Hello,
I'm trying to setup a Site-to-Site IPSec VPN between two EdgeOS devices. When I submit the config, however, nothing happens. I don't see any new network interfaces or routes. I can't ping the router on the remote network, nor do I see any info in /var/log/messages. Any thoughts on what's wrong here or how I can troubleshoot it?
Im currently helping out a friend who bought a ER-X and a UAP-AC-M in the belief that the ER-X were able to power the AP thorugh the PoE passthrough port.
Unfortunatly the AP is only able to power up when connected to its own PoE adapter.
According to any documation i've found so far it should be possible since they both run 24V passive PoE.
Am i missing something obvious or are the ER-X really unable to do the task?
Hi all,
The GUI for my ERlite-3 stopped working after I upgraded from 1.9.1 to 1.9.7. I did some investigation and found that the lighttpd conf was pointing to a config to load PHP (which is now removed). I removed that line and it looks like lighttpd is now running, but when I visit the GUI, I get a 404.
I'd like to avoid hard resetting the router, so is there a way to just reset the entire GUI config and lighttpd configuration? The only modifications I had were to enable Let's Encrypt, so if I had to do that again, it wouldn't be the end of the world.
Thanks,
Andrew
Hello,
I know there are problems by using the ERPoe-5 config on a ER-X-SFP.
Is their any possibility to migrate the ERPoe-5 config for using it on a ER-X-SFP?
Thanks.
Best regards
Martin
hello to everybody.
i am facing a little problem so any kind of help is much appreciated.
i want to add a large number of static hosts to my edge router and i dont want to do this through gui by entering them one by one. i have a text file with ip addresses, mac add. and host names. is there a way to "copy paste" these addresses to the configuration file? or another way more quick than the standard "one by one"?
thanks in advance
Hello
I've been looking around and havent found solution for my very basic needs (maybe I saw it, but didn't understand)
We have a edgerouter lite with the following setup
ETH0 to the WAN
ETH1 to a firewall and from the FW to the LAN (there we have our DHCP server)
ETH4 to a wifi AP
all tutorials I find use doferent ETH ports for the LAN and for the DMZ... our idea is to have on ETH1 a DMZ ip pointing to our firewall, but couldnt find how to do it trough GUI, any help please?
thanks!
Hi,
I've just got my first edgerouter x to play with and I'm trying to get it set up to give me an ipsec tunnel from home to my office. I have a static ip at work and a pfsense, but dynamic at home. From what I've read i've got to configure the pfsense to allow ipsec mobile clients which I've done, but now I can't work out where to enter the user info created in pfsense in edgeos.
I've followed the pfsense guide here - https://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To - and I've got it working from an Android phone, but am stuck with the Edgerouter.
Anyone had any luck with this setup?
Cheers,
Chris
Hi,
my EdgeRouter Pro (v1.9.1.1) running IPsec/l2tpd server stopped working.
1/ Restarting vpn or even reboot doesn't help. The xl2tpd demon refuses to start.
VPN-2:~$ ps aux | grep xl2tpd
memyself 2869 0.0 0.0 2320 568 pts/0 R+ 12:00 0:00 /bin/busybox grep xl2tpd
2/ Here's what the log shows :
VPN-2:~$ grep xl2tp /var/log/messages
Aug 8 13:30:44 INCAPPTIC-VPN-2 xl2tpd[1876]: init_network: Unable to bind socket: Cannot assign requested address. Terminating.
3/ I upgraded to v1.9.7, same problem.
4/ I found a workaround here : https://lists.openswan.org/pipermail/users/2013-July/022546.html
So changing from "leftprotoport 17/1701" to "leftprotoport 17/%any" in /etc/ipsec.d/tunnels/remote-access solved the problem.
But the change will not be persistant after a reboot.
Does someone had the issue, any idea how to fix that ?
Thanks
henri
I need a little guidance here. I have a network I installed for a small school that consists of an ERL and two ES-24port devices. Then I have about 10 Unifi AP devices scatterd on campus. I have 3 VLANs setup to work with the AP devices with 3 seperate SSIDs broadcast. Overall between teachers, students, notebooks and iPads there are probably 120 devices at any point in time on the network.
VLAN 1 (default) is SSID called "School" and if you join that SSID the DHCP address is handed out by a Windows 2012R2 server with (10.0.0.x)/24.
VLAN 20 is SSID called "Cart" and if you join that SSID the DHCP address is handed out by the ERL with (10.0.1.x)/24. This is for student notebooks and iPads.
VLAN 30 is SSID called "Phone" and if you join that SSID the DHCP address is handed out by the ERL with (10.0.2.x)/24. Use this for just phones.
Everything looks correct and and it's functioning for the most part but I am having an issue with 20 and 30 and getting an IP address to connected devices. The kids may have a class of 20 all on their notebooks and they are having issues getting an IP address and it won't connect and they have to try several times. Now if anyone uses the "School" then the Windows 2012R2 hands out the IP immediatly.
I am not sure if I have configured something incorrectly but I can't understand the delay in 20 and 30. Is the ERL the best router device to use with the ES-24 and the Unifi APs or should I look at another device like the Unif Secure Gateway (or Pro)?
Thanks
-Richard
so on the er8
how do i get the wan on sfp eth6
to talk to the lans on eth2, eth3, and eth4
since the er8 does not have a switch chip...
shall I use vlan or use static routes or use nat for routing
Hello,
I noticed that one of my routers was still accessible from external so I made some changes that I thought I did before.
After applying
configure set service gui listen-address 192.168.0.10
the router kicked me out and the only way I can still access it is via the console port.
I had a rule on wan-in that blocked my 4443 port it seems to be active on the local lan aswell or something else is wrong.
what would be an ideal way to recover access to this router again?
maybe a reboot would fix something?
I have a backup from a year ago but I prefer an easier fix as I don't know if I made some changes since that backup.
Hi All,
EdgeOS Version and Package Changes
----------------
Version: v1.9.7
Build ID: 5001797
Build on: 07/20/17 01:29
Copyright: 2012-2017 Ubiquiti Networks, Inc.
HW model: EdgeRouter X SFP 6-Port
HW S/N: F09FC26471C2
Uptime: 19:30:27 up 7 min, 1 user, load average: 1.08, 0.93, 0.50
---------------
My router throwing the below syslog messages:
INFO: rcu_sched self-detected stall on CPU { 2} INFO: rcu_sched detected stalls on CPUs/tasks:
Out of memory: Kill process 1585 (python) score 41 or sacrifice child
Killed process 1585 (python) total-vm:62160kB, anon-rss:10432kB, file-rss:0kB
INFO: rcu_sched self-detected stall on CPU {INFO: rcu_sched detected stalls on CPUs/tasks:
INFO: rcu_sched self-detected stall on CPU {INFO: rcu_sched detected stalls on CPUs/tasks:
INFO: rcu_sched self-detected stall on CPU { 2} INFO: rcu_sched detected stalls on CPUs/tasks:
INFO: rcu_sched self-detected stall on CPU { 2} INFO: rcu_sched detected stalls on CPUs/tasks:
INFO: rcu_sched self-detected stall on CPU
INFO: rcu_sched self-detected stall on CPU {INFO: rcu_sched detected stalls on CPUs/tasks:
INFO: rcu_sched self-detected stall on CPUINFO: rcu_sched detected stalls on CPUs/tasks:
INFO: rcu_sched self-detected stall on CPU
INFO: rcu_sched self-detected stall on CPU
INFO: rcu_sched self-detected stall on CPUINFO: rcu_sched detected stalls on CPUs/tasks:
Out of memory: Kill process 1584 (lighttpd) score 11 or sacrifice child
INFO: rcu_sched self-detected stall on CPU { 2} INFO: rcu_sched detected stalls on CPUs/tasks:
INFO: rcu_sched self-detected stall on CPU {INFO: rcu_sched detected stalls on CPUs/tasks:
INFO: rcu_sched self-detected stall on CPU {INFO: rcu_sched detected stalls on CPUs/tasks:
INFO: rcu_sched self-detected stall on CPU {INFO: rcu_sched detected stalls on CPUs/tasks:
INFO: rcu_sched self-detected stall on CPU
INFO: rcu_sched self-detected stall on CPUINFO: rcu_sched detected stalls on CPUs/tasks:
Out of memory: Kill process 1245 (charon) score 5 or sacrifice child
Out of memory: Kill process 1284 (charon) score 5 or sacrifice child
Killed process 1284 (charon) total-vm:149624kB, anon-rss:1424kB, file-rss:0kB
After 1-2 days uptime. No traffic can pass through
Hello,
I am wondering if there are certain steps to take to change the subnet on my LAN. Right now it is using the default IP/Mask. I am running out of IP address and would like to change the IP and subnet, maybe to something like 10.20.30.0/23. Do I create a temporary interface on say Eth2 so everyone can still connect, change the IP/mask and then swap them back over? Would that be the safest method?
Thanks!
I've looked, but can only find that Ctrl-Z is supposed to return (Page 35 on https://dl.ubnt.com/guides/edgemax/EdgeSwitch_CLI_Command_Reference_UG.pdf)
But when I try "show tech-support", it does not work.
Can I break or stop the "show tech-support"-command, when the listing has started?
(using a Mac and have tried both ssh from terminal and cli from gui)
I've figured out a workaround for now, but unsure if this is a bug or just artifact of what I'm doing.
So here is the scenario:
I have a EdgeRouter X w/ a mac mini and macbook pro plugged into it.
Mac Mini connects to a PIA VPN service, while my macbook pro VPN's to a work VPN service.
All is good, mostly.
My main issue spawns from the fact that I have some issues getting to some sites from my macbook pro while on VPN. Those same sites work when I'm off VPN. First thought my VPN is an issue, however, if I disconnect my mac mini from PIA VPN and reconnect macbook pro to work VPN, those same sites work just fine.
So my current workaround is just to have my mac mini disconnect from PIA when I'm working on macbook pro. What I'm trying to figure out is how I can troubleshoot this problem. Basically those sites that don't work return a Error 504 Bad Gateway error.
I have a feeling that when I request these certain sites, it attempts to send back to some invalid path back to me.
The specific sites I have issues with are:
blogs.vmware.com
vmware.com <-- Sometimes
kb.vmware.com
Any pointers or assistance would be appreciated.
Network:
CiscoSwitch<>EPR-6<>PowerBeam<>PowerPeam<>EPR-6
Config on EPR-6
Issue:
on the CiscoSwitch i can see the PowerBeam Devices over CDP
on the EPR-6 i can see the PowerBeam and the CiscoSwitch with show lldp neighbors
but ich can't see the EPR-6 on any other device
is there an option to enable sending lldp/cdp on EPR-6 ?
Quagga is completely and utterly infuriating. But that's not news. Anyway.
I have two BGP peers on my EdgeRouter X. One works fine, the other does not.
They are both using the same prefix filters, which obviously rules that out.
In both cases, I am receiving routes from the peers.
show ip bgp neighbors a.a.a.a received-routes show ip bgp neighbors b.b.b.b received-routes
... both show the expected routes. However, when asking for which routes were accepted:
show ip bgp neighbors a.a.a.a routes show ip bgp neighbors b.b.b.b routes
... only the first peer shows me any accepted routes. The second peer is accepting no routes.
I thought that maybe the problem is that Quagga does not see the next-hop as routable, but both routes exist in the routing table.
The only difference being that, in case a.a.a.a, both peers are in the same single /30. In case b.b.b.b, the peers are not in the same /30, but are instead point-to-point with static /32 interface routes configured.
Does this mean that the ER-X is not capable of using a point-to-point link for BGP? Is there some way around this?
Is it possible to see why Quagga is rejecting the routes? Is that logged anywhere?
Any thoughts appreciated.
Hello,
I'm trying to make a router-on-a-stick configuration with my edgemax router and a cisco switch (Catalyst 3560 PoE). On this moment just to test a lot of things, but in the future (when the renovations of the house are over and all hardware is placed where it belong) I wanna make up such kind of configuration (now the router and switch are just on my desk).
The hardware setting is like on the picture.
I've created VLAN on the my router, eth1.10 and eth1.20 and added a dhcp server on it.
eth1.10 network/subnet: 192.168.11.0/24
eth1.20 network/subnet: 192.168.12.0/24
On the cisco switch i'll made the next configuration.
en conf t vlan 10 name guest vlan 20 name office vlan 30 name cctv vlan 99 name management exit int range fa0/1-4 swi acc vlan 10 no shut int range fa0/5-8 swi acc vlan 20 no shut int range fa0/9-12 swi acc vlan 30 no shut int G0/1 switchport trunk encapsulation dot1q swi mode trunk no shut exit interf vlan 99 ip add 192.168.1.254 255.255.255.0 no shut end
When I'll try this, I'll don't get an IP from the dhcp server and if I'll give myself an static ip from that vlan range, i'll can't ping from vlan 10 to vlan 20.
Do I'll have to add a firewall rule or something? (I don't know how to configure the router with cli and followed only some youtube movies about it)
It's also a long time ago that i'll configured cisco switches... so there also can be something wrong.
Can someone help me?
Tried setting up av IPv6 tunnel, but messed it up and wanted to delete it to start fresh. But I can't delete the tunnel:
configure delete interfaces tunnel tun0 commit [ interfaces tunnel tun0 6rd-default-gw ::213.167.115.92 ] RTNETLINK answers: No such process Commit failed
Any idea?
Need help on how to specify the rule\config to do the following:
eth0: 192.1.1.1 and 192.1.1.2 (WAN)
eth1: 192.168.100.1/24
Trying to port forward:
192.1.1.1 port 80 to 192.168.100.10 (first server)
192.1.1.2 port 80 to 192.168.100.20 (second server)
This can be done in 5 minutes with Cisco, Linksys, Netgear, D-Link, etc., but I just cannot figure out (after spending 3 hours) on the EdgeMax Router with OS v 1.9.7
The port forwarding page\option does not have a way to specify the secondary WAN IP address which should be simple to add... but cannot find it.
