|
Does it get recognized enough to make the DHCP lease just permanent and effectively give it a static IP address?
|
#
?
Sep 7, 2018 17:29
|
|
|
|
| # ? Apr 25, 2024 11:07 |
|
|
redeyes posted:Sweeet. Now I know what I'm doing tonight! I’ve read that it’s best to take your (unencrypted) PF backup, then restore sections 1 at a time in OPN. I may switch in the future so please report back on how it goes for you!
|
|
#
?
Sep 7, 2018 18:34
|
|
|
bobfather posted:I’ve read that it’s best to take your (unencrypted) PF backup, then restore sections 1 at a time in OPN. I may switch in the future so please report back on how it goes for you! Oh ok. Sounds easy enough. Will report back.
|
|
#
?
Sep 8, 2018 00:47
|
|
|
KKKLIP ART posted:Does it get recognized enough to make the DHCP lease just permanent and effectively give it a static IP address? Nope, already tried that. The DHCP server, whichever I'm using, sees the request just fine. Setting a static lease just changes the IP that the DHCP server assigns it, but the thermostat never acknowledges it. We're at the time of the year where quite frankly I don't dick around much with my thermostat anyway so it's not an urgent or deal-breaking issue. I can't even bother contacting Honeywell for support because it's compensation for an old beta test I did with them. I'll keep plugging away at it as long as I can get any insight into options, since now I can easily plug in the R7000 and set it up as its own IOT AP.
|
|
#
?
Sep 8, 2018 01:00
|
|
|
edit: gently caress, meant to put these into one postn0tqu1tesane posted:I'd suggest putting a static IP address on the Lyric, but I looked it up, and wow, you can't. Completely agreed. At this point I'd settle for the ability to just make it do a DHCP renew. The most obnoxious thing by far is every time I want to test reconnecting it, I have to set up the wifi from scratch.
|
|
#
?
Sep 8, 2018 01:01
|
|
|
I think your best bet is to get a packet capture from the AP and see what's going on https://help.ubnt.com/hc/en-us/articles/227129127-UniFi-Methods-for-Capturing-Useful-Debug-Information
|
|
#
?
Sep 8, 2018 07:34
|
|
|
I have a desktop with a PCI 802.11ac adapter. I'm happy with it overall, but I'd like to move the antennas so they're not directly attached to my case for better signal quality. Any recommendations for an RP-SMA antenna base that I can put on top of my desk? Bonus points if it mounts 3 antennas.
|
|
#
?
Sep 9, 2018 15:03
|
|
|
I have a Windows VLAN separated from a Linux VLAN in pfSense via a firewall rule to drop traffic from Linux to Windows and vice versa. I just pinged a Windows box from my Linux laptop: no ping. Then I disabled my drop rule from Linux to Windows and the ping started returning a response from my Windows box. Then I re-enabled the drop rule but the ping continues to reply. Once I manually stop the ping and try again it fails, due to the firewall rule. Does ping in Linux keep a channel open between pings? Or is this down to the nature of how software firewalls work?
|
|
#
?
Sep 9, 2018 22:59
|
|
|
Thanks Ants posted:I think your best bet is to get a packet capture from the AP and see what's going on Good to know, I'll have to give it another shot when I'm not feeling like garbage.
|
|
#
?
Sep 10, 2018 01:37
|
|
|
apropos man posted:I have a Windows VLAN separated from a Linux VLAN in pfSense via a firewall rule to drop traffic from Linux to Windows and vice versa. Depends on how pfSense handles sessions. ICMP itself doesn't have a concept of sessions (that i'm aware of at least), but the firewall may have established a forwarding session based on src/dst port and protocol and it's possible that the rule change only takes effect on subsequent sessions. Otherwise any time you change a rule you'd flush the state table which breaks all sessions currently established and, although secure, is a bit of a sledgehammer. I haven't messed with pfsense in years but have seen firewalls do all kinds of poo poo when updating the ruleset.
|
|
#
?
Sep 10, 2018 02:24
|
|
|
Makes sense. I would have been much less surprised if it had been an SSH session. I assumed that ping is too simplistic to open a session and keep it open. I'll put it down to the way that the software firewall is handled within pfSense.
|
|
#
?
Sep 10, 2018 06:18
|
|
|
apropos man posted:Makes sense. I would have been much less surprised if it had been an SSH session. I assumed that ping is too simplistic to open a session and keep it open. I'll put it down to the way that the software firewall is handled within pfSense. You probably have a rule for things that are related or already connected. This keeps the firewall from having to run every single packet through the rules when there is no need. Ping or any other application wouldn't have to do anything special, this would be at a level of the OSI model handled by the operating system.
|
|
#
?
Sep 10, 2018 13:37
|
|
|
I have an ER-L with no bridging. Would one pi-hole work, or would a device on port 1 (for example) try to bounce out to the ISP rather than being directed to the pi-hole on port 0, even if I set up the DNS server IP in the DHCP settings for the router? Related, has anyone set up a pi-hole on an old Android device? I was thinking of installing Debian noroot and running the pinhole on there, but I’m wondering if I should just root it and flash a different distro so I’m not effectively pulling two OSes worth of power. Part of why I’m thinking an old phone is because it’s not very demanding on power if everything (screen, WiFi, gps, Bluetooth, data) is turned off. Seems like all I would really need is Bash, pi-hole with its dependencies, and a SSH client. And it’s not like this old Moto G4 is doing anything otherwise.
|
|
#
?
Sep 10, 2018 18:31
|
|
|
As long as your firewall policies allow it, it should work. I have my pihole VM running in the 192.168.3.x subnet and my 4/5/6/7 subnets all have specific rules allowing them access to that IP on port 53 only. I'm running an ER-X but I don't have all of those networks bridged together anyway.
|
|
#
?
Sep 10, 2018 19:10
|
|
|
Edit: Nevermind, looks like no modem, just router. Recommended what's in the OP. Thanks anyway!
Krakkles fucked around with this message at 23:32 on Sep 10, 2018 |
|
#
?
Sep 10, 2018 19:31
|
|
|
IOwnCalculus posted:As long as your firewall policies allow it, it should work. I have my pihole VM running in the 192.168.3.x subnet and my 4/5/6/7 subnets all have specific rules allowing them access to that IP on port 53 only. I'm running an ER-X but I don't have all of those networks bridged together anyway. Thanks. What about rooting vs Debian Noroot? I'd like to minimize the power bill since my city is relatively expensive and I'm already getting hit pretty hard due to the size of the house and power demands of four people. Not sure if rooting something minimalist like Alpine would help at all (assuming Alpine has support for pihole).
|
|
#
?
Sep 10, 2018 22:59
|
|
|
I’ve got pfsense running with an OpenVPN server working well and accepting client connections just fine, point-to-site works. (This is at siteA.) I’d like to fiddle with OpenVPN siteA-to-siteB next. Do I create a second OpenVPN server at siteA, on some port other than 1194, or do I just try to connect siteB to that singular siteA server? I’d also like to thank all who’ve contributed to pfsense discussion recently. It’s motivated me to branch out beyond Ubiquiti.
|
|
#
?
Sep 12, 2018 05:16
|
|
|
I think a lot of people prefer to setup IPSec tunnels from site to site. I haven’t heard of OpenVPN being used for it, but I’d not be surprised if it’s possible.
|
|
#
?
Sep 12, 2018 12:53
|
|
|
Tapedump posted:I’ve got pfsense running with an OpenVPN server working well and accepting client connections just fine, point-to-site works. (This is at siteA.) Pretty much, in pfSense OpenVPN, one end is client, one end is server, but it doesn't matter which one is which. Your server settings on one side will be peer-to-peer as the server type, and likewise on the client side. https://www.netgate.com/docs/pfsense/vpn/openvpn/configuring-a-site-to-site-static-key-openvpn-instance.html For what it's worth, pfSense is claiming that their IPSec performance will be greatly improved in 2.4.4 (out any day now), and their OpenVPN performance has always been ... acceptable, but not amazing. Might want to try it both ways after 2.4.4 is released.
|
|
#
?
Sep 12, 2018 14:17
|
|
|
Hello, I have a bit of a networking pickle I am trying to sort out and seem to be running into various walls. I have a LAN IP range of 10.1.1.0/24, and I am running out of room on it for new hosts. Pretty much the entire network is static, with a small DHCP scope around 10.1.1.186-192 or thereabouts (that has probably been clobbered by statics by now). I would like to transition to a /23 or /22, but most setup guides I have found deal with setting up from scratch, not changing over from an existing network. My router is a sonicwall of some sort, I want to say an nsa 2600 but I am not 100% sure. I have some VPN stuff that hooks in at 10.0.x.y, so they in theory shouldn't be clobbered if I mess with the netmask on the 10.1.1.0 network. There are a series of esxi hosts that would likely need to be readdressed, but I can go onsite for that. The pertinent question is, how do I transition from a /24 to a /23 or /22 supernet? Will this knock out the /24 till everything is moved, or will things on /23 just not be able to reach the /24 and vice versa? Thank you for the advice.
|
|
#
?
Sep 12, 2018 18:16
|
|
|
You can change the subnet size from a /24 to a larger one, and everything that currently works will still work - anything outside of the original /24 won't be accessible until you've updated the subnet mask on each device though. I would consider using multiple subnets instead. What sort of devices are you connecting to the network? Do they all need to be able to talk on the same broadcast domain and won't work through a router? Edit: I'd put this in the Cisco megathread as well, it's not Cisco-specific but covers more enterprise stuff than this thread.
|
|
#
?
Sep 12, 2018 18:25
|
|
|
Thanks Ants posted:You can change the subnet size from a /24 to a larger one, and everything that currently works will still work - anything outside of the original /24 won't be accessible until you've updated the subnet mask on each device though. I was hoping to not have to work out how to set up routing tables in a sonicwall on the fly if at all possible. As is probably readily apparent, I am not a networking guy but I am the closest thing we have to one at the moment. I would say 98% of the things currently on the network are virtual machines, with the remainder being the hosts they run on and such. Also, by 'put this in the Cisco megathread' do you mean just copy and paste my older post? Not that used to these forums yet.
|
|
#
?
Sep 12, 2018 19:07
|
|
|
Your VM hosts and VMs shouldn't be on the same network tbh.
|
|
#
?
Sep 12, 2018 19:13
|
|
|
Thank you bobfather and insularis for your replies. I've read up a lot on IPsec for site to site, and indeed I need to try it out. I'm still curious however, as to, if I went with OpenVPN, do I need to add a second OpenVPN server on the "server" site, where I already have a OpenVPN server for client to "server" site connections. Or, do I have the "server" site with a single OpenVPN server to handle connections from both 1) the other site, site-to-site and 2) regular OpenVPN client connections (laptops and such)? tl;dr How many OpenVPN servers to I need to set up in pfsense at a "server" site in order to have both point-to-site and site-to-site connections handled at the "server" site?
|
|
#
?
Sep 12, 2018 23:28
|
|
|
Couple quick questions. 1. My parents need a new wifi router. Is the TP-Link Archer C59 just a AC1350 version of the C5? It appears to be, but wanted to check. 2. I'm moving soon and will be running ethernet between a few rooms before I get moved in. My plan at the moment is to have a Unifi switch coming off a USG, then run from the switch into the other room that needs wired. Will putting a non-managed switch at the other end affect things? Basically, I'll have my PC and Pihole and Router in one room, and the PS4, switch and Chromecast in the other. I'd like to get away with running as few wires as possible.
|
|
#
?
Sep 14, 2018 00:32
|
|
|
That won’t be a problem
|
|
#
?
Sep 14, 2018 00:39
|
|
|
Tapedump posted:Thank you bobfather and insularis for your replies. For point to point you need 2 servers, one on each side. For client VPN you only need one server.
|
|
#
?
Sep 14, 2018 00:53
|
|
|
skipdogg posted:That won’t be a problem Sweet. Making a trip to microcenter tomorrow to pick stuff up. Been waiting all week.
|
|
#
?
Sep 14, 2018 00:59
|
|
|
Matt Zerella posted:For point to point you need 2 servers, one on each side. For client VPN you only need one server. I get that, thank you. But I'm asking something different. Say, assume the presence of an OpenVPN server at siteA for client connections in the wild. Now I want to set up site-to-site with siteB, establishing an OpenVPN server at siteB to fulfill the two-server requirement. Do I have to make another OpenVPN at siteA, for a total of two there, to get site-to-site working? (Or conversely, does a single OpenVPN server at siteB suffice for both client connections to it as well as in a site-to-site with siteB?)
|
|
#
?
Sep 14, 2018 02:02
|
|
|
Tapedump posted:I get that, thank you. But I'm asking something different. You should be able to do both with one server on one side.
|
|
#
?
Sep 14, 2018 02:12
|
|
|
Wacky Delly posted:Couple quick questions. Assuming that question 1 and 2 are relating to two different houses. The plan for question 2 is fine. The only caveat being is that if you wish to start using VLANS further down the line to separate devices onto their own VLAN groups then you may run into problems using a cheap, unmanaged switch. If you only intend to have everything on the same network it'll be fine.
|
|
#
?
Sep 14, 2018 09:13
|
|
|
I have a modem with built-in disabled WLAN from my ISP. It's hooked up to an olde 2.4 GHz router. Suddenly I want that 5GHz for specific things, but $100 for a new access point is not worth it. I could get the ISP to activate the WLAN but it is a notoriously bad device. The other option is to use the wireless adapter on my PC as an AP/router. This would be fine for the use cases of file transfers and Steam in-home streaming. Windows 10 now has built-in 'hotspot' functionality for this now but it does not work with mine, and trouble shooting says it probably never will. What are the best turn-your-PC-into-a-AP software out there? I previously used Connectify, which was great but very expensive. e: Google came up with a few alternatives to Connectify: Baidu MyPublicWifi LionScripts OSToto Thinix Maryfi Anyone have experience with any of these? Heran Bago fucked around with this message at 13:11 on Sep 14, 2018 |
|
#
?
Sep 14, 2018 12:59
|
|
|
apropos man posted:Assuming that question 1 and 2 are relating to two different houses. The plan for question 2 is fine. The only caveat being is that if you wish to start using VLANS further down the line to separate devices onto their own VLAN groups then you may run into problems using a cheap, unmanaged switch. Yeah, they are for different houses. The parents are currently using my old RT-N66u flashed with tomato and since I won't be there to fix it if it goes wrong, I figured they should get something new.
|
|
#
?
Sep 14, 2018 16:30
|
|
|
Is anyone having any luck getting the VPN on the Netgear R7000 to work with OpenVPN? This is using the iOS App which seems very different than it used to be. I transferred the ovpn and cert files over to the app using itunes. The OpenVPN logs show it is contacting the correct IP but then times out connecting. I do recall there being something that there was a change in the encryption used and wondering if the new app (v3.0.1(777)) is backwards compatible.
|
|
#
?
Sep 14, 2018 20:47
|
|
|
priznat posted:Is anyone having any luck getting the VPN on the Netgear R7000 to work with OpenVPN? This is using the iOS App which seems very different than it used to be. I transferred the ovpn and cert files over to the app using itunes. I believe there was a R7000 firmware update a few months back to accommodate OpenVPN ditching its MD5 support. After that happened, I had to regenerate ovpn and cert files for the devices I used with my R7000's VPN. (A Pixel XL, a Nexus 7, and a Windows Laptop). So far they've worked pretty well, as long as I'm not on the R7000's wifi when I try to connect. Can't speak as to iOS, though.
|
|
#
?
Sep 14, 2018 21:09
|
|
|
Heran Bago posted:I have a modem with built-in disabled WLAN from my ISP. It's hooked up to an olde 2.4 GHz router. Why do you want 5 GHz?
|
|
#
?
Sep 14, 2018 23:12
|
|
|
maltesh posted:I believe there was a R7000 firmware update a few months back to accommodate OpenVPN ditching its MD5 support. After that happened, I had to regenerate ovpn and cert files for the devices I used with my R7000's VPN. (A Pixel XL, a Nexus 7, and a Windows Laptop). Thanks, that’s what I was thinking of. I think I haven’t updated the R7000 FW in the last couple of months so that is probably it. I did regenerate the files but still not working properly. When on wifi it just doesn’t connect. I can get a vpn connection going in OpenVPN while on LTE (not on work wifi etc) but can’t seem to access my internal network so something else also may be borked.
|
|
#
?
Sep 15, 2018 00:56
|
|
|
Lutha Mahtin posted:Why do you want 5 GHz? Also you really don’t need to drop $100, if your old one is 2.4ghz only odds are some new and cheap router would be better.
|
|
#
?
Sep 15, 2018 04:45
|
|
|
Double post because day later and different topic. I asked in the Raspberry Pi thread because it's related to a pi hole, but if I connected a Pi Zero to the ethernet port on my old WDR3600, could I assign it an IP address that way? Also, how urgently should I replace my WDR3600? I noticed that it's not getting any more firmware updates, so I'm worried about security issues. Once I figure out what cables go to what jacks in my house's hosed up cabling I'm going to separate the WiFi and wired networks, so that helps at least. The most sensitive data we have is on our wired desktops, so if it can't get across the non-bridged connections on the ER-L that part won't be an issue unless it could somehow backtrack from the Pi to the other network. Maybe that's possible? I don't know infosec, but that seems like more effort than 99% of people would put into anything unless I lived right by DEFCON. E: Would flashing DDWRT / OpenWRT allow me to keep getting security updates, or do later versions stop working on older hardware? I've never flashed custom firmware, but if and when I get to the point where I would be tossing it otherwise I might as well try. Not like it matters whether a router in E-waste is bricked or not. 22 Eargesplitten fucked around with this message at 00:09 on Sep 16, 2018 |
|
#
?
Sep 15, 2018 22:11
|
|
|
|
| # ? Apr 25, 2024 11:07 |
|
|
Looking to add a wifi adapter to my desktop. Primarily looking for a USB dongle type, but a PCI card isn't out of the question if there is a good option. 5GHz capability preferred. Does it matter what version of USB it is? I guess the amount of data it can handle depends on what USB version it is? Are there much difference between the different brands?
|
|
#
?
Sep 16, 2018 18:50
|
|
