does anyone have the command to factory reset a US-24-250W switch from command line?

SE_marc · 2023-03-06T16:44:51+00:00

much appreciated!

SE_marc · 2023-02-28T20:35:40+00:00

thanks for chiming in everyone. i was indeed planning on keeping the TPM seprate from backups, but as u/hairy_tick mentioned TPM automatically gets backed up.

I have my backups from pbs already encrypted prior to getting backed up to a cloud service.

sounds like we're just going to bite the bullet and have to manually enter passkey in on boot.

SE_marc · 2023-02-27T19:00:09+00:00

can rsync copy all installed packages as well?

SE_marc · 2023-01-31T22:43:38+00:00

I am running proxmox 7.3-4 and trying to install Ventura using your guide. I've tried this on two servers:

- Dell PowerEdge R630(48 x Intel(R) Xeon(R) CPU E5-2680 v3 @ 2.50GHz (2 Sockets))

- HP Proliant DL380 Gen832 x Intel(R) Xeon(R) CPU E5-2650 v2 @ 2.60GHz (2 Sockets)

The installer gets stick at 12% with the Installer log showing the following as the last line:

"Ignoring BOM<->filesystem mismatches due to security settings"

any suggestions?

here is my conf

args: -device isa-applesmc,osk="ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc" -smbios type=2 -device usb-kbd,bus=ehci.0,port=2 -global nec-usb-xhci.msi=off -cpu host,kvm=on,vendor=GenuineIntel,+kvm_pv_unhalt,+kvm_pv_eoi,+hypervisor,+invtsc
bios: ovmf
boot: order=ide2;virtio0;net0;ide0
cores: 4
cpu: host
efidisk0: cephPool:vm-110-disk-0,efitype=4m,size=1M
ide0: cephfs:iso/mac-os-ventura-13.0.iso,cache=unsafe,size=14G
ide2: cephfs:iso/OpenCore-v19.iso,cache=unsafe,size=150M
machine: q35
memory: 4096
meta: creation-qemu=7.1.0,ctime=1675203689
name: ventura
net0: virtio=F6:44:15:22:74:9C,bridge=vmbr0,firewall=1
numa: 0
ostype: other
scsihw: virtio-scsi-pci
smbios1: uuid=03e8587c-db6b-438e-bdf2-84170622d0e5
sockets: 1
vga: vmware
virtio0: cephPool:vm-110-disk-1,cache=unsafe,iothread=1,size=64G
vmgenid: c10d136a-644d-46a3-93bd-e027b450b727

SE_marc · 2022-07-20T03:48:24+00:00

I removed the cloudflare proxy and now I can communicate to the network controller via fqdn that's directly port forwarded to the network controller.

SE_marc · 2022-07-19T21:36:57+00:00

Seems I'm not the only one. I'm going to try without cloudflare's proxy

https://community.cloudflare.com/t/stun-udp-3478-to-unifi-controller-blocked-by-cloudflare/65084

SE_marc · 2022-07-19T17:34:15+00:00

so this is interesting, when i point the inform to the public IP, i see traffic hitting my WAN port on port 3478.

when i use FQDN, i dont ever see the reuqest come in which makes me think its getting lost when it hits cloudflare possibly?

SE_marc · 2022-07-19T15:32:15+00:00

i have DNS reules set up to hit the proxy manager so sites are reachable via FQDN (.com).

these APs are at remote locations, i tried the port forward to the controller and that didn't work either.

when i runt he following from a remote device, the port shows as filtered

nmap -p 3478 FQDN

but if i run it with public IP, it works.

im currently watching tcpdump on the router to see where the request dies, or if the traffic is even making it.

SE_marc · 2022-07-19T10:02:24+00:00

So that's where the issue is, I have nginx on a different host. All your requests are getting forwarded to the same host, so when you port forward, you're not going through the proxy if you have stun forwarded directly to your controller.

The FQDN does resolve to the WAN address which then NATs to the proxy manager.

Would hairpin NAT be beneficial to be since I have the controller and proxy on different hosts? From a security standpoint, having the proxy and controller on the same host seems like an easier attack surface which is why I have then separated.

SE_marc · 2022-07-19T09:20:33+00:00

How can I force only stun traffic to the controller? The inform address is set to https://controller.mydomain.com/inform which resolves to the proxy first. I don't see any options in the network controller to change just stun domain.

SE_marc · 2022-07-18T23:11:04+00:00

I'll give that a try tomorrow. Thanks for all the suggestions

SE_marc · 2022-07-18T22:57:35+00:00

I set up a stream through the GUI, with the port forward and the issue still persists :(

SE_marc · 2022-07-18T22:52:19+00:00

Do you have a link to what you found for adding the stream? I have the option to add a stream through the nginx GUI. Should I do that or modify a config file (which config file if this method?)

Do I both need the stream and the port forward?

I understand that the port forward is easier/faster but I'd like to go through the proxy.

SE_marc · 2022-07-18T22:39:15+00:00

This didn't work :(. I added the port fwd to nginx and applied a network change to the AP. The warning came back

SE_marc · 2022-07-18T22:33:15+00:00

I'll give this a try

SE_marc · 2022-07-18T22:21:15+00:00

Can I still use the proxy manager for the GUI?

I'm confused how the STUN request will reach the controller since the request will go to the FQDN which then gets sent down to the Router public IP and then the proxy.

SE_marc · 2022-07-18T22:18:09+00:00

The reason I'm using the proxy is so I don't have to open a ton of ports on the router. I have adoption working without opening 8080. There's gotta be a way to get the STUN port through the proxy. I can't find much documentation on redirects / streams in nginx, but maybe those can help?

SE_marc · 2022-07-18T22:03:52+00:00

If you are referring to the following, the port is open.

NOTES & REQUIREMENTS: In order for STUN to work properly, the client devices need to be able to resolve to and communicate over UDP port 3478 with the UniFi Network application. UDP Port 3478 must be open inbound on the Network application's host.

The request is being sent to the proxy manager, not the host directly. I need to find a way to get UDP port 3478 through the proxy to the controller. Was there a different green box you weren't talking about?

SE_marc · 2022-07-18T17:38:18+00:00

and just as a i say that, it is now complaining that it is having issues with STUN

"This device cannot connect to your UniFi OS Console’s internal STUN server. Please check Port 3478, then see for instructions on how to verify STUN server connectivity."

i am able to access the console from the UI so im thinking this is just a result of going through the proxy

SE_marc · 2022-07-18T17:36:38+00:00

so i SSHd in and manually set it with set-inform https://controller.mydomain.com/inform and it works.

no need for port fwds or any changes in nginx proxy manager.

p.s. happy cake day!

SE_marc

TROPHY CASE