@mroth911 said in locking down network: so basically I am helping with my church/School , they need to connect to apple/android store. youtube. but social media sites locked down and p2p networks and anything inappropriate for k-12. So OpenDNS is doing the trick for now., However there is no cherry picking, and certain users need the ability to connect to facebook as well. Posting via webpage what is going on in school etc. Thats the situation at hand. They received a letter that someone on the network was downloading from BitTorrent. and it broke digital media anti-piracy law. etc. So they are naturally freaking out. This is something I want to setup and walk away.. I am just doing this to help them. Blocking Bittorrent without an application level firewall isn't that easy. Talking to the tracker happens via DNS, but talking to the other clients normally is just via IP address. You could block all non needed outbound ports - but again, I think Bittorrent can work over port 80 and 443, so not really that helpful.

I upgraded to 1.10.7 2 weeks ago. Pulling the trigger on 1.10.8.

Spoke too soon. Seems to be an issue with WinMTR. Running it from CLI on a CentOS box, works like a charm. Go figure.

I updated all the sites that could be rebooted mid work day already. The rest will happen this evening.

I just updated today, not sure if I see any issues yet.

Did you use the Libreswan or Strongswan setting in your previous post?

@smitherick said in EdgeOS 1.10.0 final is released: Cheers to UNMS. Yeah, we are using it now, great stuff.

@krisleslie said in Hitting the limits of the Ubiquiti EdgeRouter: @jaredbusch My apologies, I meant QoS! Well then, yes, better QoS performance because better processors.

@gjacobse said in Ubiquiti released EdgeOS 1.9.7: @scottalanmiller said in Ubiquiti released EdgeOS 1.9.7: Just got my EdgeRouter for home hooked up after years of it disconnected. Welcome back to the world of Internet..... And to good Internet equipment, as well!

@Dashrender said in Considering a New VPN: @JaredBusch said in Considering a New VPN: @scottalanmiller said in Considering a New VPN: @JaredBusch said in Considering a New VPN: @scottalanmiller said in Considering a New VPN: @JaredBusch said in Considering a New VPN: @scottalanmiller said in Considering a New VPN: @Carnival-Boy said in Considering a New VPN: Yeah, I need hub and spoke really. But that's not too difficult to setup on ZeroTier is it? ZeroTier doesn't offer hub and spoke at all. It's pure SDN / mesh. This is not true, ZeroTier has gateway functionality. https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linux I was leaving that out for simplicity as he's not going to build custom Linux systems for this. Why? Because a single VM setup as a gateway means that ZT now meets all needs also. No different than replacing a router, etc. I've not used it, does it require you to change your IP range or can you keep what you have? The biggest recommendation is to make it inclusive of your LAN subnet so make life easier. I've not had the time to set it up on my lab yet. I use ZT in a number of places, but not using the gateway anywhere yet. Right, so being inclusive means that you did follow Scott's recommendation, only that you bent ZT to the current setup, instead of making a whole new IP setup with this in mind. Did that solve all of the Windows DNS issues? I have no idea WTF you are talking about. You are implying and inferring things that are not being discussed here.

@fuznutz04 said in Edge Router lockup: Yeah, really strange behavior with no evidence to look at. Time to set logs to go to a remote server.

I have not had anyone desire this level of connection in their ERL, so I have no direct experience.

@JaredBusch Excellent. BTW, the UI for the EdgeSwitch on the latest firmware is pretty nice. A lot nicer than the Dell switches I'm used to configuring in the past.

@dafyre said in EdgeRouter PoE high CPU usage: @travisdh1 -- Maybe he should start with something simple... like a reboot? (I haven't seen him mention that anywhere). The entire reason it came back up is that the unit rebooted itself (crashed) at 1300 CDT yesterday.

Sounds good. I'm going to give this a shot tonight on my ERX at home so I don't bring down the existing tunnel here in the office.

No problem!

@scottalanmiller It's ok. That's not my favorite by far, but it's what was in the fridge, so it worked.

@Dashrender said in EdgeMAX EdgeRouter software release v1.9.0: I used to do VLANs for broadcast storm reasons.. but as I've sense learned, if you have broadcast storms, you have another problems you need to solve anyway... and the VLANs probably won't save you, the switches will still be swarmed and might be brought to their knees anyhow... so, yeah.. today, if I need more than 250 devices in a network, move from /24 to /23 or even /22. Migrating an existing network though - kinda a huge pain in the ass. Definitely true. But to bring this full circle, the person in question wants to setup VLAN for learning how to implement them and how they work, and that is awesome.

Did you end up putting in a support ticket? Pretty unfortunate you haven't received a reply yet as to whether you should or not. Hopefully it's fixed soon.

@JaredBusch Good to know. I'm planning on starting this later this week. If I can get this working, I'm going to replace a PFSense firewall with an ERX or lite. Right now, this is the only thing that I dont have setup for ERX yet.

@Jason said: Nevermind. #faceplam. forgot to go into configure mode first.. I may or may not have done that more than once.