Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1572 posts

Uber Geek
+1 received by user: 175

Subscriber

Topic # 222538 16-Aug-2017 13:25
Send private message

Hi there,

 

I have just setup a nice shiney new USG + USW-24 + 2xUAP home network, running the latest version of the Unifi controller software - v5.5.20.

 

I have a number of different VLANs setup and dnsmasq running on a VM on my network. The USG has DHCP disabled as dnsmasq handles everything DHCP/DNS related.

 

I am trying to setup a remote user VPN on the USG so I can connect in on my phone or laptop and access my main data VLAN (.10).

 

I followed the online guides and have enabled the USG radius server, setup the Remote User VPN (L2TP), and can successfully connect and authenticate using my Android phone. From my phone I can access the .10 VLAN via direct IP addresses. 

 

However I cannot access anything via my internal hostnames/aliases - e.g. my openHAB server is 192.168.10.103 but is also accessible via openhab.home. However when connecting via the L2TP VPN I cannot *see* these hostnames.

 

I have tried leaving the VPN "Name Server" config on the USG empty, tried specifying the dnsmasq server, but nothing seems to work. Also tried explicitly setting the dnsmasq server IP address in the client VPN config, but no difference.

 

I know the phone can access those servers, but I just can't figure out how to get it to use the dnsmasq DNS server.

 

Anyone got any tips or suggestions about what I am missing here?!

 

Cheers,

 

Ben


Create new topic
6811 posts

Uber Geek
+1 received by user: 3135

Moderator
Trusted
Subscriber

  Reply # 1847586 16-Aug-2017 13:56
Send private message

Add a SSH key to your USG (you'll have to do this with the gateway.json file on your controller) and from there get your dnsmasq box to push its dnsmasq hostfile configuration to your USG's /etc/dnsmasq.d/ directory else format it and push it across to /etc/hosts.

 

Your USG will then serve these up using its internal DNS server.





Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial




1572 posts

Uber Geek
+1 received by user: 175

Subscriber

  Reply # 1847592 16-Aug-2017 14:02
Send private message

It is mainly my VMs which all have static IPs, so I guess I can just copy the applicable hosts records from my dnsmasq server to the USG?

 

E.g.

 

192.168.10.104  app02  openhab

 

192.168.10.105  app03  media

 

Will the hosts file on the USG be overwritten by an upgrade? Or is that safe?


 
 
 
 


6811 posts

Uber Geek
+1 received by user: 3135

Moderator
Trusted
Subscriber

  Reply # 1847597 16-Aug-2017 14:06
Send private message

SumnerBoy:

 

It is mainly my VMs which all have static IPs, so I guess I can just copy the applicable hosts records from my dnsmasq server to the USG?

 

E.g.

 

192.168.10.104  app02  openhab

 

192.168.10.105  app03  media

 

Will the hosts file on the USG be overwritten by an upgrade? Or is that safe?

 

It'll overwrite on each provision. You're best to use the gateway.json file on your controller. Have a look at this thread at the "host-record=unifi,192.168.1.140" line.

 

Make sure it parses as JSON else your router will go into a provisioning loop but I am pretty sure thats what you're needing. If the router was used as a dnsmasq / dns server then you could do it directly from the controller.

 

Given the router is also a Debian Linux box you could potentially store your scripts in /config/scripts or pull it from the router via SCP. Just make sure all cron jobs etc are all referenced in the gateway.json file to ensure they still work after a system upgrade.





Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial




1572 posts

Uber Geek
+1 received by user: 175

Subscriber

  Reply # 1847626 16-Aug-2017 15:24
Send private message

Thanks Michael - that has done the trick. Manually editing /etc/hosts on the USG didn't seem to make a difference, but adding a config.gateway.json with a list of `host-record` entries (and force provisioning) has worked. Happy days!

 

I think I will keep things simple for now, and manually edit the config.gateway.json rather than try to auto-provision from the dnsmasq server. Baby steps and all that!

 

I am starting to wonder if I should run this VPN as always-on now, and remove the various port forwards I have for openHAB and MQTT etc. Would no doubt be a load more secure that way. Just a little concerned that it might effect battery life on my phone tho.

 

Anyways, thanks again for your guidance!

 

 


3571 posts

Uber Geek
+1 received by user: 388

Trusted

  Reply # 1847674 16-Aug-2017 16:48
Send private message

Yeah I added all most hosts into the config file. Then all vms etc can stay dhcp and the USG will serve up the addresses.




Previously known as psycik

NextPVR/OpenHAB: 
Gigabyte AMD A8 Brix --> Samsung LA46A650D via HDMI, NextPVR,OpenHAB with Aeotech ZWave Controller
Media:Chromecast v2, ATV4, Roku3, Raspberry PI temperature Sensors and Bluetooth LE Sensors,HDHomeRun Dual
Windows 2012 
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex




1572 posts

Uber Geek
+1 received by user: 175

Subscriber

  Reply # 1847678 16-Aug-2017 16:54
Send private message

Am I right in saying the USG uses dnsmasq "under-the-hood"?

 

If that is the case can I migrate my existing dnsmasq config across to the USG (via the config file I presume?) and remove the need for a separate server on my network?

 

Can python scripts be run on the USG, fired from dnsmasq events, does anyone know?


3571 posts

Uber Geek
+1 received by user: 388

Trusted

  Reply # 1847689 16-Aug-2017 17:28
Send private message

Yeh there is dnsmasq in there as well. I use that for dns4me , I download a dnsmasq file from them with all the overseas dns servers.

Not sure about python on there.




Previously known as psycik

NextPVR/OpenHAB: 
Gigabyte AMD A8 Brix --> Samsung LA46A650D via HDMI, NextPVR,OpenHAB with Aeotech ZWave Controller
Media:Chromecast v2, ATV4, Roku3, Raspberry PI temperature Sensors and Bluetooth LE Sensors,HDHomeRun Dual
Windows 2012 
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


6811 posts

Uber Geek
+1 received by user: 3135

Moderator
Trusted
Subscriber

  Reply # 1847729 16-Aug-2017 18:46
Send private message

Yes there is Python on the USG:

 

admin@USG:~$ python --version
Python 2.7.3

 

You can store your scripts under /config/scripts which survive after a reboot. The USG also uses dnsmasq. Just ensure you set your cron jobs under the gateway.json file else it won't survive a reprovision.

 

Anything stored in /config/scripts/post-config.d will start under root once the configuration is loaded after a reboot and is preserved after an upgrade.





Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


3571 posts

Uber Geek
+1 received by user: 388

Trusted

  Reply # 1847735 16-Aug-2017 19:14
Send private message

Orly. Cron under config? Also I think they survive a reprovision. But not a fw upgrade.




Previously known as psycik

NextPVR/OpenHAB: 
Gigabyte AMD A8 Brix --> Samsung LA46A650D via HDMI, NextPVR,OpenHAB with Aeotech ZWave Controller
Media:Chromecast v2, ATV4, Roku3, Raspberry PI temperature Sensors and Bluetooth LE Sensors,HDHomeRun Dual
Windows 2012 
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


6811 posts

Uber Geek
+1 received by user: 3135

Moderator
Trusted
Subscriber

  Reply # 1847742 16-Aug-2017 19:39
Send private message

davidcole: Orly. Cron under config? Also I think they survive a reprovision. But not a fw upgrade.

 

Yep something like this in your gateway.json file - https://murfy.nz/files/usg_cron.txt

 

Just make sure it parses as JSON (I use https://jsonlint.com/ to be sure) and chmod +x it.





Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial




1572 posts

Uber Geek
+1 received by user: 175

Subscriber

  Reply # 1847890 17-Aug-2017 08:05
Send private message

Good to know guys - thanks for that. I can see me having a bit of fun with all this, and probably breaking everything a few times in the process :).

 

 




1572 posts

Uber Geek
+1 received by user: 175

Subscriber

  Reply # 1847894 17-Aug-2017 08:09
Send private message

Related to my OP, when I connect to the L2TP VPN using my Android phone (after adding my hostnames to the USG config) I can happily *see* those hostnames on my internal network. However I tested things last night using my laptop, connecting to the VPN via a Wifi hotspot on my phone, and whilst I could authenticate fine, and see/ping internal IP addresses, the hostnames were not resolving.

 

Laptop is running W10. It was being assigned the correct DNS server, i.e. my USG internal IP. I have read a few things about Windows not using the expected DNS server when using a VPN but I got pretty confused pretty quickly. Is there something obvious I am missing here?


6811 posts

Uber Geek
+1 received by user: 3135

Moderator
Trusted
Subscriber

  Reply # 1850801 23-Aug-2017 02:02
Send private message

SumnerBoy:

 

Related to my OP, when I connect to the L2TP VPN using my Android phone (after adding my hostnames to the USG config) I can happily *see* those hostnames on my internal network. However I tested things last night using my laptop, connecting to the VPN via a Wifi hotspot on my phone, and whilst I could authenticate fine, and see/ping internal IP addresses, the hostnames were not resolving.

 

Laptop is running W10. It was being assigned the correct DNS server, i.e. my USG internal IP. I have read a few things about Windows not using the expected DNS server when using a VPN but I got pretty confused pretty quickly. Is there something obvious I am missing here?

 

 

Sorry for the late reply but I get the same on Windows 10 on my Surface using OpenVPN. Android phone works fine. I have my OpenVPN server push my internal DNS server out (which is fine) but Windows refuses to use it for anything without a domain. A simple workaround was to append .localdomain onto my domains too (essentially doubling them up) and setting the domain in my router to that also. You can do this on the UniFi portal under Settings --> Networks --> LAN (or the network name) and add the Domain Name as shown:

 

Click to see full size

 

Still don't understand why Windows (and only Windows) does this... In your case I would assume if you were to go to http://device it is attempting to go to http://device.localdomain which currently isn't in your config file.





Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial




1572 posts

Uber Geek
+1 received by user: 175

Subscriber

  Reply # 1850890 23-Aug-2017 08:09
Send private message

Thanks Michael - appreciate the reply. Glad to hear it is not just me being stoopid. Will try your suggestions but to be honest I am ok just using IP addresses for the rare occasions I need to VPN in.


Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

From small to medium and beyond: Navigating the ERP battlefield
Posted 21-Nov-2017 21:12


Business owners: ERP software selection starts (and finishes) with you
Posted 21-Nov-2017 21:11


Why I'm not an early adopter
Posted 21-Nov-2017 10:39


Netatmo launches smart home products in New Zealand
Posted 20-Nov-2017 20:06


Huawei Mate 10: Punchy, long battery life, artificial intelligence
Posted 20-Nov-2017 16:30


Propel launch Disney Star Wars Laser Battle Drones
Posted 19-Nov-2017 21:26


UFB killer app: Speed
Posted 17-Nov-2017 17:01


The case for RSS — MacSparky
Posted 13-Nov-2017 14:35


WordPress and Indieweb: Take control of your online presence — 6:30 GridAKL Nov 30
Posted 11-Nov-2017 13:43


Chorus reveals technology upgrade for schools, students
Posted 10-Nov-2017 10:28


Vodafone says Internet of Things (IoT) crucial for digital transformation
Posted 10-Nov-2017 10:06


Police and Facebook launch AMBER Alerts system in NZ
Posted 9-Nov-2017 10:49


Amazon debuts Fire TV Stick Basic Edition in over 100 new countries
Posted 8-Nov-2017 05:34


Vodafone VoIP transition to start this month
Posted 7-Nov-2017 12:33


Spark enhances IoT network capability
Posted 7-Nov-2017 11:33



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.