• Have a co-lo space.
• Have a block of 25 IP addresses.
• Have 2x ER-4's.
• Have a mix of servers (KVM, Hyper-V).
• Have some vm's (voip, meshcentral etc) that will be public facing (not sure if that's the correct term).

Questions:
Thinking of splitting this into 2, with half the gear behind one ER-4 & the other half behind the second ER-4.
Or just keep it real simple & use one ER-4.

This is just a "thinking-out-loud", "gathering-your-thoughts" therapy session.

Thoughts, feedback & critiquing are very much welcome...

@JaredBusch said in Replacement Software?:

@dafyre said in Replacement Software?:

RMM: Atera (https://www.atera.com/)

There's somebody here that uses that one... Is it you, @JaredBusch ?

Yes, I use Atera. Works well for my needs.

HAs a lot more functionality than I have spent time to use though.

@JaredBusch How is the Atera agent in Linux desktops? Does it work as good as the Windows agent?

I have 2 public IPs on the USGp4 (using WAN 1 & 2)
For some reason, the second peer (of my S2S) ER4 refuses to connect to the USGp4 WAN1 IP.
I finally tried WAN2 & it connected.

@JaredBusch Don't talk bad about my USG :grinning_face_with_smiling_eyes:
In a few week I plan on replacing the USG w an ER4.

For now, I was able to get the ER4 <--> USGp4 connection up & running...:thumbs_up:

@JaredBusch
S2S #1: ER4 (ip 1.2.3.4) <--> Meraki MX is up
S2S #2: ER4 (ip 1.2.3.4) <--> Unifi USG not working, just says "connecting" (when I run "show vpn ipsec sa)

Any tricks or tips to make S2S #2 work?

ER4 <--> Meraki MX S2S is "up"
Many thanks to @JaredBusch for all the help.

@JaredBusch said in EdgeRouter 4: IPSec, S2S vpn:

Never mind. I read the error closer.. I missed a line when I copy/pasted
fixed above also.

set service nat rule 5000 type masquerade

Haha, just added that line like 2 mins ago!!
Thanks for fixing!!

That previous error was due to copy/paste issues.

Here is the error I'm getting:

[ service nat ]
NAT configuration error: rule type not specified/valid

@JaredBusch :thumbs_up: :thumbs_up_medium_skin_tone: :thumbs_up_medium-dark_skin_tone:
I'll give that a try.

I appreciate the config @JaredBusch this'll come in handy when I deploy ER's on both sides.

For now I'm still searching for a solution: ER (on one side) <--> Meraki MX (on the other side).

@JaredBusch Any good news?

@JaredBusch I also have multiple subnets on both sides of the VPN.

@JaredBusch said in EdgeRouter 4: IPSec, S2S vpn:

@Dashrender said in EdgeRouter 4: IPSec, S2S vpn:

can you post a sanitized config? I'm sure that will help @JaredBusch

I'm generally busy alreadythis evening, but I can get a config later, or int he mornign from any number of routers using IPSEC.

Much appreciated!

@JaredBusch said in EdgeRouter 4: IPSec, S2S vpn:

@FATeknollogee said in EdgeRouter 4: IPSec, S2S vpn:

@Dashrender It's all new, so I deleted what I started with.
I'm just using the GUI.

EdgeOS VPN in the GUI sucks big donkey balls.

ROFL :thumbs_up:

@Dashrender It's all new, so I deleted what I started with.
I'm just using the GUI.

@scottalanmiller said in IT legal resources?:

We have an attorney, but he's not specific to IT.

He does know IT?
Best way to proceed?

Does anyone have access to IT legal resources?
I need to get a few "release of liability" letters drafted.
More for CYA protection.

For all you ER experts...
Trying to replace one of my Meraki MX with an ER4.
Also trying to configure a few S2S vpn (w multiple subnets on both sides)- ER4 <--> Meraki MX.

So far not having good results.
I was able to connect ER4 <--> USG Pro 4
Anytime I add a new peer, it takes down the existing connection & the only way I can bring it back up, is by issuing sudo ipsec up <connection_name>

I'm sure some will correct my wrongful ways...I'll go sit in the corner & wait for you guys to respond!!

@StuartJordan These are the ports I always need (haven't checked others).
I was able to use the new Relay feature on MeshCentral 2 to connect via LAN.