Wednesday, May 23, 2018

Installation Unifi Controller

Install debian ISO CD with minimum stable release.

Login and entrance terminal
1.  apt-get install sudo
2.  nano /etc/ssh/sshd_config
edit with root password login previlledge

login via ssh to make easy setup
1. download unfi debian package
2. sudo dpkg -i unifi_sysvinit_all.ded

if found an error, do the following

 sudo apt-get install -f


To be auto start unifi,

 sudo apt-get install haveged

This worked.

-------------------------------------------------------------------------------
**New -update for newest version debian.

Instructions from UI community

 

1) Copy the link location of the script.

2) SSH into your Ubuntu/Debian machine, and login as root. ( Ubuntu | sudo -i | Debian | su )

2a) Make sure the ca-certificates package is installed.

apt-get update; apt-get install ca-certificates wget -y

3) Download the script by executing the following command. ( change it to your wanted version )

wget https://get.glennr.nl/unifi/install/unifi-5.13.32.sh
Install the latest and greatest UniFi Network Controller with 1 line. ( copy paste )
rm unifi-latest.sh &> /dev/null; wget https://get.glennr.nl/unifi/install/install_latest/unifi-latest.sh && bash unifi-latest.sh

3a) Remove cdrom sourcelist

 nano vi /etc/apt/sources.list

# cdrom .

.

3b) install sudo

apt-get install sudo


4) Now run the script with the command below.

bash unifi-5.13.32.sh
The script has multiple options:
Option: --help
Shows script options and information.
Option: --skip
Skip any kind of manual input.
Option: --skip-install-haveged
Skip installation of haveged.
Option: --add-repository
Add UniFi Repository if --skip is used.
Option: --custom-url [argument]
Manually provide a UniFi Network Controller download URL. ( argument is optional )
example: --custom-url https://dl.ui.com/unifi/5.13.29/unifi_sysvinit_all.deb
Option: --v6
Run the Let's Encrypt script in IPv6 mode.
Option: --email [argument]
Specify what email address you want to use for Let's Encrypt renewal notifications.
example: --email glenn@glennr.nl
Option: --fqdn [argument]
Specify what domain name ( FQDN ) you want to use, you can specify multiple domain names with : as separator,.
Example: --fqdn glennr.nl:www.glennr.nl
Option: --server-ip [argument]
Specify the server IP address manually.
example: --server-ip 1.1.1.1
Option: --retry [argument]
Specify how many times the Let's Encrypt should retry the challenge/hostname resolving.
example: --retry 5
Option: --external-dns [argument] 
Use external DNS server to resolve the FQDN.
example: --external-dns 1.1.1.1
Option: --force-renew
Force renew the certificates.
Option: --dns-challenge
Runs the Let's Encrypt script in DNS mode instead of HTTP.
Example command to run the script:
The example command installs the UniFi Network Controller with Let's Encrypt certificates without any input from the user for glennr.nl and www.glennr.nl with email address glenn@glennr.nl for the renewal notifications.
bash unifi-5.13.29.sh --skip --fqdn glennr.nl:www.glennr.nl --email glenn@glennr.nl

5) Once the installation is completed browse to your controller.

https://ip.of.your.server:8443

Posted by at No comments:

Tuesday, May 1, 2018

VPN net 2 Net with Edgerouter

Network topology is shown below and the following interfaces are in use on the EdgeRouters:
ER-R
  • eth0 (WAN) - 203.0.113.1
  • eth1 (LAN) - 192.168.1.1/24
  • vtun0 - 10.255.12.1/32
ER-L
  • eth0 (WAN) - 192.0.2.1
  • eth1 (LAN) - 172.16.1.1/24
  • vtun0 - 10.255.12.2/32
topology_new.png

OpenVPN Site-to-Site

Back to Top
For the purpose of this article, it is assumed that the routing and interface configurations are already in place and that reachability has been tested.
CLI: Access the command line interface (CLI). You can do this using the CLI button in the GUI or by using a program such as PuTTY.
1. Generate the 2048 bit shared secret on ER-R.
generate vpn openvpn-key /config/auth/secret
Click to copy
2. Display the shared secret and copy the output to a text file.
sudo cat /config/auth/secret
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
48fc8ac5b96655a08e041de6263a4e7b 
<output shortened>
-----END OpenVPN Static key V1-----
3. Log in to ER-L and copy the contents of the shared secret to a new file in the /config/auth directory.
sudo cat > /config/auth/secret
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
48fc8ac5b96655a08e041de6263a4e7b 
<output shortened>
-----END OpenVPN Static key V1-----
4. Use CTRL-D to save the file.
5. Change the file permissions and set the owner to the root user.
sudo chmod 600 /config/auth/secret
sudo chown root /config/auth/secret
Click to copy
5. Verify that the file is in the correct location and that it has the correct permissions.
ls -l /config/auth/
-rw------- 1 root vyattacf 636 Jan 1 13:00 secret
6. Log back into ER-R to continue the OpenVPN configuration.
7. Enter configuration mode.
configure
8. Add a firewall rule for the OpenVPN traffic to the local firewall policy.
set firewall name WAN_LOCAL rule 30 action accept
set firewall name WAN_LOCAL rule 30 description openvpn
set firewall name WAN_LOCAL rule 30 destination port 1194
set firewall name WAN_LOCAL rule 30 protocol udp
Click to copy
9. Create the OpenVPN virtual tunnel interface and define the local and remote ports.
set interfaces openvpn vtun0 mode site-to-site
set interfaces openvpn vtun0 local-port 1194
set interfaces openvpn vtun0 remote-port 1194
Click to copy
10. Define the local and remote endpoints of the tunnel.
set interfaces openvpn vtun0 remote-host 192.0.2.1
set interfaces openvpn vtun0 local-host 203.0.113.1
Click to copy
11. Define the local and remote tunnel IP addresses.
set interfaces openvpn vtun0 local-address 10.255.12.1
set interfaces openvpn vtun0 remote-address 10.255.12.2  
Click to copy
12. Link the shared secret to the virtual tunnel interface.
set interfaces openvpn vtun0 shared-secret-key-file /config/auth/secret
Click to copy
14. Create either static or dynamic routing entries for the remote subnet.
Static Routing
set protocols static interface-route 172.16.1.0/24 next-hop-interface vtun0
set protocols static interface-route 10.0.1.0/24 next-hop-interface vtun1
Click to copy
Dynamic routing using OSPF
set interfaces openvpn vtun0 ip ospf network point-to-point

set protocols ospf passive-interface default
set protocols ospf passive-interface-exclude vtun0
set protocols ospf parameters router-id 0.0.0.1
set protocols ospf area 0 network 10.255.12.1/32
set protocols ospf area 0 network 192.168.1.0/24
Click to copy
15.  Tweak the OpenVPN options (see the OpenVPN manual for more information).
16. Commit the changes and save the configuration.
commit ; save 

You can verify the VPN settings using the following commands from operational mode:
show firewall name WAN_LOCAL statistics 
show interfaces
show interfaces openvpn detail         
show openvpn status site-to-site
Posted by at No comments:
Subscribe to: Posts (Atom)