I really don't like grant money. It sounds like a good idea, but when you actually see how it works, it's such a waste. As a tax payer I would like to see the system changed. As a tax payer, I would rather see ubiquiti gear and OpenDNS go in than a SonicWall with content filtering and VPN licenses.

@iroal said in site to site VPN only works with Keep Alive:

This was one of the reasons we leave sonicwall in the company, apart of the support cost.
Now with Pfsense using VpnSite all problems disappears.

My first choice is Ubiquiti. In this case the Sonics came in under grant money and I had to use them.

@dbeato said in site to site VPN only works with Keep Alive:

@Mike-Davis How did you end up working out this one?

I think I left it with the keep alive going and the static IP on both ends.

Did you set it up where it only uses the second connection if the primary fails? Did you set up static routes with priority for the phones?

I have one G3 Dome running and I really like the picture and price point. I'll be adding some more cameras in the future. I'll have to decide if I want to keep running my own NVR or buy one of theirs prebuilt. I just used an old Zotac box I had no other use for to test the camera and software.

@scottalanmiller said in What Are You Doing Right Now:

Of all the places to drive four hours round trip to eat at!

That's just sad. There isn't a whole lot to do in Auburn except for eating.

@scottalanmiller said in What Are You Doing Right Now:

I’m in Denny’s in auburn near @Mike-Davis

Of all the places in Auburn to eat, Denny's?

@scottalanmiller said in I can't even:

Making another one?

or trying to take a nap. I didn't know what sleep deprivation was until we had kids.

@dustinb3403 said in I can't even:

Oh in other news, I started buying stuff for my on-the-way daughter!

Congrats!! If we don't hear much from you in the next 18 years, we'll know what you're up to.

@mike-davis said in EdgeRouter not handing out addresses on VLAN:

What about this:
set service dhcp-server shared-network-name FSL_LAN authoritative disable

That was it. Thanks @JaredBusch - you the man.

@jaredbusch said in EdgeRouter not handing out addresses on VLAN:

my LAN scope is disabled in that. It is only there for failover if the windows AD server with all the roles fails.

That explains this line:

set service dhcp-server shared-network-name FSL_LAN disable

What about this:

set service dhcp-server shared-network-name FSL_LAN authoritative disable

@jaredbusch said in EdgeRouter not handing out addresses on VLAN:

Plug something into eth1 directly does it pull DHCP on vlan1?
Force that device to VLAN 80 and plug it in to eth1. Does it get the DHCP then?

Did this and not getting an IP. Doing the old stare and compare with your config to see what is different.

@jaredbusch good idea. Forgot I could force something to a VLAN.

@jaredbusch said in EdgeRouter not handing out addresses on VLAN:

Which port were you plugged into with the manual config that worked?

Same ports for everything.

@jaredbusch Port 24 on the switch is plugged in to the EdgeRouter Eth1.

@BBigford glad I could save you some troubleshooting time.

I have an EdgeRouter Lite that is not handing out DHCP addresses on VLAN 80. Does anyone see an issue in the config as to why that would be?

ubnt@ubnt:~$ show configuration
firewall {
    all-ping enable
    broadcast-ping disable
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address dhcp
        description Internet
        duplex auto
        firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
        }
        speed auto
    }
    ethernet eth1 {
        address 192.168.1.1/24
        description Local
        duplex auto
        speed auto
        vif 80 {
            address 192.168.80.1/24
            description guestInternet
            mtu 1500
        }
    }
    ethernet eth2 {
        address 192.168.2.1/24
        description "Local 2"
        duplex auto
        speed auto
    }
    loopback lo {
    }
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name GuestInternet {
            subnet 192.168.80.0/24 {
                default-router 192.168.80.1
                dns-server 8.8.8.8
                dns-server 4.2.2.2
                start 192.168.80.10 {
                    stop 192.168.80.250
                }
            }
        }
        shared-network-name LAN1 {
            authoritative enable
            subnet 192.168.1.0/24 {
                default-router 192.168.1.1
                dns-server 192.168.1.3
                lease 86400
                start 192.168.1.38 {
                    stop 192.168.1.243
                }
            }
        }
    }
    dns {
        forwarding {
            cache-size 150
            listen-on eth1
            listen-on eth2
        }
    }
    gui {
        https-port 443
    }
    nat {
        rule 5010 {
            description "masquerade for WAN"
            outbound-interface eth0
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
}
system {
    host-name ubnt
    login {
        user ubnt {
            authentication {
                encrypted-password ****************
            }
            level admin
        }
    }
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone UTC
}
ubnt@ubnt:~$

I know I don't have the rules in yet to block subnet to subnet traffic. On my EdgeSwitch, I have port 2 untagged on VLAN 80, and excluded on VLAN 1. Port 2 is connected to the computer. On port 24, I have VLAN 1 untagged, and VLAN 80 tagged. If I statically configure an address on 192.168.80.0/24 I can route out to the internet and ping the other subnet. If I statically configure an address on 192.168.1.0/24, I can't ping anything, so it seems like it's on the VLAN, it's just that DHCP isn't working on that VLAN.

I ended up chatting on the QuickBooks site. There is no way to contact support, but to call, so I called in. You have to generate a ticket with them if you want to be notified of the fix. Once the problem is fixed they will notify you. They don't even have this listed as a problem on their website yet.

Yes, Win 7 is supported.

@dustinb3403 said in KB4073701 kills QuickBooks:

So the answer to this problem is upgrade the OS (and or ditch QB).

Seems like it for now. I'm not sure I'm going to even bother contacting QuickBooks.