When using this json my USG says the external IP is 0.0.0.0.
Closed this issue · 16 comments
In the USG overview the WAN IP gives back 0.0.0.0.
I think it causes my VPN not to connect when using L2TP.
Do you have any idea what the cause is?
Info works fine.
Model: UniFi-Gateway-3
Version: 4.4.26.5102846
MAC Address: -
IP Address: 0.0.0.0
Hostname: CheckPoint
Uptime: 8131 seconds
Status: Connected (http://192.168.2.101:8080/inform)
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_req=1 ttl=125 time=3.85 ms
Yes.
I do have a Pi Hole set up in the network, does that have anything to do with it?
It worked before I used the gateway json.
The USG is running the l2tp server. Portforwarding is working fine on other devices, the ddns name resolves nicely to my current IP.
The 0.0.0.0 is what bothers me at the moment. That looks strange.
Thanks for your help!
Alright.
I will start from scratch. Edited a few things to see if I can get it to work. I'll post with updates. Thanks for your help so far!
Just to confirm, you are using a USG3?
I am using one with firmware 4.4.27.
Cloudkey is using firmware 0.11.10 with Unifi controller version 5.9.24.
Below is what I am using, I just changed the mac address and my internal lan IP/subnet. Will let you know how it works.
{
"firewall": {
"source-validation": "disable"
},
"interfaces": {
"ethernet": {
"eth0": {
"description": "WAN",
"duplex": "auto",
"speed": "auto",
"vif": {
"4": {
"address": [
"dhcp"
],
"description": "eth0.4 - IPTV",
"dhcp-options": {
"client-option": [
"send vendor-class-identifier "IPTV_RG";",
"request subnet-mask, routers, rfc3442-classless-static-routes;"
],
"default-route": "no-update",
"default-route-distance": "210",
"name-server": "update"
}
},
"6": {
"description": "eth0.6 - Internet",
"firewall": {
"in": {
"name": "WAN_IN"
},
"local": {
"name": "WAN_LOCAL"
},
"out": {
"name": "WAN_OUT"
}
},
"pppoe": {
"2": {
"default-route": "none",
"firewall": {
"in": {
"name": "WAN_IN"
},
"local": {
"name": "WAN_LOCAL"
},
"out": {
"name": "WAN_OUT"
}
},
"mtu": "1492",
"name-server": "none",
"password": "kpn",
"user-id": "my-ma-ca-dd-re-ss@internet"
}
}
}
}
},
"eth1": {
"description": "eth1 - LAN",
"address": [
"192.168.2.100/24"
],
"duplex": "auto",
"firewall": {
"in": {
"name": "LAN_IN"
},
"local": {
"name": "LAN_LOCAL"
},
"out": {
"name": "LAN_OUT"
}
},
"speed": "auto"
},
"eth2": {
"disable": "''",
"duplex": "auto",
"speed": "auto"
}
},
"loopback": {
"lo": "''"
}
},
"protocols": {
"igmp-proxy": {
"interface": {
"eth0.4": {
"alt-subnet": [
"0.0.0.0/0"
],
"role": "upstream",
"threshold": "1"
},
"eth1": {
"alt-subnet": [
"0.0.0.0/0"
],
"role": "downstream",
"threshold": "1"
}
}
},
"static": {
"interface-route": {
"0.0.0.0/0": {
"next-hop-interface": {
"pppoe2": {
"distance": "1"
}
}
}
},
"route": {
"213.75.112.0/21": {
"next-hop": {
"10.213.96.1": "''"
}
}
}
}
},
"port-forward": {
"auto-firewall": "enable",
"hairpin-nat": "enable",
"lan-interface": [
"eth1"
],
"wan-interface": "pppoe2"
},
"service": {
"nat": {
"rule": {
"5000": {
"description": "MASQ corporate_network to IPTV network",
"destination": {
"address": "213.75.112.0/21"
},
"log": "disable",
"outbound-interface": "eth0.4",
"protocol": "all",
"type": "masquerade"
},
"6001": {
"description": "MASQ corporate_network to WAN",
"log": "disable",
"outbound-interface": "pppoe2",
"protocol": "all",
"source": {
"group": {
"network-group": "corporate_network"
}
},
"type": "masquerade"
},
"6002": {
"description": "MASQ remote_user_vpn_network to WAN",
"log": "disable",
"outbound-interface": "pppoe2",
"protocol": "all",
"source": {
"group": {
"network-group": "remote_user_vpn_network"
}
},
"type": "masquerade"
},
"6003": {
"description": "MASQ guest_network to WAN",
"log": "disable",
"outbound-interface": "pppoe2",
"protocol": "all",
"source": {
"group": {
"network-group": "guest_network"
}
},
"type": "masquerade"
}
}
}
}
}
It still gives me 0.0.0.0.
What do you mean with a decrypt error, where should I've seen that? Do you mean a decrypt error on the L2TP VPN?
I will try 4.4.18. I asume the above is a copy paste from your USG, that gives back 0.0.0.0 too.
An UBNT-employee posted that it could be related to the two different VLANS.
This is most likely because you have multiple VLANs on WAN so the config_network_wan in the inform gets confused (hence the controller displaying 0.0.0.0). What you'll want to do is just add the outside address you want to use manually in the config.gateway.json in the L2TP section under the "outside-address" config node.
@shaft8472 did you ever sort this out with the “outside-address”? I have the same problem, just looking for an example config on how to resolve it.
On the controller, if you examine the USG, and then open the WAN overview screen.
If you SSH into it, info shows the same.
If you say, show interfaces, then it does show the correct info for everything.
@shaft8472 did you ever sort this out with the “outside-address”? I have the same problem, just looking for an example config on how to resolve it.
No, it's a limitation of the USG at the moment. It cannot handle multiple VLANS on the WAN port. When I'm done updating/configuring my USG I do the following to enable my LT2P VPN:
SSH to the USG
configure
set vpn ipsec ipsec-interfaces interface pppoe2
delete vpn l2tp remote-access dhcp-interface eth0
set vpn l2tp remote-access outside-address 0.0.0.0
commit
save
Aha! Yes this works, thanks! I will see if I can somehow work it into the config.
Let me know if you’ve got that working!