Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1622 posts

Uber Geek
+1 received by user: 182

Subscriber

Topic # 222538 16-Aug-2017 13:25
Send private message

Hi there,

 

I have just setup a nice shiney new USG + USW-24 + 2xUAP home network, running the latest version of the Unifi controller software - v5.5.20.

 

I have a number of different VLANs setup and dnsmasq running on a VM on my network. The USG has DHCP disabled as dnsmasq handles everything DHCP/DNS related.

 

I am trying to setup a remote user VPN on the USG so I can connect in on my phone or laptop and access my main data VLAN (.10).

 

I followed the online guides and have enabled the USG radius server, setup the Remote User VPN (L2TP), and can successfully connect and authenticate using my Android phone. From my phone I can access the .10 VLAN via direct IP addresses. 

 

However I cannot access anything via my internal hostnames/aliases - e.g. my openHAB server is 192.168.10.103 but is also accessible via openhab.home. However when connecting via the L2TP VPN I cannot *see* these hostnames.

 

I have tried leaving the VPN "Name Server" config on the USG empty, tried specifying the dnsmasq server, but nothing seems to work. Also tried explicitly setting the dnsmasq server IP address in the client VPN config, but no difference.

 

I know the phone can access those servers, but I just can't figure out how to get it to use the dnsmasq DNS server.

 

Anyone got any tips or suggestions about what I am missing here?!

 

Cheers,

 

Ben


Create new topic
Meow
7066 posts

Uber Geek
+1 received by user: 3310

Moderator
Trusted
Lifetime subscriber

  Reply # 1847586 16-Aug-2017 13:56
Send private message

Add a SSH key to your USG (you'll have to do this with the gateway.json file on your controller) and from there get your dnsmasq box to push its dnsmasq hostfile configuration to your USG's /etc/dnsmasq.d/ directory else format it and push it across to /etc/hosts.

 

Your USG will then serve these up using its internal DNS server.







1622 posts

Uber Geek
+1 received by user: 182

Subscriber

  Reply # 1847592 16-Aug-2017 14:02
Send private message

It is mainly my VMs which all have static IPs, so I guess I can just copy the applicable hosts records from my dnsmasq server to the USG?

 

E.g.

 

192.168.10.104  app02  openhab

 

192.168.10.105  app03  media

 

Will the hosts file on the USG be overwritten by an upgrade? Or is that safe?


 
 
 
 


Meow
7066 posts

Uber Geek
+1 received by user: 3310

Moderator
Trusted
Lifetime subscriber

  Reply # 1847597 16-Aug-2017 14:06
Send private message

SumnerBoy:

 

It is mainly my VMs which all have static IPs, so I guess I can just copy the applicable hosts records from my dnsmasq server to the USG?

 

E.g.

 

192.168.10.104  app02  openhab

 

192.168.10.105  app03  media

 

Will the hosts file on the USG be overwritten by an upgrade? Or is that safe?

 

It'll overwrite on each provision. You're best to use the gateway.json file on your controller. Have a look at this thread at the "host-record=unifi,192.168.1.140" line.

 

Make sure it parses as JSON else your router will go into a provisioning loop but I am pretty sure thats what you're needing. If the router was used as a dnsmasq / dns server then you could do it directly from the controller.

 

Given the router is also a Debian Linux box you could potentially store your scripts in /config/scripts or pull it from the router via SCP. Just make sure all cron jobs etc are all referenced in the gateway.json file to ensure they still work after a system upgrade.







1622 posts

Uber Geek
+1 received by user: 182

Subscriber

  Reply # 1847626 16-Aug-2017 15:24
Send private message

Thanks Michael - that has done the trick. Manually editing /etc/hosts on the USG didn't seem to make a difference, but adding a config.gateway.json with a list of `host-record` entries (and force provisioning) has worked. Happy days!

 

I think I will keep things simple for now, and manually edit the config.gateway.json rather than try to auto-provision from the dnsmasq server. Baby steps and all that!

 

I am starting to wonder if I should run this VPN as always-on now, and remove the various port forwards I have for openHAB and MQTT etc. Would no doubt be a load more secure that way. Just a little concerned that it might effect battery life on my phone tho.

 

Anyways, thanks again for your guidance!

 

 


3724 posts

Uber Geek
+1 received by user: 432

Trusted

  Reply # 1847674 16-Aug-2017 16:48
Send private message

Yeah I added all most hosts into the config file. Then all vms etc can stay dhcp and the USG will serve up the addresses.




Previously known as psycik

NextPVR/OpenHAB: 
Gigabyte AMD A8 Brix --> Samsung LA46A650D via HDMI, NextPVR,OpenHAB with Aeotech ZWave Controller
Media:Chromecast v2, ATV4, Roku3, Raspberry PI temperature Sensors and Bluetooth LE Sensors,HDHomeRun Dual
Windows 2012 
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex




1622 posts

Uber Geek
+1 received by user: 182

Subscriber

  Reply # 1847678 16-Aug-2017 16:54
Send private message

Am I right in saying the USG uses dnsmasq "under-the-hood"?

 

If that is the case can I migrate my existing dnsmasq config across to the USG (via the config file I presume?) and remove the need for a separate server on my network?

 

Can python scripts be run on the USG, fired from dnsmasq events, does anyone know?


3724 posts

Uber Geek
+1 received by user: 432

Trusted

  Reply # 1847689 16-Aug-2017 17:28
Send private message

Yeh there is dnsmasq in there as well. I use that for dns4me , I download a dnsmasq file from them with all the overseas dns servers.

Not sure about python on there.




Previously known as psycik

NextPVR/OpenHAB: 
Gigabyte AMD A8 Brix --> Samsung LA46A650D via HDMI, NextPVR,OpenHAB with Aeotech ZWave Controller
Media:Chromecast v2, ATV4, Roku3, Raspberry PI temperature Sensors and Bluetooth LE Sensors,HDHomeRun Dual
Windows 2012 
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


Meow
7066 posts

Uber Geek
+1 received by user: 3310

Moderator
Trusted
Lifetime subscriber

  Reply # 1847729 16-Aug-2017 18:46
Send private message

Yes there is Python on the USG:

 

admin@USG:~$ python --version
Python 2.7.3

 

You can store your scripts under /config/scripts which survive after a reboot. The USG also uses dnsmasq. Just ensure you set your cron jobs under the gateway.json file else it won't survive a reprovision.

 

Anything stored in /config/scripts/post-config.d will start under root once the configuration is loaded after a reboot and is preserved after an upgrade.





3724 posts

Uber Geek
+1 received by user: 432

Trusted

  Reply # 1847735 16-Aug-2017 19:14
Send private message

Orly. Cron under config? Also I think they survive a reprovision. But not a fw upgrade.




Previously known as psycik

NextPVR/OpenHAB: 
Gigabyte AMD A8 Brix --> Samsung LA46A650D via HDMI, NextPVR,OpenHAB with Aeotech ZWave Controller
Media:Chromecast v2, ATV4, Roku3, Raspberry PI temperature Sensors and Bluetooth LE Sensors,HDHomeRun Dual
Windows 2012 
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


Meow
7066 posts

Uber Geek
+1 received by user: 3310

Moderator
Trusted
Lifetime subscriber

  Reply # 1847742 16-Aug-2017 19:39
Send private message

davidcole: Orly. Cron under config? Also I think they survive a reprovision. But not a fw upgrade.

 

Yep something like this in your gateway.json file - https://murfy.nz/files/usg_cron.txt

 

Just make sure it parses as JSON (I use https://jsonlint.com/ to be sure) and chmod +x it.







1622 posts

Uber Geek
+1 received by user: 182

Subscriber

  Reply # 1847890 17-Aug-2017 08:05
Send private message

Good to know guys - thanks for that. I can see me having a bit of fun with all this, and probably breaking everything a few times in the process :).

 

 




1622 posts

Uber Geek
+1 received by user: 182

Subscriber

  Reply # 1847894 17-Aug-2017 08:09
Send private message

Related to my OP, when I connect to the L2TP VPN using my Android phone (after adding my hostnames to the USG config) I can happily *see* those hostnames on my internal network. However I tested things last night using my laptop, connecting to the VPN via a Wifi hotspot on my phone, and whilst I could authenticate fine, and see/ping internal IP addresses, the hostnames were not resolving.

 

Laptop is running W10. It was being assigned the correct DNS server, i.e. my USG internal IP. I have read a few things about Windows not using the expected DNS server when using a VPN but I got pretty confused pretty quickly. Is there something obvious I am missing here?


Meow
7066 posts

Uber Geek
+1 received by user: 3310

Moderator
Trusted
Lifetime subscriber

  Reply # 1850801 23-Aug-2017 02:02
Send private message

SumnerBoy:

 

Related to my OP, when I connect to the L2TP VPN using my Android phone (after adding my hostnames to the USG config) I can happily *see* those hostnames on my internal network. However I tested things last night using my laptop, connecting to the VPN via a Wifi hotspot on my phone, and whilst I could authenticate fine, and see/ping internal IP addresses, the hostnames were not resolving.

 

Laptop is running W10. It was being assigned the correct DNS server, i.e. my USG internal IP. I have read a few things about Windows not using the expected DNS server when using a VPN but I got pretty confused pretty quickly. Is there something obvious I am missing here?

 

 

Sorry for the late reply but I get the same on Windows 10 on my Surface using OpenVPN. Android phone works fine. I have my OpenVPN server push my internal DNS server out (which is fine) but Windows refuses to use it for anything without a domain. A simple workaround was to append .localdomain onto my domains too (essentially doubling them up) and setting the domain in my router to that also. You can do this on the UniFi portal under Settings --> Networks --> LAN (or the network name) and add the Domain Name as shown:

 

Click to see full size

 

Still don't understand why Windows (and only Windows) does this... In your case I would assume if you were to go to http://device it is attempting to go to http://device.localdomain which currently isn't in your config file.







1622 posts

Uber Geek
+1 received by user: 182

Subscriber

  Reply # 1850890 23-Aug-2017 08:09
Send private message

Thanks Michael - appreciate the reply. Glad to hear it is not just me being stoopid. Will try your suggestions but to be honest I am ok just using IP addresses for the rare occasions I need to VPN in.


Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel reimagines data centre storage with new 3D NAND SSDs
Posted 16-Feb-2018 15:21


Ground-breaking business programme begins in Hamilton
Posted 16-Feb-2018 10:18


Government to continue search for first Chief Technology Officer
Posted 12-Feb-2018 20:30


Time to take Appleā€™s iPad Pro seriously
Posted 12-Feb-2018 16:54


New Fujifilm X-A5 brings selfie features to mirrorless camera
Posted 9-Feb-2018 09:12


D-Link ANZ expands connected smart home with new HD Wi-Fi cameras
Posted 9-Feb-2018 09:01


Dragon Professional for Mac V6: Near perfect dictation
Posted 9-Feb-2018 08:26


OPPO announces R11s with claims to be the picture perfect smartphone
Posted 2-Feb-2018 13:28


Vocus Communications wins a place on the TaaS panel
Posted 26-Jan-2018 15:16


SwipedOn raises $1 million capital
Posted 26-Jan-2018 15:15


Slingshot offers unlimited gigabit fibre for under a ton
Posted 25-Jan-2018 13:51


Spark doubles down on wireless broadband
Posted 24-Jan-2018 15:44


New Zealand's IT industry in 2018 and beyond
Posted 22-Jan-2018 12:50


Introducing your new workplace headache: Gen Z
Posted 22-Jan-2018 12:45


Jucy set to introduce electric campervan fleet
Posted 22-Jan-2018 12:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.