4 weeks ago
Running 3 USG Pros with auto site to site VPNs. Been having all sorts of strange issues from getting the tunnels to come up and then routing issues once they were up. The big issue one was manual/static routes were not being honored (it would route the packets out the WAN interface rather than across vti). Double checked all the linux routing tables and even 'ip route get $trtget_address' reports the packets should be going over vti0.
The 'main' USG is using WAN1 as its uplink. The other ends were using WAN2. Switched the uplink IP config over to WAN1 and deleted the config for WAN2 and swapped the cables around, routing starts working like it should (pushing packets across vti0 rather than out WAN2).
I haven't chased it down all the way but gut says there is something the iptables prerouting that was mucking with the packets and changing the source address that messed upthe routing. tcpdump on WAN2 showed a different source address, which makes sense because of NAT on the WAN.
In the bad state, prior to the cable swap when routing was doing the wrong thing, you see something like this at the remote sites.
$ show vpn ipsec status IPSec Process Running PID: 4016 1 Active IPsec Tunnels IPsec Interfaces : eth2 ( ) eth3(18.104.22.168)
2 weeks ago
I manage multiple site in UniFi SDN Controller 5.9.29 and now I try to find a way to create one Admin user that can manage more that one site at the time.
Do not expect me to reply to this post, I'm not sure that I will be able to find it, thank's to ....
2 weeks ago
So, a lot of people with a lot of problems and no news on an update to either the controller, or USG as yet?
Im honestly just waiting for a fix for the json file import so I can fix everything else myself.
I had to turn off ips due to it eating 100% cpu in the week. I suspect it was a rules update that caused that and it is still tagged as beta so that's fine.
2 weeks ago
Create an administrator on SITE1 and on SITE2 choose to invite an existing administrator.
USG-4-PRO • USG
USW-48-500W • USW-24-POE-250W 2x • USW-16-POE-150W • USW-24 • USW-8-150W • USW-8
UAP XG • UAP-SHD • UAP-HD • UAP-NanoHD • UAP-AC-PRO 2x • UAP-AC-LITE • UAP-AC-IW • UAP-AC-M
UCK-G2 • UCK
Friday - last edited Friday
After upgrading to UniFi Controller Software 5.9.32 (Build: atag_5.9.32_11402) it isn't possibe to add IPv6 firewall rules the WAN IN interface anymore. It worked wil older versions.
I will try to go back to 5.9.29
So is this version stable or not? Should I really update version? I am on version 5.6.37 but getting ready to install some XG AP's. I am using a domain name instead of VPN for all 72 sites to talk back to the controller.
Tuesday - last edited Tuesday
I have been running this update on 2 networks (one with a Pro 4 and the other has the smaller USG unit) and NO issues at all for me. running 0.12 controller on my cloud-key as well if that matters. OH forgot to add I have been running this on both networks since about a week after release.
Wlan schedule Problem
Wlan time can still not be set correctly. Would only wlan tomorrow from 07.00 to the night 01.00 clock switched on have. Unfortunately it is still only until 24.00 clock. Bug in the 5.5.20-5.x update? Wait for the solution soon 2 year for the fix
17 hours ago