EdgeRouter X - Ubiquiti - (ER X)

Salutare,

Am un er-x pe care am pus wireguard si functioneaza foarte bine.

Problema pe care o am: cum pot sa fac ca clientii de pe interfata wg0 (192.168.1.X) sa vada servere DLNA, Chromecast-uri sa zicem de pe LAN-ul (192.168.2.X) intern? Am inteleg ca e ceva cu mdns, multicast.. a incercat cineva? Eram curios daca a configurat cineva pe er-x asa ceva inainte sa ma apuc sa caut mai in amanunt..

pai, sa zicem ca interfata data wireguard este wg0 (192.168.1.X) iar lanul tau (192.168.2.x) rezida in interfata switch0 - configuratie clasica si "nepretentioasa" pt ER-X
si vom avea:

configure
set service mdns repeater interface switch0
set service mdns repeater interface wg0
commit; save; exit

enjoy.

Edited by ogo, 27 January 2020 - 22:05.

Poti alternativ si din Web-GUI: Config Tree > Services > mdns > repeater. In CLI este ce-i drept mai rapid.

Am o KM C227 legata la un switch, cu ip fix. Cum pot sa printez de pe telefon? Imi vede imprimanta dar nu reuseste printarea.

De pe alt device (laptop/calculator) poti printa?
Ce subnet e declarat in reteaua la care se conecteaza telefonul si ce IP are imprimanta?

Am incercat acum si nu merge.
wireguard e pe 192.168.33.2/32 si ip-ul imprimantei este 192.168.1.48

Vrei sa printezi fiind conectat la vpn? (wireguard).
Tu in masina si imprimanta acasa, fiind conectat via wireguard?

Da.

Pai incearca ca ma sus. Cu mdns repeater.
Dupa da ping in imprimanta fiind conectat la wireguard.
Vezi daca si printeaza.

Nu vrea de niciunele. Nici de pe tel si nici de pe laptop.

Inteleg ca e posibil sa nu iti mearge mdns dar ping trebuie sa ai fara nicio prlb -  sigur e setat cum trebuie wireguard-ul?
poti da ping (adica ai reply) conectat la wireguard catre un client din lan-ul de acasa (care raspunde la ping 100%).

cand dai ping sau incerci sa printezi ce output ai la: (fiind conectat la router, bineinteles).

sudo tail -f /var/log/messages |grep mdsn

sau apare ceva in loguri legat de mdsn

show log all |grep mdsn 

Edited by ogo, 06 February 2020 - 19:04.

Welcome to EdgeOS															
																			
By logging in, accessing, or using the Ubiquiti product, you				
acknowledge that you have read and understood the Ubiquiti					
License Agreement (available in the Web UI at, by default,					
http://192.168.1.1) and agree to be bound by its terms.						
																			
ubnt login: RouterX															
Password:																	
Last login: Thu Feb 6 16:24:43 UTC 2020 on pts/0							
Linux ubnt 4.14.54-UBNT #1 SMP Wed Nov 20 11:30:55 UTC 2019 mips			
Welcome to EdgeOS															
RouterX@ubnt:~$ show configuration											
firewall {																	
all-ping enable															
broadcast-ping disable													
ipv6-receive-redirects disable											
ipv6-src-route disable													
ip-src-route disable													
log-martians enable														
name WAN_IN {															
	 default-action drop													
	 description "WAN to internal"										
	 rule 10 {															
		 action accept													
		 description "Allow established/related"							
		 state {															
			 established enable											
			 related enable												
		 }																
	 }																	
	 rule 20 {															
		 action drop														
		 description "Drop invalid state"								
		 state {															
			 invalid enable												

@ogo Conectat la wireguard de pe laptop.
Pinging 192.168.1.1 with 32 bytes of data:
General failure.
General failure.
General failure.
Cum dezactivez wireguard cum merge. Am pus aceleasi setari de pe telefon pe wireguard pe windows.
Sudo tail - nu printeaza nimic pe ecran.
xxx@ubnt:~$ sudo tail -f /var/log/messages |grep mdsn
xxx@ubnt:~$ show log all |grep mdsn
Nu pot accesa routerul daca sunt conectat pe wireguard si niciun alt device care de obicei se poate accesa cu ip.

Edited by petman, 06 February 2020 - 19:31.

@petman
1. General failure. - asta e de la termopane nu de la wireguard.
2. nu poti accesa nimic din lan fiind conectat la wireguard dar INTERNETUL iti merge fiind conectat la wireguard?
3. ce reguli de firewall ai WAN_LOCAL ?

show configuration commands |grep WAN_LOCAL 

si WAN_IN

show configuration commands |grep WAN_IN

@dady22
aia nu e toata configuratia, e doar primul screen; INCEARCA asa:

show configuration

copiezi ce apare in terminal
dupa apesi O SINGURA DATA SPACE sa treaca la urmatoarea pagina
copiezi ce apare in terminal
O SINGURA DATA SPACE
copiezi ce apare in terminal
O SINGURA DATA SPACE
copiezi ce apare in terminal

pana cand o sa dai degeaba space...

Edited by ogo, 06 February 2020 - 19:47.

Internetul merge cand sunt conectat pe wireguard.

set firewall name WAN_LOCAL default-action drop
set firewall name WAN_LOCAL description 'WAN to router'
set firewall name WAN_LOCAL rule 10 action accept
set firewall name WAN_LOCAL rule 10 description 'Allow established/related'
set firewall name WAN_LOCAL rule 10 state established enable
set firewall name WAN_LOCAL rule 10 state related enable
set firewall name WAN_LOCAL rule 20 action drop
set firewall name WAN_LOCAL rule 20 description 'Drop invalid state'
set firewall name WAN_LOCAL rule 20 state invalid enable
set firewall name WAN_LOCAL rule 30 action accept
set firewall name WAN_LOCAL rule 30 description WireGuard
set firewall name WAN_LOCAL rule 30 destination port 51820
set firewall name WAN_LOCAL rule 30 protocol udp
set interfaces ethernet eth0 firewall local name WAN_LOCAL

set firewall name WAN_IN default-action drop
set firewall name WAN_IN description 'WAN to internal'
set firewall name WAN_IN rule 10 action accept
set firewall name WAN_IN rule 10 description 'Allow established/related'
set firewall name WAN_IN rule 10 state established enable
set firewall name WAN_IN rule 10 state related enable
set firewall name WAN_IN rule 20 action drop
set firewall name WAN_IN rule 20 description 'Drop invalid state'
set firewall name WAN_IN rule 20 state invalid enable
set interfaces ethernet eth0 firewall in name WAN_IN

@petman

show interfaces

sudo wg show

- blureaza public key-ul router-ului si  key-ul peer-ului.

Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface	IP Address						S/L  Description
---------	----------						---  -----------
eth0		 xx.xx.xx.xx/24				  u/u  Internet
eth1		 -								 u/u  Desktop
eth2		 -								 u/u  Extern
eth3		 -								 u/u  Nas
eth4		 -								 u/u  AP
lo		   127.0.0.1/8					   u/u
			 ::1/128
switch0	  192.168.1.1/24					u/u  Local
wg0		  192.168.33.1/24				   u/u

interface: wg0
  public key: xxxxxxxxxxxxxx
  private key: (hidden)
  listening port: 51820
peer: xxxxxxxxxxxxxxxxxx
  endpoint: 192.168.1.229:64697
  allowed ips: 192.168.33.2/32
  latest handshake: 17 minutes, 7 seconds ago
  transfer: 2.83 MiB received, 47.54 MiB sent
  persistent keepalive: every 25 seconds
peer: xxxxxxxxxxxxxxx
  allowed ips: 192.168.33.3/32
  persistent keepalive: every 25 seconds
peer: xxxxxxxxxxxxxxxxxxxxxx
  allowed ips: 192.168.33.4/32
  persistent keepalive: every 25 seconds

@petman - ok, hai ca asa nu fac nimic - da paste la toata configuratia. pana acum pare totul in regula....