Bonjour,
J'ai installé il y a deux semaines un EdgeRouter 4 pour remplacer ma Livebox Play. J'ai suivi le tuto
https://lafibre.info/remplacer-livebox/tuto-edgerouter-erpro-8-pour-internet-livebox-dhcp-pour-tv-et-telephone/ et tout a marché parfaitement: Internet, TV et téléphone.
Depuis quelques jours mon téléphone ne fonctionne plus (je l'ai découvert aujourd'hui), hier encore je pouvais regarder la TV mais pas enregistrer (l’enregistrement marchait bien après le remplacement de la Livebox par l'Edgrouter).
J'ai redémarré la Livebox et elle ne reçoit plus d'IP de l'EdgeRouter.
J'ai redémarré l'Edgerouter - toujours KO.
J'ai réinitialisé la LB (bouton reset pendant 5 secondes) - toujours KO.
J'ai connecté à titre de test la LB directement à l'ONT - elle accède à Internet.
Sur l'Edgerouter Internet fonctionne et tous les devices qui sont sur le port "LAN" (eth2 dans le tuto, un switch y est attaché) foncionnentet ont accès à Internet.
C'est donc vraiment un problème entre l'EdgeRouter et la Livebox.
En faisant un
root@ubnt:~# tcpdump -i eth0 -nn -vvvje vois
beaucoup de paquets
17:22:45.243991 IP (tos 0x0, ttl 2, id 18636, offset 0, flags [DF], proto UDP (17), length 497)
192.168.2.1.59745 > 239.255.255.250.1900: [udp sum ok] UDP, length 469et de temps en temps un paquet DHCP ( (...) remplace une partie de AUTH)
0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from b8:26:6c:c9:bc:34, length 392, xid 0x57361e9d, secs 61, Flags [Broadcast] (0x8000)
Client-Ethernet-Address b8:26:6c:c9:bc:34
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Parameter-Request Option 55, length 12:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name
BR, Lease-Time, RN, RB
AUTH, Option 119, Option 120, Option 125
Vendor-Class Option 60, length 5: "sagem"
Client-ID Option 61, length 7: ether b8:26:6c:c9:bc:34
User-Class Option 77, length 44:
instance#1: "FSVDSL_livebox.Internet.softathome.Livebox3", length 43
AUTH Option 90, length 70: 0.0.0.0.0.0.0.0.0.(...).149
END Option 255, length 0
Pour quelle raison l'Edgerouter ne donnerait pas l'IP à la LB? (alors qu'il l'avait bien fait avant)
Je suis preneur de toutes idée car un peu désespéré
Ma config de l'Edgerouter:
root@ubnt:/config# cat config.boot
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name TOR {
default-action accept
description "tor virtual machine"
rule 10 {
action accept
description "allow DNS"
destination {
port 53
}
log disable
protocol udp
source {
address 192.168.10.8
}
}
rule 20 {
action accept
description "allow outgoing via OpenVPN"
destination {
port 502
}
log disable
protocol tcp
source {
address 192.168.10.8
}
}
rule 30 {
action drop
description "block generic traffic"
log disable
protocol all
source {
address 192.168.10.8
}
}
}
name WAN_IN {
default-action drop
description "WAN to internal"
enable-default-log
rule 10 {
action accept
description "Allow established/related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 1 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 2 {
action accept
description "Allow Ping"
destination {
group {
address-group ADDRv4_eth2
}
}
log enable
protocol icmp
}
rule 3 {
action drop
description "Drop invalid state"
log disable
state {
invalid enable
}
}
}
options {
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
bridge br0 {
aging 300
bridged-conntrack disable
description "bro -> eth0.838 LIVEBOX (VoD)"
hello-time 2
max-age 20
priority 0
promiscuous disable
stp false
}
bridge br1 {
aging 300
bridged-conntrack disable
description "br1 -> eth0.840 LIVEBOX (ZAPPING + CANAL 1)"
hello-time 2
max-age 20
priority 0
promiscuous disable
stp false
}
ethernet eth0 {
description "eth0 VERS LIVEBOX"
duplex auto
speed auto
vif 832 {
address 192.168.2.1/24
description "eth0.832 LIVEBOX (INTERNET + VOIP + CANAL 2)"
}
vif 838 {
bridge-group {
bridge br0
}
description "eth0.838 LIVEBOX (VoD)"
egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4"
}
vif 840 {
bridge-group {
bridge br1
}
description "eth0.840 LIVEBOX (ZAPPING + CANAL 1)"
egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5"
}
}
ethernet eth1 {
description "eth1 ONT (FIBRE RJ45)"
duplex auto
speed auto
vif 832 {
address dhcp
description "eth1.832 (INTERNET + VOIP + CANAL 2)"
dhcp-options {
client-option "send vendor-class-identifier "sagem";"
client-option "send user-class "\053FSVDSL_livebox.Internet.softathome.Livebox3";"
client-option "send rfc3118-auth 00:0...32;"
client-option "request dhcp-lease-time, dhcp-renewal-time, dhcp-rebinding-time, domain-search, rfc3118-auth;"
default-route update
default-route-distance 210
global-option "option rfc3118-auth code 90 = string;"
name-server update
}
egress-qos "0:0 1:0 2:0 3:0 4:0 5:0 6:6 7:0"
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
out {
name TOR
}
}
ipv6 {
address {
autoconf
}
dup-addr-detect-transmits 1
}
}
vif 838 {
bridge-group {
bridge br0
}
description "eth1.838 (VoD)"
egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4"
}
vif 840 {
bridge-group {
bridge br1
}
description "eth1.840 (ZAPPING + CANAL 1)"
egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5"
}
}
ethernet eth2 {
address 192.168.10.1/24
description "eth2 LOCAL LAN SWITCH"
duplex auto
speed auto
}
ethernet eth3 {
disable
duplex auto
speed auto
}
loopback lo {
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth2
rule 1 {
description "ssh to srv"
forward-to {
address 192.168.10.2
port 22
}
original-port 22
protocol tcp
}
rule 2 {
description "https to nginx"
forward-to {
address 192.168.10.3
port 443
}
original-port 443
protocol tcp
}
rule 3 {
description "openvpn to vpnin"
forward-to {
address 192.168.10.4
port 1194
}
original-port 1194
protocol tcp_udp
}
rule 4 {
description "wireguard to srv"
forward-to {
address 192.168.10.2
port 51820
}
original-port 51820
protocol udp
}
wan-interface eth1.832
}
protocols {
static {
route 192.168.20.0/24 {
next-hop 192.168.10.2 {
}
}
}
}
service {
dhcp-server {
disabled false
global-parameters "option rfc3118-auth code 90 = string;"
global-parameters "option SIP code 120 = string;"
global-parameters "option Vendor-specific code 125 = string;"
hostfile-update disable
shared-network-name LAN {
authoritative disable
subnet 192.168.10.0/24 {
default-router 192.168.10.1
dns-server 192.168.10.1
domain-name swtk.info
lease 86400
ntp-server 192.168.10.1
start 192.168.10.50 {
stop 192.168.10.254
}
static-mapping domotique {
ip-address 192.168.10.5
mac-address 26:e9:0c:53:40:41
}
static-mapping elk {
ip-address 192.168.10.7
mac-address 8a:4b:47:20:ce:e4
}
static-mapping nginx {
ip-address 192.168.10.3
mac-address ba:52:12:81:38:a2
}
static-mapping seafile {
ip-address 192.168.10.6
mac-address 4e:f4:72:3c:ac:ec
}
static-mapping srv {
ip-address 192.168.10.2
mac-address 12:5b:d3:1d:51:cf
}
static-mapping tor {
ip-address 192.168.10.8
mac-address d6:fa:2e:69:dd:30
}
static-mapping vpnin {
ip-address 192.168.10.4
mac-address f2:8e:ef:f2:cc:d9
}
}
}
shared-network-name LIVEBOX {
authoritative enable
subnet 192.168.2.0/24 {
default-router 192.168.2.1
dns-server 81.253.149.9
dns-server 80.10.246.1
domain-name orange.fr
lease 86400
start 192.168.2.30 {
stop 192.168.2.50
}
subnet-parameters "option rfc3118-auth 00:00:(un morceau enlevé à tout hasard)30;"
subnet-parameters "option SIP 00:06:73:62:63:74:33:67:03:41:55:42:06:61:63:63:65:73:73:11:6f:72:61:6e:67:65:2d:6d:75:6c:74:69:6d:65:64:69:61:03:6e:65:74:00;"
subnet-parameters "option Vendor-specific 00:00:05:58:0c:01:0a:00:00:00:00:00:ff:ff:ff:ff:ff;"
}
}
static-arp disable
use-dnsmasq enable
}
dns {
dynamic {
interface eth1.832 {
service dyndns {
host-name ext.ksjsttgsf.eu
login ksjsttgsf.eu-edgerouter
password XXXXX
server www.ovh.com
}
web dyndns
}
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5010 {
log disable
outbound-interface eth1.832
protocol all
type masquerade
}
}
ssh {
allow-root
port 22
protocol-version v2
}
upnp2 {
listen-on eth0.832
listen-on eth2
nat-pmp enable
secure-mode disable
wan eth1.832
}
}
system {
config-management {
commit-revisions 50
}
domain-name swtk.info
host-name ubnt
login {
user root {
authentication {
encrypted-password $6$....VZ.
plaintext-password ""
}
level admin
}
user ubnt {
authentication {
encrypted-password $1....6.
plaintext-password ""
}
full-name ""
level admin
}
}
name-server 1.0.0.1
name-server 1.1.1.1
name-server 8.8.4.4
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat disable
ipsec enable
ipv4 {
forwarding enable
vlan enable
}
ipv6 {
forwarding disable
}
}
package {
repository wheezy {
components "main contrib non-free"
distribution wheezy
password ""
url http://http.us.debian.org/debian
username ""
}
repository wheezy-security {
components main
distribution wheezy/updates
password ""
url http://security.debian.org
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Europe/Paris
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@4:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.10.8.5142457.181120.1810 */
Remplacer la LiveBox par un routeur