Why? I have a small webserver running inside my network on port 55555. I only want my friends to be able to access it. I know that they live in Denmark, Norway and Sweden. I want to make sure that China, Russia and other parts of the world has no access, in order to minimize […]
Category: Ubiquiti
IPtables stats from Edgerouter via SNMP-part1
A little about Edgerouters IPtables. I wanted to follow the traffic through my firewall rules on my Edgerouter. Everything is based on IPtables and from the CLI I can get the statistic of how much traffic hits each rule. The following command shows all the firewall rules that are generated from the Edgerouters configuration: root@edge:/# […]
Edgerouter scheduled backups
In this section I will describe how to setup a scheduled daily backup of the edgerouter-configuration via SFTP to another linux-box. On the Edgerouter First we need to generate a public keypair on our Edgerouter. This is our ticket to the backup server. This is way more secure that using a password for authentication. […]
OpenVPN via Privateinternetaccess
This describes how to setup a permanent tunnel to privateinternetaccess. First download the certificates from privateinternetaccess here: https://www.privateinternetaccess.com/openvpn/openvpn.zip Unzip the .pem and .crt file to /config/openvpn-client on the edgerouter. Create a file called “client.ovpn” in the same folder with this content client dev tun proto udp resolv-retry infinite nobind persist-key persist-tun cipher aes-128-cbc auth sha1 tls-client […]
Easy certificate generation for openvpn
This script automates the process of generating certificates for OpenVPN on the edgerouter. Place this script under /config/openvpn and chmod it 755. Remember to edit the setup part of the script before running it. All output files are saved in cwd. #!/bin/bash #———————————————————————————————– # Setup CAname=Alex-CA CAsubject=”/C=DK/ST=SomeCity/L=SomeCity/O=CAworld” CAexpire=1000 CAkeyLength=2048 ServerName=vpn.mydomain.com ServerSubject=”/C=DK/ST=SomeCity/L=SomeCity/O=ServerWorld/CN=${ServerName}” ServerExpire=1000 ServerKeyLength=2048 ClientName=myclient ClientSubject=”/C=DK/ST=SomeCity/L=SomeCity/O=ClientWorld/CN=${ClientName}” ClientExpire=1000 […]
Serving TOR on an internal LAN
The purpose of this article is to set up a VLAN with DHCP that is presented to my AP and broadcasted on a SSID called TOR. The VLAN will serve DHCP. All the clients traffic on this VLAN will be redirected through TOR and making it safe to surf the internet from there. I have […]
TMUX in Edgerouter
I like to have a nice terminal environment – also on my Edgerouter. With a few modifications to my original article http://www.cron.dk/tmux/ this is possible. One big advantage is that if you loose SSH connection, you will always continue where you left. I also like having my current configuration in one tab, while doing configuration in another. […]
Edgerouter and Chromecast
Chromecast crossing subnets This article is based on a long thread in the ubnt forums, but I just boiled it down to making it work in my environment… It’s a continuation of my Edgerouter Security series. Clients use mDns (a dynamic decentralized dns mechanism) to find the Cromecast. The Edgerouters mdns repeater needs to be enabled […]
Edgerouter PPTP client
Setting up a PPTP tunnel to a VPN provider. My goal in this blogentry is to set up a permanent open PPTP tunnel to a VPN provider. I am going to set up a couple of internal clients in my network to always be tunneled through this provider. The first step set up a basic tunnel […]
Edgerouter, IPv6
Adding IPv6 to the Edgerouter My goal was to set up IPv6 on my Edgerouter with tunnelbroker.net because my ISP doesn’t support IPv6. There are a lot of nice instructions on the internet how to get a /64 network routed into one Edgerouter interface. But I found very little information on getting several /64 networks to […]