Show ARP table: ip neigh show

# Switch to root mode:
sudo su

https://help.ui.com/hc/en-us/articles/204960094-EdgeRouter-Configuration-and-Operational-Mode

Some great shortcuts from here: https://www.reddit.com/r/Ubiquiti/comments/9dwok0/edgerouter_cli_guide_quick_and_concise_howto_with/

terminal length 0 will show all the output without segmenting them, so you don't have to press spacebar to see the next page.

show configuration will show how the router is configured.

show configuration commands will show all the commands to reconfigure the router to exactly how it currently is. This is useful if you log the printable output in Putty, so you can copy/paste the commands later, or even edit them in a text file and then paste them into the router.

configure enter configuration mode where you can make changes to the router. When you're inside this mode, you can type show and it'll be equivalent to type show configuration. You can type exit to leave this mode.

commit will apply the changes you've made.

save will save the changes so they're reflected upon reboot. This is useful to omit if you want to test the router with commit changes, and if it breaks something, a simple reboot will bring it back to the previous config.

; allows you to chain commands together. Example: commit;save;exit will execute those 3 in order.

? will show all available commands in the current context. Example: if I type set ? it will display all the possible things I can set/change. If I type set interfaces ? it will show all the interfaces that I can set/change. So on and so forth. It's a great way to figure out where things are and how they're set, etc.

TAB will autofill the rest of whatever commands are available. Example, if I type set inteTAB it'll autofill to set interfaces.

One way to think of the CLI is a bunch of sub-directories as you go through them. Example, let's say I want to change the description of eth0 port to 'my wan'.

set interfaces ethernet eth0 description 'my wan'
set indicates I'm going to add or change something; set something.

interfaces means I want to change one of the interfaces. Again, think of it like a directory: I'm going to look into the interfaces folder.

ethernet which interfaces do I want to set? The ethernet interfaces. Go into the ethernet folder.

eth0 which ethernet interface? eth0

description what do I want to change? The description.

'my wan' the quotations are needed for anything >1 word.

Keep in mind you can type ? anywhere along the commands to find out what the next "folder"/context command is. Example: if I type set interfaces ethernet ? it will show all the ethernet interfaces that are available.



Check error logs:
show log | grep openvpn



# Debugging
### Server process running? Also, check the cmd-line args.
ps -ef | grep openvpn
### openvpn logs via syslog
tail /var/log/messages
### ERL specific command
show openvpn status server
show openvpn status client
show ip route

https://community.ui.com/questions/Per-IP-Bandwidth-Limit/b0e166f7-ba01-4db9-9fd5-05576728d4f3

*** Consider using Wireguard instead!

https://notes.airinscomputers.com/?item=322





Thanks to Alex Jensen for creating this script:

https://www.cron.dk/easy-certificate-generation-for-openvpn/




To use:

1: Save this script to "/conf/openvpn/zmake.sh".

2: Change "EdgeOpenVPN" to be the IP address or hostname that clients should use to connect to the VPN. This will be put into every client...<Too long, click to read the rest>

set system static-host-mapping host-name uap-pro.ubnt.local inet <ip-address>
set system static-host-mapping host-name uap-pro.ubnt.local alias uap-pro

https://help.ui.com/hc/en-us/articles/115002673188

*** Consider using Wireguard instead!
https://notes.airinscomputers.com/?item=322


https://help.ui.com/hc/en-us/articles/115015971688-EdgeRouter-OpenVPN-Server

Edit /etc/ssl/openssl.cnf to change the expiration time from 365 days. You need to edit as root "sudo su"



Partial instructions for doing this on computer vs edgerouter....
1: Install OpenSSL on computer

2: Modify file to extend days past 365 (optional)
- "C:\Program Files\OpenVPN\easy-rsa\openssl-easyrsa.cnf"
- - default_days
...<Too long, click to read the rest>

https://help.ui.com/hc/en-us/articles/115006567467-EdgeRouter-Hardware-Offloading

configure

set system offload hwnat enable
set system offload ipsec enable

commit ; save

*** Consider using Wireguard instead!
https://notes.airinscomputers.com/?item=322

https://help.ui.com/hc/en-us/articles/115015971688-EdgeRouter-OpenVPN-Server

https://help.ui.com/hc/en-us/articles/204952134-EdgeRouter-Hairpin-NAT


configure

edit service nat rule 1
set description HTTPS
set inside-address address 172.16.20.20
set inside-address port 443
set log disable
set protocol tcp
set type destination


set inbound-interface eth+
set destination address 0.0.0.0
set destination port 443
top

edit service nat rule 5001
set description Hairpin_MASQ
set destination address 172.16.20.0/24
set source address 172.16.20.0/24
set log disable
...<Too long, click to read the rest>

https://help.ui.com/hc/en-us/articles/204911404-EdgeRouter-Traffic-Policies-Shaper-for-Upload-Download-and-VoIP

*** Consider using Wireguard instead!
https://notes.airinscomputers.com/?item=322


This will setup a L2TP with preshared key of preshared123, username of username1 and password of password1

configure

set firewall name WAN_LOCAL rule 270 action accept
set firewall name WAN_LOCAL rule 270 description IKE
set firewall name WAN_LOCAL rule 270 destination port 500
set firewall name WAN_LOCAL rule 270 log disable
set firewall name WAN_LOCAL rule 270 protocol udp

set firewall name WAN_LOCAL rule ...<Too long, click to read the rest>

*** Consider using Wireguard instead!
https://notes.airinscomputers.com/?item=322

This is old VPN technology, I don't recommend using this.


configure
set vpn pptp remote-access authentication mode local
set vpn pptp remote-access authentication local-users username username1 password laksdfjklsjkldf
set vpn pptp remote-access authentication local-users username username2 password abcdabcd
set vpn pptp remote-access client-ip-pool start 172.16.20.200
set vpn pptp remote-access client-ip-pool st...<Too long, click to read the rest>

https://blog.usman.network/posts/wireguard-vpn-on-a-ubiquiti-edgerouter/

https://help.ui.com/hc/en-us/articles/205145990-EdgeRouter-WAN-Load-Balancing#4

https://community.ui.com/questions/Dual-WAN-Fail-Over-Load-Balancing-Wizard/cb82bdc2-c225-482f-a8c8-6a7caf957177



Show status of WAN failover:
show load-balance status
show load-balance watchdog
show load-balance config

show ip route
show ip route table 201
show ip route table 202


Change percentage of traffic for WAN interfaces when both are working:
set load-balance group G interface eth4 weight 70
set ...<Too long, click to read the rest>