@JaredBusch said in Vyos Configure DHCP Server:

@EddieJennings his second error is related to DNS.

This is a working DNS setup.

set service dns forwarding cache-size 150 set service dns forwarding listen-on eth7 set service dns forwarding listen-on eth7.2 set service dns forwarding name-server 1.1.1.1 set service dns forwarding name-server 8.8.8.8 set service dns forwarding options server=/domain.local/10.202.0.21 set service dns forwarding options server=/domain/10.202.0.21

Correct. I gambled from his title the immediate interest was DHCP. I lost. 🙂

@black3dynamite said in VyOS native Salt Minion:

@scottalanmiller said in VyOS native Salt Minion:

That's great. I'd not played with that yet.

I wonder when they will get one (or this one) running on EdgeOS. Now that would be awesome.

Is EdgeOS a Debian-based Linux system like VyOS?

EdgeOS is a Vyatta fork, just like VyOS. They are extremely close. To the point that people constantly confuse them.

Made no configuration changes to the firewall tonight. Shutdown FreePBX VM, made a new one, and stuff seems to be working as it should. I'll do a few more tests tomorrow to make sure all is well.

Edit: I lied. I made a new DHCP reservation for my new FreePBX server.

@krisleslie said in Hitting the limits of the Ubiquiti EdgeRouter:

@jaredbusch My apologies, I meant QoS!

Well then, yes, better QoS performance because better processors.

@DustinB3403 said in VyOS - Best practices and questions:

I think BGP has to do intricately with the OP, just because I wasn't aware of BGP as the technology used, doesn't mean it wasn't what I was trying to figure out.

It's literally the last question in the OP, what do you do if you lose the physical interface for fail over. Answer: Use BGP.

uh - no. That assumes the ISP is what failed, not the NIC that failed on the firewall. Those are two different things.

@Reid-Cooper said in Open source Firewall:

pfSense was really good in the past. But I agree, the days of building your own firewall on an old PC that you have are over.

Right - the cost just isn't worth running your old PC. Power alone will cost more than the cost of an ER-X or ER-L.

@JaredBusch said in VyOS Port Address Translation for HTTPS:

@scottalanmiller said in VyOS Port Address Translation for HTTPS:

Got it working. The firewall rule was in the wrong section of the firewall.

You had it on eth0 local instead of eth0 in?

Yuppers.

@Dashrender said:

@scottalanmiller said:

@Dashrender said:

@scottalanmiller said:

@Dashrender said:

hell, forget windows. Let's look at phones! Android phones rare ever get patched. A hardware firewall in front of them seems very smart!

If you are concerned with security to the point that you are carrying hardware to put in front of your phone, wouldn't you more likely just get an iPhone?

The article implied that iPhones were just as easy to force to his AP as Windows or Android devices.

The point was that they are patched regularly. The carriers can't block it and Apple really annoys people who hold back. Apple takes security seriously in a way that Google cannot because of how they treat the ecosystem and carriers.

Google capitualated, Apple didn't. Apple said - you want our phone, you'll do it our way.

The carriers told Samnsung, LG, HTC, etc (I'm sure Google wasn't even part of it) you want us to carry your phones, you'll do it our way, or we'll find someone who will.

Yup, leaving Apple with a stronger security hand.

@Jason said:

Nevermind. #faceplam. forgot to go into configure mode first..

I may or may not have done that more than once.

@scottalanmiller said in VyOS remote access VPN:

@JaredBusch said in VyOS remote access VPN:

@scottalanmiller said in VyOS remote access VPN:

Yes, ERLs run VyOS.

For the record, EdgeOS is not VyOS. It is its own fork of Vyatta.

For the record, I did learn that since the original post and knew that now 🙂

Just clarifying for Google's sake.

@scottalanmiller said in Firewall Options for the NTG Lab:

@travisdh1 said in Firewall Options for the NTG Lab:

@scottalanmiller said in Firewall Options for the NTG Lab:

Never followed up on this, whoops. We ended up using VyOS for a few years. But the hardware died on us and was too complex to service. It made no sense as it was cheaper to replace with new Ubiquiti hardware than it was to maintain what we already had. So we ended up going with a UBNT ERL and it has been great.

Out of curiosity, is it the one running the NTG lab?

I'm just assuming that you only have it doing routing and that it can do the basics at full line speed.

Yes, that is what is currently running there. We don't do QoS filtering in the lab, so it handles the speeds just fine.

ERL can do near line speed as long as you don’t do something to hit the CPU.