New Member
Posts: 17
Registered: ‎02-12-2019
Accepted Solution

Edgerouter Internet Connection Issues

Hi all,

 

Have a quandary of an issue I’m hoping you might be able to assist me with.

 

I currently have an edgerouter setup connecting to a unmanaged switch, which also connects to a windows server and several client PC’s.

 

We are currently having a spate of internet connection issues on some of the client PC’s (namely the Windows 10 ones), where we are unable to get access to external internet. Others however work fine.

 

So far we’ve established:

 

Pinging other PC’s on the LAN works fine

Pinging both the windows server and the router on the internal LAN works fine

pinging 8.8.8.8 on some of the client PC’s results in 

reply from <router IP address>: destination host unreachable.

Pinging 8.8.8.8 from some of the other working PC’s on the same LAN and connected to the same switch also works fine.

 

Any help you could give us would be greatly appreciated.

 

Thanks in advance,

 


Accepted Solutions
SuperUser
Posts: 8,505
Registered: ‎01-05-2012
Kudos: 2240
Solutions: 1133

Re: Edgerouter Internet Connection Issues

Just to be sure,  there is only one 192.168.1.1 host in the network  ?

View solution in original post


All Replies
SuperUser
Posts: 8,505
Registered: ‎01-05-2012
Kudos: 2240
Solutions: 1133

Re: Edgerouter Internet Connection Issues

Dumb question, the default-gateway is the correct one, on all devices ?
Cheers,
jonatha

New Member
Posts: 17
Registered: ‎02-12-2019

Re: Edgerouter Internet Connection Issues

Hi,

 

Yes all state the router as the default gateway at 192.168.1.1.

 

Have tried using both static and dynamically obtained IP addresses, ipconfig release/renew/flushdns commands and also disabled the client firewalls, to no effect

SuperUser
Posts: 8,505
Registered: ‎01-05-2012
Kudos: 2240
Solutions: 1133

Re: Edgerouter Internet Connection Issues

Can you post the config ?

New Member
Posts: 17
Registered: ‎02-12-2019

Re: Edgerouter Internet Connection Issues

firewall {
    all-ping enable
    broadcast-ping disable
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address xx.xx.xx.xx/xx
        description Internet
        dhcp-options {
            default-route update
            default-route-distance 210
            name-server no-update
        }
        duplex auto
        firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
        }
        speed auto
    }
    ethernet eth1 {
        address 192.168.1.1/24
        description Local
        duplex auto
        speed auto
    }
    ethernet eth2 {
        address 192.168.2.1/24
        description "Local 2"
        duplex auto
        speed auto
    }
    loopback lo {
    }
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LAN2 {
            authoritative enable
            subnet 192.168.2.0/24 {
                default-router 192.168.2.1
                dns-server 192.168.2.1
                lease 86400
                start 192.168.2.38 {
                    stop 192.168.2.243
                }
            }
        }
        static-arp disable
        use-dnsmasq disable
    }
    dns {
        forwarding {
            cache-size 150
            listen-on eth1
            listen-on eth2
            name-server 8.8.8.8
            name-server 8.8.4.4
            name-server 1.1.1.1
            options strict-order
        }
    }
    gui {
        http-port 80
        https-port 443
        older-ciphers enable
    }
    nat {
        rule 5010 {
            description "masquerade for WAN"
            outbound-interface eth0
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
}
system {
    gateway-address xx.xx.xx.xx
    host-name ubnt
    login {
        user xxx {
            authentication {
                encrypted-password xx
            }
            level admin
        }
    }
    name-server 127.0.0.1
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone UTC
}
vpn {
    ipsec {
        auto-firewall-nat-exclude enable
        esp-group FOO0 {
            compression disable
            lifetime 3600
            mode tunnel
            pfs enable
            proposal 1 {
                encryption aes256
                hash sha1
            }
        }
        ike-group FOO0 {
            ikev2-reauth no
            key-exchange ikev1
            lifetime 28800
            proposal 1 {
                dh-group 14
                encryption aes256
                hash sha1
            }
        }
        site-to-site {
            peer y.y.y.y {
                authentication {
                    mode pre-shared-secret
                    pre-shared-secret xxx
                }
                connection-type initiate
                description xxx
                ike-group FOO0
                ikev2-reauth inherit
                local-address xx.xx.xx.xx
                tunnel 1 {
                    allow-nat-networks disable
                    allow-public-networks disable
                    esp-group FOO0
                    local {
                        prefix 192.168.1.0/24
                    }
                    remote {
                        prefix y.y.y.y/yy
                    }
                }
            }
        }
    }
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@4:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.10.8.5142440.181120.1645 */
New Member
Posts: 17
Registered: ‎02-12-2019

Re: Edgerouter Internet Connection Issues

[ Edited ]

Just to add - we've set the windows server to act as the DHCP server for eth1 and the LAN in lieu of the router, to avoid any internal conflicts.

 

Cheers,

SuperUser
Posts: 8,505
Registered: ‎01-05-2012
Kudos: 2240
Solutions: 1133

Re: Edgerouter Internet Connection Issues

If on the wan interface, you have a static ip address (and you have been provided also of the ip address of the gateway/next-hop, declared in the system-gateway address filed), you can remove the dhcp-options from the wan interface, that said, the config seems pretty simple ... From eth2, all is working correctly ? The remote-prefix, in the vpn config, is a different network ?
Cheers,
jonatha

New Member
Posts: 17
Registered: ‎02-12-2019

Re: Edgerouter Internet Connection Issues

[ Edited ]

That’s right, the Edgerouter is connected to a lease line on eth0 which has a static ip address and gateway address, and which has been provided by our ISP.

 

There’s nothing plugged into eth2 at the moment, only the eth1 port is being used for our internal LAN.

 

The VPN config connects to one of our other sites, and this connection also works fine (for the clients on the LAN that are able to get internet access)

 

It’s just certain clients on the LAN that we’re unable to get internet access for, and are struggling to figure out why

Established Member
Posts: 850
Registered: ‎06-17-2015
Kudos: 168
Solutions: 50

Re: Edgerouter Internet Connection Issues

[ Edited ]

Are you using 1.1 subnet? If yes, where's the DHCP Pool?

New Member
Posts: 17
Registered: ‎02-12-2019

Re: Edgerouter Internet Connection Issues

Yes, .1.1.

 

DHCP on eth1 is being assigned by the Windows Server rather than the router, pool range of .1.100 to .1.250.

 

 

New Member
Posts: 17
Registered: ‎02-12-2019

Re: Edgerouter Internet Connection Issues

Hi all,

 

Any thoughts on this?

 

We’re having endless connectivity issues at the moment.

 

Thanks in advance,

New Member
Posts: 9
Registered: ‎02-09-2019
Kudos: 2

Re: Edgerouter Internet Connection Issues

[ Edited ]

There are a few things you can try to debug this:

 

On the problematic machine

1. Do a traceroute from one of the problem machines and see if it correctly tries to go through your router:

tracert -d 8.8.8.8

2. Check the arp cache on a problem machine to make sure that the router's IP appears with it's correct internal MAC address

arp -a 192.168.1.1

 

On the router

3. You can also check the reverse, to make sure your router sees the proper MAC address of your machine

sudo arp 192.168.1.123

4. Do a tcpdump on the router to look at the low level traffic to/from one of your problem machines

sudo tcpdump host 192.168.1.123

 

Emerging Member
Posts: 75
Registered: ‎01-30-2019
Kudos: 15
Solutions: 3

Re: Edgerouter Internet Connection Issues

[ Edited ]

Not knowing how the Windows DHCP server is set to support DNS, the first thing I see in your Edge Router configuration is this:

 

name-server 127.0.0.1

 

Under the System Tab (lower left of the Dashboard), change the Name server to 8.8.8.8.

 

 

Y-ASK

New Member
Posts: 17
Registered: ‎02-12-2019

Re: Edgerouter Internet Connection Issues

Ok all,

 

So ran the tests on one of the PC's that was unable to get internet access today (the ethernet adaptor shows a yellow exclamation mark and a "No Internet Access" sign in the taskbar:

 

Ping the router:

 

Router Ping.PNG

 

Ping the server:

 

Server Ping.PNG

 

Ping public dns:

 

Internet Ping.PNG

 

Run tracert:

 

tracert.PNG

 

IP config details (i've tried inputting this as a static ip address as well as using the auto obtain options):

 

ip config.PNG

 

ARP details checked and confirmed to be correct to router.

 

Trying tcpdump on the router via CLI gives me:

 

tcpdump.PNG

 

I've tried updating drivers, using the standard cmd commands (release/renew/netsh int reset etc), to no avail. I've also tried changing the name server from 127.0.0.1 to 8.8.8.8 as suggested, however still no dice.

 

Thanks again and in advance for everyone's help.

 

Kind regards,

SuperUser
Posts: 8,505
Registered: ‎01-05-2012
Kudos: 2240
Solutions: 1133

Re: Edgerouter Internet Connection Issues

Can you connect one of the non-working pc to eth2, and see if the issue still persists ?
Cheers,
jonatha

New Member
Posts: 17
Registered: ‎02-12-2019

Re: Edgerouter Internet Connection Issues

Hi - internet works if we connect directly into eth2.

 

Does that mean there's a setup issue with eth1?

 

 

New Member
Posts: 9
Registered: ‎02-09-2019
Kudos: 2

Re: Edgerouter Internet Connection Issues

The TTL you are getting when pinging 192.168.1.1 from the computer is suspicions.

I would expect to see 64 instead of 254, since that is the default I have seen used in EdgeOS.

 

On the router, ping yourself

 

ping localhost

to check what TTL you are getting there.

If you are not getting a 254 TTL there as well, then it means your computer is getting ping replies from somebody else, not your EdgeRouter.

 

 

Regarding tcpdump, if that is all you are getting, it means you computer is not sending anything towards your EdgeOS gateway.

Just to be sure, leave a "ping -t 8.8.8.8" running from your computer while you are running the tcpdump on the router.

Highlighted
New Member
Posts: 17
Registered: ‎02-12-2019

Re: Edgerouter Internet Connection Issues

Pinging localhost from the router gives me a TTL of 64.

 

Have rerun the tcpdump test with active ping running on the affected PC and the message is the same

New Member
Posts: 9
Registered: ‎02-09-2019
Kudos: 2

Re: Edgerouter Internet Connection Issues

This means the problem is not caused by the EdgeRouter and you need to recheck your network setup.

 

Do you have some Cisco device laying around? It looks like TTL 254 is usually used by them.

Do you have any VLANs set up on your switch? Or maybe the switch management interface itself is set up as 192.168.1.1 and it's only visible from some ports.

 

You can also try swapping the cabling between a problem computer and one that works.

 

SuperUser
Posts: 8,505
Registered: ‎01-05-2012
Kudos: 2240
Solutions: 1133

Re: Edgerouter Internet Connection Issues

Just to be sure,  there is only one 192.168.1.1 host in the network  ?