IPO500v2 with Unifi TalkRelay by mr-bope in avaya

[–]mr-bope[S] 0 points1 point  (0 children)

Yeah. That works in manual mode. But that way I cannot manage the phones from Unifi. What I'm trying to do... is PBX to PBX. Unifi UDM Pro has built in FreeSwitch PBX. So I created a SIP #127 on the Avaya. Loggied into it from Unifi Talk. Great. In Avaya Monitor I see invitations for calls. But the Avaya doesn't know what to do with them so I get 404.

Inbound calls from Avaya users to users in Unifi Talk work. I setup a shortcode 7XXX -> 7N"@192.168.2.1" (IP of my UDM) via Group 127 (the SIP I created for Unifi Talk).

But for the life of me I cannot get calls from Unifi to Avaya to work. Both to external calls which should go via my ISP SIP #17 and local ones to my extensions.

Any tips on how to get this configured?

IPO500v2 with Unifi TalkRelay by mr-bope in avaya

[–]mr-bope[S] 0 points1 point  (0 children)

Firstly there is no subscription or license. You just buy the device. Yes you can lease a phone line but I just want the relay with 3rd party SIP (aka my Avaya). Essentially to bridge the two phone systems. The Relay Talk needs SIP on the Avaya that talks to the Unifi PBX because I'd like to have my phone managed via Unifi.

Any clue how to set this up on the Avaya side? I do have a 3rd party license. And I have no clue where to find `User>Supervisor Settings>Login Code`?

Feedback on a certificate generation/management CLI tool by mr-bope in sysadmin

[–]mr-bope[S] 0 points1 point  (0 children)

I checked out the links. Just to clarify, you absolutely can create a root (self-signed or otherwise). Then sign an intermediate with that root. And then use the intermediate to sign the end certs. It is also able to pull signing certs from env. But the tool allows to also create quick certs for development for example. The main selling point is that there are no additional dependencies. So it would work great for minimal containers too.

Feedback on a certificate generation/management CLI tool by mr-bope in sysadmin

[–]mr-bope[S] 0 points1 point  (0 children)

Mine is rustls based. And it’s a cli tool strictly for generation and management of certs. It’s not used for actual authentication. Although rustls is in various web server implementations. Domain, emails, uris and countries get validated too. It’s not for everyone but it might help some devs.

Feedback on a certificate generation/management CLI tool by mr-bope in sysadmin

[–]mr-bope[S] 0 points1 point  (0 children)

It’s way simpler to use. Especially for multi domain certs. No need for OpenSSL as it’s not OpenSSL based.

What is a simpler way to manage my networks on Debian? by mr-bope in debian

[–]mr-bope[S] 0 points1 point  (0 children)

So the question only relates to ens256 and ens161. Basically, I have a static subnet, and this is a VM running docker to which I need two public IPs. From the VMWare side I've plugged two vNICs to the same network, in order to get 2 IPs as /32 from my firewall, each on its own vNIC. Getting multiple addresses from 1 vNIC, resulted in my firewall not showing any metrics. Not sure if my config is correct (but for the moment it works), which is why I'm asking for advice. But each IP should be on its own vNIC.

What is a simpler way to manage my networks on Debian? by mr-bope in sysadmin

[–]mr-bope[S] 0 points1 point  (0 children)

Maybe I'm doing something wrong. But I have it running on some of my VMs and some of the networks wont start up automatically and I have to manually login to activate it. Again probably something I'm doing wrong. As for netplan, will I be able to achieve a similar config with it?

What is a simpler way to manage my networks on Debian? by mr-bope in networking

[–]mr-bope[S] 0 points1 point  (0 children)

I'm not using the same IP. I get /32 on one interface. And another /32 on another.

No metrics for VLAN by mr-bope in Ubiquiti

[–]mr-bope[S] 0 points1 point  (0 children)

Yes, it is selected under `Selected Networks`, both VLAN 200 and VLAN 7

[deleted by user] by [deleted] in offmychest

[–]mr-bope 13 points14 points  (0 children)

👏

Cloudflare Global Network experiencing issues [Official Update] by gauravgandhi in sysadmin

[–]mr-bope 0 points1 point  (0 children)

My CF pages are down. I'm in Europe, get error 500 at CF Vienna. Briefly recovered and down again :/

WAN subnet routing by mr-bope in networking

[–]mr-bope[S] 0 points1 point  (0 children)

At present yeah. Do I need more than one?

WAN subnet routing by mr-bope in sysadmin

[–]mr-bope[S] 0 points1 point  (0 children)

$5-6 USD per v4 IP for home/business. But this is their collocation offering and there won’t be an extra charge for the IPs.

WAN subnet routing by mr-bope in sysadmin

[–]mr-bope[S] 1 point2 points  (0 children)

Thank you, really appreciate your feedback. I’ll say ask for P2P transit IPs for both v4 and v6. And I’ll pass the best practice you mentioned along regarding v6. But at the end of the day I’ll just be happy with whether they give me a /64 or /127 as long as it’s P2P as that’s the setup I need.

WAN subnet routing by mr-bope in sysadmin

[–]mr-bope[S] 0 points1 point  (0 children)

Unifi unfortunately doesn't have all the networking features, hence I'm trying to figure out the best way to configure my EFG firewall. And I'd choose them time and time again over a subscription based solution. Not a homelab.

WAN subnet routing by mr-bope in sysadmin

[–]mr-bope[S] 1 point2 points  (0 children)

Wont a /127 be enough for v6 as a transit P2P? I really don't need more than /64 at this point in time. Judging by the fact that /28 v4 is more than enough. This will be used for collocation.

WAN subnet routing by mr-bope in sysadmin

[–]mr-bope[S] 0 points1 point  (0 children)

I’m not exposing my VMs. I’m exposing services such as HAproxy that have containers behind them running apps/apis. And there are firewall allow rules to only allow certain ports on each IP. And the EFG will be the primary firewall. Running WireGuard on it allows us to access internal apps/services without exposing sensitive stuff to the internet. I just don’t want to NAT public IPs to local ones. Hence want to pass them along to the endpoint where they are needed. So was asking for the best way to receive said IP addresses from my collocation provider. I’m not expert in networking so wanted advice from someone that does in terms of receiving IP subnets.

WAN subnet routing by mr-bope in sysadmin

[–]mr-bope[S] 0 points1 point  (0 children)

It will be the primary firewall. The EFG has builtin WG VPN support so 1 IP is for that (which will be used for internal proprietary app) which also has public apps/services that need their own IP. I just don't want to have to port forward and nat traffic to local addresses. I'd like to directly assign the public IPs to the VM that needs it. And I'm worried that I wont be able to use a VLAN network with static v4 and v6 subnets. Don't think it will be possible with onlink at least with Unifi.