek


  #1824426 18-Jul-2017 14:39
Send private message

I am switching over to Bigpipe UFB with a static IP, and this presents me a chance to do some hardware upgrade as well. Been using a Fritz 7490 and now planning to get an ERL-3 and repurpose the Fritz as an AP. I currently run a Synology NAS , accessible via VPN and using DynDNS. My question is, do I plug the NAS onto the ERL or onto the ERL-3 ? Which option is 'easier' to configure (port forwards, f/w rules, etc..) and achieved  on the ERL ?

 

 

 

Thanks!




ArdRigh
25 posts

Geek


  #1825971 20-Jul-2017 15:54
Send private message

michaelmurfy:

 

ArdRigh:

 

I ended up going with a CloudKey, USG, and a PoE switch.

 

I haven't added the wireless yet, but process was seamless getting everything running and updating the various firmwares.

 

I see they've dropped a 5.5.x version of the controller so will look at updating to that before I configure too much more.

 

 

How are you finding it?

 

 

 

 

So far it has been good. Applied a couple of CloudKey updates that have been released.

 

I changed my configuration a couple of times, so the network devices aren't on the default range, which caused some dramas adopting the USG. A couple of commands via SSH got around that.

 

So now I have 3 VLANs; an untagged management range, a tagged DMZ range for port forwarding devices, and a tagged general range. With WiFi tagged on the general range.

 

Using VLAN tagging and DHCP from the USG has been interesting. I had to set switch ports to specific VLANs so DHCP worked, otherwise hosts wouldn't get addresses. I m not sure if there's a better way to get that working?

 

 

 

The web interface is pretty slick and the Ubiquiti forums and community site have been helpful. I am considering whether to try the Beta channel 5.6.x releases for some of the feature updates.

 

 

 

 

 

 


richms
25150 posts

Uber Geek

Trusted
Subscriber

  #1825974 20-Jul-2017 15:57
Send private message

Ive added a second wifi network on a vlan to start moving devices off the general lan again line I had before I got all the unifi stuff.

 

Finding that the vlans are not making it thru all the switches to all the APs, and since there is no IP on the vlan interface of the AP, its hard to go plugging in at various places and seeing what responds and what doesnt. Also DHCP seems to not be getting thru all the switches on the vlans since the phone which is statically configured will work fine in the shed on the speaker network, but the speakers when out there will connect but not get an IP so just sit there flashing their light. Bring the speaker into the house near an AP plugged into the main switch and they connect up and work just fine.

 

Im at the CBF troubleshooting it stage with the unifi stuff and have just moved the SSID back to the untagged lan and things are working, but the LG crap speakers seem to freak out with something else on the network most of the time and crash. When on their own vlan with just them and the phone, they worked great for days.





Richard rich.ms

chevrolux
4962 posts

Uber Geek
Inactive user


  #1826005 20-Jul-2017 16:47
Send private message

I really don't like the VLAN implementation on the Unifi switches. They have just made it too simple, which actually makes it hard to achieve what you want. When you have had years of terms like edge, trunk, tagged, untagged etc. It gets kind of annoying when you have to go configure a "network" and then set that on the ports you want. And then I haven't managed to make it do what I would call a normal "edge" port - ie the VLAN might be tagged on the trunk port, so you set an edge port with the VLAN so egress packets get untagged as they leave the edge port. But no, doens't work like that.

 

The UBNT EdgeSwitch is how I like it. Or just ol' faithful Allied Telesis if the customer is willing to pay.


richms
25150 posts

Uber Geek

Trusted
Subscriber

  #1826012 20-Jul-2017 17:03
Send private message

My old tenda switches were simple how I liked it, add vlan numbers and then a crapload of checkboxes to choose what went where. The dropdown list and edit thing on the unifi is confusing as to what it will actually achieve. I also think the dhcp guard is on even tho I didnt choose it since it breaks DHCP. Motivation to play exhausted with other things needing to be done.





Richard rich.ms

Swemoph
44 posts

Geek


  #1826859 21-Jul-2017 23:50
Send private message

Thanks for the tutorial! Got it all working but just a quick question. My firewall configuration was set to pppoe/in and pppoe/local rather than eth0.10 like in your screenshot - is this a issue or can I leave it as is?


michaelmurfy

/dev/ttys0
10974 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1826863 22-Jul-2017 00:46
Send private message

Swemoph:

 

Thanks for the tutorial! Got it all working but just a quick question. My firewall configuration was set to pppoe/in and pppoe/local rather than eth0.10 like in your screenshot - is this a issue or can I leave it as is?

 

Yep pppoe0 is what you want to have it set to if you're using an ISP with PPPoE. I have it set as eth0.10 since that is what my ISP provides me.





Michael Murphy | https://murfy.nz | https://keybase.io/michaelmurfy - Referral Links: Sharesies | Electric Kiwi
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation.


  #1827505 23-Jul-2017 11:05
Send private message

fe31nz:

 

I don't think you can do OpenVPN in an Edgerouter from the GUI - you have to use the CLI.  Depending on what is in the .ovpn file, it may be as simple as storing the file somewhere under your /config directory (I have mine in /config/auth/openvpn) and then adding some CLI commands to set up a tunnel interface with that file, something like this:

 

set interfaces openvpn vtun0 config-file /config/auth/openvpn/dosomething.ovpn
set interfaces openvpn vtun0 enable

 

You would then need to set up routing so that the traffic to and from the IP address of the device you want to have using the OpenVPN connection is routed via the vtun0 tunnel - that may be able to be done from the GUI once you have created the vtun0 interface in the CLI.

 

 

 

 

This must be really painful to read for most of you. So, what you mentioned does make more sense to me, but...It's all taking some (significant) time to click with me.

 

In reality, I am prepared to pay for support now and would kill for some step by step instructions to make it simpler for me and was wondering if anyone knew of any out there, or might even provide some (paid) support, I am certainly not looking to take advantage of goodwill. If I asked a builder mate to do a job... he'd likely charge me something, so I don't see the difference.

 

The challenge I have is that whilst everywhere I have asked for help have been helpful and tried to guide me, they all assume that I'm not the idiot that I obviously am. Believe it or not, I have searched the net quite extensively but I'm either not getting something glaringly obvious (quite likely) or there's a some secret black-art to doing this for which I haven't learned the appropriate handshake.

 

 As mentioned:

 

  • We can assume the router works fine and dandy (which it does).
  • I have an expressVPN account subscription which allows OpenVPN configuration. I have downloaded the OpenVPN configuration file (dosomething.ovpn) and has also provided a username and password for wherever that might be needed. I've no idea what to do with it now, and no idea if it is the only file I need or whether I have to create/generate/find some others.
  • I have no idea how to get the file(s) onto the router

At a basic level, I'd simply like to know what to do with the *.ovpn file, whether I need (to create) any other files, the easiest way to get the file(s) on my router, and how to configure the vpn service using the command line (accepting the router gui isn't capable). In reading that, it still seems like I'm asking a lot.

 

Once that bit is done, I'll then worry about the policy based usage.

 

Again, any help at all from anyone would be appreciated. Feel free to patronise, I clearly need small words and limited syllables.

 

 


Spyware
2973 posts

Uber Geek

Lifetime subscriber

  #1827513 23-Jul-2017 11:29
Send private message




Spark Max Fibre using Mikrotik CCR1009-8G-1S-1S+, CRS125-24G-1S, UAP, UAP AC Pro, UAP AC Pro Mesh, Apple TV 4, Apple TV 4K, iPad Air 1st gen, iPad Air 4th gen, iPhone XR, VodaTV Gen 2. If it doesn't move then it's data cabled.


1 | ... | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | ... | 56
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

D-Link G415 4G Smart Router Review
Posted 27-Jun-2022 17:24


New Zealand Video Game Sales Reaches $540 Million
Posted 26-Jun-2022 14:49


Github Copilot Generally Available to All Developers
Posted 26-Jun-2022 14:37


Logitech G Introduces the New Astro A10 Headset
Posted 26-Jun-2022 14:20


Fitbit introduces Sleep Profiles
Posted 26-Jun-2022 14:11


Synology Introduces FlashStation FS3410
Posted 26-Jun-2022 14:04


Intel Arc A380 Graphics First Available in China
Posted 15-Jun-2022 17:08


JBL Introduces PartyBox Encore Essential Speaker
Posted 15-Jun-2022 17:05


New TVNZ+ streaming brand launches
Posted 13-Jun-2022 08:35


Chromecast With Google TV Review
Posted 10-Jun-2022 17:10


Xbox Gaming on Your Samsung Smart TV No Console Required
Posted 10-Jun-2022 00:01


Xbox Cloud Gaming Now Available in New Zealand
Posted 10-Jun-2022 00:01


HP Envy Inspire 7900e Review
Posted 9-Jun-2022 20:31


Philips Hue Starter Kit Review
Posted 4-Jun-2022 11:10


Sony Expands Its Wireless Speaker X-series Range
Posted 4-Jun-2022 10:25









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.