@pmoncho said in Kerio Connect "license error: license exhausted, cannot allow another host": Based on the couple posts I have seen, each registered user can have five devices. So, if they have 30 devices, they need 6 user licenses. Did they add any extra devices lately? Easily, but more likely they just let their license expire.

@DustinB3403 said in Openvpn HELPPP!!: @abdel-hakim-abousrea to start, if you have access to the internet, you have a public IP, it could be a statically assigned IP or one that could change randomly. Having a static public IP to use for this would be ideal. Set up a FQDN for your system, even if it is a static IP. Either via some type of dynamic DNS or a manual records in your public DNS.

@mroth911 said in locking down network: so basically I am helping with my church/School , they need to connect to apple/android store. youtube. but social media sites locked down and p2p networks and anything inappropriate for k-12. So OpenDNS is doing the trick for now., However there is no cherry picking, and certain users need the ability to connect to facebook as well. Posting via webpage what is going on in school etc. Thats the situation at hand. They received a letter that someone on the network was downloading from BitTorrent. and it broke digital media anti-piracy law. etc. So they are naturally freaking out. This is something I want to setup and walk away.. I am just doing this to help them. Blocking Bittorrent without an application level firewall isn't that easy. Talking to the tracker happens via DNS, but talking to the other clients normally is just via IP address. You could block all non needed outbound ports - but again, I think Bittorrent can work over port 80 and 443, so not really that helpful.

@Donahue said in Hyper-V teaming worth it for LACP?: Yeah, i think i need to learn powershell. I probably rely too much on GUI's Same fees, tenth of the time.

I'm curious as to how they'll deal with depletion of their 256 bit UUIDs and/or spoofing or anything else. We can know is that Google (and others) will have a way that works across IP addresses that will provide a fairly unique way of identifying you no matter what. Presumably some browsers will let you change it or have it different in privacy mode or whatever, but like with Don't Track we'll can almost guarentee that even if there is a standard some other company like Microsoft will implement it just differently enough to make a lot of it pointless... other than the connection speed I guess. People are already gungho about this, some thinking that it's a total replacement for the TCP stack which is utterly stupid. I first read about this in mid 2017 and noticed it seemed to be sort of a spin on MinimaLT which was specified to deal with mobile IP (as in protocol, not address) issues.

@scottalanmiller said in Another Major BGP Mishaps Redirects US Traffic to China: I noticed that YouTube was down yesterday for a little bit. Very short, though. Even Facebook got taken out for a bit too... Don't know if it's related or not, but still...

@Dashrender said in Strange snafu misroutes domestic US Internet traffic through China Telecom: @scottalanmiller said in Strange snafu misroutes domestic US Internet traffic through China Telecom: @Dashrender said in Strange snafu misroutes domestic US Internet traffic through China Telecom: Man - BGP needs an overhaul! Replaced! Is there something that can replace it now? Dont' think so. Not on that scale.

@Mike-Davis said in daisy chain Ubiquiti AC Pros?: @DustinB3403 said in daisy chain Ubiquiti AC Pros?: This is why you don't use pre-made cables. What does it cost to have fiber terminated? $150/hr? Since this is in the mountains, I'm guessing the nearest city is 1.5 hours away, so drive time on top of that. I'm just guessing at the labor since I haven't ever had it quoted. Right, so if oyu are confident that premade will pull in quantiy, then by all means go with it. The good thing about fiber, is that it doesn't matter if you coil up the left over.

@Donahue said in Why I See UTMs As Generally Bad in the Current Market: @scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market: @Donahue said in Why I See UTMs As Generally Bad in the Current Market: The reason we went with Fortigate over an Edge router, is that the Edge router couldn't do the IPsec bandwidth we were trying to hit. But mine is an NGFW with UTM bundled in. Could there been some other product that I dont know of that would have been better in our case? ERL does nearly half of what you need... https://community.ubnt.com/t5/EdgeRouter/ERL-Performance-Testing-with-IPSec-VPN/m-p/1053799#M44593 ER and ERPro are so much more powerful. The ER Pro has 2x the CPU power, and 4x the RAM. We'd expect it to be able to saturate your lines no problem. Of course that is "expect", but based on the ERL speeds, and that they run the same code, there is little doubt that it can push IPSec over 1Gig speeds. https://dl.ubnt.com/datasheets/edgemax/EdgeRouter_DS.pdf Your link is what convinced me not to use the ER pro. the Pro's will only do <500 mbps at full capacity, its in the link you posted. Where in it? Oh, I see. he mentions ER Pro in another post, then posts them without stating what they are in a thread on ERLs. VERY confusing.

Something to keep in mind is NGFW. Ubiquiti and Meraki, for example, are NGFW. It looks like much of the market is already starting to cool on the UTM crazy and NGFW is taking off as the "next stage" of popular approaches. Basically a reversal of direction or marketing at least, even from the big players in the UTM space like Palo Alto, Fortinet, Cisco, etc.

Only so serious, it's in D-Link gear. Bwahaha

@jaredbusch said in Ubiquiti ER3 to ER4 Upgrade?: @scottalanmiller said in Ubiquiti ER3 to ER4 Upgrade?: @mroth911 said in ubiquiti Er3 to 4 Upgrade?: Can I just back up my er3 and upload it to the 4 I believe so. I have never tried, but it should handle it because it only bring the /config folder in, and nothing in the hardware of the 3 vs 4 is all that different. To clarify, I have migrated from ERL to ER4 a couple times. But I manually migrate. I don’t try to restore the old config.

@scottalanmiller said in Network error Windows 7: @wrcombs said in Network error Windows 7: @dashrender said in Network error Windows 7: @wrcombs said in Network error Windows 7: @scottalanmiller said in Network error Windows 7: @wrcombs said in Network error Windows 7: @scottalanmiller said in Network error Windows 7: @wrcombs said in Network error Windows 7: Anyone ever see this error before? do you know what it means ? how to get rid of it? No, because I carefully never do that, lol. I didnt do this, this is from someone saying " This is how I think it goes" and changing settings. Also something to avoid Random people who don't know the basics, making completely crazy configuration changes... that's a disaster waiting to happen. Imagine if they were doing that on a PCI network or something They did! we use 2 NICs, one for internet, one for the PoS system so they are "seperated" the best they can be. They stacked and added IP's to the PoS NIC, So all of the PoS were accessing the internet... Sure, but the internal POS network doesn't have a gateway to some place else inside it, right? So you don't have a gateway on that network interface. I dont believe there is a gateway, its just communicating within the PoS and the back office. If that were the case then I shouldn't be getting this message correct? Shouldn't. The warning seems like it would be genuine - it's warning you that someone messed up the configuration. When I used to have these type of setups, I would set the gateway to the POS and set the metric to 10 for either that NIC or that subnet. That's assuming that you're talking directly to the one and only POS and nothing else on that network. While you don't have to alter the metric, it helped stop Windows from wigging out seeing two NICs or two IPs and two gateways on one NIC. If you experiment, you can always put it back. Different VASCs and different brands & processors specify what's ok with them. Because PCI.

@wrcombs said in Site Moved a PC=A MESS: @scottalanmiller said in Site Moved a PC=A MESS: @wrcombs said in Site Moved a PC=A MESS: My boss was pushing the compliance issues, Yes, Because it is his job to make sure compliance is met within every site. You're telling me, If im not mistaken, That following directions coming from the vendor is my boss being Dumb? or Being an Ass? Straight from PCI Data Security Standard: Build and Maintain a Secure Network: 1. Install and maintain a firewall configuration to protect cardholder data. 2. Do no use Vendor- supplied Defaults for system passwords and other security parameters . I guess reading this more thoroughly so I could continue this conversation: no where does it say It has to be a separate or isolated network, Only that It needs to be behind a firewall as far as Networking is concerned. Correct, I'm telling you, straight up, that if your boss claims that those words in ANY WAY suggest you can't use a VLAN, he's either insanely stupid, or a ridiculous liar who thinks you easy to push around. There is NOTHING about a separate network there. Not one thing. I understand that now, at first I was a little confused, but now having seen and looked into everything more based off of what you are telling me , I find that everything you are saying makes perfect sense Not that it means you can do something about it. But knowing that the boss is most likely just trying to blow you off, or just trying to make things complicated for some personal reason at the expense of the company makes it far better to be able to at least learn from the scenario. Your quality take aways here include... Your boss is not to be trusted (why, we don't know, but a reliable source, he is not.) Look for another job (you know this, but it's a reminder.) You now know PCI far better than before (and better than your boss.) You now have more experience in evaluating someone giving excuses rather than actual logic.

@obsolesce said in Set static ip for Hyper-V Server 2016 virtual ethernet adapter.: @scottalanmiller said in Set static ip for Hyper-V Server 2016 virtual ethernet adapter.: @obsolesce said in Set static ip for Hyper-V Server 2016 virtual ethernet adapter.: There are a lot of options rather than spending weeks figuring out such a dumb issue. Having to bring in a local tech or get a swing machine are actually much more intensive than looking at it remotely for a while. But seems doubtful that it will take weeks. Only has had a few minutes of being looked at, and only today. Oh, didn't realize it was like that. No local IT, no other available infrastructure or anything kind of limits things a lot. Yeah, a LOT. If we were local and it was one of two (or more) machines, yeah, we'd happily reinstall. As it is, we are scared of the backup device failing. Which isn't terrible as it is ONLY a backup device. But taking the server offline... we are pretty dependent on it.

@wrcombs said in Cant communicate: @obsolesce said in Cant communicate: @dafyre said in Cant communicate: Glad you got it, but my money is on a b0rk3d windows update that broke it. It's Windows XP... those don't get updates anymore. the back office was Windows 7. . . . Isnt windows 7 still receiving security updates? Yes, it's still widely deployed. But freaking ancient.

@scottalanmiller said in Multiple switches - connection: @ccwtech said in Multiple switches - connection: For connecting multiple switches (3 in this case), if your router has Gigabit LAN, is it best to to have a cord from 3 different ports on the router to each switch or to have the router go into 1 switch and then daisy chain the switches... or... does it really matter? Neither. Router to Switch at the hub, then spoke other switches. Correct. that is what I said, in a slightly more technical way.

@jaredbusch Oh no way lol, thats great!

@krisleslie :{../name}: Got ya

I've always used WiFi Analyizer on a phone/tablet if I needed to survey a location. That said, a thread on linuxquestions.com led me to: https://alternativeto.net/software/inssider/?platform=linux#. Looks like some options at least, don't really know if they're decent.

Duplicate IP or bad switch or local port... possibly driver.

@scottalanmiller said in NAT and Port Forwarding: @jaredbusch said in NAT and Port Forwarding: @scottalanmiller said in NAT and Port Forwarding: @jaredbusch said in NAT and Port Forwarding: The downside to port forwarding is that it only goes to your primary IP Yeah, that can be very limiting. Seems like that would be easy to expand on their side. Does VyOS have this feature? I always use VyOS directly from the config files, so not sure. set port-forward hit tab.

@jimmy_k said in Urgent: How to fix this FreePBX Repo Access Issue?: @jimmy_k Well, I just fixed it I modified etc/resolv.conf by putting this nameserver same as DNS1 nameserver same as DNS2 That's what that script is supposed to do. If you did this, it means either you never activated the script or it is broken and will stop working again.

@tim_g said in Networking and 1U Colocation: fail2ban Fail2ban does nothing with key based access. It's denied before fail2ban even sees it.

@dbeato said in Dell Machines Unable to VPN Due to SmartByte Bloatware: @scottalanmiller said in Dell Machines Unable to VPN Due to SmartByte Bloatware: SmartByte, a bit of bloatware or possibly malware - certainly closer to malware than not, is shipping by default on some Dell laptops and desktops. If you are doing a clean OS install as is best practice, this bloatware will be unknown to you. But if you keep the random stuff that ships with your machine, you may run into networking problems. SmartByte has been found by Cisco (and us, now that we know about it with clients) to break network connections and specifically has been found to cause VPNs to fail to connect. You'll need to disable, or better remove, or best do a proper, clean OS install, to get your machine able to network reliably. None of my Dell Devices has ever come with this. Not even laptops bought through Amazon. In the past Dell and HP have had the Cisco AnnyConnect client but that is found more on home and retailers like Best Buy, Staples or such. Then again I don’t buy Dell Inspiron (Which are the ones with SmartByte for sure) I never run into it because I would never run a machine without doing a proper OS install, you never know what is on there. But we ran into this (and I've been ranting about how people got into the process of not doing a clean install - dealing with that separately) just now because someone had a machine that didn't get installed and, of course, terrible bloatware problems.

Glad that you figured it out.

@mike-davis said in SharePoint Online as a File Server: @dbeato said in SharePoint Online as a File Server: More information on Quickbooks and Linux below (Not that I would encourage it) https://community.intuit.com/articles/1552445-install-linux-database-server-manager I'm right there with you. QuickBooks has problems enough of its own without involving two operating systems. Two? Looks like the database only goes on one. No additional complexity. But solves some major licensing costs. Windows Server + CALs just for QB is pretty expensive.

@360col said in schedule time per client not possible: Opps this was meant as a reply to the Unifi Schedule thread. No idea why it became a separate topic Can someone fix up this or close this thread. Thanks. Probably because you tried posting it as below:

@dashrender said in Windows Server 2016 NIC Teaming - No internet: @thwr said in Windows Server 2016 NIC Teaming - No internet: @tim_g said in Windows Server 2016 NIC Teaming - No internet: @thwr said in Windows Server 2016 NIC Teaming - No internet: @tim_g said in Windows Server 2016 NIC Teaming - No internet: Are you setting the NICTeam IP or one of the adapters making the team. Leave the individual adapters alone, and just set the Team Asked that before, he's configuring the team, not the NICs Before it's a team you can mess with the NIC settings, and it effects the Team afterwards (in my experience). Should not happen because Windows will unbind all IP protocols (v4 and v6) from each member NIC. At least in theory. Don't ya just love theory??? I'm more on the practical side.