You shouldn’t set up a site to site VPN from behind a nat. You can forward the appropriate ports but you still may get issues with the transforms since one side doesn’t have a real IP. On consumer gear I’ve had good luck setting up site to site VPNs with Netgear, DLink and Sonic Firewalls (a little more pricy / higher end security device). Also good luck with open VPN on unix (Ubuntu) environments. It’s pretty simple as long as you match up both sides and make sure the network statements in the proposals are sensible and match regardless of the platform you use. As for the Ubiquiti issues, yes, I have had issues with ubiquity hardware and Apple playing nice. Not so much the multiple access point issue it seems to roam fine but the problems were around chipset incompatibilities and I couldn’t get more than half the maximum speed. The connections were stable though so if you can take the performance hit it’s not a big deal at all. Other than that they were pretty good. The routers were a different story. Under powered in my opinion. Good luck in your network building.
On Sep 27, 2016, at 9:13 PM, Katherine Moss <Katherine.Moss@gordon.edu> wrote:
Oh boy. From what you are saying it still appears as if I have some work to do. Love the ideas, though. And just curious, have you gotten anything to connect to anyone's Ubiquiti EdgeOS-based VPN? Like I mentioned, I don't have to have one like that ... the only reason why I had that stuck in my mind is because it's the only thing my friend got to work with site-to-site VPN. (we tried setting up a site-to-site VPN from his router to my PFSense box with ports forwarded (the box is inside the NAT, not on the perimeter), and it just sat there ... the terminology used by PFSense was confusing, even for him, and he's a certified CompTIA NetworkPlus technician). So, if you've got any router ideas that run VPN like normal people, then that would be great. After all, I need something that I can customize to the nth degree.
-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Andrew Hodgson Sent: Tuesday, September 27, 2016 6:44 PM To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: Re: [Blind-sysadmins] possibly off topic: network configs and TVs
Hi,
I've had a Sophos UTM firewall here for quite some time. It does wireless but the wireless Aps are separate units which connect through a PoE switch to the main firewall which acts as a controller.
The only reason I keep it now is the wireless support, I find in some instances it slows down Internet traffic as it pushes everything through the UTM transparent proxy which can slow traffic in some situations. My unit has 6GB which is obviously not a small amount of RAM but even then I can see a small difference on some types of Internet traffic.
These days I do as little as possible at home and do everything else through the cloud.
I have also seen complaints on Ubiquiti wireless - especially multiple access points and iPhones. There have been a couple of blog posts about this that I have read in the last couple of weeks.
Andrew.
-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Katherine Moss Sent: 27 September 2016 16:08 To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: Re: [Blind-sysadmins] possibly off topic: network configs and TVs
Hi all, Thanks for the support. I'm using Ubiquiti because it's the only thing that works seemingly with my friend's site-to-site VPN. I tried PFSense ... couldn't get it to work at all. I've not tried anything else, but I only know EdgeOS to connect with its kind. If you can think of something else, then by all means, but I will not, cannot, have a router that also does wireless support, so I don't care about that considering the wireless AP will be a separate device anyway. That's what my friend has and he loves it. You're probably wondering, then, why I'm so interested in matching networks with somebody else. It's because if I have an issue with something, he can assist with it easier and we all have the same hardware ... sort of like supported devices, you know? In terms of phones, since the iPhone 7's are so disappointing, and they do not have a headphone jack, any other suggestions? Another reason for Android is because I want to take more responsibility for my own device's security, patching, modding, and so on. I'm sick of the restrictive environment provided by Apple. ________________________________________ From: Blind-sysadmins [blind-sysadmins-bounces@lists.hodgsonfamily.org] on behalf of Scott Granados [scott@granados-llc.net] Sent: Tuesday, September 27, 2016 9:58 AM To: Blind sysadmins list Subject: Re: [Blind-sysadmins] possibly off topic: network configs and TVs
So a few things, the ubiquity routers aren't that great, they do not have a very good forwarding rate so depending on your cable speed it might e a waste of money because you won't be able to take advantage of the bandwidth. There gear is good for what it does especially for the money but some products are better than others, their routers are sketchy but their access points are quite good and so forth.
As for Android, I personally wouldn't waste your time unless you have an employment reason to use it. Especially depending on the brand of phone you use the security support and timely patching is nonexistent.
For your TV, Apple TV is quite good and there's the Amazon FireTV option as well. Where you will have access to the applications better on Apple TV the Amazon FireTV has good accessible support for the native apps and prime has a lot of content. Netflix is a very good option on Apple TV or I've heard if you remove the custom version of Netflix for some of the android based tv boxes and install the regular phone version it can also work quite well.
If you're looking for a low cost router with a better forwarding rate Mikrotik can do the job if you can stand the interface. It's accessible but sort of oddly constructed. You can get a wireless router that supports MIMO as well if you need WiFi support.
Xbox isn't a bad option but I know next to nothing about it's accessibility options or even if they exist. I have an Xbox 1 but I'm not the one who uses it, I didn't even know it was possible. If you can though that's a nice platform especially in terms of output options and quality of output. Oh if it's important to you, the Fire TV from Amazon does support 4K.
Just some random thoughts that may or may not help.
On Sep 26, 2016, at 9:24 PM, Katherine Moss <Katherine.Moss@gordon.edu> wrote:
Hi all, I'm preparing to move and I want my network to be as configured to my standards as possible; none of that ISP provides the router configuration stuff. My thoughts are as follows: put my ISP modem into bridged mode and have a Ubiquiti EdgeRouter acting as primary router/vpn/firewall; DNS and DHCP would be running as Windows servers (please don't ask, but I don't know why I'm so picky about that). That's all well and good, but since I've heard that EdgeOS plays havoc with ISP-provided cable boxes (running ethernet's not an option seeing that my future apartment is an edition onto the existing house and the only connectivity available is Coaxial (there's not an RJ45 jack to be found!)), I'm looking for a solution where I can still watch a movie or watch Fox without having to pay for cable and introduce a device over which I've got no access or control. I've thought of the following possibilities so far: Xbox running the latest OS (since the gaming side of me's still there, so wouldn't be a waste of money connect to Netflix, Fox, NESN,, whatever with that in addition to music and what not), a chromecast, though not sure how accessible they are,, Apple TV, though not sure how well that would work considering I'm switching to Android on the phone eventually, and finally, my most basic but least-preferred option, get a basic TV with an HdMI output and connect my Laptop whenever I want to watch something, which, isn't often, really. Any other suggestions would be great. _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins