What does the below error log message mean and is it cause for concern?

router pidof[18188]: can't get program name from /proc/18187/stat

EdgeRouter X, new as of Jan 2019, so maybe not so new now.  Running 1.10.9.  PPPoE DSL connection and a simple home network with one VLAN.  I have one static public IP address.  My LAN network uses a private network range.  I run the L2TP VPN server built into the EdgeRouter X with a 32 character prefix and 18 character user password.  I just saw this in my log today.  Up-time a little over 2 months, 3 weeks.  Research seems to indicate nothing.  Hardly any Google results.  My best guess based on Google is that it's harmless.  On the other hand, someone was concerned about hardware failure.

Appreciate any knowledge on this.

Thanks, Spiderj.

Here's the full log.

May 29 01:07:19	router kernel: ESW: Link Status Changed - Port2 Link UP
May 29 01:06:54	router kernel: ESW: Link Status Changed - Port2 Link Down
May 29 00:58:59	router kernel: ESW: Link Status Changed - Port2 Link UP
May 29 00:58:31	router kernel: ESW: Link Status Changed - Port2 Link Down
May 25 23:09:18	router pidof[18188]: can't get program name from /proc/18187/stat
May 24 13:32:47	router pppd[9356]: Modem hangup
May 24 13:32:47	router pppd[9356]: Connection terminated: no multilink.
May 24 13:32:44	router pppd[9356]: Overriding mru 1500 to mtu value 1460
May 24 13:32:44	router pppd[9356]: Overriding mtu 1500 to 1460
May 24 11:14:15	router pppd[9356]: remote IP address PRIVATE IP ADDRESS

Hi all, I'm posting this in a state of desperation. Maybe I just need another set of eyes, I don't know.

I was having problems getting a DHCP address or pinging the gateway (using a static address) on the eth2 port of my EdgeRouter Lite v3. I thought maybe it could be my firewall rules, so I saved my configuration and reverted to factory defaults. I set up VIF 10 on eth2 and gave it a static address...

interfaces {
 [...]
 ethernet eth2 {
  vif 10 {
   address 10.20.10.33/27
   mtu 1500
  }
 }

 [...]
}

Then I set up a DHCP pool for the 10.20.10.32/27 subnet...

service {
 dhcp-server {
  shared-network-name management {
   subnet 10.20.10.32/27 {
    default-router 10.20.10.33
    start 10.20.10.35 {
     stop 10.20.10.39
    }
   }
  }
}

From here, I should be able to plug in to eth2 and successfully get an IP address 10.20.10.35. But I can't. Again, if I set a static address on the subnet for my machine, I can't ping the gateway either. Did my port just go dead??

By the way, running EdgeOS 2.0.1

task-reboot-crontab-spec 14 * * *            (try to reboot on 2pm)

executable-path /sbin/reboot

I did few try, but it don't work...

can anyone tell me?

Hello. i am testing out an EdgeRouter Lite. I have it connected via IPSec to a Cisco ASA 5506 using IKEv2 certificate authentication. The tunnel comes up fine, but I am noticing that the ER's CPU is getting pegged whenever I am transferring a lot of traffic over the VPN (from one host behind the ERL to one host behind the ASA, or vice versa). I was under the impression that this device has a hardware "offload" unit that would prevent IPSec from hitting the CPU? When I run "show ubnt offload" from the CLI, it says that the IPSec offload module is "loaded", and I have made sure to use the supported ciphers listed here: https://help.ubnt.com/hc/en-us/articles/115006567467-EdgeRouter-Hardware-Offloading

I am using AES256-SHA1-DHGroup5 for both phase 1 and phase 2. EDIT: I am also running the latest firmware, version 2.0.1)

So what's going on? Does the offload module not support IKEv2? or something?

Config:

 firewall {
     all-ping enable
     broadcast-ping disable
     ipv6-name wan-in6 {
         default-action drop
         rule 1 {
             action accept
             state {
                 established enable
                 related enable
             }
         }
         rule 2 {
             action accept
             protocol icmpv6
         }
     }
     ipv6-name wan-local6 {
         default-action drop
         rule 1 {
             action accept
             state {
                 established enable
                 related enable
             }
         }
         rule 2 {
             action accept
             protocol icmpv6
         }
         rule 3 {
             action accept
             destination {
                 port 546
             }
             protocol udp
             source {
                 port 547
             }
         }
     }
     ipv6-receive-redirects disable
     ipv6-src-route disable
     ip-src-route disable
     log-martians enable
     name wan-in {
         default-action drop
         rule 1 {
             action accept
             state {
                 established enable
                 related enable
             }
         }
     }
     name wan-local {
         default-action drop
         rule 1 {
             action accept
             state {
                 established enable
                 related enable
             }
         }
         rule 2 {
             action accept
             icmp {
                 type-name echo-request
             }
             protocol icmp
         }
         rule 3 {
             action accept
             ipsec {
                 match-ipsec
             }
         }
     }
     receive-redirects disable
     send-redirects enable
     source-validation disable
     syn-cookies enable
 }
 interfaces {
     ethernet eth0 {
         address <EDGEROUTER_WAN_IP>/29
         dhcpv6-pd {
             pd 0 {
                 interface eth1 {
                     host-address ::1
                     prefix-id :0
                     service slaac
                 }
                 prefix-length /59
             }
             rapid-commit enable
         }
         duplex auto
         firewall {
             in {
                 ipv6-name wan-in6
                 name wan-in
             }
             local {
                 ipv6-name wan-local6
                 name wan-local
             }
         }
         speed auto
     }
     ethernet eth1 {
         address 192.168.211.1/28
         duplex auto
         speed auto
     }
     ethernet eth2 {
         duplex auto
         speed auto
     }
     loopback lo {
     }
 }
 protocols {
     static {
         route 0.0.0.0/0 {
             next-hop <DEFAULT_GATEWAY> {
             }
         }
     }
 }
 service {
     dhcp-server {
         disabled false
         hostfile-update disable
         shared-network-name LAN {
             authoritative enable
             subnet 192.168.211.0/28 {
                 default-router 192.168.211.1
                 dns-server 75.75.75.75
                 lease 1200
                 start 192.168.211.3 {
                     stop 192.168.211.15
                 }
             }
         }
         static-arp disable
         use-dnsmasq disable
     }
     gui {
         http-port 80
         https-port 443
         older-ciphers enable
     }
     nat {
         rule 5010 {
             outbound-interface eth0
             source {
                 address 192.168.211.0/28
             }
             type masquerade
         }
     }
     ssh {
         listen-address 0.0.0.0
         port 22
         protocol-version v2
     }
     ubnt-discover {
         disable
     }
 }
 system {
     host-name ERL
     login {<LOGIN_INFORMATION>
         }
     }
     name-server 75.75.76.76
     ntp {
         server 0.ubnt.pool.ntp.org {
         }
         server 1.ubnt.pool.ntp.org {
         }
         server 2.ubnt.pool.ntp.org {
         }
         server 3.ubnt.pool.ntp.org {
         }
     }
     offload {
         hwnat disable
         ipsec enable
     }
     syslog {
         global {
             facility all {
                 level notice
             }
             facility protocols {
                 level debug
             }
         }
     }
     time-zone US/Central
 }
 vpn {
     ipsec {
         allow-access-to-local-interface disable
         auto-firewall-nat-exclude enable
         esp-group aes256-sha1 {
             compression disable
             lifetime 3600
             mode tunnel
             pfs enable
             proposal 1 {
                 encryption aes256
                 hash sha1
             }
         }
         ike-group aes256-sha1 {
             ikev2-reauth no
             key-exchange ikev2
             lifetime 28800
             proposal 1 {
                 dh-group 5
                 encryption aes256
                 hash sha1
             }
         }
         site-to-site {
             peer <CISCO_ASA_WAN_IP> {
                 authentication {
                     mode x509
                     remote-id <REMOTE_CERT_DN>
                     x509 {
                         ca-cert-file /config/auth/cacert.pem
                         cert-file /config/auth/ERL.crt
                         key {
                             file /config/auth/ERL.key
                         }
                     }
                 }
                 connection-type initiate
                 default-esp-group aes256-sha1
                 ike-group aes256-sha1
                 ikev2-reauth inherit
                 local-address <EDGEROUTER_WAN_IP>
                 tunnel 1 {
                     allow-nat-networks disable
                     allow-public-networks disable
                     local {
                         prefix 192.168.211.0/28
                     }
                     remote {
                         prefix 192.168.222.0/27
                     }
                 }
             }
         }
     }
 }

I am using an ERLite as our network router.

Our ISP supports IPv6 and I managed to configure the ERlite so that it distributes IPv6 addresses to our clients.

Our clients mainly consist of Android, Windows 10 with a few Apple devices.

I used Radvd with the RDNSS option to advertise the CloudFlare IPv6 DNS servers.

This is the Radvd config I used:

ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag false
max-interval 600
other-config-flag false
prefix ::/64 {
autonomous-flag true
on-link-flag true
valid-lifetime 2592000
}
radvd-options "RDNSS 2606:4700:4700::1111 2606:4700:4700::1001 {};"
reachable-time 0
retrans-timer 0
send-advert true
}
}

Everyting works fine on Android and Apple devices, but not a 100% on Windows 10.

Windows 10 now supports RDNSS but it seems to prefer the IPv4 DNS servers it receives through DHCPv4 over the IPv6 DNS servers through RDNSS.

I think this can be solved by adding a stateless DHCPv6 server.

Basically I am looking for a simple SLAAC/DHCPv6 config.

Does anybody know how to configure this on the Edgerouter without resorting to DNSmasq?

Hi,

I have the tunnel up with policy based IPSEC with the following being true:

SRX:
From the SRX I can NOT ping the Edgemax local IP or any machines behind it. 
From a machine behind the SRX I can ping the Edgemax local interface nothing behind the Edgemax.

vpn srx-local {
            bind-interface st0.2;
            ike {
                gateway srx_uk;
                ipsec-policy srx_uk;
            }
            traffic-selector inside {
                local-ip 192.168.3.0/24;
                remote-ip 172.28.80.0/22;
            }
        }

Edgemax:
From the Edgemax I can ping the SRX local IP and all machines behind it.
From a machine behind the Edgemax I can NOT ping the SRX local IP or any machines behind it

show vpn
 ipsec {
     auto-firewall-nat-exclude enable
     esp-group FOO0 {
         proposal 1 {
             encryption aes256
             hash sha1
         }
     }
     ike-group FOO0 {
         proposal 1 {
             dh-group 14
             encryption aes256
             hash sha1
         }
     }
     site-to-site {
         peer 227.115.18.2 {
             authentication {
                 mode pre-shared-secret
                 pre-shared-secret mykeyhere
             }
             connection-type initiate
             ike-group FOO0
             local-address 218.10.42.42
             tunnel 1 {
                 esp-group FOO0
                 local {
                     prefix 172.28.80.0/22
                 }
                 remote {
                     prefix 192.168.3.0/24
                 }
             }
         }
     }
 }

How can I overcome my issues, do I need a static route?

Hi

I have an ER12 running

All of the sudden, at least every other week, the router loses internet connection, I have been restarting it every time it happens for months (I had an ER3 and then an ER4 and they both did the same at some point).

Recently I noticed that the internet uplink was fine as I have devices directly connected to the internet and not passing through the ER, so they never lose connectivity.. So I figured I'd jump in while the internet was out via another device that had direct wan connectivity (because the fun part is that it always happens when I'm NOT home) and noticed that the ER2 had lost its default gw route, netstat -rn would show no default route...so I went ahead and did:

route add default gw IP-OF-ISP-GW

And internet from the ER12 came back up, so I'm wondering if anyone else has seen this behavior.. Not sure what's causing for the gw route to dissapear.

The python script /opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl needs to be updated, as any use of:

clear dhcp lease ip<address>

generates a warning message; e.g.:

clear dhcp lease ip 192.168.0.24

generates:

Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/^|\nlease 192.168.0.24 { <-- HERE (.|\n)+?\n}/ at /opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl line 110.

Hi,

I tried to configure l2tp via ssh, and the l2tp service wont start.

ubnt@ubnt:~$ systemctl status xl2tpd.service
* xl2tpd.service - EdgeOS xl2tpd daemon
Loaded: loaded (/lib/systemd/system/xl2tpd.service; disabled; vendor preset:
Active: failed (Result: exit-code) since Wed 2019-05-29 14:43:21 UTC; 3min 35
Process: 3276 ExecStart=/usr/sbin/xl2tpd $DAEMON_OPTS (code=exited, status=1/F

May 29 14:43:20 ubnt systemd[1]: xl2tpd.service: Failed with result 'exit-code'.
May 29 14:43:21 ubnt systemd[1]: xl2tpd.service: Service hold-off time over, sch
May 29 14:43:21 ubnt systemd[1]: Stopped EdgeOS xl2tpd daemon.
May 29 14:43:21 ubnt systemd[1]: xl2tpd.service: Start request repeated too quic
May 29 14:43:21 ubnt systemd[1]: Failed to start EdgeOS xl2tpd daemon.
May 29 14:43:21 ubnt systemd[1]: xl2tpd.service: Unit entered failed state.
May 29 14:43:21 ubnt systemd[1]: xl2tpd.service: Failed with result 'exit-code'.
lines 1-12/12 (END)

Any ideas?

Other than l2tp, the router was configures using wizard (basic settings), and 2 site to site vpn tunnels using gui.

Thank you

Hi All-

I'm unable to ping or connect to remote machines via an (apparently-)established site-to-site VPN. Here is what the network looks like:

-=============-
| Server      |
| 192.168.1.2 |
-=============-   ...other networks (192.168.[2..7].0/24)       |           |
-====================-
| 192.168.1.1 (eth1) |
| EdgeRouter Pro 8   |
| y.y.y.y (eth1)     |
-====================-       |
~~~~~~~~~~~~~~~~~~~~~~   The Internets
~~~~~~~~~~~~~~~~~~~~~~       |
-=====================-
| x.x.x.x (eth1)      |
| USG Pro             |
| 192.168.10.1 (eth1) |
-=====================-       |
-===============-
| My Laptop     |
| 192.168.10.10 |
-===============-

There is no NAT; both x.x.x.x and y.y.y.y are routable public WAN IP addresses. I followed the instructions here:

https://help.ubnt.com/hc/en-us/articles/115010686967-EdgeRouter-Site-to-Site-IPsec-VPN-to-USG

Here's the sanitized VPN configuration on the USG Pro (as created by the UniFi controller GUI):

admin@USGPro:~$ configure
[edit]
admin@USGPro# show vpn ipsec              
 auto-firewall-nat-exclude enable
 esp-group ESP_y.y.y.y {
     compression disable
     lifetime 3600
     mode tunnel
     pfs enable
     proposal 1 {
         encryption aes128
         hash sha1
     }
 }
 ike-group IKE_y.y.y.y {
     key-exchange ikev1
     lifetime 28800
     proposal 1 {
         dh-group 14
         encryption aes128
         hash sha1
     }
 }
 ipsec-interfaces {
     interface eth2
 }
 nat-networks {
     allowed-network 0.0.0.0/0 {
     }
 }
 nat-traversal enable
 site-to-site {
     peer y.y.y.y {
         authentication {
             mode pre-shared-secret
             pre-shared-secret "<the key>"
         }
         connection-type initiate
         ike-group IKE_y.y.y.y
         local-address x.x.x.x
         tunnel 0 {
             esp-group ESP_y.y.y.y
             local {
                 prefix 192.168.10.0/24
             }
             remote {
                 prefix 192.168.1.0/24
             }
         }
     }
 }

And here is the vpn configuration on the ER8 Pro (as created by its web GUI):

dave@ERPro8:~$ configure
[edit]
dave@ERPro8# show vpn ipsec 
 auto-firewall-nat-exclude enable
 esp-group FOO0 {
     proposal 1 {
         encryption aes128
         hash sha1
     }
 }
 ike-group FOO0 {
     proposal 1 {
         dh-group 14
         encryption aes128
         hash sha1
     }
 }
 site-to-site {
     peer x.x.x.x {
         authentication {
             mode pre-shared-secret
             pre-shared-secret "<the key>"
         }
         connection-type initiate
         description Site-to-Site
         ike-group FOO0
         local-address y.y.y.y
         tunnel 1 {
             esp-group FOO0
             local {
                 prefix 192.168.1.0/24
             }
             remote {
                 prefix 192.168.10.0/24
             }
         }
     }
 }

When I attempt to ping 192.168.1.1 (ER Pro 8) or 192.168.1.2 (server connected directly to eth1) from 192.168.10.1 (USG Pro) or 192.168.10.10 (my laptop) no traffic goes through. The tunnel does appear to be getting successfully established at both ends, however.

Here is the StrongSwan log from the USG Pro:

admin@USGPro:~$ sudo ipsec restart
Stopping strongSwan IPsec...
Starting strongSwan 5.2.2 IPsec [starter]...
admin@USGPro:~$ sudo swanctl --log
10[KNL] creating acquire job for policy 192.168.10.10/32[icmp] === 192.168.1.1/32[icmp] with reqid {1}
10[IKE] initiating Main Mode IKE_SA peer-y.y.y.y-tunnel-0[1] to y.y.y.y
10[ENC] generating ID_PROT request 0 [ SA V V V V ]
10[NET] sending packet: from x.x.x.x[500] to y.y.y.y[500] (156 bytes)
06[NET] received packet: from y.y.y.y[500] to x.x.x.x[500] (136 bytes)
06[ENC] parsed ID_PROT response 0 [ SA V V V ]
06[IKE] received XAuth vendor ID
06[IKE] received DPD vendor ID
06[IKE] received NAT-T (RFC 3947) vendor ID
06[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
06[NET] sending packet: from x.x.x.x[500] to y.y.y.y[500] (372 bytes)
15[NET] received packet: from y.y.y.y[500] to x.x.x.x[500] (372 bytes)
15[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
15[ENC] generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
15[NET] sending packet: from x.x.x.x[500] to y.y.y.y[500] (108 bytes)
12[NET] received packet: from y.y.y.y[500] to xx.x.x.x[500] (76 bytes)
12[ENC] parsed ID_PROT response 0 [ ID HASH ]
12[IKE] IKE_SA peer-y.y.y.y-tunnel-0[1] established between x.x.x.x[x.x.x.x]...y.y.y.y[y.y.y.y]
12[IKE] scheduling reauthentication in 27939s
12[IKE] maximum IKE_SA lifetime 28479s
12[ENC] generating QUICK_MODE request 4144580868 [ HASH SA No KE ID ID ]
12[NET] sending packet: from x.x.x.x[500] to y.y.y.y[500] (444 bytes)
07[NET] received packet: from y.y.y.y[500] to x.x.x.x[500] (444 bytes)
07[ENC] parsed QUICK_MODE response 4144580868 [ HASH SA No KE ID ID ]
07[IKE] CHILD_SA peer-74.43.252.106-tunnel-0{1} established with SPIs cadb0cd3_i c2c6726f_o and TS 192.168.10.0/24 === 192.168.1.0/24 
07[ENC] generating QUICK_MODE request 4144580868 [ HASH ]
07[NET] sending packet: from x.x.x.x[500] to y.y.y.y[500] (60 bytes)

And here is the StrongSwan log from the EdgeRouter Pro 8:

dave@ERPro8:~$ sudo ipsec restart
Stopping strongSwan IPsec...
Starting strongSwan 5.2.2 IPsec [starter]...
dave@ERPro8:~$ sudo swanctl --log
06[NET] received packet: from x.x.x.x[500] to y.y.y.y[500] (156 bytes)
06[ENC] parsed ID_PROT request 0 [ SA V V V V ]
06[IKE] received XAuth vendor ID
06[IKE] received DPD vendor ID
06[IKE] received NAT-T (RFC 3947) vendor ID
06[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
06[IKE] 72.43.248.118 is initiating a Main Mode IKE_SA
06[ENC] generating ID_PROT response 0 [ SA V V V ]
06[NET] sending packet: from y.y.y.y[500] to x.x.x.x[500] (136 bytes)
09[NET] received packet: from x.x.x.x[500] to y.y.y.y[500] (372 bytes)
09[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
09[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
09[NET] sending packet: from y.y.y.y[500] to x.x.x.x[500] (372 bytes)
14[NET] received packet: from x.x.x.x[500] to y.y.y.y[500] (108 bytes)
14[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
14[CFG] looking for pre-shared key peer configs matching 74.43.252.106...x.x.x.x[x.x.x.x]
14[CFG] selected peer config "peer-x.x.x.x-tunnel-1"
14[IKE] IKE_SA peer-x.x.x.x-tunnel-1[1] established between 74.43.252.106[74.43.252.106]...x.x.x.x[x.x.x.x]
14[IKE] scheduling reauthentication in 27996s
14[IKE] maximum IKE_SA lifetime 28536s
14[ENC] generating ID_PROT response 0 [ ID HASH ]
14[NET] sending packet: from y.y.y.y[500] to x.x.x.x[500] (76 bytes)
11[NET] received packet: from x.x.x.x[500] to y.y.y.y[500] (444 bytes)
11[ENC] parsed QUICK_MODE request 4144580868 [ HASH SA No KE ID ID ]
11[ENC] generating QUICK_MODE response 4144580868 [ HASH SA No KE ID ID ]
11[NET] sending packet: from y.y.y.y[500] to x.x.x.x[500] (444 bytes)
06[NET] received packet: from x.x.x.x[500] to y.y.y.y[500] (60 bytes)
06[ENC] parsed QUICK_MODE request 4144580868 [ HASH ]
06[IKE] CHILD_SA peer-x.x.x.x-tunnel-1{1} established with SPIs c2c6726f_i cadb0cd3_o and TS 192.168.1.0/24 === 192.168.10.0/24 

Once all this is established, I'm still not able to get pings through the VPN, nor can I make SSH connections. The firewalls of btoh EdgeRouter Pro 8 and the server are configured to respond to pings and accept ssh connections on their respective 192.168.1.x interfaces.

One curiousity I noticed... On the USG Pro, I see an interface listed in the ipsec status:

admin@USGPro:~$ show vpn ipsec status
IPSec Process Running PID: 4781

1 Active IPsec Tunnels

IPsec Interfaces :
        eth2    (x.x.x.x)

But on the EdgeRouter Pro 8, I do not:

dave@ERPro8:~$ show vpn ipsec status
IPSec Process Running PID: 30873

1 Active IPsec Tunnels

IPsec Interfaces :

I'm out of ideas for what I could be doing wrong, or other things to test!

Thanks in advance,

Dave

Hi,

I am trying to configure my account settings but I do not find the option to be able enter the beta forum HERE

I need to download two WoL Wizards (GUI plugins) for EdgeOS from there as is explained here 

https://community.ubnt.com/t5/EdgeRouter/WOL-inside-LAN-not-possible-with-Ubiquiti-EdgeRouter-POE/td-p/1683026

Thanks in advance,

Regards.

EdgeRouter Lite: 

I have two servers on eth0 that have static IP addresses and port forwarding correctly set up with NAT, DNAT and firewall.  They are able to communicate properly with any external servers.  However, I would like them to communicate with each other via their public IP address.  I am looking for hints on how to describe in networking terms what I am trying to accomplish so that I can search these forums for an answer.   TIA.

I've looked at lots of posts to try to figure this out but just can't cast to my chromecast or google home. Im using the ER-X so my VLANs and regular LAN are on the switch0 interface and VLAN aware is off because my access point uses multiple of the VLANs. I've tried mDNS repeater on interface switch0 and switch0.107(IOT  where chromecast is) but the Chromecast doesn't show up to cast to. If I connect to the IOT network with my phone I can cast fine. From the regular LAN I can ping the Chromecast on the IOT VLAN.

Hi all, 

I'm trying to switch the network (attached as an image) from one where "Adam" has his own network and "Becky" has her own network but both networks are "hanging off" a single backhaul network made of of isostations and lightbems on their own network.

The diagram I have is port-perfect so all the lines represent Ethernet cables going in exactly where they go in the real world. But I can't seem to get this to work. Sure, it's a lot of static routing... but am I doing that correctly?

I of course want the backhaul, Adam, and Becky to be on different vlans (20,21, and 22, respectively) and be on different networks (10.0.0.0/8, 10.0.1.0/24, and 10.0.2.0/24 respectively). 

I have an ER4 with vlan interfaces created for all of these networks, tagged correctly as their appropriate vlans, But I can't ever seem to be on "Adam's" network and reach any of the IP's assigned to the ER4 gateway. And suffice it to say I don't have Internet anywhere. Am I setting this up completely incorrectly? I MUST use all of the devices pictured. I can't reduce the number.

Dear All,

Please help find EdgeOS full image from working EdgeRouter Infinity ER-8-XG for repair my Router. I do not mean firmware!!

According to this belw scheme/method.

https://community.ubnt.com/t5/EdgeRouter/Flashing-MMC-on-EdgeRouter-PRO/td-p/2107843

Thank You.

I was reviewing my firewall log and have noticed a lot of entries for destination port 8448:

[WAN_LOCAL-default-D]IN=eth0 OUT= MAC=18:e8:29:49:31:0e:00:23:ab:7d:c0:45:08:00 src=195.253.76.2 DST=172.83.240.203 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=28408 DF PROTO=TCP SPT=52102 DPT=8448 WINDOW=64240 RES=0x00 SYN URGP=0

Anyone have any idea what they are trying to access? I cant think of enything that uses this port.

Thanks

My dead no boot ER-8 Pro suddenly decided to boot and looks OK now. I want to use it as a backup router. Can I load the config file from the working ER-12 into it? Obviously ports 9-12 and switching won't work.  

Is there self-test I can run on the ER-8 to have more confidence in it?

Hi all,

we have a router right now that sometime reboot for no reason ... so we installed a SysLog server to see what happened 

here are the logs;

May 29 18:06:34 xxx openvpn:  Authenticate/Decrypt packet error: missing authentication info
May 29 18:13:57 xxx openvpn:  WARNING: file '/config/auth/evxxx' is group or others accessible
May 29 18:13:57 xxx openvpn:  WARNING: file '/config/auth/er8xxxxxxt2' is group or others accessible
May 29 18:13:58 xxx openvpn:  WARNING: file '/config/auth/chaxxxxx2' is group or others accessible
May 29 18:13:59 xxx openvpn:  WARNING: file '/config/auth/75xxxxxt' is group or others accessible
May 29 18:13:59 xxx openvpn:  WARNING: file '/config/auth/froxxxxx9' is group or others accessible
May 29 18:13:59 xxx openvpn:  WARNING: file '/config/auth/mxxxxxxl2' is group or others accessible
May 29 18:14:00 xxx openvpn:  WARNING: file '/config/auth/froxxxxx9' is group or others accessible
May 29 18:14:00 xxx openvpn:  WARNING: file '/config/auth/mxxxxxl2' is group or others accessible
May 29 18:14:01 xxx openvpn:  WARNING: file '/config/auth/54xxxxx' is group or others accessible
May 29 18:14:01 xxx openvpn:  WARNING: file '/config/auth/perxxxxx2' is group or others accessible
May 29 18:14:02 xxx openvpn:  WARNING: file '/config/auth/taschereau' is group or others accessible
May 29 18:14:02 xxx openvpn:  WARNING: 'ifconfig' is used inconsistently, local='ifconfig xxx.xxx.xxx.35 xxx.xxx.xxx.36', remote='ifconfig xxx.xxx.xxx.35 xxx.xxx.xxx.36'
May 29 18:14:02 xxx openvpn:  WARNING: file '/config/auth/pxxxxxx3' is group or others accessible
May 29 18:14:02 xxx openvpn:  WARNING: file '/config/auth/rxxxxx2' is group or others accessible
May 29 18:14:03 xxx openvpn:  WARNING: file '/config/auth/14xxxxue' is group or others accessible
May 29 18:14:03 xxx openvpn:  WARNING: file '/config/auth/17xxxxe' is group or others accessible
May 29 18:14:03 xxx openvpn:  WARNING: file '/config/auth/pixxxx3' is group or others accessible
May 29 18:14:04 xxx openvpn:  WARNING: file '/config/auth/naxx' is group or others accessible
May 29 18:14:04 xxx ubnt-service-ssh:  waiting for netplugd to be started...
May 29 18:14:04 xxx ubnt-service-igmpproxy:  waiting for netplugd to be started...
May 29 18:14:06 xxx ubnt-service-gui:  waiting for netplugd to be started...
May 29 18:14:07 xxx dhcpd:  WARNING: Host declarations are global.  They are not limited to the scope you declared them in.
May 29 18:14:08 xxx dhcpd:  ** Ignoring requests on eth1.  If this is not what
May 29 18:14:08 xxx dhcpd:     in your dhcpd.conf file for the network segment
May 29 18:14:08 xxx dhcpd:  No subnet declaration for eth2 (xxx.xxx.xxx.170).
May 29 18:14:08 xxx dhcpd:     in your dhcpd.conf file for the network segment
May 29 18:14:08 xxx dhcpd:  No subnet declaration for eth1 (xxx.xxx.xxx.234).
May 29 18:14:08 xxx dhcpd:     you want, please write a subnet declaration
May 29 18:14:08 xxx dhcpd:     to which interface eth1 is attached. **
May 29 18:14:08 xxx dhcpd:  ** Ignoring requests on eth2.  If this is not what
May 29 18:14:08 xxx dhcpd:     you want, please write a subnet declaration
May 29 18:14:08 xxx dhcpd:     to which interface eth2 is attached. **
May 29 18:14:28 xxx netplugd:  Starting network plug daemon: netplugd.
May 29 18:15:17 xxx openvpn:  Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #71145 / time = (1559178893) Wed May 29 21:14:53 2019 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
May 29 18:15:17 xxx openvpn:  Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #71162 / time = (1559178893) Wed May 29 21:14:53 2019 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
May 29 18:15:17 xxx openvpn:  Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #71180 / time = (1559178893) Wed May 29 21:14:53 2019 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

help ... this is our main production router

Currently have an EdgeRouter 6P and can access the internet on ports 1 and 2 but am unable to get internet access on ports 3 and 4.  I have setup IP’s and setup DHCP on both ports.  I have added Services/DNS interface 3&4 as seen in a previous post but I still am unable to connect.  Other than the default firewall rules created by the setup wizard on port 0, I have not added any additional rules.  Eventually I will block the LANS on the router from talking with each other, but for now, I just need to get ports 3&4 access to the internet (Port 0 - WAN).  Any help anyone can give would greatly be appreciated.

port 0 - Wan

port 1 - WIFI AP

port 2 - Security Cameras / Cloud Key

port 3 - Servers

port 4 - IOT

Hello. I have a new Edge Router Lite that I am testing. I have been configuring it so far from the console or via SSH, and it has been working fine. I am trying to access the web interface, but all browsers report "Connection Refused". When I look at the log using "show log" on the CLI, I see a lot of the following repeated over and over:

May 29 23:59:29 ERL systemd[1]: lighttpd.service: Main process exited, code=exited, status=255/n/a
May 29 23:59:29 ERL systemd[1]: lighttpd.service: Unit entered failed state.
May 29 23:59:29 ERL systemd[1]: lighttpd.service: Failed with result 'exit-code'.
May 29 23:59:30 ERL systemd[1]: lighttpd.service: Main process exited, code=exited, status=255/n/a
May 29 23:59:30 ERL systemd[1]: lighttpd.service: Unit entered failed state.
May 29 23:59:30 ERL systemd[1]: lighttpd.service: Failed with result 'exit-code'.
May 29 23:59:32 ERL systemd[1]: lighttpd.service: Main process exited, code=exited, status=255/n/a
May 29 23:59:32 ERL systemd[1]: lighttpd.service: Unit entered failed state.
May 29 23:59:32 ERL systemd[1]: lighttpd.service: Failed with result 'exit-code'.
May 29 23:59:33 ERL systemd[1]: lighttpd.service: Main process exited, code=exited, status=255/n/a
May 29 23:59:33 ERL systemd[1]: lighttpd.service: Unit entered failed state.
May 29 23:59:33 ERL systemd[1]: lighttpd.service: Failed with result 'exit-code'.
May 29 23:59:34 ERL systemd[1]: lighttpd.service: Start request repeated too quickly.
May 29 23:59:34 ERL systemd[1]: Failed to start Lighttpd Daemon.
May 29 23:59:34 ERL systemd[1]: lighttpd.service: Unit entered failed state.
May 29 23:59:34 ERL systemd[1]: lighttpd.service: Failed with result 'exit-code'.

Here is the output of "show service gui":

 http-port 80
 https-port 443
 listen-address 192.168.211.1
 older-ciphers enable

Where 192.168.211.1 is the inside interface IP of the router. I have tried removing the "listen-address", did not change behavior. The router has a working IKEv2 S2S VPN using a certificate/key located under /config/auth. I have tried setting the "ca-cert" and "cert-file" options to point to those files, thinking that maybe the web interface (something called "Lighttpd"??) needed a cert. Did not change behavior. I have tried removing the "older-ciphers" option. Did not change behavior.

I am running the latest firmware available from the official Ubiquiti website, version 2.0.1. I have not made any changes to the filesystem apart from uploading the certs/key.

How do i remedy this problem?