Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
movax
Aug 30, 2008

If the E3000 is the renamed WRT610N, I've had 0 issues with them. I had some initial issues with two models, but that was due to some very :downs: settings on my part, causing frequent disconnects. I'm "responsible" for 4 of them right now (not in any official capacity, just my apartment + family members/friends) and they've been great, even the refurb ones.

Performance as a NAS/FTP for drives attached via USB blows though, I was hoping it would be at least "decent", but IMO not worth using for anything save perhaps a printer.

code:
Firmware: DD-WRT v24-sp2 (08/07/10) mega
Time: 10:01:45 up 98 days, 19:42, load average: 0.00, 0.00, 0.00
WAN: Disable

Adbot
ADBOT LOVES YOU

movax
Aug 30, 2008

Pram posted:

I'm planning on wiring my place with ethernet, what face plates do you guys use?

I like the Leviton (or clone) keystone plates. When we finished our basement, I ran 2 or 3 Cat5E to each plate and thanks the magic of patch panels, I could make them data or phone at will. You can get a real nice quad-port going that sports ethernet, CATV and even HDMI and some other jacks if you wanted. Only downside is that single gang-boxes can get real crowded, real fast.

movax
Aug 30, 2008

The_Franz posted:

Leviton quickport connectors (I used the eXtreme 6+ QuickPort jacks for ethernet). Personally I found that tselectronic.com had the best prices on Leviton stuff either online or locally, especially once you get into the 10+ unit discounts. Graybar also carries the good stuff if you have a location local to you, but there prices are slightly higher and their selection tends to be a little more restrictive.

Huh, how are those different from the "Regular" Leviton modular connectors, or have they just always been called QuickPort? :downs:

movax
Aug 30, 2008

OK, so I think this fits into home-class networking.

Basically, I've got to supply internet to my fraternity house, a converted apartment building. Currently the Internet is really kludgy...mostly because it's Comcast Business with the incredibly lovely stock SMC gateway, and a pfSense-based router that utter morons have attempted to administer since I've left.

I was thinking either of deploying some type of router that would let me take care of my own critical devices on their own network(a camera DVR box and access-control system), and just pass through a single cable for the residents to use their own router with. But recently, I've been thinking of just deploying a router and managing it remotely, I have not quite decided yet.

I do need some effective QoS capability, because the bandwidth is limited and torrents will take it down very quickly. I would also need to isolate some devices on their own subnet/VLAN as well (camera DVR/access control/etc) to ensure my remote access is never disrupted.

So I guess, suggestions on a good router that'll do what I need? I was recommended Juniper SRX or J-series by some friends who do IT for a living, but I was hoping to keep costs down.

movax
Aug 30, 2008

Ninja Rope posted:

How much bandwidth are you going to do? Juniper gear isn't really in the same league as the stuff in the rest of this thread.

That's what I thought (it being a little too high-end). I think Comcast Business maxes out at 50Mbps or so, so maybe 50/10 at most?

movax
Aug 30, 2008

Ninja Rope posted:

I don't know about "easily", per router-board.com the unit can only do 41 mbit worth of small packets (though it would actually be doing NAT and not routing or bridging, so possibly a little less than that?), but I suppose small packets aren't that common.

An SRX-100 would definitely be overkill, but they are really nice devices. Still cheaper are SSG-5's, but I haven't used a ScreenOS device in years. Netgear makes cheap firewalls, and their software has improved significantly in the last few years, but I can't find performance numbers for them. If it was me I'd probably hit up Matt at Express Computer Systems, who used to post on here and has sold me a bunch of gently used poo poo, and tell him what you're looking for.

SamDabbers posted:

Head over to the Mikrotik thread. A $100 RB2011 will push 100Mbps easily with QoS, VLANs, etc.

I was thinking about this as well. pfSense worked OK, but was still kind of rough around the edges. More importantly, I don't want to have to worry about random parts of a x86 machine dying...CMOS battery, RAM, PSU, etc. I assume those SBC routerboards are somewhat more reliable?

movax
Aug 30, 2008

SamDabbers posted:

They've been rock solid in my experience. The target market for these is small ISPs, where reliability is an important consideration.

If your Internet connection is via cable modem, there's a very good chance that the RB2011 can push more packets per second than the cable modem itself. Traffic consisting of all 64-byte packets is rare; typical web surfing/torrenting will create significantly larger packets.

Yep, it's via some SMC cable gateway. I was chatting in IRC with some old 2600 folk, who were appalled at the thought of using MikroTik, but they also fully admitted that the cheapest network equipment they run these days is like $5k minimum :shobon:

Really I think it'll probably be me building/buying x86 to run pfSense, getting a RB2011L, or getting an used Juniper SRX. Decisions decisions...

movax
Aug 30, 2008

Porkchop Express posted:

Just an update to this, should anyone ever experience the same problem.

I changed my DNS server settings from automatic to OpenDNS servers, and since then I haven't had any connectivity issues. I sat and installed 4 games in a row from steam with an average 4 Mbps download speed and not once did the router reset itself, so here is to hoping that this is in fact the solution for the problem!

I think I have my DNS configured in order as OpenDNS, Google, and then Comcast. Has worked great so far!

movax
Aug 30, 2008

OK quick question: I have a MikroTik router and I want port forward so I can remotely access the config page of a RFID system (HID EdgeSolo). Should be simple, right? I forward external port 10000 to internal IP:80, but when I direct a browser to that page, I just get a blank page.

Now, I know the port forward is somewhat working because when I turn it off, I can't even connect and the browser says so. Plus, the router logs the packets/traffic coming in. I think it might have something to do with that RFID system presenting a HTTP/htaccess style username/password prompt? What else could be weird?

e: forwarding port 80 from another machine works a-OK

movax
Aug 30, 2008

SamDabbers posted:

Could there be some sort of IP access list on the RFID server itself? As in, it only accepts connections from the LAN?

Hmm, good point, I'll root around the documentation to see if there's anything like that in play. If it's just silently doing that, how could I work around it?

movax
Aug 30, 2008

SamDabbers posted:

Perhaps you could src-nat it to the router's LAN address in addition to the dst-nat for port forwarding?

Hm how would I set this up in MikroTik land? I tried playing around with the src-nat rules but I guess I'm mixing up a dst/src address somewhere.

movax fucked around with this message at 17:16 on Jun 14, 2013

movax
Aug 30, 2008

SamDabbers posted:

Take a look at the packet flow diagram. Since dst-nat (translating the destination address) happens in the prerouting step and src-nat (translating the source address) happens in the postrouting step, you can use both together. Just add a src-nat rule to translate the source address of the packet destined to the server to the router's LAN address, and your existing dst-nat rule can stay how it is. Since the dst-nat rule gets hit before the src-nat rule, the src-nat rule should use the translated dst-address of the packet.

code:
/ip firewall nat add action=src-nat chain=srcnat dst-address=192.168.88.10 dst-port=80 to-addresses=192.168.88.1
Substitute 192.168.88.10 for the LAN address of your server, and 192.168.88.1 for the LAN address of your router.

Still a no go, maybe something is really weird with that HID device.

code:
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=ether1-wan
add action=dst-nat chain=dstnat disabled=no dst-port=13001 protocol=tcp \
    to-addresses=192.168.1.7 to-ports=80
add action=src-nat chain=srcnat disabled=no dst-address=192.168.1.7 dst-port=80 \
    protocol=tcp to-addresses=192.168.1.1
add action=dst-nat chain=dstnat disabled=no dst-port=59000 protocol=tcp \
    to-addresses=192.168.1.5 to-ports=5900

movax
Aug 30, 2008

movax posted:

Still a no go, maybe something is really weird with that HID device.

code:
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=ether1-wan
add action=dst-nat chain=dstnat disabled=no dst-port=13001 protocol=tcp \
    to-addresses=192.168.1.7 to-ports=80
add action=src-nat chain=srcnat disabled=no dst-address=192.168.1.7 dst-port=80 \
    protocol=tcp to-addresses=192.168.1.1
add action=dst-nat chain=dstnat disabled=no dst-port=59000 protocol=tcp \
    to-addresses=192.168.1.5 to-ports=5900

So I figured it out...used Chrome devtools to find out that the device a ton of JavaScript weirdness, and at the very first page it strips out the port number from the URL, leading to errors "Origin is not allowed by Access-Control-Allow-Origin". If I forward the default port (i.e. port 80 to 80) everything works fine.

Looks like it's time to learn some JavaScript :gay: to override this.

movax
Aug 30, 2008

CuddleChunks posted:

Ugh, i"m glad you were able to find that. What a stupid error/design decision.

I'm doing it kind of clunkily right now; Winbox is secure, so I open that up, enable the port forward real quick (on port 80 :smith:), make my changes, and then close the forward.

movax
Aug 30, 2008

I almost made this post a XY Problem on accident, so let me just describe what I'm trying to do and then hit me with some recommendations.

Would like a wireless device that can:

* Connect to an existing WiFi network as the WAN
* Support 2-3 Chromecast 2s in a small room for media streaming
* 802.11ac would be nice I guess since Chromecast 2s apparently support this
* (Bonus) can run with either an Ethernet cable as WAN (testing setup at home), or WiFi (actual usage). Double-bonus if it can have multiple WiFi networks stored as the WAN networks and pick whichever one is around

Basically, I host an event every month in a bar in town that has a projector and several bar TVs. Right now, the laptop mates directly to the projector via VGA, and then I've recently started using AirParrot 2 to screencast presentations to the bar TVs via Chromecast. The bar has existing WiFi that is mostly for their staff, and they share the password with us, but it's 2.4GHz and I'd feel better trusting my own hardware.

The idea is that I'll purposefully double-NAT myself, and just use the router/AP to pass through Internet access (so the laptop can get to Dropbox, etc.), and then provide a closed WiFi network for the laptop to stream to the ChromeCasts in a relatively well-known wireless environment (at least, I'll have no one to blame but myself).

Price range -- $100 or under would be nice, but I can go slightly over.

movax
Aug 30, 2008

Antillie posted:

According to their user manuals the EX6200 and EX6100 both tick pretty much all of your boxes. Although it looks like NAT is optional and while they can do NAT when using wifi as their WAN connection I am not sure if they can do NAT when using a wired WAN connection (and thus act as a slightly more expensive wifi router). It looks like they even remember the different wifi networks they have previously connected to in the WAN settings.

Hmm, that EX6200 looks pretty cool, but can it actually separate / firewall off the other devices?

Barring that, I'm pretty sure DD-WRT/OpenWRT can do this type of work, but I'm not sure what the latest / greatest platform + hardware to install them on is -- seems like manufacturers are stepping up their OEM firmware game.

movax
Aug 30, 2008

Antillie posted:

I'm not sure if it acts as a firewall or if its just doing NAT with no actual security. Stateful inspection isn't usually requirement for a range extender so I wouldn't be surprised if it didn't bother with it. The EX6200 can supposedly run DD-WRT though.

Eh, NAT is probably good enough(TM) to deter the casual person from hijacking a Chromecast to display whatever they want (probably) -- seems like the most expedient way for Chromecast "security" is to remove the ability to be on the same network as it. :smith:

Amazon return policies are pretty decent I suppose, I"ll just order it and gently caress around with it.

movax
Aug 30, 2008

Set up an Orbi system at home to replace what I had done for my parents years ago (Airport + DD-WRT WRT54, WRT610N) as a fake extended network (all just had Ethernet backhaul plus the same SSID/pass).

Got a RBR50 and 2 RBS50s; upgraded FW to latest version which now supports Ethernet backhaul, and they are pretty slick. Good performance and coverage, though the physical units are hilariously huge.

Still don’t understand why it’s so hard to make a good Web UI though.

movax
Aug 30, 2008

Just moved and decided to up my router game; got an Edgerouter 4. I guess I’ll switch my AEBS/Time Capaule over to being an AP only for now. If I move to a bigger place or Apple finally stops pushing FW updates for it, I’ll hop over to Ubiquiti land.

I can set up a simple VPN on the ER4 to allow me to VPN into my network from anywhere, right? Have some software I want to use on my laptop but the license server lives on my LAN. So speed isn’t super important, especially if I can get a split tunnel working.

movax
Aug 30, 2008

Are the Netgear GS105 and GS108 still unbeaten in terms of a wire-speed unmanaged gigabit switch?

Exploring my new apartment (WaveG installer doesn’t show up until Friday :negative:), I found some pre-installed CenturyLink CPE that I probably need to ask about (it’s all pre-installed so you can activate it without asking a tech, I assume) removing. However, I also found a nice little patch panel which got me thinking about simply installing my ER-4 in there along with a GS105 to service all the jacks in my apartment, and then adding other switches as needed (like a GS108 near my TV/computer desk to feed those guys).

movax
Aug 30, 2008

Devian666 posted:

I'm still using a GS105 in the office. I say use it. Until 1 Gbps seems like a terrible bottleneck in the home this advice probably isn't going to change.

That’s what I figured; stops me from spending money too.

I guess what I have in my closet is a “structured media enclosure”. Is there a general purpose bracket + zip-tie combination I can use to neatly mount my ER-4 and GS105?

movax
Aug 30, 2008

My apartment came with a Nest thermostat, and I want to VLAN off that loving thing (and I should probably get better at using VLANs anyways). Am I out of luck trying to do this with my Airport Extreme Base Station?

Also thinking about loving around with RADIUS. Have a RPi or ESXi box that I could run the server on; I'm thinking the RPi is much lighter weight but I also assume that if this server goes down, so does my WiFi?

e: last question for now, on an EdgeRouter, how do I view the details of the DHCP configuration on my WAN interface? Want to see what DNS servers are getting pushed my way.

movax fucked around with this message at 22:10 on Jun 2, 2018

movax
Aug 30, 2008

eames posted:

If you use your Airport Extreme in Bridge mode you can enable the guest network and it'll tag packets on that network with VLAN 1003. This is completely undocumented and hardcoded but it works.

:aaa:

Definitely using in Bridge Mode right now, that’s kind of entertaining and good to know and saves me money! What does the regular network get tagged as, if any?

I still have to educate myself on VLANs / see what unmanaged switches like the GS105 do.

movax
Aug 30, 2008



I might have gotten carried away wanting to VLAN things and seduced by the promise of using UNMS for everything in the future. And spent an entire day researching if I should go full UniFi or stay EdgeMax.

movax
Aug 30, 2008

Initialization Error A12 on one of my EdgeSwitches out of the box...RMA time? :(

movax
Aug 30, 2008

Run conduit (if possible) where you can so places like your office or similar could enjoy a fiber run in the future, if you do some 10GbE backbone stuff. And don’t forget a fishing wire!

movax
Aug 30, 2008

Opinion check: am I unreasonable in asking Ubiquiti for a prepaid shipping label to RMA a defective out of box EdgeSwitch? I can understand paying down the road for it but I bought it New in box from an authorized distributor and it’s an error (A12) that competent QC would have found.

movax
Aug 30, 2008

skipdogg posted:

If it's DOA, I'd try to go through the distributor and have them make it right. It's not unreasonable to expect shipping to be covered for a DOA item.

Ah, good point — I’ll see what Ubiquiti says back, if they say no, I’ll check with B&H. I figure they’re incentivized / have the leverage to get $$$ back from Ubiquiti.

movax
Aug 30, 2008

They did an advanced RMA for me! I guess just asking nicely helps sometimes. :shobon:

movax
Aug 30, 2008

How do I view the DHCP settings that my ER-4 has pulled in from my ISP? Just curious which DNS servers it has picked.

Also thoughts on L2TP vs. OpenVPN? These two guides:
1. https://www.loganmarchione.com/2016/05/edgerouter-lite-openvpn-setup/
2. https://help.ubnt.com/hc/en-us/articles/204950294-EdgeRouter-L2TP-IPsec-VPN-Server

Usage is low-bandwidth access to engineering SW license servers / remote access to my Plex media library. Or, is this a por que no los dos and I can do both?

movax fucked around with this message at 21:18 on Jul 3, 2018

movax
Aug 30, 2008

Marvell ate Aquantia. Who's morbidly curious about the fate of their hardware?! Will Marvell's next-gen SoCs and networking products not be poo poo now that they have decent IP to leverage?

movax
Aug 30, 2008

Lambert posted:

Don't buy anything that has an Intel Puma chip. They cause terrible jitter.

I haven’t had a cable modem in ages (:woop:) but out of curiosity what gen Surfboards (or not) / other modems are they in? Darkly amusing to me that they’re bad enough that the community realizes it and actively recommends against a specific chipset.

movax
Aug 30, 2008

Speaking of UBNT...

Current 1BR apartment setup is an ER4 + 2x EdgeSwitch 8s, with an Airport Extreme as my AP. Has been basically rock-solid for 2 years (uptime 1 year, 3 months as I type this), after a lot of elbow grease getting it up and running, and setting up an OpenVPN tunnel for me to VPN in remotely (I could never get IKEv2 + StrongSwan to work). I'll be damned if I can remember how I set up a lot of stuff today, but I know on the ER4 I have a lot of stuff stored in its persistent storage, which is nice. It's fed with Wave G gigabit and I can pretty consistently max that out on this guy, and the VPN has never wanted for performance. Current apartment is new construction and even had a structured wiring panel. No real complaints on the EdgeRouter 4. EdgeSwitches are fine too, but in retrospect, I kinda forgot about trying to get UNMS running and probably did not need to pay the premium for those guys.

Anyways, in 2018 when I got this stuff, the answer for EdgeMax vs. UniFi was EdgeMax was the power user's way to go, you could tweak to your heart's content and it was all gravy. Now, I'm moving in a few weeks (if all goes well) as I've bought a condo that's basically a townhome, four stories. Unknown what internet connectivity options I'll have, but the place was built in 1984, so there are no Cat5 / Ethernet jacks in any of the rooms. Just a lot of old security system RJ11 wiring everywhere.

So, with four floors, I'm looking at switching over to Ubiquiti APs (probably the nanoHD and/or FlexHDs.... the nerd in me wants the SHD for the data / WIPS, but that's like $200 more) which has me thinking about UniFi vs. EdgeMax again. Looks like UniFi has new products now like the USG-PRO/Dream Machine Pro and similar that would nicely slot into a rack. Are EdgeMax routing + switching + UniFi APs still pretty common? Or have we gotten to the point of UniFi being decent enough for power-users that I should make the hop over? Previous posts make it seem like even that product is currently a giant loving dumpster fire. If I keep my EdgeMax gear, and just want to manage only UniFi APs, do I still need that controller key / VM / appliance / whatever?

My current plan is to co-locate most of the network hardware up in the office, if I can get the Internet connection to start out there. The only place I really "need" a wired backbone for starters is down to the living room, and then to the AP on each floor. I suppose I could fish a cheap LC fiber down there to "future" proof, but I don't think I really need 10GbE support right now.

The final stick on this, is that I would like to upgrade my parents' place from an Orbi (bad call on my part, it's flaky) to an UBNT setup as well. In an ideal scenario, I'd love a site-to-site VPN setup to make remote desktop in easy to help them out, and if my new place has a fast enough connection, bridge my Plex server and NAS over to them as well. So, having two appliances / gateways that can talk to each other would be the poo poo.

tl;dr — the often asked UniFi vs. EdgeMax question, now in March (almost April) 2020.

movax fucked around with this message at 03:40 on Mar 25, 2020

movax
Aug 30, 2008

I thought I read somewhere that you have to do everything through their cloud system — no local configuration is possible without an internet connection whatsoever. That seems...extreme.

movax
Aug 30, 2008

Actuarial Fables posted:

You don't need an active internet connection if your controller is local, but you do need to do any configs through the controller, as any local config will get overwritten the next time the device is provisioned.

Figure that a person that likes tinkering with stuff would feel limited by the update schedule of Ubiquiti, vs being able to just install debian packages on an EdgeMax router should inspiration strike. Great for parent setups where you want to spend the least amount of time touching it though.

Hm, sounds like the UniFi might work better for my parents place...

If I keep my EdgeRouter for home, maybe get rid of my EdgeSwitches and go to Dell X-series or something like that, for running my UniFi APs, do I still need to pick up the Cloud Key Gen 2 or whatnot to run the controller on? I know I could put it on a RPi or a VM but the cloud key seems dead nuts simple to get working and stable.

movax
Aug 30, 2008

The belatedly "obvious" solution to me of simply trying the UDM-PRO out first, seeing if it works for my needs, and if it doesn't, simply setting it aside to deploy at my parents' place just occurred to me. I spent most of the time SSHed into my ER4 figuring out how to get OpenVPN working; never did get the time to try and get a PiHole like DNS filter for ads working, but that was the next thing I wanted to try out.

Either way, I at least ordered a Butt Key G2 and 2 FlexHDs to get started. I'll see if the effort of wiring on the ceiling for a nanoHD is worth it when I can tuck these tiny FlexHDs where I need them.

movax
Aug 30, 2008

The ER-4 has done fine for me on a 1000/1000 WaveG connection here in Seattle. Granted, I live by myself, but it hasn't hiccupped pushing big Usenet or Torrent downloads/uploads or in general ever been the cause of an issue.

movax
Aug 30, 2008

H2SO4 posted:

Are you sure that upload speed is correct? That doesn't seem right, as even on the lowest tier I was getting something like 30/15. 5Mbit upload is not good.

My understanding is that getting a modem that can use more channels may help even if you don't have a higher speed tier, but I'd defer to others with more experience to confirm.

I’m kinda bummed out to lose my 1000/1000 and go back to loving Comcast in like two weeks. The place is from 1984 and I’m now afraid of going back to the usual Comcast fuckery and poo poo upload speeds.

movax
Aug 30, 2008

Anyone have experience running armored fiber through walls? (Mostly down walls between floors). I want to use it as some 10GbE backbone as my cable comes into my garage / water heater closet, and I figure I'll just put the modem there and try to "home-run" stuff there. Initially, I thought about putting the home-run upstairs in my office, but since most of the existing coax already goes to the garage, I figured that would be best. Looking at getting a refurb / used N1524P or something like that and keeping it downstairs with the EdgeRouter 4, and then doing 10GbE fiber runs up to the office where more of my machines are (big ESXi host / NAS) and the living room (mostly for shits and giggles, but to support TV/console/ATV/whatever, and since its right above the garage). Will do 1GbE copper runs everywhere else for Wi-Fi and things like that. Not looking to run fiber "everywhere", just where its needed to hit branch switches.

It looks like LC wall plates are a thing, so my ideal scenario is hitting the wall plates + leaving a fishing line / "spare" to pull things in the future if needed because I don't think conduit is happening without wall destruction and patching.

I guess it's more of a home improvement thread but curious to where I should go to learn more about how townhomes were built in the mid 80s to get an idea of what to expect behind my walls / between floors, before starting to do exploratory surgery / pulling up carpets.

Adbot
ADBOT LOVES YOU

movax
Aug 30, 2008

I was thinking something like this: https://www.fs.com/products/17770.html

And then use a LC keystone coupler because holy poo poo I do not want to deal with any kind of fiber polishing / terminating / etc.

In terms of pulling the cable, I'll just have to deal with holes / making stuff big enough to get the fiber through with its connectors; the Cat5/Cat6 of course I'd pull bare. I've recently discovered the existence of trunk cables, which seem like they'd make pulling wire even easier when you want to get 4-8 drops somewhere. Or, am I misunderstanding the purpose of them?

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply