Scheduled maintenance: Community will be offline Monday June 17th, 1:00 AM - 6:00 AM (PT)
Emerging Member
Posts: 55
Registered: ‎06-20-2014
Kudos: 3
Solutions: 4
Accepted Solution

Newbie - Everything working until

I'm fairly new to this. I basically just went through the wizard and some online posts to get my EML setup.

 

ETH0 - LAN

ETH1 - WAN (PPPoe)

ETH2 - unused

I setup the router at my home and everything was working fine. I went to implement it in the office that I'm upgrading and when I unplugged the old router and plugged this guy in it works briefly then I can't ping the router anymore. I hard reset it and was again able to gain access again but once I loaded my config back it worked again for a bit and then can't ping. 

I have 8 PCs, 2 MFD Printers and 2 Synology NAS. I have to do some more troubleshooting and I'm not sure if it's because all the devices still had IPs from the old DHCP router or what's going on... 

here's my config - maybe it's the basic firewall??

 

firewall {
    all-ping enable
    broadcast-ping disable
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        rule 10 {
            action accept
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            state {
                invalid enable
            }
        }
    }
    options {
        mss-clamp {
            mss 1412
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address 192.168.1.1/24
        description Local
        duplex auto
        speed auto
    }
    ethernet eth1 {
        description "Internet (PPPoE)"
        duplex auto
        pppoe 0 {
            default-route auto
            firewall {
                in {
                    name WAN_IN
                }
                local {
                    name WAN_LOCAL
                }
            }
            mtu 1492
            name-server auto
            password DSLPASS
            user-id DSLUSER
        }
        speed auto
    }
    ethernet eth2 {
        address 10.10.10.1/24
        description PRIVATE
        duplex auto
        speed auto
    }
    loopback lo {
    }
    openvpn vtun0 {
        local-address 10.99.99.1 {
        }
        local-port 1194
        mode site-to-site
        openvpn-option --comp-lzo
        remote-address 10.99.99.2
        remote-host remote.com
        remote-port 1194
        shared-secret-key-file /config/auth/secret
    }
}
port-forward {
    auto-firewall enable
    hairpin-nat enable
    lan-interface eth0
    rule 1 {
        description UniFiManager
        forward-to {
            address 192.168.1.225
            port 8080
        }
        original-port 8080
        protocol tcp_udp
    }
    rule 2 {
        description UniFiInvites
        forward-to {
            address 192.168.1.225
            port 8443
        }
        original-port 8443
        protocol tcp_udp
    }
    wan-interface pppoe0
}
protocols {
    static {
        interface-route 192.168.2.0/24 {
            next-hop-interface vtun0 {
            }
        }
    }
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LAN1 {
            authoritative disable
            subnet 192.168.1.0/24 {
                default-router 192.168.1.1
                dns-server 192.168.1.1
                lease 86400
                start 192.168.1.21 {
                    stop 192.168.1.99
                }
                static-mapping Law104 {
                    ip-address 192.168.1.225
                    mac-address xx:d4:35:xx:d5:xx
                }
            }
        }
    }
    dns {
        forwarding {
            cache-size 150
            listen-on eth0
            listen-on eth2
        }
    }
    gui {
        https-port 443
    }
    nat {
        rule 5010 {
            outbound-interface pppoe0
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
}
system {
    host-name WRTR
    login {
        user UserName {
            authentication {
                encrypted-password removed it for posting here
                plaintext-password ""
            }
            full-name "W"
            level admin
        }
    }
    name-server 8.8.8.8
    name-server 8.8.4.4
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone America/Toronto
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@3:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.4.1.4648309.140310.1607 */

 

 

 


Accepted Solutions
Emerging Member
Posts: 55
Registered: ‎06-20-2014
Kudos: 3
Solutions: 4

Re: Intermittently losing connection

Thanks, I think I've solved the problem. Should've came in this morning before I posted on no sleep Man Happy

I changed the 2 nic connections, that were on old cat5 cable, and disabled flow control for now.

I also unplugged/reset the switch (resetting all connections) and it works flawlessly now. 

Hopefully my site-to-site works.

I welcome any comments on my config/firewall suggestions.

 

Thanks.

 

View solution in original post


All Replies
Highlighted
Emerging Member
Posts: 55
Registered: ‎06-20-2014
Kudos: 3
Solutions: 4

Intermittently losing connection

I guess I can't post my config here (results in insta-removal)

I'm trying to figure out (have to troubleshoot some more) why my EML is locking me out.

I had it working without any issues in my test site. - Basic settings from the wizard (firewall). 

EHT0 - LAN

ETH1 - WAN (PPPoe)

ETH2 - not currently using but configured as LAN

I had 2 dumb DLINK switches and and old linksys router and one DSL modem -  for 8 Windows PCs, 2 MFD Printers and 2 Synology NAS.

I was replacing the 2 switches and router with 1 dumb 16 dlink switch and 1 EML and 1 UniFi. (all tested and programmed at home and were working great).

I left all devices turned on and just unplugged from the ports - and just plugged in the PCs to the new switch and just plugged the switch into the EML. (the NAS and modem weren't connected).

Once I went to connect to the EML I couldn't even ping it - gave myself static IP and still no go.

So I then unplugged all but my computer and had to reboot the EML (hard) and was able to ping. Then plugged some more devices in and it went out again. I couldn't pin point the device that was causing it as it was intermitly going out.

I thought it was my switch (but I can see the ports connected just can't talk to router), so I tried the old 2 switches again and same issue. 

I then hooked the old router back up and it worked fine, plugged the EML back in and same problem. 

I'm not sure what the issue is and I'm fairly new to this.. so any help would be great Man Happy

I can attached my config or part of it but then my post gets removed..

thanks

Emerging Member
Posts: 55
Registered: ‎06-20-2014
Kudos: 3
Solutions: 4

Re: Intermittently losing connection

Could this be an issue of flow control?

3 of the connections are on old cabling standard cat5... I think it's when these are hooked up it starts. .. need to confirm that. . Heading back in today to troubleshoot more.
Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5481
Solutions: 1656
Contributions: 2

Re: Intermittently losing connection

(Merged the same discussion from all threads.)

If this only happens when a certain device is plugged in, another thing to check might be whether there's any IP address conflict with that device.

Emerging Member
Posts: 55
Registered: ‎06-20-2014
Kudos: 3
Solutions: 4

Re: Intermittently losing connection

Thanks, I think I've solved the problem. Should've came in this morning before I posted on no sleep Man Happy

I changed the 2 nic connections, that were on old cat5 cable, and disabled flow control for now.

I also unplugged/reset the switch (resetting all connections) and it works flawlessly now. 

Hopefully my site-to-site works.

I welcome any comments on my config/firewall suggestions.

 

Thanks.

 

Established Member
Posts: 1,043
Registered: ‎02-17-2014
Kudos: 389
Solutions: 40

Re: Intermittently losing connection

[ Edited ]

Well done.  That's a very clean config for a first setup.

Where do you intend to install the UniFi on this network?  The port-forwarding leads me to believe that it will be outside your local network.  If it is inside, you can simply define the address for the controller in the dhcp-server.  Another option, since you are using the ERL as a local dns-server is to put a static DSN for UniFi on it.  Both methods will tell the UniFi where to find the controller.

Emerging Member
Posts: 55
Registered: ‎06-20-2014
Kudos: 3
Solutions: 4

Re: Intermittently losing connection

Thanks CowboyJed, 

I'm actually expanding an office and doing site-to-site VPN which is going to have a UniFi unit at both locations.

I was trying to setup the Controller in the main office 192.168.1.0/24 and I put the port forwarder in there so I can manage remotely from any location. (as I just support this office and don't work it either location).  In the 192.168.2.0/24 site I did put 192.168.1.225 for the controller (hopefully that's correct and will work). - the port forwarder is mainly for me to access the controller and not necassarily the UniFi.

Would the options you provided still work in this case and if so are they better then a port forward?

 

Established Member
Posts: 1,043
Registered: ‎02-17-2014
Kudos: 389
Solutions: 40

Re: Intermittently losing connection

[ Edited ]

I went back and took a second look.  You're correct, port 8443 is for management of the controller.  Your description led me to believe that is was for the AP to connect to the controller.  My mistake.

My suggestion for the UniFi adoption is to use either method described above.  The controller address in dhcp is the easiest.  The UniFi will route through the vpn without issues for connection to the controller as long as it knows where to find it.

One thing to keep in mind with your vpn, is that only the subnets that you define a route for will be able to talk through the tunnel.  In other words, if there are more subnets than just 192.168.2.0/24 at your remote location, only 192.168.2.0/24 will be able to talk across the vpn unless you define a route for the other subnets.

These are the static routes for my two locations.

# Location A:

protocols {
    static {
        interface-route 172.16.50.0/24 {
            next-hop-interface vtun0 {
            }
        }
        interface-route 192.168.2.0/24 {
            next-hop-interface vtun0 {
            }
        }
    }
}
--------------------------------------------
# Location B:

protocols {
    static {
        interface-route 10.10.20.0/24 {
            next-hop-interface vtun0 {
            }
        }
        interface-route 10.10.30.0/24 {
            next-hop-interface vtun0 {
            }
        }
        interface-route 10.10.50.0/24 {
            next-hop-interface vtun0 {
            }
        }
        interface-route 10.10.60.0/24 {
            next-hop-interface vtun0 {
            }
        }
    }
}