@dafyre said in EdgeRouter PoE high CPU usage:

@travisdh1 -- Maybe he should start with something simple... like a reboot? (I haven't seen him mention that anywhere).

The entire reason it came back up is that the unit rebooted itself (crashed) at 1300 CDT yesterday.

For a super simple no VPNs network, the USG works great, pretty straight forward and has some nice pictograms in the Controller.

The issue I ran into was a VPN tunnel between two endpoints that both had static IPs. This just didn't work. A few people have posted their work arounds on my UBNT thread about putting the IP into the JSON config file and not using the GUI to enter the static IPs and have it work.

@Mike-Davis said in Ubnt ER - random quick disconnects RDP:

yes. published a remote app. Users need access to that from machines that may not be company owned. Put RDPguard in place to ban IPs of multiple failed login attempts.

If there is a VPN, then we presume that there is no UDP traffic. Most VPNs are TCP.

We've been able to Default the remaining APs and they are adopted. We have one that is being stubborn, while it 'pings' it's not reachable. Suspect an issue with the AP itself. One just lost the heartbeat, but, it was found and adopted.

All in all, four of the six are running and good to go. lot better than where we started.

Thanks

@travisdh1 said in Ubiquiti ER-X Initial Firmware Update:

So I uploaded the 1.9.0 firmware file with scp (the ER-X doesn't have internet access yet, not final install.)

add system image ER-e50.v1.9.0.4901118.tar

Complained about not enough space available. Fine, uploaded through the gui, and it worked fine. ???

I'll have to tackle the duel WAN tomorrow, after verifying I got all my documentation correct.

Well, it's setup and being used. I'm have a feeling I'm going to have to limit http and https traffic with the QOS settings on it tho. Two 700k/300k DSL connections don't go very far 😞

I also need to get the static routing figured out. I tried adding a static route to our web host (viviotech.net), and it still sends traffic out of whichever of the WAN ports it decides is better. Bet I forgot a NAT setting somewhere, now that I think about it?

The boxes are amazing for the price.

@Dashrender said in EdgeMAX EdgeRouter software release v1.9.0:

I used to do VLANs for broadcast storm reasons.. but as I've sense learned, if you have broadcast storms, you have another problems you need to solve anyway... and the VLANs probably won't save you, the switches will still be swarmed and might be brought to their knees anyhow... so, yeah.. today, if I need more than 250 devices in a network, move from /24 to /23 or even /22.

Migrating an existing network though - kinda a huge pain in the ass.

Definitely true. But to bring this full circle, the person in question wants to setup VLAN for learning how to implement them and how they work, and that is awesome.

Apparently I figured out my issue with the dual wan traffic shaping. Had to turn on stickiness.... just goes to show you how little I've dealt with networking.

@Mike-Davis said in ubnt guest wireless or separate VLAN?:

My understanding of how Ubiquiti handles guest mode is that it drops packets destined for internal networks. What I don't know is like I think some others were getting at - what if the user tries to go to another local subnet outside the subnet their on. I guess I'll just keep the VLAN thing.

My understanding is that it totally drops those packets too. In some ways, that makes it more secure than a VLAN because just hijacking a physical switch is not enough to grab the packets.

@Brains Glad you got squared away

Did you end up putting in a support ticket? Pretty unfortunate you haven't received a reply yet as to whether you should or not. Hopefully it's fixed soon.

Ran into a snag today. When applying this update to a USG with a dynamic external IP, it works fine. But the moment you assign it a static IP it goes into a boot loop and removes the default gateway.

To get it back to a working state I had to hard reset the USG, re acquire and re setup.

I'll be posting to the USG boards shortly.

@JaredBusch said in Home Wireless - Rewiring - Considering Ubiquiti:

@DustinB3403 said in Home Wireless - Rewiring - Considering Ubiquiti:

@JaredBusch so I'd have to purchase an additional POE injector or do they come with the UAP‑AC‑LITE?

All of the UAP series come with a PoE.

Well that's just swell, saves some money.

Thank you for the input.

@JaredBusch

Good to know. I'm planning on starting this later this week. If I can get this working, I'm going to replace a PFSense firewall with an ERX or lite. Right now, this is the only thing that I dont have setup for ERX yet.

@fuznutz04 said in EdgeMAX Alpha release v1.8.5alpha1:

@JaredBusch said in EdgeMAX Alpha release v1.8.5alpha1:

@fuznutz04 said:

@JaredBusch said:

@fuznutz04 said:

@JaredBusch said:

@fuznutz04 what type of OpenVPN? Site to site? I have wrote up that process before back when I was learning EdgeOS originally. I can update it and make it clean.

No, I was looking to set it up as a server so I can remote in via the OpenVPN client. Basically, secure access to my home network when I need it. Right now, my experience with Open VPN is limited to the package available for PFSense. I'd like to do the same on my ERX.

I have that setup also. both as a certificate based and as a password based. at different sites. I really need to make new documentation anyway.

You would be hailed as "the man" if you produce that content and share it. 🙂

It is already on the ubnt forum. buried somewhere in posts I made 2 years ago there.

Just needs updated and reposted.

Hey Jared,

Any update on this new guide? I'm getting ready to replace a PFSense router with an ERX and the only thing holding me back is a working OpenVPN solution for the ERX.

I've been working on IPSEC VPN issues that are client affecting and have not had time to revisit the OpenVPN process.

@coliver said:

Do VPN connections get created/torn down with every communication? Or are they persistent until the device disconnects?

Normally neither. They are normally persistent until a certain amount of time, then they tear down when idle. Might be hours or days. That way they don't remain absolutely forever, but normally a very long time.

annoyingmuse no more? i'll have to fire up some of these again and play with the VPLS/MPLS configs. whoop

@Dashrender said:

@johnhooks said:

@scottalanmiller said:

@johnhooks said:

@scottalanmiller said:

@johnhooks said:

I think it still runs Linux, so yo could probably do most of that. However that kind of defeats the purpose of being centrally managed.

VyOS, it is extremely capable. We've been on VyOS or its parent Vyatta for a very, very long time.

Ya EdgeMax is, does the USG run VyOS?

Yes, they all do the same stuff under the hood.

Ok, I didn't realize that. But like I said, I think needing to dig into the cli on the USG kind of defeats the purpose of having everything centrally managed by the controller.

I thought I mentioned it's not about fully managing, it's more about the reports/graphs.

Yes it's a bit more expensive...

Ah I missed that.

@travisdh1 said:

@Dashrender said:

I've never understood how viruii got around AV products on machines running them. It's my understanding this is somehow possible because of other unpatched flaws in the OS, even though the AV knows about the virus, the virus can still get in through the OS flaw, then using that flaw disable the AV, and pwn the machine.

Do I understand that incorrectly?

It's normally through another piece of software than the OS today actually. Microsoft finally got most of the holes in their swiss cheese plugged. Ironically, the programming code that many AV use also creates a hole for malware to enter through. Wish I had a few minutes to find those articles that hit recently.

yeah I read those too - darn AV companies!

For comparison here is a session going over OpenVPN to another site with an 80/5 cable modem service.

Maxing under 8mbit on average.

C:\iperf3>iperf3 -c 10.202.10.49 -p 9676 -F office2013.iso -t 120 -P 4 - - - - - - - - - - - - - - - - - - - - - - - - - [ 4] 113.01-114.01 sec 128 KBytes 1.05 Mbits/sec [ 7] 113.01-114.01 sec 384 KBytes 3.15 Mbits/sec [ 10] 113.01-114.01 sec 256 KBytes 2.10 Mbits/sec [ 13] 113.01-114.01 sec 128 KBytes 1.05 Mbits/sec [SUM] 113.01-114.01 sec 896 KBytes 7.35 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ 4] 114.01-115.00 sec 256 KBytes 2.10 Mbits/sec [ 7] 114.01-115.00 sec 384 KBytes 3.15 Mbits/sec [ 10] 114.01-115.00 sec 256 KBytes 2.10 Mbits/sec [ 13] 114.01-115.00 sec 256 KBytes 2.10 Mbits/sec [SUM] 114.01-115.00 sec 1.12 MBytes 9.45 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ 4] 115.00-116.00 sec 256 KBytes 2.10 Mbits/sec [ 7] 115.00-116.00 sec 512 KBytes 4.20 Mbits/sec [ 10] 115.00-116.00 sec 128 KBytes 1.05 Mbits/sec [ 13] 115.00-116.00 sec 0.00 Bytes 0.00 bits/sec [SUM] 115.00-116.00 sec 896 KBytes 7.35 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ 4] 116.00-117.00 sec 256 KBytes 2.10 Mbits/sec [ 7] 116.00-117.00 sec 384 KBytes 3.15 Mbits/sec [ 10] 116.00-117.00 sec 0.00 Bytes 0.00 bits/sec [ 13] 116.00-117.00 sec 0.00 Bytes 0.00 bits/sec [SUM] 116.00-117.00 sec 640 KBytes 5.25 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ 4] 117.00-118.01 sec 256 KBytes 2.07 Mbits/sec [ 7] 117.00-118.01 sec 384 KBytes 3.10 Mbits/sec [ 10] 117.00-118.01 sec 128 KBytes 1.03 Mbits/sec [ 13] 117.00-118.01 sec 128 KBytes 1.03 Mbits/sec [SUM] 117.00-118.01 sec 896 KBytes 7.24 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ 4] 118.01-119.01 sec 384 KBytes 3.15 Mbits/sec [ 7] 118.01-119.01 sec 384 KBytes 3.15 Mbits/sec [ 10] 118.01-119.01 sec 128 KBytes 1.05 Mbits/sec [ 13] 118.01-119.01 sec 128 KBytes 1.05 Mbits/sec [SUM] 118.01-119.01 sec 1.00 MBytes 8.40 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ 4] 119.01-120.01 sec 384 KBytes 3.15 Mbits/sec [ 7] 119.01-120.01 sec 128 KBytes 1.05 Mbits/sec [ 10] 119.01-120.01 sec 128 KBytes 1.05 Mbits/sec [ 13] 119.01-120.01 sec 256 KBytes 2.10 Mbits/sec [SUM] 119.01-120.01 sec 896 KBytes 7.35 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth [ 4] 0.00-120.01 sec 27.5 MBytes 1.92 Mbits/sec sender Sent 27.5 MByte / 1.39 GByte (1%) of office2013.iso [ 4] 0.00-120.01 sec 27.3 MBytes 1.91 Mbits/sec receiver [ 7] 0.00-120.01 sec 30.1 MBytes 2.11 Mbits/sec sender Sent 30.1 MByte / 1.39 GByte (2%) of office2013.iso [ 7] 0.00-120.01 sec 30.0 MBytes 2.09 Mbits/sec receiver [ 10] 0.00-120.01 sec 25.6 MBytes 1.79 Mbits/sec sender Sent 25.6 MByte / 1.39 GByte (1%) of office2013.iso [ 10] 0.00-120.01 sec 25.5 MBytes 1.78 Mbits/sec receiver [ 13] 0.00-120.01 sec 25.1 MBytes 1.76 Mbits/sec sender Sent 25.1 MByte / 1.39 GByte (1%) of office2013.iso [ 13] 0.00-120.01 sec 24.9 MBytes 1.74 Mbits/sec receiver [SUM] 0.00-120.01 sec 108 MBytes 7.58 Mbits/sec sender [SUM] 0.00-120.01 sec 108 MBytes 7.53 Mbits/sec receiver iperf Done.

@Dashrender said:

@scottalanmiller said:

@Dashrender said:

So if the OP wants to do web filtering and firewall services - what stuff should he buy?

Same thing that I keep saying... ERL and Squid.

I just wanted you to post it again 🙂

LOL. There it is.