dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
18

bbarrera
MVM
join:2000-10-23
Sacramento, CA

bbarrera to dda

MVM

to dda

Re: Issues with new USG 50

said by dda:

They certainly point to different things! I'll check the configuration when I get home. I did try removing the domain name from the host name section but it didn't really do anything.

Removing the domain name from System > Host should stop the router from being authoritative, although you might also have it configured in System > DNS section.

The problem is that once you've done it, then entries like "server 192.168.1.2" in System > DNS will fail to work, and you'll need to have entries like "server.dantonio.net 192.168.1.2" but that will fail if LAN computers aren't setup to default search for dantonio.net (depends on how your DHCP is setup).
dda
Premium Member
join:2003-12-29
Bolton, MA

dda

Premium Member

I solved the DNS issue the (sorta) hard way; I skipped the USG 50 entirely and added all my internal hosts as Master Zones to the Snow Leopard Server. I had originally tried what you had suggested and it didn't work; that might have been due to caching or other issues.

In any case, it is working now so thanks! Now to try to address the VPN and torrent issues.

bbarrera
MVM
join:2000-10-23
Sacramento, CA

bbarrera

MVM

said by dda:

I solved the DNS issue the (sorta) hard way; I skipped the USG 50 entirely and added all my internal hosts as Master Zones to the Snow Leopard Server.

The easy way if you ask me, at least with OS X Server you have full control of BIND.

I gave up on using the router as IPSec endpoint for remote clients, and instead port forward to OS Server's L2TP Server. Works great with Mac and Windows and iOS.
dda
Premium Member
join:2003-12-29
Bolton, MA

dda

Premium Member

said by bbarrera:

The easy way if you ask me, at least with OS X Server you have full control of BIND.

Well, it was a lot more clicking and data entry than just using the DNS page in the USG! But yes, I do have more control now.
said by bbarrera:

I gave up on using the router as IPSec endpoint for remote clients, and instead port forward to OS Server's L2TP Server. Works great with Mac and Windows and iOS.

I got the USG because it could be an IPSEC endpoint. Is L2TP as secure as IPSEC? I know the iPhone does L2TP over IPSEC; does Mac OS X do the same thing? I suppose it would be nicer to use OS X Server to handle all of this but then I really don't need the power of the USG.
Kirby Smith
join:2001-01-26
Derry, NH

Kirby Smith

Member

If you are running BT and exposing yourself [figuratively] to the rest of the world, you may want to run IDS at a minimum. This will use a fair amount of that "excess" power. I also run the Kasperski AV, but it doesn't usually report any detections.

I also see several TCP flag attacks per hour from all over the world that IDS drops. If sent deliberately, it is the result of my IP addresses being available to BT trackers.

I have heard of a queuing theory that is possibly relevant: The wait time is proportional to the reciprocal of (1 minus the fractional utilization). The implication is that one doesn't want to try to utilize all of the power available. If I had money to burn I would have already moved to the USG 300, which is more "powerful" than my dual FTTH connections. The USG50 cannot perform AV and IDS on dual 30/15 data streams. (Some types of data are not examined, but right now I'm not clear how that affects actual throughput in my context of BT and video streaming from Crunchyroll.)

kirby

bbarrera
MVM
join:2000-10-23
Sacramento, CA

bbarrera to dda

MVM

to dda
said by dda:

I got the USG because it could be an IPSEC endpoint. Is L2TP as secure as IPSEC? I know the iPhone does L2TP over IPSEC; does Mac OS X do the same thing? I suppose it would be nicer to use OS X Server to handle all of this but then I really don't need the power of the USG.

Its actually L2TP over IPSec (L2TP/IPSec), with IPSec used to secure L2TP traffic.
dda
Premium Member
join:2003-12-29
Bolton, MA

dda

Premium Member

said by bbarrera:

Its actually L2TP over IPSec (L2TP/IPSec), with IPSec used to secure L2TP traffic.

While I have L2TP over IPSec working with the iPhone and iPad, it won't work when I use my work LAN, which is unfortunately double-NATted. It also doesn't work with the MacBook Pro at work, probably for the same reason. For the iDevices, it's easy; I switch to LTE but that doesn't cut it for the Macs. Any idea how to deal with double NATting? Or is that even an issue?

bbarrera
MVM
join:2000-10-23
Sacramento, CA

bbarrera

MVM

I dunno, its something I haven't encountered.