Jul 7 17:16:23 XXX.XXX.XXX.XXX. syslog: libubnt.get_ufdb_entry_list(): swlib: failed get of attr arl_table get_ufdb_entry_list@319
Anyone ever seen this?
↧
syslog message spam
↧
EdgeRouter Pro L2TP/IPsec not connecting
Going to make it as simple as possible - having issues with L2TP connecting for client machines. PPTP works fine as a work around but we're not getting the speeds we'd like and its not very secure. I followed the guides for remote-access, but nothing has worked so far. Considered it to be an issue with the ISP, but it looks like they have the right ports open.
Here is our current scrubbed configs for VPN and firewall. Maybe I'm missing something?
VPN & Firewall
ipsec {
auto-firewall-nat-exclude enable
ipsec-interfaces {
interface eth0
}
}
l2tp {
remote-access {
authentication {
local-users {
username user1 {
password **********
}
username user2 {
password **********
}
}
mode local
}
client-ip-pool {
start 10.105.2.30
stop 10.105.2.199
}
dns-servers {
server-1 10.100.1.10
server-2 10.100.50.5
}
ipsec-settings {
authentication {
mode pre-shared-secret
pre-shared-secret **************
}
ike-lifetime 3600
}
mtu 1200
outside-address 10.100.1.2
}
}
pptp {
remote-access {
authentication {
local-users {
username user1 {
password *************
}
username user2 {
password *************
}
}
mode local
}
client-ip-pool {
start 10.105.1.30
stop 10.105.1.199
}
dns-servers {
server-1 10.100.1.10
server-2 10.100.50.5
}
mtu 1500
outside-address 10.100.1.2
}
} ubnt@ubnt# show firewall
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action accept
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 21 {
action accept
description "Accept ICMP"
log disable
protocol icmp
}
}
name WAN_LOCAL {
default-action accept
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 21 {
action accept
description "Allow L2TP"
destination {
port 500
}
ipsec {
match-ipsec
}
log enable
protocol udp
state {
established disable
invalid disable
new enable
related disable
}
}
rule 22 {
action accept
description "Allow port 1701"
destination {
port 1701
}
log enable
protocol udp
}
rule 23 {
action accept
description "Allow 4500"
destination {
port 4500
}
log enable
protocol udp
}
rule 24 {
action accept
description ESP
log enable
protocol esp
}
rule 25 {
action accept
description "Accept ICMP"
log disable
protocol icmp
}
rule 26 {
action accept
description "Accept GRE"
log disable
protocol gre
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enableThings I've tried:
- Adjusting MTU (reason L2TP is at 1200)
- Firewall default action is accept now (I think that's why PPTP works)
- Registry hack & changing authenticaiton protocols on client device to use MS-CHAP v2
Things to note:
- Outside address is 10.100.1.2 on L2TP because this address is statically NAT'd by another device.
And finally, my vpn log.
VPN log tail
Jul 7 10:39:12 10[IKE] <31> 70.195.85.76 is initiating a Main Mode IKE_SA
Jul 7 10:39:12 06[IKE] <remote-access|31> IKE_SA remote-access[31] established
between 10.100.1.2[10.100.1.2]...70.195.85.76[192.168.1.10]
Jul 7 10:39:12 13[IKE] <remote-access|31> CHILD_SA remote-access{20} establishe
d with SPIs c2a61a07_i 5f8a3516_o and TS 10.100.1.2/32[udp/l2f] === 70.195.85.76
/32[udp/l2f]
Jul 7 10:39:12 09[IKE] <remote-access|31> CHILD_SA remote-access{20} establishe
d with SPIs c2190b7b_i 720efca7_o and TS 10.100.1.2/32[udp/l2f] === 70.195.85.76
/32[udp/l2f]
Jul 7 10:39:12 09[IKE] <remote-access|31> closing CHILD_SA remote-access{20} wi
th SPIs c2a61a07_i (0 bytes) 5f8a3516_o (0 bytes) and TS 10.100.1.2/32[udp/l2f]
=== 70.195.85.76/32[udp/l2f]
Jul 7 10:39:17 10[IKE] <remote-access|31> CHILD_SA remote-access{20} establishe
d with SPIs cc1da91c_i 8ebfc2a3_o and TS 10.100.1.2/32[udp/l2f] === 70.195.85.76
/32[udp/l2f]
Jul 7 10:39:17 11[IKE] <remote-access|31> closing CHILD_SA remote-access{20} wi
th SPIs c2190b7b_i (0 bytes) 720efca7_o (0 bytes) and TS 10.100.1.2/32[udp/l2f]
=== 70.195.85.76/32[udp/l2f]
Jul 7 10:39:20 07[IKE] <remote-access|31> CHILD_SA remote-access{20} establishe
d with SPIs ca92d24d_i 9a7ab118_o and TS 10.100.1.2/32[udp/l2f] === 70.195.85.76
/32[udp/l2f]
Jul 7 10:39:20 12[IKE] <remote-access|31> closing CHILD_SA remote-access{20} wi
th SPIs cc1da91c_i (0 bytes) 8ebfc2a3_o (0 bytes) and TS 10.100.1.2/32[udp/l2f]
=== 70.195.85.76/32[udp/l2f]
Jul 7 10:39:27 08[IKE] <remote-access|31> CHILD_SA remote-access{20} establishe
d with SPIs c3259368_i 62e2a615_o and TS 10.100.1.2/32[udp/l2f] === 70.195.85.76
/32[udp/l2f]
Jul 7 10:39:27 16[IKE] <remote-access|31> closing CHILD_SA remote-access{20} wi
th SPIs ca92d24d_i (0 bytes) 9a7ab118_o (0 bytes) and TS 10.100.1.2/32[udp/l2f]
=== 70.195.85.76/32[udp/l2f]
Jul 7 10:39:37 11[IKE] <remote-access|31> CHILD_SA remote-access{20} establishe
d with SPIs ca228960_i 3e13eab1_o and TS 10.100.1.2/32[udp/l2f] === 70.195.85.76
/32[udp/l2f]
Jul 7 10:39:37 06[IKE] <remote-access|31> closing CHILD_SA remote-access{20} wi
th SPIs c3259368_i (0 bytes) 62e2a615_o (0 bytes) and TS 10.100.1.2/32[udp/l2f]
=== 70.195.85.76/32[udp/l2f]
Jul 7 10:39:47 13[IKE] <remote-access|31> closing CHILD_SA remote-access{20} wi
th SPIs ca228960_i (0 bytes) 3e13eab1_o (0 bytes) and TS 10.100.1.2/32[udp/l2f]
=== 70.195.85.76/32[udp/l2f]
Jul 7 10:39:47 14[IKE] <remote-access|31> deleting IKE_SA remote-access[31] bet
ween 10.100.1.2[10.100.1.2]...70.195.85.76[192.168.1.10]
↧
↧
I Think I May Have Done Something...
So I've been using my ER-X for a few months now no issue, absolutely love the box it does exactly what I need.
I was using an Asus RT-N12D as my access point but just received an AP AC LR yesterday.
Using the provided PoE injector I powered up the AC LR and plugged it into Eth0, the AP powered up and began flashing white. Went to the desktop with Unifi Controller on it, nothing. Cycled everything just to be sure, still nothing.
Moved the AP over to a switch on the desk, immediately the Controller software spotted it, I was able to Adopt it and configure it to the IP settings I wanted.
Brought the AP back to the ER-X, back into eth0, power it up and I notice the ER-X itself cycles without any action on my part.
Back to the desktop, its showing network issues and refuses to connect to ER-X webGUI. Cycled the ER-X, no change. Factory Restore via reset button, after matching IP range I'm able to connect to the webGUI but I notice I can't via eth2. If I upload a saved configuration it returns to the previous state and I cannot connect.
I've triple checked and made sure I didn't accidentally connect the PoE Injector backwards as it seems like something caused electrical damage?
Either way I'm scrambling to try and repair this before the weekend, no stores in a 60 mile radius stock the ER-X 
↧
edgerouter x miltiwan route traffic
i have a multiwan setup on my edgerouter x working great!
i have a voip line that i want to router over just wan 1.
wan 2 is behind a firewall blocking voip.
can this be done? if so how?
↧
Ondemand VPN for ios devices?
Does anyone have any experience or how-to to enable on-demand VPN for IOS?
This tutorial seems to give information, but this is for OpenVPN? I think it needs to be certificate based.
https://blog.gruby.com/2016/08/10/setting-up-an-edgerouter-lite-for-an-on-demand-ios-vpn/
thanks,
-jr
↧
↧
migrating from ERL to Edgerouter X
I know this question has been asked in other permutations before:
I'm trying to move my config from an Edgerouter Lite to an Edgerouter X-SFP.
I read this is possible, but some ethernet ports won't be configured.
So I tried it, and the X does nothing now. My laptop shows nothing connected via the ethernet connection. None of the ports will give or take DHCP service. No console of course so can't go there to see what it is doing. No SSH because I got nothing to SSH to.
Thoughts? The main goal is to migrate a slew of reservations from one to the other.
↧
Sad ERL: works then dies
An ER Lite I resurrected with a new USB drive has developed a problem. I don't know if the USB swap is even part of the issue.
After it is up and running for awhile, it spits this out the console:
###Error: 6 in SerGetB
Anyone know what this means, or should I just toss the thing as being fundamentally evil?
↧
Where is console port on EdgeSwitch?
I can't seem to find the console port on the EdgeSwitch-24/48 in the pictures on ubnt.com.
I see it on the back on the EdgeSwitch Lite, but I don't see it on the EdgeSwitches? Am I missing something?
Ex:
↧
firewall vlan_in rule to allow new connections to internet
I have a setup where I am trying to lock down my guest vlan from accessing different areas of my network. I have taken the whitelist approach in this and have the default action on interface swith0.20 direction in to be drop.
My internet is connected to eth0 of my ER-X. I currently have 3 rules and the default action. rule 1 and 2 are the standard allow established, related and drop invalid.
The third rule I am trying to craft to allow new connections to the internet. What I thought might work here is using Interface Network eth0. When I do this and check the stats, I can see this rule is not triggering and the default action is being called. As a note, I know the rule below applies to all protocols, but I tried to skim this down and remove as much of the fluff as possible.
I would really like to stay with a whitelist approach on this so any help fixing up my ruleset to make this work would be appreciated.
Below is the ruleset I am trying to use:
name switch0.20_in {
default-action drop
description "switch0.20 incoming data"
enable-default-log
rule 10 {
action accept
description "accept established and related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 20 {
action drop
description "drop invalid "
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
rule 30 {
action accept
description "Allow new TCP_UDP internet connections"
destination {
group {
address-group NETv4_eth0
}
}
log disable
protocol all
state {
established disable
invalid disable
new enable
related disable
}
}
}
↧
↧
EdgeRouter lite, QOS question
Greetings, have just purchased an EdgeRouter lite and looking to enable Smart Queue for my sons online gaming. We have a 25/10 internet connection. My understanding is that enabling QOS reduces that bandwidth by around 5%.
If I run a speed test (when I am the only person on my network at home) I can get values of around 26/11, 25/10, 22/8 etc presumably depending on network congestion. So my question is, do I set QOS values for best case scenario, worst case scenario or somewhere in between?
I guess, ideally I'd set if for worst case, but as I only have a 25mbps connection, don't want to limit too much bandwidth for the rest of the family which is the majority of the time and use.
If I set the QOS value too high and the connection runs slower than the QOS value, then I assume QOS wouldn't even be applied?? (As in it doesn't take 5% of the available bandwidth, just 5% of bandwidth from the threshold values). Any thoughts or experience would be appreciated.
↧
Unable to get DHCP (ERL / ES with vlans setup)
Hi All,
Sorry bit of a newbie to UBNT
Just thought that i would put this out to see if anyone is able to help.
I have an ERL configured with multiple VLANs running to an ES 48 port. If i hard code the IP details into my laptop i am able to get internet connectivity. However as soon as i set up auto config no DHCP is delivered.
I have tried checking the forums but seem to keep going around in circles.
Please find the ERL and ES configs below, any assistance would be greatly appreciated.
↧
Trouble Connecting to L2TP Ipsec VPN on Edgerouter-X
Hi all. I worked to set up a L2TP VPN server on my ER-X today using this helpful guide: https://help.ubnt.com/hc/en-us/articles/204950294-EdgeRouter-L2TP-IPsec-VPN-Server
Unfortunately, each time I try to connect to the VPN from my computer I get an error. In Mac OS X, the error is "The L2TP Server did not respond." (attached). In windows, it is "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer."
Does anyone have ideas on what could be going on? Would appreciate any troubleshooting tips!!
The ER-X is configured to have WAN on eth0, LAN1 on eth1 and LAN2 (switch0) spanning eth2-4. The VPN and Firewall configurations are below.
VPN:
ipsec {
ipsec-interfaces {
interface eth0
}
}
l2tp {
remote-access {
authentication {
local-users {
username user1 {
password SANITIZED
}
username user2 {
password SANITIZED
}
}
mode local
}
client-ip-pool {
start 192.168.100.240
stop 192.168.100.249
}
dns-servers {
server-1 8.8.8.8
server-2 8.8.4.4
}
ipsec-settings {
authentication {
mode pre-shared-secret
pre-shared-secret SANITIZED
}
}
outside-address 73.243.X.XX
}
}
Firewall:
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name LAN1_IN {
default-action accept
description "Prevent LAN1 from Accessing LAN2"
rule 1 {
action drop
destination {
address 192.168.2.0/24
}
log disable
protocol all
state {
established disable
invalid disable
new enable
related disable
}
}
}
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description IKE
destination {
port 500
}
log disable
protocol udp
}
rule 20 {
action accept
description L2TP
destination {
port 1701
}
log disable
protocol udp
}
rule 30 {
action accept
description ESP
log disable
protocol esp
}
rule 40 {
action accept
description NAT-T
destination {
port 4500
}
log disable
protocol udp
}
rule 50 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 60 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
↧
2 WAN, 1 LAN, 1 site to site VPN - setup advice needed
This is a follow up to my earlier post:
https://community.ubnt.com/t5/EdgeMAX/Advice-needed-before-purchase-Site-to-site-VPN-with-2-WAN-1x/m-p/1960376#M164338
As an update, this is what i needed to do:
1) I have some PCs (PC A1 to PC Ai) that need to be connected through a site to site VPN to my application provider network to run a particular application via a Cisco ASA 5525
2) The rest of the PCs (PC B1 to Bn) just need to be connected to the internet
3) I will have 2 WAN lines, both with static IP and i will use WAN 1 for the site to site VPN and WAN 2 for normal internet
Home trial setup (1 WAN ,1 LAN, 1 site to site VPN):
So I bought 1 EdgeRouter Pro and 2 EdgeSwitch Lite, and tested it at home using 1 ER Pro and 1 ES Lite with 1 WAN and 1 LAN. Managed to set up the site to site VPN and got the application running. Internet was working fine too but this was on 1 WAN. Pretty pleased that I got so far.
Office setup (2 WAN, 1 LAN, 1 site to site VPN)
In the next week, I will be setting up the network, now with 2 ES lite and also with another WAN line. So it will be 2 WAN, 1 LAN and 1 site to site VPN.
This is what i visualize the network to be (IP address are largely made up):
1) eth0 and eth1: 2 WAN lines with IP 150.150.150.1 /32 and 200.200.200.1 /32 respectively
2) eth2 and eth3: 1 LAN across 2 ES lite with DHCP range 192.168.1.31 - 60 and 192.168.1.61 - 254 respectively
3) Couple of items with static IPs e.g. printers / NAS etc. with IP from 192.168.1.4 - 30
4) All internet traffic over WAN 2
5) Site to site VPN over WAN 1 to my application provider with WAN 100.100.100.1 /32 and remote subnet 10.10.10.1 /32
6) Do not need load balancing. However, would like normal internet to failover from WAN 2 to WAN 1. No need for site to site VPN to fail over from WAN 1 to WAN 2
Other comment:
My application actually requires me to set 10.10.10.1 as an input and when i do tracert (this was in my home setup where i only had 1 WAN), i can see that the packets go to 192.168.1.1 and then to 10.10.10.1.
Have a few clarifications:
Have googled and read a whole bunch of 2 WAN, 1 LAN setup guides and I think i can set up a 2 WAN, (with WAN 2 as the default gateway and WAN 1 for failover), 1 LAN using the wizard. After the wizard, I will proceed with setting up the site to site VPN using WAN 1.
My issue here is with the site to site vpn. How would it work? Would my application know that there is a tunnel to 10.10.10.1 or would all traffic be routed to WAN 2 and then what happens?
There was a suggestion to do policy based routing based on the ports my application uses (https://help.ubnt.com/hc/en-us/articles/205223470-EdgeRouter-Policy-based-routing-for-destination-port) However, i think it is not necessary now since the application itself allows me to set the application provider IP address (10.10.10.1)
There was also another suggestion to set up 2 static routes for VPN, pointing to WAN 1 GW: remote ipsec vpn peer/32, and site to site remote subnet and default traffic goes out on GW2. I've read chapter 5 Routing on the Edge OS manual but am not sure how to do it for VPN.
I'm sorry if this is hard to understand but i'm probably not conversant with all the issues or even very sure of how things are supposed to work and I appreciate your assistance in directing me to the right setup. thanks.
↧
↧
2 WAN, 1 LAN, 1 site to site VPN - advice on setup
This is a follow up to my earlier post:
https://community.ubnt.com/t5/EdgeMAX/Advice-needed-before-purchase-Site-to-site-VPN-with-2-WAN-1x/m-p/1960376#M164338
As an update, this is what i need to do:
1) I have some PCs (PC A1 to PC Ai) that need to be connected through a site to site VPN to my application provider network to run a particular application via a Cisco ASA 5525
2) The rest of the PCs (PC B1 to Bn) just need to be connected to the internet
3) I will have 2 WAN lines, both with static IP and i will use WAN 1 for the site to site VPN and WAN 2 for normal internet
Home trial setup (1 WAN ,1 LAN, 1 site to site VPN):
So I bought 1 EdgeRouter Pro and 2 EdgeSwitch Lite, and tested it at home using 1 ER Pro and 1 ES Lite with 1 WAN and 1 LAN. Managed to set up the site to site VPN and got the application running. Internet was working fine too but this was on 1 WAN. Pretty pleased that I got so far.
Office setup (2 WAN, 1 LAN, 1 site to site VPN)
In the next week, I will be setting up the network, now with 2 ES lite and also with another WAN line. So it will be 2 WAN, 1 LAN and 1 site to site VPN.
This is what i visualize the network to be (IP address are largely made up):
1) eth0 and eth1: 2 WAN lines with IP 150.150.150.1 /32 and 200.200.200.1 /32 respectively
2) eth2 and eth3: 1 LAN across 2 ES lite with DHCP range 192.168.1.31 - 60 and 192.168.1.61 - 254 respectively
3) Couple of items with static IPs e.g. printers / NAS etc. with IP from 192.168.1.4 - 30
4) All internet traffic over WAN 2
5) Site to site VPN over WAN 1 to my application provider with WAN 100.100.100.1 /32 and remote subnet 10.10.10.1 /32
6) Do not need load balancing. However, would like normal internet to failover from WAN 2 to WAN 1. No need for site to site VPN to fail over from WAN 1 to WAN 2
Other comment:
My application actually requires me to set 10.10.10.1 as an input and when i do tracert (this was in my home setup where i only had 1 WAN), i can see that the packets go to 192.168.1.1 and then to 10.10.10.1.
Have a few clarifications:
Have googled and read a whole bunch of 2 WAN, 1 LAN setup guides and I think i can set up a 2 WAN, (with WAN 2 as the default gateway and WAN 1 for failover), 1 LAN using the wizard. After the wizard, I will proceed with setting up the site to site VPN using WAN 1.
My issue here is with the site to site vpn. How would it work? Would my application know that there is a tunnel to 10.10.10.1 or would all traffic be routed to WAN 2 and then what happens?
There was a suggestion to do policy based routing based on the ports my application uses (https://help.ubnt.com/hc/en-us/articles/205223470-EdgeRouter-Policy-based-routing-for-destination-port) However, i think it is not necessary now since the application itself allows me to set the application provider IP address (10.10.10.1)
There was also another suggestion to set up 2 static routes for VPN, pointing to WAN 1 GW: remote ipsec vpn peer/32, and site to site remote subnet and default traffic goes out on GW2. I've read chapter 5 Routing on the Edge OS manual but am not sure how to do it for VPN.
I'm sorry if this is hard to understand but i'm probably not conversant with all the issues or even very sure of how things are supposed to work and I appreciate your assistance in directing me to the right setup. thanks.
↧
EdgeRouter Router-On-A-Stick... VLAN on Eth0 + Switch with Ports1-4
Hi,
I'm hoping someone might beable to help. I'm having trouble with what I think is a pretty simple config on my ERX.
Basically I have an Existing Home Network with Internet connection, that I wish to connect onto but isolate my own Network off of the ERX.
The only complexity is that the cable that connects to the Eth0 carries the Existing Network (192.168.0.x), but additionally has Wifi clients for the Isolated Network (10.0.0.x) on it on VLAN100 (via Unifi AP).
Eth0 - Untagged = Existing Network + Internet
Eth0.100 = Isolated Network Unifi Wifi Devices
Eth1-4 = Isolated Network Cabled Devices
I was able to setup the Eth0.100 interface and assign it an IP and set up a DHCP server, but I'm having trouble getting Switch0 (with ports 1-4) connected. I think I'm fundamentally missunderstanding something, but have tried, enabling VLAN Aware and adding 100 to PVID and also tried VID. I tried giving Switch0 an IP on the same range, I also tried making a VLAN Interface for the Switch0 and giving that an IP, but nothing I plug into Ports1-4 gets an IP.
What am I missing here?
I assume everything on Port1-4 needs to be on VLAN100 and also on the Same IP Range as Eth0.100, but I can't seem to make that happen.
Any suggestions?
Fragility
↧
Can I have a DHCP-server with only static mappings?
Is it possible to create a DHCP-server with only static IP mappings? I want to create a spearate VLAN for a device I do not trust and I want me to be able to only have devices in that VLAN with statically mapped IP addresses.
Could I just remove the startstop entry from the snippet below or otherwise make sure my DHCP server only hands out statically mapped IP?
shared-network-name RESTRICTEDVLAN {
authoritative disable
subnet 192.168.4.0/24 {
default-router 192.168.4.1
dns-server bb:bb:bb:bb
dns-server aa.aa.aa.aa
lease 86400
start 192.168.4.10 {
stop 192.168.4.253
}
static-mapping deviceone {
ip-address 192.168.4.2
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping devicetwo {
ip-address 192.168.4.3
mac-address yy:yy:yy:yy:yy:yy
}
}
}
↧
Eaglerouter lite hardware offload support?
I have been getting confuse info on eaglelite hardware offload support. Anyone know what protocol is supported for hardware offload?
↧
↧
ERL issue. Can't connect printers and speakers.
I did an firmware upgrade a few weeks back and since then, the tenants are unable to connect WiFi printers, scanners, speakers, etc.
My ERL is running v1.9.1.1
I don't know enough about the router settings to see if something there needs to be changed.
Can someone point me in a direction ?
The balance of the system is (4) AC Lite APs connected to (2) ToughSwitch 5 port switches to the ERL.
Thanks.
↧
Charter IPv6 on EdgeRouter X
Charter started to support IPv6 in my area and I am able to get an IPv6 address using "Use DHCP for IPv6". However, I don't know how to go about giving IPv6 addresses to my clients over DHCP using the GUI or the CLI. Could someone help?
- Internet = ETH0
- Local Network (10.0.1.0) = ETH1
- IPv6 Address: 2600:xxxx:xxxx:100:dc63:61ee:20df:35c7/64
↧
Edgerouter + Softether OpenVPN Unable To See Whole Network
I have a VPS that is running Softether VPN server on it. I have it bridged to a local tap interface to allow the VPS server to join the network. I also have 2 ER (ERL and ER-X) connected using openVPN conf files and they successfully get an IP address from the DHCP server on the VPS (using the built in DHCP of Softether for now). I also can successfully ping both routers and the VPS from all 3 locations. They are connected via the openVPN interface (ends up making a tun connection)
Now comes the problem... I am unable to ping or connect to any device that is NOT the router. So if I have a PC on the ER-X network I am unable to ping/connect to the VPS via the VPN and visa versa. Im 90% sure its a firewall issue but I am not sure how to fix it. I can post my config if needed.
ER-X Network = 10.16.0.0/16
ERL Network = 10.10.0.0/16
VPN Network = 192.168.40.1/24
I can change the VPN network IP range if needed. I will attach a config later tonight when I get home. I have tried following the site-to-site instructions but that has no helped at all
↧