Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
3381 posts

Uber Geek
+1 received by user: 386

Trusted

  Reply # 775341 5-Mar-2013 23:03
Send private message

I ordered Orcon GPON service and never got a Genius (not that I wanted it anyway). Currently its run through managed switch with VLAN tagging and gets the IP from Orcon via DHCP but can only reach Orcon's gateway on it. Left a ticket for premium support....







1457 posts

Uber Geek
+1 received by user: 353


  Reply # 775349 5-Mar-2013 23:08
Send private message

ubergeeknz: 
(that, and we can't support anything other than Genius).
haha also, orcon wont even support the features of their genius: you try asking about pptp passthrough - one of the listed supported features and you'll be spun around in a helpdesk loop from hell.

(where are you seeing the feature of pptp passthrough? what page on the router are you seeing that? why are you trying to do this? oh i'm sorry we don't provide support for iPhones ...)

at the bottom of hell was the answer that as it's already in bridge mode it can't be done.

 
 
 
 


Fully Operational
3343 posts

Uber Geek
+1 received by user: 1088

Trusted
Vocus
Subscriber

  Reply # 775489 6-Mar-2013 09:40
Send private message

MadEngineer:
ubergeeknz: 
(that, and we can't support anything other than Genius).
haha also, orcon wont even support the features of their genius: you try asking about pptp passthrough - one of the listed supported features and you'll be spun around in a helpdesk loop from hell.

(where are you seeing the feature of pptp passthrough? what page on the router are you seeing that? why are you trying to do this? oh i'm sorry we don't provide support for iPhones ...)

at the bottom of hell was the answer that as it's already in bridge mode it can't be done.


Genius doesn't use "bridge mode" normally, on UFB it auths via DHCP on the WAN interface and then NATs the internal address space.

PPTP clients should work fine over Genius as far as I'm aware (although you should be aware PPTP has been proven insecure and you should really switch to IPSEC if possible).  If you're wanting to run a PPTP server you'd probably need to use the DMZ mode.

Anyway I thought the problem was performance, and/or getting the Microtik working on UFB.  Did you have success on that count in the end?  It might be useful to other forum members if you share the specifics.

1375 posts

Uber Geek
+1 received by user: 131


  Reply # 775767 6-Mar-2013 16:48
Send private message

MadEngineer:
ubergeeknz: 
(that, and we can't support anything other than Genius).
haha also, orcon wont even support the features of their genius: you try asking about pptp passthrough - one of the listed supported features and you'll be spun around in a helpdesk loop from hell.

(where are you seeing the feature of pptp passthrough? what page on the router are you seeing that? why are you trying to do this? oh i'm sorry we don't provide support for iPhones ...)

at the bottom of hell was the answer that as it's already in bridge mode it can't be done.


iphones will do l2tp/ipsec.


219 posts

Master Geek
+1 received by user: 77


  Reply # 775770 6-Mar-2013 16:56
Send private message

I'm using an RB2011 with Orcon UFB with no problems. I do dhcp on the vlan interface which uses one of the ethernet ports as the physical interface, not using any type of bridge on the outside. not sure if this helps.

/ben



1457 posts

Uber Geek
+1 received by user: 353


  Reply # 775817 6-Mar-2013 18:29
Send private message

ubergeeknz:Genius doesn't use "bridge mode" normally, on UFB it auths via DHCP on the WAN interface and then NATs the internal address space.

PPTP clients should work fine over Genius as far as I'm aware (although you should be aware PPTP has been proven insecure and you should really switch to IPSEC if possible).  If you're wanting to run a PPTP server you'd probably need to use the DMZ mode.

Anyway I thought the problem was performance, and/or getting the Microtik working on UFB.  Did you have success on that count in the end?  It might be useful to other forum members if you share the specifics.
hmm so i guess the so call senior tech was talking out his rubbish or just plain fobbed me off ... i did try dmz but i don't think this function on the genius passed through GRE (protocol 47 ... does dmz on _any_ domestic router even do that?).

I'm not worried about security as it's only (cough) my home network and everything internal needs a password anyway. it's just better to use a vpn rather than port forward every device individually to the world.

i did try vpn alternatives on my iPhone but didn't have much luck so stuck with pptp.

I _did_ have success and posted instructions on how but for an unknown reason it no longer works.

ultimately I'd like to see if I can get the genius to get voip through the mikrotik 

portunus: I'm using an RB2011 with Orcon UFB with no problems. I do dhcp on the vlan interface which uses one of the ethernet ports as the physical interface, not using any type of bridge on the outside. not sure if this helps. 

/ben
thanks, this gives me hope to keep trying.  maybe i need to reset it and start from scratch. at least then I'll have a console log of what to enter if someone else wants to do the same but it doesn't answer why my pc also doesn't work on it anymore either.

677 posts

Ultimate Geek
+1 received by user: 27

Trusted

  Reply # 775904 6-Mar-2013 21:20
Send private message

I can also re-assure that UFB auth fro an Orcon POV does not check the MAC of the connected device.
All it cares about is that you are doing a DHCP REQ out the port connected to the ONT with 802.1q tag 10.

I can state this because i built the auth system.

Having said that, if you would like, i can check what auth request we get for your account when you have the mikrotik installed and not getting online.

Let me know if you want to test that.

Paul.




meat popsicle



1457 posts

Uber Geek
+1 received by user: 353


  Reply # 775936 6-Mar-2013 21:57
Send private message

hey that's awesome, cheers.

I'm not sure what caused it to fail but sure enough after resetting the mikrotik to default and starting from scratch i was able to get it working again *shrug*. took me a while as i was doing it while entertaining my son and trying to work out why i was unable to connect to the mikrotik (seems anything other than port1 on mine doesn't like talking via mac rather than tcpip to winbox while i'm trying to give it an ip address)

pretty much so long as i get dhcp on the vlan i'm away.

next step before it's too late in the evening is to see if it will pass voip to the genius (and lock its firewall down)

pasting console entries for those wanting to set this up. Hopefully I haven't missed anything as i did cheat along the way and used winbox to verify what i was entering

/ip address add interface=ether3 address=192.168.1.254 netmask=255.255.255.0
/interface vlan add vlan-id=10 interface=ether1
/ip dhcp-client add interface=vlan1 disabled=no
/interface bridge add name=home
/interface bridge port add interface=wlan1 bridge=home
/interface bridge port add interface=ether3 bridge=home
/ip pool add name=homepool ranges=192.168.1.100-192.168.1.200
/ip dhcp-server network add address=192.168.1.0/24 dns-server=192.168.1.254,121.98.0.1,121.98.0.2 gateway=192.168.1.254
/ip dns set allow-remote-requests=yes
/ip firewall nat add action=masquerade chain=srcnat disabled=no

I haven't pasted what i've done to lock it down or how i've configured /interface wireless, ntp client, etc etc but the above should be enough.

2334 posts

Uber Geek
+1 received by user: 370

Trusted

  Reply # 775948 6-Mar-2013 22:14
Send private message

/ip dns set allow-remote-requests=yes

You just became an open DNS Server (unless you have firewalled it off from external)







1457 posts

Uber Geek
+1 received by user: 353


  Reply # 775958 6-Mar-2013 22:33
Send private message

no and yes :)

taking the shotgun approach i basically allow my internal network, deny a few specific ports for logging, deny broadcast etc then deny all.



1457 posts

Uber Geek
+1 received by user: 353


  Reply # 842100 23-Jun-2013 21:35
Send private message

*bump*

I've got myself a bit closer to having WAN on the Mikrotik with working VoIP on the Genius:

Created a vlan tagged with id10 on port2 of the mikrotik
Gave it its own ip address/range
Added dhcp server to the new vlan
Added a route

With the genius connected to port2 I see it getting assigned DHCP and the internet light comes on but the phone light keeps flashing orange.  I've tried to DMZ it but this seems no good.  Running a shields-up scan I can see all traffic is going to the genius so not sure why the VoIP can't connect.  I've probably done the DMZ wrong ... dstnat 

Any ideas?



1457 posts

Uber Geek
+1 received by user: 353


  Reply # 842126 23-Jun-2013 23:16
Send private message

nope, i've done it ... i had a typo on the local address of the dhcp server/network for the genius


[insertdancing.gifhere]



1457 posts

Uber Geek
+1 received by user: 353


  Reply # 869586 31-Jul-2013 21:35
Send private message

couple of further notes

dst-nat sip to the genius if you're not dmz'ing it, eg:
/ip firewall nat
add action=dst-nat chain=dstnat connection-type=sip src-address=60.234.18.111 to-addresses=["wan" ip of the genius]

[phonenumber]@sip1.orcon.net.nz with your base64 decoded password as per this subforums sticky loaded as an account in the free sip software "Blink" works, but you can't have more than one device logged in.

Fully Operational
3343 posts

Uber Geek
+1 received by user: 1088

Trusted
Vocus
Subscriber

  Reply # 869747 1-Aug-2013 09:57
Send private message

Great to see you've got it sussed, and thanks for sharing the details :)

1 | 2 
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Zealand government to create digital advisory group
Posted 16-Dec-2017 08:47


Australia datum changes means whole country moving 1.8 metres north-east
Posted 16-Dec-2017 08:39


UAV Traffic Management Trial launching today in New Zealand
Posted 12-Dec-2017 16:06


UFB connections pass 460,000
Posted 11-Dec-2017 11:26


The Warehouse Group to adopt IBM Cloud to support digital transformation
Posted 11-Dec-2017 11:22


Dimension Data peeks into digital business 2018
Posted 11-Dec-2017 10:55


2018 Cyber Security Predictions
Posted 7-Dec-2017 14:55


Global Govtech Accelerator to drive public sector innovation in Wellington
Posted 7-Dec-2017 11:21


Stuff Pix media strategy a new direction
Posted 7-Dec-2017 09:37


Digital transformation is dead
Posted 7-Dec-2017 09:31


Fake news and cyber security
Posted 7-Dec-2017 09:27


Dimension Data New Zealand strengthens cybersecurity practice
Posted 5-Dec-2017 20:27


Epson NZ launches new Expression Premium Photo range
Posted 5-Dec-2017 20:26


Eventbrite and Twickets launch integration partnership in Australia and New Zealand
Posted 5-Dec-2017 20:23


New Fujifilm macro lens lands in New Zealand
Posted 5-Dec-2017 20:16



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.