Hi guys,
Need your help in configuring ER-X as a VPN client (it can be OpenVPN client but I prefer PPTP or L2TP) and 'passing' that VPN connection only on the device that is connected on ETH2 for example. All other devices should use main connection (WAN on ETH1).
Thanks! 
Hi,
i am having the below setup.
Router 1( main office) ERL
Router 2(Remote office) ERX.
I have setup an openvpn between the two sites using the info from the below link
https://help.ubnt.com/hc/en-us/articles/204949694-EdgeRouter-OpenVPN-Site-to-Site
I am able to the ping the vpn interfaces from each other, so the VPN is up and working well.
Problem:
we have a webserver , and a VOIP server at the main office lan, which needs to be accessed from remote office. the remote office lan clients are unable to ping or access the webserver or the VOIP server, but can ping the main office router lan ip and vpn inrterface ip.
I read line by line from the above link , i dont know if i have missed or was unable to understand the last part of the giude using the Hairpin config, which should allow the lan clients to be able reach each other thru the tunnel.
I am new to this UBNT routers, this was a plain and simple setup on Mikrotik router on which i was working on previously.
I would apperciate some help here!..
Thanks
Regards
Rj
I am trying to light a tower that has an am skirt antenna on it. Thus far its been unsuccessful. I've tried every type of toughcable, shield and filter I can find. The am site is 1k at 930kHz. It also has a couple of FMs at 4k and 190w. I have other fm towers lit and havent had any issues. Just this one site.
This tower is kind of critical for my network plan so I think I'm going to try the EdgePoint and fiber to get past the skirt. I bought a 300ft fiber cable to go up the tower and then we'll put in a rocket m5 that we tried before to link to the other tower with a rocket m5 on it. Once I get this site lit and working as usage increases I will switch out to rocket acs. I know the limitation on this EPR6 is 24v poes.
For powering the unit I was going to use a 24dv power supply. Smallest I could find is 10a though. Is that too much? Would I be better off using a ubnt poe unit? I have a tplink ethernet to fiber adapter I will use to connect the tower building to the epr6 but its only for maintenance as I plan to go to other sites from this one.
Am I on the right track here? I've not done much with fiber but from what I've read this should help me get a working radio finally?
I recently switched from ER-X to ERLite due to the hwnat issue with comcast gigabit service. While that issue seems to have been resolved, I still have a general question about VPN clients. I'm using a PIA VPN client, but I only notice 5-10% decrease in my gigabit speed when directly connected to my ARRIS SB8200 modem (950 mbps -> 900 mbps). But when I hook up the ER-X (and subsequently ERLite) router, it seems to peak at 150 mbps.
Do I need to configure the ERL when using a VPN client? I don't have any VPN-related settings configured on the router side.
hello ubuqiti user
I wounder if anybody out there have some solution for me about config a open vpn Klient that is only assign to one of the fysical port. e.g eth3. The rest of the Lan port(eth 1,eth2,eth4) is not config for open vpn, it is linked as ordinary connection to Ips.
I have purpose to emanate from this code:
set interfaces openvpn vtun0 config-file /config/auth/midwest.ovpn
set interfaces openvpn vtun0 description 'Private Internet Access'
set interfaces openvpn vtun0 enable
set service nat rule 5000 description PIA
set service nat rule 5000 log disable
set service nat rule 5000 outbound-interface vtun0
set service nat rule 5000 source address 192.168.66.0/24
set service nat rule 5000 type masquerade
set service nat rule 5001 description default
set service nat rule 5001 log disable
set service nat rule 5001 outbound-interface eth0
set service nat rule 5001 source address 192.168.66.0/24
set service nat rule 5001 type masquerade
set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0
set firewall modify pia_route rule 10 description 'PIA'
set firewall modify pia_route rule 10 source address 192.168.66.0/24
set firewall modify pia_route rule 10 modify table 1
set interfaces switch switch0 firewall in modify pia_route
thios code i taken from Willie Howe youtube channel
from this i have some question?
Nr 1: The ip number 192.168.66/0 is where the switch0 it linked to?
Nr2: can i change switch0 to eth3? to get as i won't. And than i make a new subnet pool for eth 3. eg. 192.168.65/24
Hello ubuqiti User
I Have one question more. I want to make i black list for inbounding traffic for Wan_In interface. My purpose is to do it in GUI interface for the edge router X.
My solution for that is make some new firewall rules in the interfaces Wan_in. In default (wizard wan +2Lan2) the interface is set to drop all inbounding traffic, but I must have opportunity for outbound traffic
Ruleset
1: action: Accept, state: establish/related (The first Rulset is set by default, purpose for outbound traffic) 2: action:Accept, state: establish/related, Source: 8.8.4.4 port 53(dns)
3: action:Accept, state: establish/related, Source: port 443(https, purpose for outbound traffic)
3: action:Accept, state: establish/related, Source: port 80(http, purpose for outbound traffic)
4: action: Accept, state: establish/related, Source: e.g 216.192.63.2(http, purpose for allow sign inbounding traffic)
5:action: drop, state: establish/related(,purpose for drop all other inbound traffic)
I am on the right track or this totally wrong. The result is that is don’t work. Why?
I am trying to setup an IPSEC IKEv2 firewall on my edgerouter x. I followed the information posted here https://community.ubnt.com/t5/EdgeMAX/iPhone-IKEv2-VPN-Config-ER-1-9-0-iOS-10/td-p/1704651.
Only things that are different is I filled in my actual certificates. Using swanctl -T I have connection propely estabilished and everything looks good.
I am now trying to sort out the firewall rules. I have two different rulesets right now, eth0/in and eth0/local where eth0 is my wan port.
My question is all incoming traffic from the internet ALWAYS going to be routed via on the eth0/local while the VPN traffic will be routed via the eth0/in ruleset? I am pretty sure this is true, I just wanted to make sure before I start opening up access and inadvertently expose my network.
So Im really confused as to why SSH, HTTP, HTTPS and DNS ports are all enabled and accessable externaly. I ran the wizard and never touched the default rules it generated. I really dont think this is normal? It was my understanding that all external access is blocked when the wizards is used. Screenshot of a portscan below.
How can I remove external acces the the admin GUI, SSH and DNS? Really the more concerning question is why the heck is this all enabled? Did I just misunderstand and this is normal?
I have 2 Edge Power units with new PSU units. One unit shows output voltage of 22.7 Volts and the other unit shows 54 volts like it should. where do i go from here? is the unit bad?
Hey Guys,
I decided to change my whole networking gear and go full UBNT for routing and APs. I have an Edgerouter SFP and was wondering how it would be possible to get two VLANs to broadcast to eachother. I was able to setup VLAN for WiFi. I can ping the LAN but unable to broadcast.
for example, I cannot cast anything to chromcast from any PC thats is wired.
Wired is on 10.10.10.0/24 and wifi on 172.26.0.0/24. Also via wifi I an unable to access any \\server via hostname.
DHCP has correct settings to internal DNS. IGMP proxy? multicast? This is all new to me. I am used to good old juniper CLI from 2005 
Any help would be appreciated Thanks guys!
So I have a Raspberry PI I setup as a kinda IDS using this: https://github.com/musicmancorley/BriarIDS
I setup mirrioring so all traffice from eth0 is mirriored to eth2 where the Pi is. Problem is I dor really see any traffic on the Pi. I remember reading that TCP offload had to be turned off for mirrioring but it looks to me like its disabled by default on my ER-X.
username@ubnt:~$ show ubnt offload
IPSec offload module: not loaded
HWNAT offload module: not loaded
Traffic Analysis :
export : disabled
dpi : disabled
version : 1.302
username@ubnt:~$ ^CAm I misunderstanding how port mirrioring works?
UBNT has these similar looking supply modules.
RPS-AC/DC-100W
EP-54V-150W-AC/DC
Having not seen both of these in the flesh, I can't answer the question of whether they are interchangeable - apart from the obvious difference on power (watts) capacity.
For example, if an RPS (100W) module failed, could it be replaced with an EP (150W) module?
Anyone know where to get detailed scpec on the RPS-AC/DC-100W products?
1.9.7 patch 1
Trying to setup load balancing and when I create a very simple firewall rule:
set firewall modify loadbalance rule 1 set firewall modify loadbalance rule 1 action modify set firewall modify loadbalance rule 1 destination group network-group RFC1918 set firewall modify loadbalance rule 1 modify table main
On commit I get:
[ firewall modify loadbalance ] Error: [sudo /sbin/iptables-restore -n -v 2> /tmp/iptables.out] = 512 Iptables restore OK Commit failed
Here is that RFC group if it helps:
firewall {
all-ping enable
broadcast-ping disable
group {
network-group RFC1918 {
network 10.0.0.0/8
network 172.16.0.0/12
network 192.168.0.0/16
}
}
Anyone else run into this error trying to manually setup load balancing? Running the wizard is not an option for me in this case and I haven't seen this error before... perhaps I've missed something here... There is more to the command but I backtracked and the first section is where my trouble is starting..
This problem has thrown me for a loop many times over.
Create a new DHCP service, give it a range, assign an interface to it. Plug something into the designated interface, and no DHCP addresses are handed out on the new service. It takes a reboot of the ERX for it to start working. Seems like I've had this happen on both the ER3 and the ER8 as well.
Further, any changes made to the DHCP service cause that service to stop functioning. Requiring a reboot of the router again.
This is further compounded by the fact that any changes made are not picked up by an attached ES8 via SFP, requiring the ES8 to be rebooted as well.
DHCP service doesn't seem very hardy.
This seems to be broken behaviour.
Hello All,
I recently got an Edge Router Lite speed to run with my tp-link 48 port 4 SPF managed switch for my home networking project. My old setup was just a direct connection from LightSpeeds fiber to ether box to my Asus AC5300 router which I was getting 940 Mbps on wired.
Now with the Edge router setup with the basic configuration wizard and a few changes listed below, I am only able to get 200 Mbps and some test come back with 65 Mbps
Network layout
Internet - Edge Router Lite - Managed Switch (in dummy mode) - Asus router in Access point mode - Desktop.
I know this is a little messy and will change once I get the router fully configured.
Changes,
Hardware Offloading is enabled
DNS forwarding is setup to go to OpenDNS
4 Vlan;s are created but disabled for planned future use after this is resolved.
EdgeOS 1.9.7
Attached is a Sanitized configuration
Hi,
I guess this fix only applies to addresses that don't have a static mapping?
Thanks,
->g.
Dear Colleagues,
That's great to hear the troughputs that this new router have.
I have some more questions that are not dosclosed.
So I need some answers to this question as We are planning to have 50 office branches to have IPSEC tunnels to this Infinity Routers.
1. Does anyone knows what is the troughput of IPSEC tunnel connection on this new router?
2. Can I plug SFP (1gbit) modules into SFP+ slots on this router?
It would be great to have also someone from UBNT team to be involved.
Thanks,
I've seen these symptoms a few times, but only went investigating today...
I'm currently running an ERLite-3, on v1.9.7, though I've seen the symptoms on at least v1.9.1, possibly earlier.
What appears to be happening is the cry of "the internet isn't working" - I'm sure many of you are familiar with.
Logging in to the ER via SSH and running the following appears to resolve the problem:
disconnect interface pppoe0 connect interface pppoe0
Then (this is something I've not looked into before) I had a look into the pppoe0 log:
$ show interfaces pppoe pppoe0 log [...] Connected to 24:af:4a:c0:fe:b8 via interface eth2 using channel 3 Using interface ppp0 Connect: ppp0 <--> eth2 sent [LCP ConfReq id=0xc <magic 0xd6b7c0a8>] rcvd [LCP ConfReq id=0x28 <mru 1500> <auth chap MD5> <magic 0x44d506d1>] lcp_reqci: returning CONFACK. sent [LCP ConfAck id=0x28 <mru 1500> <auth chap MD5> <magic 0x44d506d1>] rcvd [LCP ConfAck id=0xc <magic 0xd6b7c0a8>] IPCP: Up event in state 2! rcvd [CHAP Challenge id=0x1 <7ba473abe3926f953a8720eaaf87d1d50958eaf847539bb87f31a7379362b60f072a3aeb3c>, name = "acc-aln1.chl"] sent [CHAP Response id=0x1 <95648340d2d874590629da878e389176>, name = "bthomehub@btbroadband.com"] rcvd [CHAP Success id=0x1 "CHAP authentication success"] CHAP authentication succeeded: CHAP authentication success CHAP authentication succeeded peer from calling number 24:AF:4A:C0:FE:B8 authorized sent [IPCP ConfReq id=0x5 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>] rcvd [IPV6CP ConfReq id=0xf2 <addr fe80::0221:05ff:fead:9024>] Unsupported protocol 'IPv6 Control Protovol' (0x8057) received sent [LCP ProtRej id=0xd 80 57 01 f2 00 0e 01 0a 02 21 05 ff fe ad 90 24] rcvd [IPCP ConfReq id=0x5 <addr 172.16.16.4>] ipcp: returning Configure-ACK sent [IPCP ConfAck id=0x5 <addr 172.16.16.4>] rcvd [IPCP ConfNak id=0x5 <addr 86.150.246.82> <ms-dns1 81.139.57.100> <ms-dns3 81.139.56.100>] sent [IPCP ConfReq id=0x6 <addr 86.150.246.82> <ms-dns1 81.139.57.100> <ms-dns3 81.139.56.100>] rcvd [IPV6CP TermReq id=0xf3] Unsupported protocol 'IPv6 Control Protovol' (0x8057) received sent [LCP ProtRej id=0xe 80 57 05 f3 00 04] rcvd [IPCP ConfAck id=0x6 <addr 86.150.246.82> <ms-dns1 81.139.57.100> <ms-dns3 81.139.56.100>] ipcp: up Script /etc/ppp/ip-pre-up started (pid 28852) Script /etc/ppp/ip-pre-up finished (pid 28852), status = 0x0 local IP address 86.150.246.82 remote IP address 172.16.16.4 primary DNS address 81.139.57.100 secondary DNS address 81.139.56.100 Script /etc/ppp/ip-up started (pid 28902) rcvd [IPV6CP TermReq id=0xf4] Unsupported protocol 'IPv6 Control Protovol' (0x8057) received sent [LCP ProtRej id=0xf 80 57 05 f4 00 04] Script /etc/ppp/ip-up finished (pid 28902), status = 0x0 No response to 6 echo-requests Serial link appears to be disconnected. ipcp: down Connect time 3.3 minutes. Sent 577556 bytes, received 876900 bytes. Script /etc/ppp/ip-down started (pid 29135) sent [LCP TermReq id=0x10 "Peer not responding"] sent [LCP TermReq id=0x11 "Peer not responding"] Script /etc/ppp/ip-down finished (pid 29135), status = 0x0 Connection terminated: no multilink. Modem hangup LCP: Down event in state 0! Connected to 00:1d:aa:8a:7b:6c via interface eth2 using channel 4 Using interface ppp0 Connect: ppp0 <--> eth2 sent [LCP ConfReq id=0x12 <magic 0x131763af>] sent [LCP ConfReq id=0x12 <magic 0x131763af>] sent [LCP ConfReq id=0x12 <magic 0x131763af>] [...] sent [LCP ConfReq id=0x12 <magic 0x131763af>] sent [LCP ConfReq id=0x12 <magic 0x131763af>] sent [LCP ConfReq id=0x12 <magic 0x131763af>] Fri Jan 9 16:40:43 UTC 2015: User attie stopping PPP daemon for pppoe0 by disconnect command Terminating on signal 15 sent [LCP TermReq id=0x13 "User request"] sent [LCP TermReq id=0x14 "User request"] Connection terminated: no multilink. Modem hangup Fri Jan 9 16:40:52 UTC 2015: User attie starting PPP daemon for pppoe0 by connect command Connected to 24:af:4a:c0:fe:b8 via interface eth2 using channel 5 Using interface ppp0 Connect: ppp0 <--> eth2 sent [LCP ConfReq id=0x1 <magic 0x7be54fdb>] rcvd [LCP ConfReq id=0x87 <mru 1500> <auth chap MD5> <magic 0x605460c3>] lcp_reqci: returning CONFACK. sent [LCP ConfAck id=0x87 <mru 1500> <auth chap MD5> <magic 0x605460c3>] rcvd [LCP ConfAck id=0x1 <magic 0x7be54fdb>] sent [LCP EchoReq id=0x0 magic=0x7be54fdb] rcvd [CHAP Challenge id=0x1 <27e65c0c8e1ba213f4d8cd913a9720f0d07b1739297932004683337c63d7398a3e9516ccb038>, name = "acc-aln1.chl"] sent [CHAP Response id=0x1 <456de5f95d8284111130fedb485f4357>, name = "bthomehub@btbroadband.com"] rcvd [LCP EchoRep id=0x0 magic=0x605460c3] rcvd [CHAP Success id=0x1 "CHAP authentication success"] CHAP authentication succeeded: CHAP authentication success CHAP authentication succeeded peer from calling number 24:AF:4A:C0:FE:B8 authorized sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>] rcvd [IPV6CP ConfReq id=0xe8 <addr fe80::0221:05ff:fead:9024>] Unsupported protocol 'IPv6 Control Protovol' (0x8057) received sent [LCP ProtRej id=0x2 80 57 01 e8 00 0e 01 0a 02 21 05 ff fe ad 90 24] rcvd [IPCP ConfReq id=0xc9 <addr 172.16.16.4>] ipcp: returning Configure-ACK sent [IPCP ConfAck id=0xc9 <addr 172.16.16.4>] rcvd [IPCP ConfNak id=0x1 <addr 86.189.232.46> <ms-dns1 81.139.56.100> <ms-dns3 81.139.57.100>] sent [IPCP ConfReq id=0x2 <addr 86.189.232.46> <ms-dns1 81.139.56.100> <ms-dns3 81.139.57.100>] rcvd [IPV6CP TermReq id=0xe9] Unsupported protocol 'IPv6 Control Protovol' (0x8057) received sent [LCP ProtRej id=0x3 80 57 05 e9 00 04] rcvd [IPCP ConfAck id=0x2 <addr 86.189.232.46> <ms-dns1 81.139.56.100> <ms-dns3 81.139.57.100>] ipcp: up Script /etc/ppp/ip-pre-up started (pid 4492) Script /etc/ppp/ip-pre-up finished (pid 4492), status = 0x0 local IP address 86.189.232.46 remote IP address 172.16.16.4 primary DNS address 81.139.56.100 secondary DNS address 81.139.57.100 Script /etc/ppp/ip-up started (pid 4543) rcvd [IPV6CP TermReq id=0xea] Unsupported protocol 'IPv6 Control Protovol' (0x8057) received sent [LCP ProtRej id=0x4 80 57 05 ea 00 04] Script /etc/ppp/ip-up finished (pid 4543), status = 0x0
The "LCP ConfReq" lines are repeated over and over, just after the link is determined to be down - "No response to 6 echo-requests".
It looks like it just dumbly continus requesting config, while getting no response back... Could we alter this to fail after ~6 ConfReq attempts, and then fallback to a full down/up?
I'm happy to alter scripts to help iron out the problem, but unfortunately this is not a common occurence for me, so we may be here a while!
Thanks for any help,
Attie
Edit:
I'm upgrading to v1.9.7+hotfix.1 now...
Does anyone know what a ConfReq with ID of 0x12 is asking for?
Hi Guys
So i'm trying to set up a IPsec site-to-site connection.
So far no luck, router 1 is basically a completely "clean/reset" router with IPsec set up.
For router 1 a "show vpn log" command yields the following:
Aug 10 07:37:14 00[DMN] Starting IKE charon daemon (strongSwan 5.2.2, Linux 3.10.14-UBNT, mips)
For router 2 the setup is a bit more complicated, see below. (basically I have two internet connections one of which has 3 public IPs the other only 1).
Router 2 setup (i've edited out a bunch of firewall port rules and DNAT/SNAT settings for simplicity sake, let me know if you need them to work out what is wrong)
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
modify SOURCE_ROUTE {
rule 10 {
action modify
description "Gigabit traffic"
modify {
table 1
}
source {
address 192.168.6.16/29
}
}
rule 20 {
action modify
description "Hiber traffic"
modify {
table 2
}
source {
address 192.168.6.0/24
}
}
}
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}** Lots of firewall rules for various servers cut out**
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 212.xx.xx.xx/26
address 212.xx.xx.xx/26
address 212.xx.xx.xx/26
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth1 {
description Local
duplex auto
speed auto
vif 101 {
address dhcp
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
}
}
ethernet eth2 {
description Local
duplex auto
speed auto
}
ethernet eth3 {
description Local
duplex auto
speed auto
}
ethernet eth4 {
description Local
duplex auto
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.6.1/24
description Local
firewall {
in {
modify SOURCE_ROUTE
}
}
mtu 1500
switch-port {
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 212.xx.xx.xx {
}
next-hop 213.xx.xx.xx {
}
}
table 1 {
route 0.0.0.0/0 {
next-hop 212.xx.xx.xx {
}
}
}
table 2 {
route 0.0.0.0/0 {
next-hop 213.xx.xx.xx {
}
}
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN {
authoritative enable
subnet 192.168.6.0/24 {
default-router 192.168.6.1
dns-server 192.168.6.16
lease 86400
start 192.168.6.100 {
stop 192.168.6.243
}
}
}
use-dnsmasq disable
}
dns {
forwarding {
cache-size 150
listen-on switch0
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {** a bunch of DNAT and SNAT settings cut out**
rule 5003 {
description "masquerade for WAN"
log disable
outbound-interface eth1.101
protocol all
type masquerade
}
rule 5004 {
description "masquerade for WAN"
log disable
outbound-interface eth0
protocol all
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
host-name ubnt
login {
user *** {
authentication {
encrypted-password ***
plaintext-password ""
}
full-name "***"
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat enable
ipsec enable
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
traffic-analysis {
dpi enable
export enable
}
}
vpn {
ipsec {
auto-firewall-nat-exclude enable
esp-group FOO0 {
compression disable
lifetime 3600
mode tunnel
pfs enable
proposal 1 {
encryption aes128
hash sha1
}
}
ike-group FOO0 {
ikev2-reauth no
key-exchange ikev1
lifetime 28800
proposal 1 {
dh-group 14
encryption aes128
hash sha1
}
}
site-to-site {
peer 193.xxx.xxx.xxx {
authentication {
mode pre-shared-secret
pre-shared-secret ****
}
connection-type initiate
description "test tunnel"
ike-group FOO0
ikev2-reauth inherit
local-address 213.xxx.xxx.xxx
tunnel 1 {
allow-nat-networks disable
allow-public-networks disable
esp-group FOO0
local {
prefix 192.168.6.0/24
}
remote {
prefix 192.168.1.0/24
}
}
}
}
}
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.9.1.1.4977602.170427.0113 */if I run "show vpn log" on router 2 I get a lot of
[IKE] <peer-193.xxx.xxx.xxx-tunnel-1|x> initiating Main Mode IKE_SA peer-193.xxx.xxx.xxx-tunnel-1[x] to 193.xxx.xxx.xxx
and
[KNL] creating aquire job policy for 192.168.6.xx/32 [tcp/xxx] == 192.168.1.xxx[tcp/xxx] with reqid {1}
finally the entry i think is the problem:
[KNL] Unable to install source route for 192.168.6.1
I found this post here which has the following advice but no description of how to do it:
"you need to explicitely tell VPN source traffic on WAN_in to use main routing table"
I don't know if the above is the solution, but if it is, would anyone help guide me in how to do the above?
Thanks
Jacob
2 nvr's, and on port forward on gui got just tcp_udp forward
can't find on forum