Ubiquiti Edgemax Dual WAN With Failover Initial Setup

Preface

A while ago, i decided to convert my home network to more “professional” gear. My existing setup had been performing great for years, but as line speeds continue to increase, and the number of connected devices seem to skyrocket, the network had gotten more and more sluggish, and the recentrouter hijacks just made me even more determined to get something that i have greater control over.

Years ago i ran my own router on a Soekris net4801 running pfSense, but line speeds eventually got faster than what the Soekris could keep up with, and i ended up on consumer hardware.

My regular internet line is a Virgin Media 152Mbps. Searching for Dual-WAN routers narrowed the field. The Cisco had been great, but it bugged me that i could only set it to failover or load-balance. What i want is failover with some traffic going to the backup link. That narrowed the field quite a bit.

I ended up with two options, a “do it yourself” box with pfSense, or the new kid on the block, the EdgeRouter Lite which claims it can do 1 million pps and costs less than $100.

After reading raving reviews of the EdgeRouter, and realizing that the board i was going to run pfSense on was only capable of routing 85mb/sec and cost £235, i figured i’d give it a spin.

This is not your average consumer router though. The EdgeRouter runs Vyattawhich is based of Debian Linux, but with a really powerful command line syntax for setting things up.

I searched the web for something similar to my setup, but couldn’t find anything readily available, so here is my attempt at documenting the setup process for myself, in the hope that others will find it useful.

I used this guide as inspiration for the basic setup.

Setting it up

In the following i will be setting up the EdgeRouter Lite for running a dual WAN / single LAN with WAN failover.

  • eth0 is LAN
  • eth1 is WAN1
  • eth2 is WAN2 (failover)

login to the EdgeRouter (ERL) and enter configure mode

configure

Interfaces

Here we will setup the network Interfaces

eth0 => LAN

edit interfaces ethernet eth0
set description "LAN"
set address 192.168.1.1/24
top

eth1 => WAN1

edit interfaces ethernet eth1
set description "WAN1"
set address dhcp
top

eth2 => WAN2

edit interfaces ethernet eth2
set description "WAN2"
set address dhcp
top

Users

The ERL ships with a default user of ubnt/ubnt, which we will replace with our own user.

Create a new user, the plaintext password will be encrypted on commit!

edit system login user new_user
set full-name "username"
set authentication plaintext-password "password"
set level admin
top
commit

Now logout of the router, and login as your newly created user.

Delete the default ubnt user

delete system login user ubnt

DNS Forwarding

In the next section we’re going to setup a DHCP server, and we’ll need to setup DNS servers for that. The following sets up a standard DNS forwarding service.
There’s a bug (not acknowledged by Ubiquiti) that causes the router to write the WAN DNS servers to /etc/resolv.conf – even if you setup system dns servers. So if you use OpenDNS or similar, make sure you check resolv.conf.

edit service dns forwarding
set cache-size 1000
set listen-on eth0
top

DHCP Server

edit service dhcp-server
set disabled false
set dynamic-dns-update enable true
top

edit service dhcp-server shared-network-name LAN
set authoritative disable
edit subnet 192.168.1.0/24
set default-router 192.168.1.1
set dns-server 192.168.69.1
set domain-name somewhere.dk
set lease 86400
set start 192.168.1.50 stop 192.168.69.250
top

WAN Masquerading

Next we setup masquerading, which means your inside IP’s masquerade as the public IP of the router. We need a masquerade rule for each WAN interface, other than the interface name they’re identical.

edit service nat rule 5000
set description WAN_MASQ
set log disable
set outbound-interface eth1
set protocol all
set type masquerade
top

edit service nat rule 5001
set description WAN_MASQ
set log disable
set outbound-interface eth2
set protocol all
set type masquerade
top

Basic Firewall

First we setup some basic settings like ip forwarding, connection tracking etc.

edit firewall
set all-ping enable
set broadcast-ping disable
set conntrack-expect-table-size 4096
set conntrack-hash-size 4096
set conntrack-table-size 32768
set conntrack-tcp-loose enable
set ipv6-receive-redirects disable
set ipv6-src-route disable
set ip-src-route disable
set log-martians enable
set receive-redirects disable
set send-redirects enable
set source-validation disable
set syn-cookies enable
top

Next we’ll create a basic firewall for WAN input.

edit firewall name WAN_IN
set description "Inbound WAN to (W)LAN"
set default-action drop

set rule 5000 action accept
set rule 5000 description "Allow Established/Related"
set rule 5000 log disable
set rule 5000 protocol all
set rule 5000 state established enable
set rule 5000 state invalid disable
set rule 5000 state new disable
set rule 5000 state related enable

set rule 5001 action drop
set rule 5001 description "Drop Invalid"
set rule 5001 log disable
set rule 5001 protocol all
set rule 5001 state established disable
set rule 5001 state invalid enable
set rule 5001 state new disable
set rule 5001 state related disable

top

Local Firewall

The local firewall is a firewall that is there to protect the router itself. It filters traffic destined directly for the router. It is similar to the firewall above, but implemented separately so that when we poke holes in the WAN_IN firewall, we don’t open up the router at the same time.

edit firewall name WAN_LOCAL
set description "Inbound WAN to Local Router"
set default-action drop

set rule 5000 action accept
set rule 5000 description "Allow Established/Related"
set rule 5000 log disable
set rule 5000 protocol all
set rule 5000 state established enable
set rule 5000 state invalid disable
set rule 5000 state new disable
set rule 5000 state related enable

set rule 5001 action drop
set rule 5001 description "Drop Invalid"
set rule 5001 log disable
set rule 5001 protocol all
set rule 5001 state established disable
set rule 5001 state invalid enable
set rule 5001 state new disable
set rule 5001 state related disable

top    

Add firewall rules to interfaces

Next we apply the firewall rules to the WAN interfaces.

edit interfaces ethernet eth1 firewall
set in name WAN_IN
set local name WAN_LOCAL
top

edit interfaces ethernet eth2 firewall
set in name WAN_IN
set local name WAN_LOCAL
top

Basic system settings

set system host-name EdgeRouterLite 
set system domain-name something.local

set system name-server 8.8.8.8
set system name-server 8.8.4.4

set system time-zone Europe/London

Load Balancing

Load balancing on EdgeOS requires multiple things to be setup.
First we configure the actual load-balancer with the interfaces to be balanced, along with a route-test to determine if the link is alive.

Add eth1 to the load balancer.

edit load-balance group lb-default interface eth1 route-test
set initial-delay 60
set interval 100
set type ping target ping.ubnt.com
top

Add eth2 to the load balancer.

edit load-balance group lb-default interface eth2
set failover-only
edit route-test
set initial-delay 60
set interval 100
set type ping target ping.ubnt.com
top

Next we create firewall rules for modifying the routing table for failover.

There’s a bug with Hairpin NAT and load balancing, so this is a little hack that forces inbound traffic to use the main routing table discussed here

edit firewall modify lb rule 1
set action modify
set destination group address-group ADDRv4_eth0
set modify table main
up

then to setting up the actual modification

edit rule 10
set action modify
set modify lb-group lb-default
top

Apply firewall rules to our LAN interface so that all outbound traffic is routed according to the rules we just setup.

edit interface ethernet eth0 firewall in
set modify lb
top

Hairpin NAT

Hairpin NAT allows you to reach your public IP’s from the inside network. Basically it converts your inside address to the external address, and then back to the internal address.
The 1.4.x software has a new configuration option for automatically setting up firewall, nat and hairpin nat, but unfortunately it doesn’t work with multiple WANs (or LANs), so for now we’re stuck with the “old way”.

edit service nat rule 5002
set description "Hairpin_MASQ"
set destination address 192.168.1.0/24
set log disable
set outbound interface eth0
set protocol all
set source address 192.168.1.0/24
set type masquerade
top

Apply changes and save

commit
save

You now how a basic dual wan router working.
I didn’t setup load balancing since one of my links is significantly slower than the other, which means the load balancing is actually a degradation of service in my case.

Wrapping up

I’ve been running with this router now for a few weeks, and i must say i’m very pleased.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
Posted in Little Guides, Personal Projects | Tagged , , , , , , | Leave a comment

How to fix a Baofeng UV-5R that stops receiving after CHIRP file is uploaded

How to fix a Baofeng UV-5R that stops receiving after CHIRP file is uploaded

boafeng uv5rThe Baofeng UV-5R is an extremely versatile and inexpensive dual band handheld radio, which makes it one of the most popular and biggest selling transceivers around the world today. It’s Baofeng’s flagship radio, and they constantly tweak and update the UV-5R it to keep it on top in the marketplace.

Sometimes the updates are minor and are hardly noticeable, if at all, save for a higher firmware version number. However, if a more serious internal change is made, it may require a bit adjustment in the way the radio is programmed or operated, especially among seasoned users.

Such is the case with the most recent revision to the UV-5R. The latest known firmware version is N5R-20. The version number previous to this was BFS313. Up to firmware BFS313 the version numbers were fairly consistent, with only a change to one letter and/or number, an indication that even major feature updates and additions were not too radical as to affect overall compatibility of the programming data files between versions of the radio. With the introduction of N5R-20, the numbering system completely changed, a possible indication that the older and newer firmware may have more fundamental differences than previous versions.

This would explain why some users are experiencing issues when attempting to upload older programming files to the new radios using the CHIRP programming software. The older CHIRP image files from Baofeng UV-5R radios with BFB or BFS series firmware are not compatible with radios equipped with the N5R-XX version of the firmware.

For first time owner of the UV-5R, this isn’t an issue at all, since you would simply download the image from the radio into CHIRP, save the file to your computer, program your frequencies, and upload the same image file back into the radio.

For the user who is adding the new UV-5R to a mix of other Baofeng radios, this means that you can’t just upload an existing CHIRP .img file from your old radios to the new one. The differences and changes in the latest firmware simply will not let it work with the old file. As annoying and time consuming as it sounds, the best practice is to create a new CHIRP image file for the radio. As with the new user, download the defaults from the new radio into CHIRP, save the file, enter your data, and upload them into the radio.

Of course, that’s all well and good if you are reading this before you try to program the new radio, but what if you’ve already found out the hard way? You already uploaded your old .img file to your radio and it begins to act strangely. The UV-5R has no audio, won’t receive unless you press the MONI button, or stops responding altogether. Performing a reset doesn’t work to fix the issue. Has the damage already been done?

First, don’t panic. You haven’t damaged your radio. The firmware is permanent, and can’t be upgraded, changed, or “flashed”. The CHIRP image file doesn’t alter the firmware in any way either, so it’s all good. All you really need to do is clean out the bad data, so to speak, and re-program the radio.

To do so, you will need to use another version of CHIRP. Download the appropriate version of chirp-daily for your operating system (Linux, Mac or Microsoft Windows) to perform the fix. You will also need an original or stock .img file from a UV-5R radio with the N5R-20 firmware.

If you downloaded the image from the radio to CHIRP and saved it to your computer before you uploaded the .img file from your old radios, you’re in great shape. Otherwise, you will need to locate and obtain an .img file from a new or working UV-5R with the N5R-20 firmware. You can find the stock image files here

After CHIRP is installed, load the N5R-20/stock .img file into CHIRP and upload it to the radio. This should restore the UV-5R to its original settings. Use this new image file as your working image to program the new radio as needed.

All Credits go to www.buytwowayradios.com

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
Posted in How To Guides, Usefully Found Stuff | Leave a comment

m0n0wall 1.8.1 released

In m0n0wall 1.8.1, the base system has been switched to FreeBSD 8.4 for better support of recent hardware.
Thanks to contributions by Andrew White, Lennart Grahl and Pierre Nast, there have been significant improvements, new features and bug fixes in many areas.

Please note:

  • This version (any platform) requires at least 128 MB RAM and a disk/CF size of 32 MB or more
  • Follow the upgrade instructions when upgrading from earlier versions
  • physdiskwrite write errors near the end of the file (2182) can be ignored, as they’re caused by the digital signature

Change log highlights (see the SVN change log for the full details):

  • add scheduler (“Croen”) service with many different job types (enable/disable interface or shaper rule, Wake on LAN, reboot, reconnect WAN, execute command etc.)
  • improved IPv6 support, including IPsec, DHCPv6-PD, RDNSS and DNSSL, and NDP info on the ARP diagnostic page
  • major overhaul of wireless LAN support. On some cards, it is now also
    possible to create multiple APs at the same time. To reflect this
    change, the wireless settings have moved to the Interfaces: assign
    page, where WLAN subinterfaces can be created much like for VLANs.
  • DNS forwarder: add option to log DNS queries, add aliases (CNAMEs) and MXs
  • Add AES-256, SHA-256/384/512 and additional DH group options to IPsec
  • Make rule moving and deletion on shaper rules page work like for firewall rules.
  • Initial support for USB modems
  • enable CPU hardware crypto support
  • automatically reassign available physical network interfaces if none
    of the assigned interfaces in the configuration can be found on the system
    (i.e. for a new installation, or when moving an existing config to new
    hardware)
  • the “embedded” image is gone; generic-pc-serial should now be used for PC Engines and Soekris boards
  • console speed for serial images is fixed to 9600 baud (no longer tries to use BIOS preset value)
  • introduction of an automated build system that allows one to build m0n0wall from scratch with
    almost no manual intervention on a standard FreeBSD 8.4 system
  • countless bug fixes and improvements in UI and system configuration code

Refer to the installation instructions for information on how to install these files on the various platforms.

Version: 1.8.1
Release date: 01/15/2014

Article source: http://m0n0.ch/wall/downloads.php

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
Posted in Usefully Found Stuff | Leave a comment

Installing and setting up Pidgin for OCS access on Debian / Ubuntu based systems

Installing and setting up Pidgin for OCS access on Debian / Ubuntu based systems

First, make sure you have the latest versions of the following packages:

autotools-dev
pkg-config
libglib2.0-dev
libgtk2.0-dev
libpurple-dev
libtool
intltool
comerr-dev

You can install them with the following command:

sudo apt-get install autotools-dev pkg-config libglib2.0-dev libgtk2.0-dev \ libpurple-dev libtool intltool comerr-dev

Next, you will want to install the latest version of Pidgin (at least version 2.7.x) and the Pidgin-SIPE plugin:

sudo apt-get install pidgin pidgin-sipe

After installing Pidgin and Pidgin Sipe, you will need to restart the computer.

Launch Pidgin (how to do this depends on the version of Ubuntu you are running, it should be located in Applications/Internet (Apps)/Pidgin Internet Messaging.)

When the Welcome to Pidgin screen appears click on the Add button.

For the Protocol section choose Office Communicator and fill out the form as so:

pidgin_ubuntu

Finally, click on the Add button. This should add and enable your Lync account and connect you to the Lync Server.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
Posted in Recent Client Installs | Leave a comment

10 Codes and Other CB Radio Lingo…

CB-Radio-110 Codes

The most commonly used 10 codes:

When getting started, remember at least the following 10 codes:

  • 10-1 Receiving Poorly
  • 10-4 Ok, Message Received
  • 10-7 Out of Service, Leaving Air (you’re going off the air)
  • 10-8 In Service, subject to call (you’re back on the air)
  • 10-9 Repeat Message 10-10 Transmission Completed, Standing By (you’ll be listening)
  • 10-20 “What’s your location?” or “My location is…” Commonly asked as “What’s your 20?”

And maybe also this code… 10-100 Need to go to Bathroom. Also, remember that the code 10-4 only means “message received”. If you want to say “yes”, use “affirmative”. For “no”, use “negative”.

The Complete CB 10 codes

  • 10-1 Receiving Poorly
  • 10-2 Receiving Well
  • 10-3 Stop Transmitting
  • 10-4 Ok, Message Received
  • 10-5 Relay Message
  • 10-6 Busy, Stand By
  • 10-7 Out of Service, Leaving Air
  • 10-8 In Service, subject to call
  • 10-9 Repeat Message
  • 10-10 Transmission Completed, Standing By
  • 10-11 Talking too Rapidly
  • 10-12 Visitors Present
  • 10-13 Advise weather/road conditions
  • 10-16 Make Pickup at…
  • 10-17 Urgent Business
  • 8 Anything for us?
  • 10-19 Nothing for you, return to base
  • 10-20 My Location is ……… or What’s your Location?
  • 10-21 Call by Telephone
  • 10-22 Report in Person too ……
  • 10-23 Stand by
  • 10-24 Completed last assignment
  • 10-25 Can you Contact …….
  • 10-26 Disregard Last Information/Cancel Last Message/Ignore
  • 10-27 I am moving to Channel ……
  • 10-28 Identify your station
  • 10-29 Time is up for contact
  • 10-30 Does not conform to FCC Rules
  • 10-32 I will give you a radio check
  • 10-33 Emergency Traffic at this station
  • 10-34 Trouble at this station, help needed
  • 10-35 Confidential Information
  • 10-36 Correct Time is ………
  • 10-38 Ambulance needed at ………
  • 10-39 Your message delivered
  • 10-41 Please tune to channel ……..
  • 10-42 Traffic Accident at ……….
  • 10-43 Traffic tie-up at ………
  • 10-44 I have a message for you (or ………)
  • 10-45 All units within range please report
  • 10-50 Break Channel
  • 10-62 Unable to copy, use phone
  • 10-62sl unable to copy on AM, use Sideband – Lower (not an official code)
  • 10-62su unable to copy on AM, use Sideband – Upper (not an official code)
  • 10-65 Awaiting your next message/assignment
  • 10-67 All units comply
  • 10-70 Fire at …….
  • 10-73 Speed Trap at …………
  • 10-75 You are causing interference
  • 10-77 Negative Contact
  • 10-84 My telephone number is ………
  • 10-85 My address is ………..
  • 10-91 Talk closer to the Mike
  • 10-92 Your transmitter is out of adjustment
  • 10-93 Check my frequency on this channel
  • 10-94 Please give me a long count
  • 10-95 Transmit dead carrier for 5 sec.
  • 10-99 Mission completed, all units secure
  • 10-100 Need to go to Bathroom
  • 10-200 Police needed at ……….

10 codes originated in the USA and are, apparently, CB radio lingo only used in English-speaking countries. However, no matter which codes are used inyour country, be aware that there are local dialects in every urban area and region. You have to listen to others to learn the phrases and codes in you area.

Be aware that the use of codes specifically to obscure the meaning of a transmission is probably illegal in most countries. The difference is this – codes which are well known and make communications shorter or more efficient are normally allowed.

Q codes

Some of the more common Q codes

Q codes are used in many kinds of radio communications, including CB sideband but not typically on CB AM. (If your radio doesn’t have sideband, don’t worry about Q codes.) Q codes originated with amateur radio but their use in CB radio lingo, even more so than 10 codes, can vary depending on who published the list.

The following is an abbreviated list of Q codes borrowed from amateur radio:

  • QRM man made noise, adjacent channel interference
  • QRN static noise
  • QRO increase power
  • QRP reduce power
  • QRT shut down, clear
  • QSL confirmation, often refers to confirmation cards exchanged by hams
  • QSO conversation
  • QSX standing by on the side
  • QSY move to another frequency
  • QTH address, location

The following is from a list of Q codes used by the X-Ray Club (a sideband-users club headquartered in Paradise, California):

  • QRL Busy, Stand By
  • QRM Man Made Interference
  • QRT Stop Transmit or Shutting Down (same as 10-7 on AM)
  • QRX Stop Transmit or Standing By
  • QRZ Who is Calling?
  • QS Receiving Well
  • QSB Receiving Poorly
  • QSK I have something to Say or Station breaking QSM Repeat Message
  • QSO Radio Contact
  • QSP Relay Message
  • QSX Standing By (same as 10-10 on AM)
  • QSY Changing Frequency
  • QTH My Location is… or What’s your location? QTR Correct Time

Q codes may be used to ask questions (QTH?) or to answer them (QTH is 5th and Ivy Streets.)

The ARRL Handbook and the ARRL operating guides have more complete listings of those used for amateur radio. (ARRL is an amateur radio organization.) Historically, the Q signals were instituted at the ‘World Administrative Radio Conference’ (WARC) in 1912. Because of their international origin, Q codes may be more accepted outside English-speaking countries than 10 codes are.

Some tips for communicating with others on the CB

The following is a list that is generally considered proper procedure or polite when using a CB radio. It can also be considered a beginner’s survival guide. This list was compiled from common problems that have plagued beginners since CBs first became popular.

– When two people are talking, essentially they temporarily “own” the channel. US FCC regulations say that they have to give other people opportunities to use the channel if they’re going to use it more than several minutes. But it is not up to an outsider to “take” the channel from them.

– Take care not to “step on” other units (i.e. transmitting at the same time as they are, thereby making both your transmissions unreadable.) This usually means that you should adjust your break squelch level so that you can hear the other unit and then only begin to transmit when you can’t hear anyone else.

– NEVER deliberately key over someone else. Nobody likes that.

– If you hear one unit break for another unit, give some time for the unit to respond before you say anything yourself. (Keep in mind that they may have to fumble for a microphone in a moving car or dodge furniture enroute to a base station.) Remember, the calling unit has the channel.

– If you want to talk on a channel that is in use, it is very likely that your initial transmissions will accidentally “walk over” someone else’s. So you must keep them short. The word “break” is generally accepted. Try to time it in a pause in the conversation.

– Even when your “break” has been recognized, keep your next transmission short. For example, “Break one-seven for Godzilla” if you’re on Channel 17 and looking for someone whose handle is Godzilla. If Godzilla doesn’t answer in a reasonably short amount of time, it doesn’t hurt to say “thanks for the break” to the units that stopped their conversation for you.

– If you break on an open (unused) channel, you don’t have to be as brief. For example, “Break 17 for Godzilla. Are you out there Godzilla?”. However, the short form is perfectly acceptable, too. Use what fits your style.

– If someone speaking to you gets “walked over” so that you can’t understand the message, you basically have two options. You can tell the person you were listening to, “10-9, you were stepped on”, or you can find out what the breaker wants, “Go ahead break”, before returning to your original conversation. You should eventually recognize the breaker and find out what they want.

– If two people are talking and you would like to interject a response, you will probably just walk over someone. Use the procedure above to properly break into the conversation.

– If someone doesn’t answer your breaks after two or three attempts. Stop and wait for several minutes or, in mobile units, for several highway miles or city blocks. Others may have their radios on and don’t want to listen to the same break more than three times in succession.

– In other circumstances, improvise. Take into account other people’s points of view. Give people proper access to the channel and try not to do anything to annoy other units.

– If you make a mistake in any of the procedures above, don’t waste air time on a busy channel by apologizing. (If the channel isn’t busy, it’s your choice.) Just try to do it right in the future. Everyone takes a little time to learn.

OK, now you know how to conduct yourself on the radio. However, there are and will probably always be units that don’t. Be patient. You don’t have authority to enforce any rules so don’t break any by trying.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
Posted in Recent Client Installs | Leave a comment