Posts made by AdamF

@scottalanmiller Absolutely!

I recently setup my EdgeRouter X as a L2TP server with local user authentication. We've been using this for the past few days without any issues. Connecting from various platforms/OS's works perfectly. Let me know if anyone has an alternative method or if this guide should be tweaked at all.

Assumes outside WAN interface is eth0

configure

set vpn ipsec ipsec-interfaces interface eth0
set vpn ipsec nat-traversal enable
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600

If you have a static IP from your ISP, issue the following command, where x.x.x.x is your IP:

set vpn l2tp remote-access outside-address x.x.x.x

Gateway/next hop for public IP above:

set vpn l2tp remote-access outside-nexthop x.x.x.x

set vpn l2tp remote-access client-ip-pool start 10.0.1.10
set vpn l2tp remote-access client-ip-pool stop 10.0.1.20

set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret

set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret horsebatterystaple

set vpn l2tp remote-access authentication mode local

set vpn l2tp remote-access authentication local-users username adam password adampassword

set vpn l2tp remote-access mtu 1492

set vpn l2tp remote-access dns-servers server-1 8.8.8.8
set vpn l2tp remote-access dns-servers server-2 8.8.4.4

commit 

To verify the server is setup, the following command can be used.

show vpn l2tp remote-access

Save to keep changes on reboot

save

Set firewall rules for VPN traffic:
This can be done via the GUI as well, but I used CLI. Just make sure to pay attention to your rule numbers and order.

set firewall name WAN_LOCAL rule 20 action accept
set firewall name WAN_LOCAL rule 20 description Allow_L2TP
set firewall name WAN_LOCAL rule 20 destination port 500,1701,4500
set firewall name WAN_LOCAL rule 20 log disable
set firewall name WAN_LOCAL rule 20 protocol udp
set firewall name WAN_LOCAL rule 30 action accept
set firewall name WAN_LOCAL rule 30 description Allow_ESP
set firewall name WAN_LOCAL rule 30 log disable
set firewall name WAN_LOCAL rule 30 protocol 50

That's it! Now setup the built in client on your OS of choice and you should be good to go.

I have a bunch of free Azure credits, so I've been setting up some stuff in Azure in a lab environment to check out more of the Azure product offerings. I know the reputation for Azure around here, but free is a good price, so why not.

One of the things I want to setup is a site to site VPN to my ERX. Setting up the gateway in Azure is well documented, and according to the tech articles I've followed, the Azure piece of the VPN is finished. Now for the ERX side. Currently I have a L2TP VPN server setup on the ERX so I can connect remotely, but now I'm looking to add a site to site VPN. I hope I can have a server/client setup as well as site to site on the ERX.

Has anyone here ever set this up successfully? I've found this guide, but have not tried yet. Configure EdgeMax VPN Azure

@travisdh1 Now I just need to configure the drives and throw Xenserver on this thing and let it rip.

The latest edition to my home lab has arrived. Almost enough to make a grown man cry

Great will do, thanks.

Directly outside of my office, on street level, is a gas company jackhammering the road. The sound is deafening. I'm annoyed, but cant help but be thankful for my career in tech....as opposed to jack hammering. Nothing wrong with that...but just saying I'm thankful.

@JaredBusch said in Edge Router X "terminal/console" access:

@fuznutz04 said in Edge Router X "terminal/console" access:

@JaredBusch will do. Is there an easy way to copy and paste working parts of the config, or do I need to issue commands one by one?

log into the CLI (command line interface) and before you go into configure mode, run this command

show configuration commands

Thanks for this @JaredBusch. Really a life saver. Spent some time last evening rebuilding the config and now I have an actual good source for manual copy/paste restore if needed. I believe i found the culprit in the configs. A couple of months ago, I put in some traffic shaping configuration. The router took the commands, and even accepted them with the commit command, but I guess I must have never actually restarted the router after I made the changes. Yesterday was the first time restarting the unit since installation a few months ago.

Now I just need to find the best way to setup QoS on the router since we have VoIP phones in the office. I see the latest firmware has some QoS items in the GUI. Is this the best way to set up QoS on these devices, or are there better ways through CLI?

Follow up to this... They agreed to go with email to fax. Problem solved.

@JaredBusch will do. Is there an easy way to copy and paste working parts of the config, or do I need to issue commands one by one?

@JaredBusch said in Edge Router X "terminal/console" access:

This page shows a picture of the inside.
The serial pins are there.
http://sector5d.org/openwrt-on-the-ubiquiti-edgerouter-x.html

Yikes... I'll pass for now since it is brand new.

1. So I factory reset, then attempted to restore from config without doing anything else first. It restored and rebooted, but I couldn't connect to the router anymore at all. (with the old IP address or the new one that was in the config file.)

2. I reset again and this time put in the IP address to match what is in the config file. Then did a restore. Hooray, I can connect now.

3. However, none of my NAT rules, Firewall rules, etc are in the router. WTH If I open the config file, I can see all of the rules there, but they are not being restored.

@scottalanmiller said in Edge Router X "terminal/console" access:

There should be a console port. At least some models have that. Should say "Console".

Nope. Not on the ERX. On the ER-Lite, it has one, but on the ERX, nothing.

So this is neat.... I was getting slow upload speeds on my internet connection yesterday. It turns out, it was my ERX all along. I logged in and pressed the reboot button in the GUI, and now the thing does not respond to any pings, I can't connect to it, no internet, nothing. I'm about to do a reset on it and restore the config from a backup. (hopefully that works) I'd like to see what's going on on the router to see where it is stuck. Is there any other way to connect to these devices?

Pay for 50/50 enterprise. Getting 50down/1 up for the last few hours. Thanks Comcast.

@scottalanmiller said in VoIP Faxing - busy signals:

@Dashrender said in VoIP Faxing - busy signals:

Your VOIP to POTS convertor might be bad.

Are out going faxes working correctly?

If you hook a princess phone to the convertor, can you call it?

You mean his POTS might be the pits?

Excellent.

@Dashrender I'll have to go on site this week and check it out.

@JaredBusch said in VoIP Faxing - busy signals:

@fuznutz04 said in VoIP Faxing - busy signals:

@JaredBusch said in VoIP Faxing - busy signals:

@fuznutz04 said in VoIP Faxing - busy signals:

For those of you using FreePBX or similar, how do you setup your ATA devices to receive incoming faxes so that there is never a busy signal on the line?

I have a client who wants to keep their fax machine because they literally want to send faxes from the fax machine. So, I have an ATA device on the fax machine that converts to SIP for me. Outgoing faxing works perfect, and incoming faxing works, as long as the line is not busy. If the "line" is busy (meaning the ATA device/fax machine is currently receiving another fax) when another fax comes in, I get an alert from my provider telling me the line is busy and the call failed. Any good ways to get around this?

Don't send inbound faxes to the machine. Send them to Email.

I'd really like to, but they currently want them at the fax machine. If there isn't any other way, then I will push them to go to email.

Then your PBX should be returning a busy signal to the inbound call not accepting it. If that happens, then the sending fax machine (usually) attempts to resend.

This is no different than a basic POTS fax functionality. Why are you expecting different behavior?

It's been happening for more than a day. (the busy signal) so it raised some red flags that something might not be working properly. I cant see that the fax machine would be busy for that long. It's acting as expected, but since it's been happening for so long, it seems very odd.

Maybe that was confusing. I'm calling into the fax number via my phone. On my LCD screen, it says busy. There is sometimes 1 ring, and then the busy tone. The PBX is not actually saying "busy" to me.

I've instructed the client's IT guy to power cycle the device and he is also checking to see if there are any objection to incoming faxes going to email.

I agree. When I call it via phone, it says busy and i hear the busy tone. I can see the device connected to the PBX, and it is registered. It's been "Busy" for the last hour, so something is up. I might have to ask them to power cycle it and them guide them towards email.

@Dashrender said in VoIP Faxing - busy signals:

What I'm trying to determine is, what's the difference between his POC and the actual in use machine?

I would assume (ops I'm in trouble for that ) that the exact same thing would happen.

reading the OP:

@fuznutz04 said in VoIP Faxing - busy signals:

If the "line" is busy (meaning the ATA device/fax machine is currently receiving another fax) when another fax comes in, I get an alert from my provider telling me the line is busy and the call failed. Any good ways to get around this?

Why is your provider telling you where there is a busy? I've never heard of a provider doing that before. I mean sure, it could be a service, and I suppose it's useful so you can show the client how many busy signals you've handed out. If you can show time and incoming numbers you can filter to show different attempts, not simple retries (with some room for error of course).

It's the default setting for Vitelity. Any time a call fails to any DID, I can get notified about it. Useful for troubleshooting, but can be a bit much when things like this come up.