Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


1660 posts

Uber Geek
+1 received by user: 186

Subscriber

Topic # 222538 16-Aug-2017 13:25
Send private message

Hi there,

 

I have just setup a nice shiney new USG + USW-24 + 2xUAP home network, running the latest version of the Unifi controller software - v5.5.20.

 

I have a number of different VLANs setup and dnsmasq running on a VM on my network. The USG has DHCP disabled as dnsmasq handles everything DHCP/DNS related.

 

I am trying to setup a remote user VPN on the USG so I can connect in on my phone or laptop and access my main data VLAN (.10).

 

I followed the online guides and have enabled the USG radius server, setup the Remote User VPN (L2TP), and can successfully connect and authenticate using my Android phone. From my phone I can access the .10 VLAN via direct IP addresses. 

 

However I cannot access anything via my internal hostnames/aliases - e.g. my openHAB server is 192.168.10.103 but is also accessible via openhab.home. However when connecting via the L2TP VPN I cannot *see* these hostnames.

 

I have tried leaving the VPN "Name Server" config on the USG empty, tried specifying the dnsmasq server, but nothing seems to work. Also tried explicitly setting the dnsmasq server IP address in the client VPN config, but no difference.

 

I know the phone can access those servers, but I just can't figure out how to get it to use the dnsmasq DNS server.

 

Anyone got any tips or suggestions about what I am missing here?!

 

Cheers,

 

Ben


Create new topic
Meow
7429 posts

Uber Geek
+1 received by user: 3582

Moderator
Trusted
Lifetime subscriber

  Reply # 1847586 16-Aug-2017 13:56
Send private message

Add a SSH key to your USG (you'll have to do this with the gateway.json file on your controller) and from there get your dnsmasq box to push its dnsmasq hostfile configuration to your USG's /etc/dnsmasq.d/ directory else format it and push it across to /etc/hosts.

 

Your USG will then serve these up using its internal DNS server.







1660 posts

Uber Geek
+1 received by user: 186

Subscriber

  Reply # 1847592 16-Aug-2017 14:02
Send private message

It is mainly my VMs which all have static IPs, so I guess I can just copy the applicable hosts records from my dnsmasq server to the USG?

 

E.g.

 

192.168.10.104  app02  openhab

 

192.168.10.105  app03  media

 

Will the hosts file on the USG be overwritten by an upgrade? Or is that safe?


Meow
7429 posts

Uber Geek
+1 received by user: 3582

Moderator
Trusted
Lifetime subscriber

  Reply # 1847597 16-Aug-2017 14:06
Send private message

SumnerBoy:

 

It is mainly my VMs which all have static IPs, so I guess I can just copy the applicable hosts records from my dnsmasq server to the USG?

 

E.g.

 

192.168.10.104  app02  openhab

 

192.168.10.105  app03  media

 

Will the hosts file on the USG be overwritten by an upgrade? Or is that safe?

 

It'll overwrite on each provision. You're best to use the gateway.json file on your controller. Have a look at this thread at the "host-record=unifi,192.168.1.140" line.

 

Make sure it parses as JSON else your router will go into a provisioning loop but I am pretty sure thats what you're needing. If the router was used as a dnsmasq / dns server then you could do it directly from the controller.

 

Given the router is also a Debian Linux box you could potentially store your scripts in /config/scripts or pull it from the router via SCP. Just make sure all cron jobs etc are all referenced in the gateway.json file to ensure they still work after a system upgrade.







1660 posts

Uber Geek
+1 received by user: 186

Subscriber

  Reply # 1847626 16-Aug-2017 15:24
Send private message

Thanks Michael - that has done the trick. Manually editing /etc/hosts on the USG didn't seem to make a difference, but adding a config.gateway.json with a list of `host-record` entries (and force provisioning) has worked. Happy days!

 

I think I will keep things simple for now, and manually edit the config.gateway.json rather than try to auto-provision from the dnsmasq server. Baby steps and all that!

 

I am starting to wonder if I should run this VPN as always-on now, and remove the various port forwards I have for openHAB and MQTT etc. Would no doubt be a load more secure that way. Just a little concerned that it might effect battery life on my phone tho.

 

Anyways, thanks again for your guidance!

 

 


3875 posts

Uber Geek
+1 received by user: 478

Trusted

  Reply # 1847674 16-Aug-2017 16:48
Send private message

Yeah I added all most hosts into the config file. Then all vms etc can stay dhcp and the USG will serve up the addresses.




Previously known as psycik

NextPVR/OpenHAB: 
Gigabyte AMD A8 Brix --> Samsung LA46A650D via HDMI, NextPVR,OpenHAB with Aeotech ZWave Controller
Media:Chromecast v2, ATV4, Roku3, Raspberry PI temperature Sensors and Bluetooth LE Sensors,HDHomeRun Dual
Windows 2012 
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex




1660 posts

Uber Geek
+1 received by user: 186

Subscriber

  Reply # 1847678 16-Aug-2017 16:54
Send private message

Am I right in saying the USG uses dnsmasq "under-the-hood"?

 

If that is the case can I migrate my existing dnsmasq config across to the USG (via the config file I presume?) and remove the need for a separate server on my network?

 

Can python scripts be run on the USG, fired from dnsmasq events, does anyone know?


3875 posts

Uber Geek
+1 received by user: 478

Trusted

  Reply # 1847689 16-Aug-2017 17:28
Send private message

Yeh there is dnsmasq in there as well. I use that for dns4me , I download a dnsmasq file from them with all the overseas dns servers.

Not sure about python on there.




Previously known as psycik

NextPVR/OpenHAB: 
Gigabyte AMD A8 Brix --> Samsung LA46A650D via HDMI, NextPVR,OpenHAB with Aeotech ZWave Controller
Media:Chromecast v2, ATV4, Roku3, Raspberry PI temperature Sensors and Bluetooth LE Sensors,HDHomeRun Dual
Windows 2012 
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


Meow
7429 posts

Uber Geek
+1 received by user: 3582

Moderator
Trusted
Lifetime subscriber

  Reply # 1847729 16-Aug-2017 18:46
Send private message

Yes there is Python on the USG:

 

admin@USG:~$ python --version
Python 2.7.3

 

You can store your scripts under /config/scripts which survive after a reboot. The USG also uses dnsmasq. Just ensure you set your cron jobs under the gateway.json file else it won't survive a reprovision.

 

Anything stored in /config/scripts/post-config.d will start under root once the configuration is loaded after a reboot and is preserved after an upgrade.





3875 posts

Uber Geek
+1 received by user: 478

Trusted

  Reply # 1847735 16-Aug-2017 19:14
Send private message

Orly. Cron under config? Also I think they survive a reprovision. But not a fw upgrade.




Previously known as psycik

NextPVR/OpenHAB: 
Gigabyte AMD A8 Brix --> Samsung LA46A650D via HDMI, NextPVR,OpenHAB with Aeotech ZWave Controller
Media:Chromecast v2, ATV4, Roku3, Raspberry PI temperature Sensors and Bluetooth LE Sensors,HDHomeRun Dual
Windows 2012 
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


Meow
7429 posts

Uber Geek
+1 received by user: 3582

Moderator
Trusted
Lifetime subscriber

  Reply # 1847742 16-Aug-2017 19:39
Send private message

davidcole: Orly. Cron under config? Also I think they survive a reprovision. But not a fw upgrade.

 

Yep something like this in your gateway.json file - https://murfy.nz/files/usg_cron.txt

 

Just make sure it parses as JSON (I use https://jsonlint.com/ to be sure) and chmod +x it.







1660 posts

Uber Geek
+1 received by user: 186

Subscriber

  Reply # 1847890 17-Aug-2017 08:05
Send private message

Good to know guys - thanks for that. I can see me having a bit of fun with all this, and probably breaking everything a few times in the process :).

 

 




1660 posts

Uber Geek
+1 received by user: 186

Subscriber

  Reply # 1847894 17-Aug-2017 08:09
Send private message

Related to my OP, when I connect to the L2TP VPN using my Android phone (after adding my hostnames to the USG config) I can happily *see* those hostnames on my internal network. However I tested things last night using my laptop, connecting to the VPN via a Wifi hotspot on my phone, and whilst I could authenticate fine, and see/ping internal IP addresses, the hostnames were not resolving.

 

Laptop is running W10. It was being assigned the correct DNS server, i.e. my USG internal IP. I have read a few things about Windows not using the expected DNS server when using a VPN but I got pretty confused pretty quickly. Is there something obvious I am missing here?


Meow
7429 posts

Uber Geek
+1 received by user: 3582

Moderator
Trusted
Lifetime subscriber

  Reply # 1850801 23-Aug-2017 02:02
Send private message

SumnerBoy:

 

Related to my OP, when I connect to the L2TP VPN using my Android phone (after adding my hostnames to the USG config) I can happily *see* those hostnames on my internal network. However I tested things last night using my laptop, connecting to the VPN via a Wifi hotspot on my phone, and whilst I could authenticate fine, and see/ping internal IP addresses, the hostnames were not resolving.

 

Laptop is running W10. It was being assigned the correct DNS server, i.e. my USG internal IP. I have read a few things about Windows not using the expected DNS server when using a VPN but I got pretty confused pretty quickly. Is there something obvious I am missing here?

 

 

Sorry for the late reply but I get the same on Windows 10 on my Surface using OpenVPN. Android phone works fine. I have my OpenVPN server push my internal DNS server out (which is fine) but Windows refuses to use it for anything without a domain. A simple workaround was to append .localdomain onto my domains too (essentially doubling them up) and setting the domain in my router to that also. You can do this on the UniFi portal under Settings --> Networks --> LAN (or the network name) and add the Domain Name as shown:

 

Click to see full size

 

Still don't understand why Windows (and only Windows) does this... In your case I would assume if you were to go to http://device it is attempting to go to http://device.localdomain which currently isn't in your config file.







1660 posts

Uber Geek
+1 received by user: 186

Subscriber

  Reply # 1850890 23-Aug-2017 08:09
Send private message

Thanks Michael - appreciate the reply. Glad to hear it is not just me being stoopid. Will try your suggestions but to be honest I am ok just using IP addresses for the rare occasions I need to VPN in.


Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34


Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07


All or Nothing: New Zealand All Blacks arrives on Amazon Prime Video
Posted 2-Jun-2018 16:21


Innovation Grant, High Tech Awards and new USA office for Kiwi tech company SwipedOn
Posted 1-Jun-2018 20:54


Commerce Commission warns Apple for misleading consumers about their rights
Posted 30-May-2018 13:15


IBM leads Call for Code to use cloud, data, AI, blockchain for natural disaster relief
Posted 25-May-2018 14:12


New FUJIFILM X-T100 aims to do better job than smartphones
Posted 24-May-2018 20:17


Stuff takes 100% ownership of Stuff Fibre
Posted 24-May-2018 19:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.