I'm trying to add a second address to my outside interface so that I can talk to my cable modem at 192.168.100.1 .   On a plain linux system I would do: 

/sbin/ip addr add 192.168.100.2/24 dev eth0

Doing the comprable thing through the ubnt tools gets me an error. 

[edit]
root@gw# set interfaces ethernet eth0 address 192.168.100.2/24
[edit]
root@gw# commit
[ interfaces ethernet eth0 ]
Cannot configure static IPv4 address and DHCP on the same interface.

Commit failed

This strikes me as unessessarily restrictive.   I've been running exactly this alias on previous routers under both Fedora and LEDE/OpenWRT and it works just fine.  Is there something else that I could try to get that alias assigned to the interface?

I did try putting the "ip addr add ..." line in /etc/rc.local but it appears that file is run too early before the interface is set up or something.   The interface never has the alias assigned.   If I run rc.local by hand after the machine is fully up the expected happens and I get my alias and can talk to the modem.

Using an Edgerouter X on v1.10.5 firmware 

I'm unable to connect via VPN a pppoe's WAN connection.

eth0 is connected as WAN to a cable modem (Telenet specifc brand) in bridged mode using dhcp

eth1 is connected as WAN to a VDSL modem (BBox 3V+) in bridged mode using pppoe 

thus a pppoe1 interface exists with MTU1492

both eth0 and pppoe1 have a working dyndns hostname.

When I configure the VPN settings according to the following help artciel EdgeRouter - L2TP IPsec VPN Server

It works when connecting throught the Telenet internet connecting and it's corresponding external ip address. But I can't the VPN connection up when using the external ip address of the pppoe1 connection.

ipsec and sa come up, but then something seems to be failing and timeing out.

thus users and passwords, passphrases are correct.

The strange thing is, even when configuring pppoe1 as the external wan interface to use for the VPN connection, when connecting to the external ip of the eth0 WAN interface the VPN conection is established.

firewall {
    all-ping enable
    broadcast-ping disable
    group {
        network-group PRIVATE_NETS {
            network 192.168.0.0/16
            network 172.16.0.0/12
            network 10.0.0.0/8
        }
    }
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians disable
    modify balance {
        rule 10 {
            action modify
            description "do NOT load balance lan to lan"
            destination {
                group {
                    network-group PRIVATE_NETS
                }
            }
            modify {
                table main
            }
        }
        rule 20 {
            action modify
            description "do NOT load balance destination public address"
            destination {
                group {
                    address-group ADDRv4_eth0
                }
            }
            modify {
                table main
            }
        }
        rule 30 {
            action modify
            description "do NOT load balance destination public address"
            destination {
                group {
                    address-group ADDRv4_pppoe1
                }
            }
            modify {
                table main
            }
        }
        rule 70 {
            action modify
            modify {
                lb-group G
            }
        }
    }
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
        rule 30 {
            action accept
            description ike
            destination {
                port 500
            }
            log disable
            protocol udp
        }
        rule 40 {
            action accept
            description esp
            log disable
            protocol esp
        }
        rule 50 {
            action accept
            description nat-t
            destination {
                port 4500
            }
            log disable
            protocol udp
        }
        rule 60 {
            action accept
            description l2tp
            destination {
                port 1701
            }
            ipsec {
                match-ipsec
            }
            log disable
            protocol udp
        }
    }
    options {
        mss-clamp {
            mss 1412
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address dhcp
        description WAN
        duplex auto
        firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
        }
        speed auto
    }
    ethernet eth1 {
        description "WAN 2"
        duplex auto
        pppoe 1 {
            default-route auto
            firewall {
                in {
                    name WAN_IN
                }
                local {
                    name WAN_LOCAL
                }
            }
            mtu 1492
            name-server auto
            password ****************
            user-id pppoe-username
        }
        speed auto
    }
    ethernet eth2 {
        duplex auto
        speed auto
    }
    ethernet eth3 {
        duplex auto
        speed auto
    }
    ethernet eth4 {
        duplex auto
        speed auto
    }
    loopback lo {
    }
    switch switch0 {
        address 192.168.1.1/24
        description Local
        firewall {
            in {
                modify balance
            }
        }
        switch-port {
            interface eth2 {
            }
            interface eth3 {
            }
            interface eth4 {
            }
        }
    }
}
load-balance {
    group G {
        interface eth0 {
        }
        interface pppoe1 {
        }
    }
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LAN {
            authoritative enable
            subnet 192.168.1.0/24 {
                default-router 192.168.1.1
                dns-server 192.168.1.1
                dns-server 1.1.1.1
                domain-name local.lan
                lease 86400
                start 192.168.1.38 {
                    stop 192.168.1.180
                }
            }
        }
    }
    dns {
        dynamic {
            interface eth0 {
                service dyndns {
                    host-name home.example.org
                    login example.org-home
                    password ****************
                    server www.example.org
                }
            }
            interface pppoe1 {
                service dyndns {
                    host-name dslhome.example.org
                    login example.org-dsl
                    password ****************
                    server example.org
                }
            }
        }
        forwarding {
            cache-size 150
            listen-on switch0
            options listen-address=192.168.1.1
        }
    }
    gui {
        https-port 443
    }
    nat {
        rule 5000 {
            description "masquerade for WAN"
            outbound-interface eth0
            type masquerade
        }
        rule 5002 {
            description "masquerade for WAN 2"
            outbound-interface pppoe1
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
    unms {
        disable
    }
}
system {
    conntrack {
        expect-table-size 4096
        hash-size 4096
        table-size 32768
        tcp {
            half-open-connections 512
            loose enable
            max-retrans 3
        }
    }
    domain-name local.lan
    host-name edge
    login {
        user admin {
            authentication {
                encrypted-password ****************
            }
            level admin
        }
    }
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone Europe/Brussels
}
vpn {
    ipsec {
        ipsec-interfaces {
            interface pppoe1
        }
    }
    l2tp {
        remote-access {
            authentication {
                local-users {
                    username exampleuser {
                        password ****************
                    }
                }
                mode local
            }
            client-ip-pool {
                start 192.168.1.190
                stop 192.168.1.199
            }
            dns-servers {
                server-1 192.168.1.1
                server-2 1.1.1.1
            }
            ipsec-settings {
                authentication {
                    mode pre-shared-secret
                    pre-shared-secret ****************
                }
            }
            mtu 1392
            outside-address 0.0.0.0
        }
    }
}

After the initial wizard setup for a loadbalanced system I added the dyndns hostnames.

Then I added these settings for the eth0 VPN setup:

set firewall name WAN_LOCAL rule 30 action accept
set firewall name WAN_LOCAL rule 30 description ike
set firewall name WAN_LOCAL rule 30 destination port 500
set firewall name WAN_LOCAL rule 30 log disable
set firewall name WAN_LOCAL rule 30 protocol udp

set firewall name WAN_LOCAL rule 40 action accept
set firewall name WAN_LOCAL rule 40 description esp
set firewall name WAN_LOCAL rule 40 log disable
set firewall name WAN_LOCAL rule 40 protocol esp

set firewall name WAN_LOCAL rule 50 action accept
set firewall name WAN_LOCAL rule 50 description nat-t
set firewall name WAN_LOCAL rule 50 destination port 4500
set firewall name WAN_LOCAL rule 50 log disable
set firewall name WAN_LOCAL rule 50 protocol udp

set firewall name WAN_LOCAL rule 60 action accept
set firewall name WAN_LOCAL rule 60 description l2tp
set firewall name WAN_LOCAL rule 60 destination port 1701
set firewall name WAN_LOCAL rule 60 ipsec match-ipsec
set firewall name WAN_LOCAL rule 60 log disable
set firewall name WAN_LOCAL rule 60 protocol udp

set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret examplepassphrase

set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username exampleuser password examplepassword

set vpn l2tp remote-access client-ip-pool start 192.168.1.190
set vpn l2tp remote-access client-ip-pool stop 192.168.1.199

set vpn l2tp remote-access dns-servers server-1 192.168.1.1
set vpn l2tp remote-access dns-servers server-2 1.1.1.1

set vpn l2tp remote-access dhcp-interface eth0
set vpn ipsec ipsec-interfaces interface eth0

set vpn l2tp remote-access mtu 1392

This configuration seems to be working when connecting through the eth0 WAN ip

However after deleting the vpn settings (delete vpn l2tp ; delete vpn ipsec)

and the configuration setup for the pppoe1 usage, the VPN connection doesn't establish through the pppoe interface, but it still works through the eth0 interface.

set firewall name WAN_LOCAL rule 30 action accept
set firewall name WAN_LOCAL rule 30 description ike
set firewall name WAN_LOCAL rule 30 destination port 500
set firewall name WAN_LOCAL rule 30 log disable
set firewall name WAN_LOCAL rule 30 protocol udp

set firewall name WAN_LOCAL rule 40 action accept
set firewall name WAN_LOCAL rule 40 description esp
set firewall name WAN_LOCAL rule 40 log disable
set firewall name WAN_LOCAL rule 40 protocol esp

set firewall name WAN_LOCAL rule 50 action accept
set firewall name WAN_LOCAL rule 50 description nat-t
set firewall name WAN_LOCAL rule 50 destination port 4500
set firewall name WAN_LOCAL rule 50 log disable
set firewall name WAN_LOCAL rule 50 protocol udp

set firewall name WAN_LOCAL rule 60 action accept
set firewall name WAN_LOCAL rule 60 description l2tp
set firewall name WAN_LOCAL rule 60 destination port 1701
set firewall name WAN_LOCAL rule 60 ipsec match-ipsec
set firewall name WAN_LOCAL rule 60 log disable
set firewall name WAN_LOCAL rule 60 protocol udp

set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret examplepassphrase

set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username exampleuser password examplepassword

set vpn l2tp remote-access client-ip-pool start 192.168.1.190
set vpn l2tp remote-access client-ip-pool stop 192.168.1.199

set vpn l2tp remote-access dns-servers server-1 192.168.1.1
set vpn l2tp remote-access dns-servers server-2 1.1.1.1

set vpn l2tp remote-access outside-address 0.0.0.0
set vpn ipsec ipsec-interfaces interface pppoe1
set vpn l2tp remote-access mtu 1392

The logging from sudo swanctl --log is:

11[NET] received packet: from 109.140.80.145[10415] to 77.109.124.40[500] (788 bytes)
11[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V ]
11[IKE] received NAT-T (RFC 3947) vendor ID
11[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
11[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
11[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
11[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
11[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
11[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
11[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
11[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
11[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
11[IKE] received FRAGMENTATION vendor ID
11[IKE] received DPD vendor ID
11[IKE] 109.140.80.145 is initiating a Main Mode IKE_SA
11[ENC] generating ID_PROT response 0 [ SA V V V ]
11[NET] sending packet: from 77.109.124.40[500] to 109.140.80.145[10415] (136 bytes)
06[NET] received packet: from 109.140.80.145[10415] to 77.109.124.40[500] (380 bytes)
06[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
06[IKE] remote host is behind NAT
06[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
06[NET] sending packet: from 77.109.124.40[500] to 109.140.80.145[10415] (396 bytes)
11[NET] received packet: from 109.140.80.145[10416] to 77.109.124.40[4500] (108 bytes)
11[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
11[CFG] looking for pre-shared key peer configs matching 77.109.124.40...109.140.80.145[100.124.103.111]
11[CFG] selected peer config "remote-access"
11[IKE] IKE_SA remote-access[5] established between 77.109.124.40[78.23.248.159]...109.140.80.145[100.124.103.111]
11[ENC] generating ID_PROT response 0 [ ID HASH ]
11[NET] sending packet: from 77.109.124.40[4500] to 109.140.80.145[10416] (92 bytes)
12[NET] received packet: from 109.140.80.145[10416] to 77.109.124.40[4500] (332 bytes)
12[ENC] parsed QUICK_MODE request 2319968120 [ HASH SA No ID ID NAT-OA NAT-OA ]
12[IKE] received 3600s lifetime, configured 0s
12[ENC] generating QUICK_MODE response 2319968120 [ HASH SA No ID ID NAT-OA NAT-OA ]
12[NET] sending packet: from 77.109.124.40[4500] to 109.140.80.145[10416] (204 bytes)
14[NET] received packet: from 109.140.80.145[10416] to 77.109.124.40[4500] (76 bytes)
14[ENC] parsed QUICK_MODE request 2319968120 [ HASH ]
14[IKE] CHILD_SA remote-access{5} established with SPIs cf06366d_i 01d345cf_o and TS 77.109.124.40/32[udp/l2f] === 109.140.80.145/32[udp/59859]
.... waits ... 

14[NET] received packet: from 109.140.80.145[10416] to 77.109.124.40[4500] (92 bytes)
14[ENC] parsed INFORMATIONAL_V1 request 5356482 [ HASH D ]
14[IKE] received DELETE for ESP CHILD_SA with SPI 01d345cf
14[IKE] closing CHILD_SA remote-access{5} with SPIs cf06366d_i (704 bytes) 01d345cf_o (245 bytes) and TS 77.109.124.40/32[udp/l2f] === 109.140.80.145/32[udp/59859]
12[NET] received packet: from 109.140.80.145[10416] to 77.109.124.40[4500] (108 bytes)
12[ENC] parsed INFORMATIONAL_V1 request 1999475317 [ HASH D ]
12[IKE] received DELETE for IKE_SA remote-access[5]
12[IKE] deleting IKE_SA remote-access[5] between 77.109.124.40[78.23.248.159]...109.140.80.145[100.124.103.111]
09[KNL] interface ppp1 deleted

I setup my EdgeRouter using a dynamic address and DHCP from my ISP and now my ISP gave me a static address - where in the EdgeRouter do I type in the new static address, mask, dns and stuff?  Am I missing something? 

I have an EdgerRouter 4, EdgeSwitch 8 and an AP HD.  The network is setup with multiple VLANs and all seem to be working fine.  Recently I added SFP modules to the Switch and Router and connected them via fiber instead of copper.  No issues there, everything seems to be working as before, with the exception of the Dashboard graph that shows the Tx/Rx throughput.

The graph is showing most of the traffic between the router and switch on eth3 instead of on the actual VLAN (example - eth3.10) that it's coming from.  I can run a speed test using a device on VLAN 10 and eth3.10 Tx will show only 70 or so Kbps, while eth3 shows 800Mbps.  I don't believe it to be a VLAN issue, as each device receives a correct VLAN associated IP address from the DHCP server.

Is anybody else experiencing this issue?  I did not observer this behavior prior to using SFP.  Firmware is v1.10.5.

Thanks!

I just setup my UBNT ER-X along with a AP-Lite.

The AP is pretty much stock apart from basic SSID configuration.

I'm using 5G and when transferring data from my PC to my NAS I get to no more than 10MBps. During this time the latency to the AP goes to 200-400ms. I ran the RF-Scan and chose the channels with the least interference (it looks good, no problem there).

What could be the cause of that? Driving me nuts.

edit1 - I am not using DFS channels.

edit2 - 2.4G 20hz, medium power. 5G 40hz high power.

edit3 - link is idle and I'm pinging the AP at a steady 1ms. Controller insists that the AP is either Disconnected or Missing heartbeats on the controller.

edit4 - windows adapter shows link hovering between 57.8Mbps and 72Mbps. I think that's the root cause. Why is it not much more than that?

edit5 - forcing the adapter to use IEEE 802.11ac (instead of auto) made it go to 120Mbps. Still not enough considering it should go much higher.

edit6 - one step closer. On the EdgeRouter eth4 is set to auto but the dropdown only goes up to 100/full. what gives?

edit7 - running iperf from my cellphone connected to 5G to my PC. link status : Phone 240mbps and PC 150mbps.

edit8 - UBNT controller says Uplink(wired) on the AP is 1000mbps full duplex.

I'm really trying to get some type of VPN going for a roadwarrior on a ERP-8. Either with this or OpenVPN, but this seems more simple. Either way, I'm running into issues, in this specific case, when attempting to connect to the L2TP connection on my windows laptop, it just hangs until it fails, any assistance is appreciated, a copy of the config is below

I am running an Edge Max Router.  Is there a way to discover all the clients that are on the network, through the GUI?  I can not remember the IP address to a particular switch, and I am about to have to reset it if I can not login to it.  Can someone help me out here?  Thanks so much!

I can't seem to access the internet after adding a VLAN.

Main - 192.168.1.1/24

IoT - 192.168.100.1/24

I can ping 192.168.100.1 but not 192.168.1.1 and I can't ping any outside IP.

Any thoughts would be appreciated.

Config is attached.

ETA: I noticed I left 8.8.8.8 in on my IoT DHCP server settings while trying to fix it so I changed it back to 192.168.100.1 and that doesn't change anything.

Edgerouter X-SFP: 1.10.5

Status of IKE charon daemon (strongSwan 5.2.2, Linux 3.10.107-UBNT, mips):      
  uptime: 102 seconds, since Jul 14 22:14:10 2018                               
  malloc: sbrk 413696, mmap 0, used 278064, free 135632                         
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled:
 0                                                                              
  loaded plugins: charon ldap sqlite pkcs11 aes des sha1 sha2 md5 random nonce x
509 revocation pubkey pkcs1 pkcs8 pem openssl agent xcbc cmac ctr ccm gcm curl a
ttr kernel-netlink resolve socket-default stroke vici updown eap-identity eap-md
5 eap-mschapv2 eap-radius eap-tls xauth-generic xauth-eap addrblock             
Listening IP addresses:                                                         
  192.168.1.1                                                                   
  xxx.xxx.xxx.xxx                                                                
Connections:                                                                    
     NordVPN:  %any...us793.nordvpn.com  IKEv2, dpddelay=300s                   
     NordVPN:   local:  uses EAP_MSCHAPV2 authentication with EAP identity 'mycredentials'                                                                
     NordVPN:   remote: uses public key authentication                          
     NordVPN:   child:  dynamic === 0.0.0.0/0 TUNNEL, dpdaction=clear           
Security Associations (0 up, 0 connecting):                                     
  none

initiating IKE_SA NordVPN[2] to 209.58.153.143
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from xxx.xxx.xxx.xxx[500] to 209.58.153.143[500] (1420 bytes)
received packet: from 209.58.153.143[500] to xxx.xxx.xxx.xxx[500] (440 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) 
]
sending cert request for "C=PA, O=NordVPN, CN=NordVPN Root CA"
no IDi configured, fall back on IP address
establishing CHILD_SA NordVPN
generating IKE_AUTH request 1 [ IDi CERTREQ CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_S
UP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
sending packet: from xxx.xxx.xxx.xxx[4500] to 209.58.153.143[4500] (380 bytes)
received packet: from 209.58.153.143[4500] to xxx.xxx.xxx.xxx[4500] (2748 bytes)
parsed IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID ]
received end entity cert "CN=us793.nordvpn.com"
received issuer cert "C=PA, O=NordVPN, CN=NordVPN CA2"
  using certificate "CN=us793.nordvpn.com"
  using untrusted intermediate certificate "C=PA, O=NordVPN, CN=NordVPN CA2"
checking certificate status of "CN=us793.nordvpn.com"
certificate status is not available
  using trusted ca certificate "C=PA, O=NordVPN, CN=NordVPN Root CA"
checking certificate status of "C=PA, O=NordVPN, CN=NordVPN CA2"
certificate status is not available
  reached self-signed root ca with a path length of 1
authentication of 'us793.nordvpn.com' with RSA signature successful
server requested EAP_IDENTITY (id 0x00), sending 'mycredentials'          
generating IKE_AUTH request 2 [ EAP/RES/ID ]                                    
sending packet: from xxx.xxx.xxx.xxx[4500] to 209.58.153.143[4500] (92 bytes)    
received packet: from 209.58.153.143[4500] to xxx.xxx.xxx.xxx[4500] (76 bytes)   
parsed IKE_AUTH response 2 [ EAP/REQ/PEAP ]                                     
server requested EAP_PEAP authentication (id 0x01)                              
requesting EAP_MSCHAPV2 authentication, sending EAP_NAK                         
generating IKE_AUTH request 3 [ EAP/RES/NAK ]                                   
sending packet: from xxx.xxx.xxx.xxx[4500] to 209.58.153.143[4500] (76 bytes)    
received packet: from 209.58.153.143[4500] to xxx.xxx.xxx.xxx[4500] (108 bytes)  
parsed IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]                                 
server requested EAP_MSCHAPV2 authentication (id 0x02)                          
no EAP key found for hosts 'us793.nordvpn.com' - 'mycredentials'          
EAP_MSCHAPV2 method failed                                                      
generating INFORMATIONAL request 4 [ N(AUTH_FAILED) ]                           
sending packet: from xxx.xxx.xxx.xxx[4500] to 209.58.153.143[4500] (76 bytes)    
establishing connection 'NordVPN' failed

The NordVPN certificate (root.der) is located in /etc/ipsec.d/cacerts. My username and password are in /etc/ipsec.secrets file and the configuration file is /etc/ipsec.conf.

conn NordVPN
  leftupdown=/etc/ipsec.d/nordvpnup.sh
  keyexchange=ikev2
  dpdaction=clear
  dpddelay=300s
  eap_identity=mycredentials
  leftauth=eap-mschapv2
  left=%defaultroute
  leftsourceip=%config
  right=us793.nordvpn.com
  rightauth=pubkey
  rightsubnet=0.0.0.0/0
  rightid=%any
  type=tunnel
  auto=add

I've copied the cert to multiple directories without resolving the authentication problem. I simply cannot get this to complete the authentication process...

Any suggestions are greatly appreciated!

Hi,

i‘ve got a problem with my upload speed if hwnat is enabled.

edgerouter x and unifi ac lr are powered by poe injector eth 0 in and eth 4 out.

I am using the 24V-12W-G poe injector.

My edgerouter x has the latest bootloader and firmware.

Instead of 95mbit, i receive a speed between

70-80mbit.

If hwnat is disabled, i receive normal speed.

Please help

hello I have an edgerouter lite V 1.10.5, I HAVE A DEDICATED LINK OF 300/300 ai enters the edgerouter and the link is no more than 160 mpbs at 190mbps
offloads enabled
vlan v4 and v6 enabled
netflow disabled
eth0 dhcp internet 192.168.0.100/24
eth1 local network 10.0.0.1/22
eth2 local network 172.16.0.1/22

Server dell with UCRM + UNMS

WIZARDS WAN + 2LAN CONFIGURATION

the ucrm configuration made by the forum everything correct

Help, please, I do not know what to do anymore.

I'm getting this error all of a sudden. How should I go about restoring access to the GUI?

"Render error: TypeError: this.model is undefined"

I have followed the article here:

https://help.ubnt.com/hc/en-us/articles/204976324-EdgeMAX-Custom-Dynamic-DNS-with-Cloudflare

however all my host and reporting no connect, last update 1970

the log shows:

ubnt ddclient[7572]: WARNING: last updated <never> but last attempt on Sun Jul 15 16:02:06 2018 failed. Jul 15 16:03:07

ubnt ddclient[7572]: WARNING: skipping update of my.domain.com from <nothing> to x.x.x.x.

my config looks like:

 dns {
        dynamic {
            interface eth0 {
                service custom-cloudflare {
                    host-name 1.mydomain.com
                    host-name 2.mydomain.com
                    host-name 3.mydomain.com
                    host-name 4.mydomain.com
                    login me@somewhere.com
                    options zone=mydomain.com
                    password ****************
                    protocol cloudflare
                }
            }
        }

Names obfuscated..

I have a deployment with 4 sites at current. The config below is between one of our remote sites (USG) and our datacenter (ERX):

{
        "interfaces": {
                "openvpn": {
                        "vtun0": {
                                "local-address": {
                                        "10.99.99.25": "''"
                                },
                                "local-port": "1197",
                                "mode": "site-to-site",
                                "openvpn-option": [
                                        "--comp-lzo",
                                        "--float",
                                        "--ping 10",
                                        "--ping-restart 20",
                                        "--ping-timer-rem",
                                        "--persist-tun",
                                        "--persist-key",
                                        "--user nobody",
                                        "--group nogroup"
                                ],
                                "remote-address": "10.99.99.24",
                                "remote-host": [
                                        "tpa-fl.itseijin.org"
                                ],
                                "remote-port": "1197",
                                "shared-secret-key-file": "/config/auth/secret"
                        }
                }
        },
        "protocols": {
                "static": {
                        "interface-route": {
                                "10.20.94.0/24": {
                                        "next-hop-interface": {
                                                "vtun0": "''"
                                        }
                                },
                                "10.22.97.0/24": {
                                        "next-hop-interface": {
                                                "vtun0": "''"
                                        }
                                },
                                "10.23.98.0/24": {
                                        "next-hop-interface": {
                                                "vtun0": "''"
                                        }
                                }
                        },
                        "route": {
                                "0.0.0.0/0": {
                                        "next-hop": {
                                                "192.168.88.1": {
                                                        "distance": "1"
                                                }
                                        }
                                }
                        }
                }
        }
}

Site A: 10.20.95.0/24 [ HUB ]
Site B: 10.21.96.0/24
Site C: 10.22.97.0/24
Site D: 10.23.98.0/24

All sites are supposed to be able communicate with each other via the hub. I believe this is possible via the use of static routes but I think I am doing it wrong. Any pointers would be greatly appreciated.

I have a isolated guest network, i isolated WLAN on the APs and the VLAN on the edge router.

Have a few IoT devices on the guest network and when running USurvey (connect to guest network)  those devices do not show except one. I had been running DDWRT before getting an EdgeRouter and this same IoT device was visible on that isolated network as well.

I don't believe it's an issue with my config more like the device somehow showing up on network scans.

Any input on how to figure out why its showing during a network scan?

First off: I'm not the brightest networking bulb in the chandelier. Competent to a point, just not super-competent.

I have an ER5 POE at my house which is fed a static IP from an ER3 at the far end of a string of radios (all Ubiquiti of course). The internal addy of the ER3 is 192.168.77.1 and, if the ER5 fails to reach it, I want it to fail over to eth0 which is a second set of radios from a local (slow) WISP. But it's connectivity.

I've set up a simple failover....which fails. What I'd like is to know how to get it to work and then fall back once regular connectivity is recovered. I can (maybe) do this with the CLI if I get good instructions or via the ConfigTree which makes some sort of sense to me. Clearly I'm missing a few parts...can anyone assist?

show load-balance
 group INTERNET_FAILOVER {
     interface eth0 {
         failover-only
     }
     interface switch0 {
         route-test {
             count {
                 failure 5
                 success 5
             }
             initial-delay 60
             interval 10
             type {
                 ping {
                     target 192.168.77.1
                 }
             }
         }
     }
     lb-local enable
     lb-local-metric-change disable
 }

I've been looking to upgrade my home network, and I'm new to Ubiquiti products, but after doing some reseach and hearing how awesome their products are, I think I'm going to use them for my upgrade.

From what I gathered so far, I'm looking to pull the trigger on an EdgeRouter 4, EdgeSwitch 16, and UniFi AP Pro. My bandwidth speeds are 1Gb/1Gb (940/880) from Verizon FiOS which is why I'm not going with the ER-X (didn't want to turn do the hardware offloading stuff).

My question -- is the hardware I'm buying needed or a bit overkill?

Here's my current setup:

Typical consumer ASUS router

10+ wireless devices

Pi Hole

NVIDIA Shield TV

Two servers with dual NICs (right now, only one in use for each)

- One acting as a media and backup server.

- The second used as a research lab running ESXi with several virtual switches to separate networks within ESXi. One of the VMs is Sophos UTM and acts a software based gateway, firewall, and IPS between the networks.

My proposed new setup will be to take the ASUS router out the loop, connect from ISP to eth0 on EdgeRouter 4; then eth1 to port 1 on EdgeSwitch, UniFi AP on another port on the EdgeSwitch. UniFi AP will be setup for internal access, but a guest network will also be created in it's own VLAN for separation.

Existing hardwired devices will plug into the EdgeSwitch, and I do plan on creating a different group/VLAN for the other second NIC for both servers (just unsure at the moment).

Going back to my question, is the hardware I'm buying necessary? Or is what I'm buying overkill and can this be done with other hardware and/or less hardware?

I need an SFP+ 2 gbps NAT to the internet, which looks like only the EdgeRouter Infinity (ER-8-XG) can provide. Very surprising, but fine.

But then I also have:

a) A 2 gb constant local network data stream over SFP+. Large packets (so maybe 2 to 4 mpps).

b) A processor for the data from (a) - also connected via SFP+.

c) Additional SFP+ connected computers on the network that want 2 gbps access to mostly the internet, but sometimes also interact with (a) & (b) above.

I can hook these up together with just an EdgeSwitch 16 XG. However, this doesn't give me access to the Internet (nor DHCP services etc.).

On the other hand, the EdgeRouter Infinity already has 8x SFP+ ports. Can I just use it to do handle the work of my NAT as well as "switching" my local network traffic? Running it as an actual router between (a) and (b) is fine - don't need to bridge.

My concern is that the EdgeRouter is rated at 18mpps, and the EdgeSwitch at 238mpps - which is vastly different (for obvious reasons). The math still seems to check out but it's getting up there. Am I going to be happy with just an EdgeRouter or do I need an EdgeSwitch in addition?

Looking to hire a ninja to write a working config for the following.

2 wan, 1lan with failover

OpenVPN outbound for certain lan ips.

1:1 Nat with static ip for certain lan ips.

Inbox me if you can write such a config and wanna get paid.

I've been working on getting a VPN working for a roadwarrior for the passed few days with no real success. Today I'm pretty close to getting an openvpn server config running and just need a little nuidge of guidance. 

I'm routing the second instance to port 1195 and it's getting something, but on the client machines, I'm getting this

Sun Jul 15 22:04:14 2018 OpenVPN 2.3.18 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Oct 26 2017
Sun Jul 15 22:04:14 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Jul 15 22:04:14 2018 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Sun Jul 15 22:04:14 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Jul 15 22:04:14 2018 Need hold release from management interface, waiting...
Sun Jul 15 22:04:14 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Jul 15 22:04:15 2018 MANAGEMENT: CMD 'state on'
Sun Jul 15 22:04:15 2018 MANAGEMENT: CMD 'log all on'
Sun Jul 15 22:04:15 2018 MANAGEMENT: CMD 'hold off'
Sun Jul 15 22:04:15 2018 MANAGEMENT: CMD 'hold release'
Sun Jul 15 22:04:15 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Jul 15 22:04:15 2018 UDPv4 link local: [undef]
Sun Jul 15 22:04:15 2018 UDPv4 link remote: [AF_INET]199.76.14.229:1195
Sun Jul 15 22:04:15 2018 MANAGEMENT: >STATE:1531706655,WAIT,,,
Sun Jul 15 22:05:15 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Jul 15 22:05:15 2018 TLS Error: TLS handshake failed
Sun Jul 15 22:05:15 2018 SIGUSR1[soft,tls-error] received, process restarting
Sun Jul 15 22:05:15 2018 MANAGEMENT: >STATE:1531706715,RECONNECTING,tls-error,,
Sun Jul 15 22:05:15 2018 Restart pause, 2 second(s)
Sun Jul 15 22:05:17 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Jul 15 22:05:17 2018 UDPv4 link local: [undef]
Sun Jul 15 22:05:17 2018 UDPv4 link remote: [AF_INET]199.76.14.229:1195
Sun Jul 15 22:05:17 2018 MANAGEMENT: >STATE:1531706717,WAIT,,,
Sun Jul 15 22:06:17 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Jul 15 22:06:17 2018 TLS Error: TLS handshake failed
Sun Jul 15 22:06:17 2018 SIGUSR1[soft,tls-error] received, process restarting
Sun Jul 15 22:06:17 2018 MANAGEMENT: >STATE:1531706777,RECONNECTING,tls-error,,
Sun Jul 15 22:06:17 2018 Restart pause, 2 second(s)
Sun Jul 15 22:06:19 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Jul 15 22:06:19 2018 UDPv4 link local: [undef]
Sun Jul 15 22:06:19 2018 UDPv4 link remote: [AF_INET]199.76.14.229:1195
Sun Jul 15 22:06:19 2018 MANAGEMENT: >STATE:1531706779,WAIT,,,

TLS handshake is failing, but I'm not sure why. Maybe I have some bad firewall rules?