@jaredbusch said in Ubiquiti ER3 to ER4 Upgrade?:

@scottalanmiller said in Ubiquiti ER3 to ER4 Upgrade?:

@mroth911 said in ubiquiti Er3 to 4 Upgrade?:

Can I just back up my er3 and upload it to the 4

I believe so.

I have never tried, but it should handle it because it only bring the /config folder in, and nothing in the hardware of the 3 vs 4 is all that different.

To clarify, I have migrated from ERL to ER4 a couple times. But I manually migrate. I don’t try to restore the old config.

@bbigford said in Does any one have a EdgeRouter 4 online and can test L2TP:

Any insight on maybe why that worked? I've had issues with the default group on another manufacturer, but I wouldn't think 14 was default.

It worked prior to changing to DH 14 on my iPhone.

I had to add a proposal with DH 14 for Windows 10 to work.

@jaredbusch said in ERL and Smart Queue throughput:

If the CPU was not limiting things, the unit should be pull 100Mbps
The Smart Queue is set to 100.

Of course, that is what I was referring.

@art_of_shred said in Thoughts on a Ubiquiti/Cisco comparo?:

This is just a project. What's the line? "Not my circus, not my monkeys"?

I think it goes "not my circus, not my Sonicwall".

@tonyshowoff said in Hello Mr Chinese IP based hacker:

That's why we set any WAN-fancing SSH port to something obscenely high like 41022, not for "security" but because of the logs. In fact, all of our sshd services run following that pattern, as does our internal HTTP(S) servers but the load balancers take in 80/443.

This prevents as many services as possible from running as root, which anything running port < 1024 does. I don't think most people even know this. At the very least if there's a NAT in play, one can always set ssh and web services ports much higher and just translate the ports to avoid the same issue.

(I know there are some work arounds like setcap on Linux, but in general this is the default behaviour on most machines)

For some reason this made me think of The Venture Bros, Hunter Gather says:

And we want your sad ass undercover agents to stop trying to infiltrate our group. Frankly we're tired of killing them and we can't afford the body bags!

Useful piece of information. Thanks!

@JaredBusch

Good to know. I'm planning on starting this later this week. If I can get this working, I'm going to replace a PFSense firewall with an ERX or lite. Right now, this is the only thing that I dont have setup for ERX yet.

@coliver said:

Do VPN connections get created/torn down with every communication? Or are they persistent until the device disconnects?

Normally neither. They are normally persistent until a certain amount of time, then they tear down when idle. Might be hours or days. That way they don't remain absolutely forever, but normally a very long time.

@JaredBusch said:

You need to upgrade your ERL to firmware 1.8 to get the full traffic analysis capabilities in the GUI.

Which has been done.

Don't ask me.. it's what he told me - so I just walked away and really didn't put any more thought into it.

But his thought was that you can't acquire the AP over wireless.

He has a greenfield setup.

But in thinking more about it... he's going to have to plug into the network no matter what for at least the first AP. After that he should be fine all wireless.