I am getting a valid IP address from the Edgerouter X of UPDATE: After posting questions on Ubiquiti's Community forums that went unanswered, finding no resolution on Spiceworks, and spending two and a half frustrating hours online with Ubiquiti tech support, I have returned the Ubiquiti devices and will try and find a router that has better tech support, a less confusing array of "controllers", fewer pieces of hardware if consumer class devices can roll it all into one device, Ubiquiti should be able to as well and has actual documentation on how to do simple things like making a VPN connection actually work.
Not only did the office go offline and remain offline after the upgrade to version 2. Rebooting the router did not fix the problem. Trying to access the router's OS via different ports directly from the PC with the controller software also did not work.
I had to reset the router to gain access to the settings again - which ensured that all of my settings were gone. Since the business needed to actually do business in just a few hours, and I had already invested over 20 hours into the Ubiquiti equipment and tech support staff with no resolution, I decided to put back their consumer grade ASUS router, which still had all of the settings and was as simple to place back online as plugging it in.
There is always a learning curve for any new hardware, software or process. I get that. But it should not take 2 days and 2 tech support agents to set up a simple VPN - much less 2 days, 2 tech support agents and still have no solution.
The Ubiquiti hardware seems well built, but the tech support and configuration options available via the software definitely needs work. Thanks to all who posted. When I find a suitable replacement I will post about it in another thread so that others looking for a simple, reliable small business router with VPN capabilities can see if it suits their needs as well.
What are you using to support the remote systems? I can tell you that if a user's session is logged into a Sophos SSL VPN and you have fast user switching enabled, the admins can login with their admin session and log off without having to touch the user's session. To authenticate before login? I can tell you that the SSL VPN is a customized version of OpenVPN - so finding an OpenVPN solution that would connect systems before login should work with the Sophos solution - you'll just have to download the config and certificates for the user, instead of the entire install package.
Then you can continue to use the Microsoft client.
I'm mainly Cisco so the biggest problem was the differences in terms, the CLI and methodology they use to deploy everything. Seemed like there were extra steps for everything I needed to do. However, I knew that going into the project. I also knew to expect that there was little to no support from Ubiquiti. Many people warned about that. After a few hours learning the GUI, the CLI and getting familiar with how answers came from the knowledge base it wasn't too difficult.
Once the VPN was established, the problem was down to the firewall. It sounds like that was your issue as well. I also remember there being a checkbox to allow connections to route through the main office. I was trying to get a phone system to connect back to the main system and the provider didn't give me the correct set of ports. Once that was done, we were good to go. Again, Cisco is my main band so I'd have to look up how I got the Edgerouter but sounds like that would be too late to help.
Stack Overflow for Teams is a private, secure spot for you and your coworkers to find and share information. The symptom is: the host machine has proper network access, but programs running within containers can't resolve DNS names which may appear to be "can't access the network" before investigating more.
This just works in many configurations, but obviously doesn't when the host runs on a network where Google's public DNS are filtered by some firewall rules. There may be several reasons why DNS is broken within docker containers. This question and answers covers the case where:. Once this is done, you can add This can be done either using the command-line:. A brutal and unsafe solution is to avoid containerization of the network, and use the same network on the host and on the container.
This is unsafe because this gives access to all the network resources of the host to the container, but if you do not need this isolation this may be acceptable. Since the automatic DNS discovery is guilty here, you may override the default setting in docker's configuration.
One advantage of this solution is that there is no configuration file involved, hence no risk of forgetting about the configuration and running into troubles later because of a specific config: you're getting this DNS configuration if and only if you type the --dns option.
This is strongly discouraged if your machine is a laptop that connects to different networks, and may be problematic if your internet service provider changes the IP of the DNS servers.
One way is to use a user defined network for your container. Note, however, that while docker-compose runs containers in a user-defined network, it still builds them in the default network. To use a custom network for builds you can specify the network parameter in the build configuration requires file format v3.
Since dnsmasq is the issue, one option is to disable it on the host. This works, but will disable DNS caching for all applications running on the host, hence is a really bad idea if the host is used for applications other than docker. If you're sure you want to go this way, uninstall dnsmasqe. I just had to deal with this last night and eventually remembered that docker run has a set of options for handling it. I used --dns to specify the DNS server I want the container to use.
Works like a champ and no need to hack my docker host.Mods reserve the right to remove topics that are considered disruptive or inappropriate for this subreddit. Useful EdgeRouter Commands. Use LetsEncrypt With Unifi. EdgeMax Consultants. Running a Cloud Key v1 with controller 5. Well, you can install bind or unbound for ssl dns on them on any other port than 53I would say that they're more than OK.
Toss a VPN Server on top and you've got quite the little utilitarian system with very low resource requirements. They're called Nameservers for a reason. Don't make a router do a server's job. PiHole itself ran on dnsmasq last time I checked, but yes, you can install a local unbound and use it as upstream from the pihole.
This is how I do it for my network setup. Once you have the config file setup, run a force provision on the USG. I've been trying to figure out the best way to approach this in my little SOHO infrastructure setup, as well, after just recently having stood up a domain controller on a Windows Server VM that remains mostly unused while I consider various setup methods -- I had settled on enabling dnsmasq on my Edgerouter and utilizing a subdomain from my TLD for internal uses.
For example, nas1. I've also got a couple instances of Pi-hole going which i would also highly recommend for most any network, can be stood up on a little RPi, or basic Linux server VM, or even in a Docker container with "Conditional Forwarding" enabled to show all device names as opposed to just IP addresses in the various logs and interfaces.
I've heard of other folks using a simple JSON file to achieve similar results, by creating a config. With UniFi Controller 5. Holler if you need screenshots or anything -- older versions should be fairly similar to setup and configure.
Domain is set for each network e. Static records go in your config. It has no way to escape double quotes in the JSON parser. Had to switch to using the local Dnsmasq on Pihole. Not sure why if you have a Server VM with DNS on it you even care, let it do its job, hell, put DHCP on there too it interfaces with AD and all the functionality is so much better than easier to manage anyway, let the router and switches do routing and switching.
It sounds like you are running Active Directory Domain Services?
DNS on a USG or edgerouter will only bring tears, especially if you want things to resolve by a user set hostname.GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
If nothing happens, download GitHub Desktop and try again. If nothing happens, download Xcode and try again. If nothing happens, download the GitHub extension for Visual Studio and try again.
You can use this script in any manner that suits you though remember at all times that by using it you agree that you use it at your own risk and neither I nor anybody else except for yourself is to be held responsible in case anything goes wrong as a result of using this script. The good thing about dnsmasq is that it also can read hosts file on your router. Hence it can be configured to resolve names of some of the hosts on your LAN. Suppose that you need to use an alternative name server on certain hosts of your network.
Usually you would just set DNS servers on those hosts manually. Before the second dnsmasq can be used the first dnsmasq run by the system, needs to be reconfigured. For the sake of this tutorial let's assume that the EdgeRouter is configured in the following manner:. The abovementioned local server's hostname is "localserver" and its IP is Also there's a workstation on the LAN that needs to use 8.
Edgerouter dnsmasq not working
Wireless clients also need to use the alternative DNS servers, but they are configured manually. Clients will typically use the router IP to access local DNS server, so in our setup the first dnsmasq is expected to listen at For the second dnsmasq other addresses must be used therefore we will add them to appropriate interfaces on the EdgeRouter.
But before doing that please make sure that they are available and lie outside the ranges used for dynamic allocation by the dhcpd:. Now, when we know the available IP addresses range we can proceed to configure the extra IPs for the second dnsmasq:. Now the first dnsmasq should be reconfigured to accommodate for the second one. By default dnsmasq listens on all addresses of all interfaces and then answers only select requests. To prevent that behavior "bind-interfaces" option should specified:.
Important: the configuration utility will not allow you to remove all "listen-on" lines, commit will fail then. Which means that if you want the second dnsmasq to be accessible on all the interfaces where the first dnsmasq operates, you can probably employ a workaround: create an extra virtual interface and point the first dnsmasq at it with a "listen-on" directive. Download or clone the script from the github repositoryextract it from the archive if needed.
The second dnsmasq parameters are embedded into the script itself, so to set it up you will need to edit the script itself. Please make sure that you are using a sane text editor. In this tutorial it should look like this:. Second dnsmasq will forward requests to either of these servers:.
If the clients need to be configured as members of a domain then the following line should be edited accordingly. Otherwise if there is no local search domain then this line should be commented out altogether. The rest of the parameters do not require editing. Please read the comments inside the script if you feel like figuring them out.It isn't just you. Several others have made the same observation - something is clearly broken. Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact tnmff microsoft. But this is irrelevant due to 4 below. So, someone has made a tiny boo-boo when network first connects and tries to configure itself I have raised this issue up to the Product Group and we are investigating further. Can anyone that is encountering this issue please capture a network trace on the client and if possible, the DHCP server and send them to me?
You can contact me directly at arudell at microsoft dot com. At this time, the product group is investigating further to determine root cause. I will update this thread as soon as I have some more information. IPv6 Address. The top address is the dhcpv6 address. The second address is the global static address.
The third-fifth addresses are deprecated temporary addresses. The sixth address is the current temporary address. The seventh address is the link local static address. After disabling and enabling the interface, deprecated addresses will disappear, leaving four addresses. Before theanniversary update and with windows 7 it worked. I hope Microsoft solves this soon!
If I restart the dnsmasq service, I get the same log entries except for the last line and then it is reachable for all machines on the network - all is fine. The last line is so that machines on my local network will be able to find the server itself using its domain name. My internet router won't forward requests for homeserver. Sign up to join this community. The best answers are voted up and rise to the top. Asked 1 year, 9 months ago.
Active 12 months ago. Viewed 3k times. Aug 11 srvname dnsmasq: dnsmasq: syntax check OK. Aug 11 srvname dnsmasq: started, version 2. Aug 11 srvname dnsmasq: Ignoring query from non-local network I have no idea where the last line comes from but it is there immediately after reboot before I do anything.
In addition to this config I filter out malware servers from a list. However, I am not sure how to do that. A friend suggested that the order in which the services are started might be the issue and to move dnsmasq to the end so it starts last. However, I am also not sure how to modify this. However, that did not help either. RolandU RolandU 43 2 2 silver badges 7 7 bronze badges. I only have one eth-interface and all machines are on the same subnet, so I don't think this is the issue.
For one reason or another, dnsmasq seems to believe that they're not on the same subnet -- that's what should be investigated. Please notice that you can use except-interface with an interface that doesn't exist, eg.
Active Oldest Votes. Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password.There are other members of the Ubiquiti EdgeRouter family that use this same v1.
Something no consumer router could do, running my home network and my home lab, together. It wasn't hard to configure, and future articles will cover my exact configuration process, all using the web based GUI. Only way faster, more better. All that said, no networking product is perfect. The web changes. Regular firmware updates are today's reality.
The minor bumps in the road that affected my configuration these last 7 months of ownership included:. I was relieved when I spotted this release. Just in time for my planned vSphere 6. Of course, I quickly read the 1. These weren't show-stoppers for me. I was just really wanting to be sure I was going to have a set of how to install vSphere 6. I was also hopeful that 1. So I went and downloaded 1. At first, good news!
But minute later, a new problem surfaced. I tried to visit my VMware vSphere 6. Uh oh. So off to the friendly Ubiquiti forums I went, signing up for a free account, and posting my question there:.
To my amazement, a proposed workaround was posted by lanefu within about 10 hours, and it worked! For folks that have multiple DHCP servers configured, see also joemoor 's comment. It's amazing the level of problem determination details that several folks presented, basically a free root cause analysis to the problem I was experiencing. Not something you see everyday.
There were also quickly reports of other folks noticing the same problem, adding to my new forum thread, and even a Ubiquiti employee chiming in. For my lab with a local domain of lab. This saves the change to the working set of the router.