Monday, October 26, 2015

Google Fiber - Dynamic DNS Setup on an EdgeRouter

Google Fiber's Network Box supports several dynamic DNS providers but I wanted to use one they don't currently support called afraid.org. Now that I have a router that can supports almost any dynamic DNS provider I can configure it!

Here's how to set it up on a Ubiquiti EdgeRouter.

From WebUI:
Go to the Service Tab
Then go to the DNS Tab
Press the "Add DDNS Interface" button
Select interface eth1.2 (assuming eth1.2 is your WAN interface)
Select afraid for the service
Set your hostname, login and password
Set the server to freedns.afraid.org
Press the Apply button



From CLI:

configure
set service dns dynamic interface eth1.2 service afraid host-name mydomain.mooo.com
set service dns dynamic interface eth1.2 service afraid login dyndns
set service dns dynamic interface eth1.2 service afraid password 123456
set service dns dynamic interface eth1.2 service afraid server freedns.afraid.org
commit
save

Testing the new configuration

From CLI:

Run this command to force an update:
update dns dynamic interface eth1.2

Run this command to see the status information for dynamic DNS.
show dns dynamic status

interface    : eth1.2
ip address   : 1.2.3.4
host-name    : mydomain.mooo.com
last update  : Sat Oct 17 10:53:36 2015
update-status: good


Notes:
If you have any uppercase letters in your afriad.org username, convert them to lowercase when setting your username on the EdgeRouter. (The afraid.org site is converting your username to lowercase when you login and the API calls the dynamic DNS client tries to make will fail if your username doesn't match exactly.)

Additional Resources:
Guide from Ubiquiti's Help Center on Setting up Dynamic DNS

Thursday, October 22, 2015

Google Fiber - EdgeRouter IGMP Proxy for TV Service

In my first blog post about switching to the Uqituiti EdgeRouter I noted that users with TV service would have issues running Atlantisman's TV script as is after running the modified script I posted.

I've modified the TV script he created so it will work with the IPv6 script I posted before.
Disclaimer: I don't have TV service, so I have no way to verify that this script actually works.

Modified TV Script

If you have the first gen Google Fiber equipment, attach your Storage Box (GFMS100) to your LAN and your TV boxes should work again.

If you have the second gen Google Fiber equipment things are more complicated because you have a combined Network and Storage Box in the Network+ box (GFRG200, GFRG210).

There are two options to get TV working with the second gen Network+ boxes:

First Option - 

  • Plug a switch into the Fiber Jack and connect both the EdgeRouter and Network+ box to the switch. 

There are a couple problems with this option though:
First problem, by connecting two routers to the Fiber Jack you'll be assigned two public IPv4 addresses. While Google Fiber currently allows this, in the future it will probably be restricted to only one IPv4 address and this option will no longer work.

Second problem, Google Fiber already restricts IPv6 address assignment and prefix delegation to one MAC address or DUID (DHCP Unique Identifier) per Fiber Jack. What this means is the Network+ Box will almost always win the race to get an IPv6 address and prefix before the EdgeRouter and the EdgeRouter will be stuck with only IPv4 connectivity and the CPU at 100% as the DHCPv6-PD process tries in vain to get an IPv6 address and prefix. By powering on the EdgeRouter first waiting a few minutes then powering on the Network+ box you can get around this issue.

Second Option - 

  • Login to fiber.google.com and in the Advanced drop down for your network box change the "Router LAN IPv4 address", "DHCP start address", and "DHCP end address" to be on a different network than the LAN side of your EdgeRouter. (e.g. Change 192.168.1.1 to 192.168.3.1, etc)
  • Plug the Network+ box into the LAN side of the EdgeRouter
Advantages of this option:
With this option you won't have to rely on a second IPv4 address that may go away or need another switch or vlan connected to the Fiber Jack. 
You can continue to use the wireless from the Network+ until your real access point arrives. :)

Current issues with this option:
Devices plugged into the Network+ won't receive an IPv6 address.
Devices plugged into the Network+ box will be going through a double IPv4 NAT.

Other Important Notes:
If you have a switch connected to the LAN side of the EdgeRouter and plan to connect your own wireless access point later, make sure your switch supports IGMP snooping and that you have it enabled/configured. The TV channels are multicast to the Network+ box/Storage Box and a switch without IGMP snooping will flood the traffic out all ports on the same vlan. (All ports if it's an unmanaged switch.) You can also put your WAP on the third EdgeRouter port and leave IGMP proxy disabled on it to get around this issue.

Sunday, October 18, 2015

Google Fiber - Hardware Change for Basic Tier

Google Fiber's Basic Tier is their 5 Mb/s down, 1 Mb/s up tier that's free for seven years after installation.

Currently customers signing up for the Basic Tier have been getting the first generation Network Boxes (GFRG100 or GFRG110) from the stockpile that was originally manufactured. Sometime in the near future Basic Tier customers will be getting a different Network Box, the Mini Network Box (GFMN100).

Unofficial Specs:
One WAN port (With PoE to power a newer Fiber Jack GFLT110)
One LAN port
2.4 Ghz 2x2 WiFi (802.11n)

Google Fiber - Next Steps with the EdgeRouter

Ubiquiti's EdgeRouter is amazingly versatile for the price point. There's also a lot of documentation on their support and help center that covers almost anything you would want to configure.
Here's the link to the main documentation page:
EdgeMAX - Ubiquiti Networks Support and Help Center

I've put together a list of stuff I want to configure and I'll be creating a blog post for each one as I configure them.

Port Forwarding
Remote Access VPN

If you want to play with the latest and greatest features on your EdgeRouter, you can also sign up to join the version 1.8 alpha/beta testing group.

Monday, October 12, 2015

Google Fiber with a 3rd Party Router/Firewall

So you've had Google Fiber for a while and played with the advanced settings but you still can't do what you want?

Maybe you want to port forward to multiple devices that all listen on the same port, monitor bandwidth usage with SNMP, allow traffic to an IPv6 address in your home network, change DHCP server settings, use static routes, or even something far more advanced.

What options are available you might ask.

For non-power users, the easiest way to get the feature you want added is to create an idea or vote on an existing idea here on the Google Fiber Customer Ideas page. New features can take some time to get added to the product though and some features may never be added.

What if you are a power user and don't want to wait for the feature(s) you want?
In general there are two options that are popular so far. Replacing the Network Box with a computer running pfSense or replacing the Network box with a Ubiquiti EdgeRouter Lite.

pfSense has more features but will require more expensive hardware for gigabit throughput than the EdgeRouter Lite. I decided on the EdgeRouter Lite since I've never used Ubiquiti products before and wanted try one out.

If you decide to get an EdgeRouter, here's how to set it up.

After receiving your EdgeRouter you'll want to follow Ubiquiti's Guide to upgrading the firmware. The download link for EdgeRouter firmware is here.

A user named Atlantisman already has a great guide on setting up an EdgeRouter here.
Since he created that guide though, Ubiquiti has released EdgeOS 1.7, which offers many new features including full support for DHCPv6-PD (Prefix-Delegation, used by Google Fiber to assign IPv6 addresses). I've created an updated version of the script based off of the IPv6 config from a user named TK. I recommend following Atlantisman's guide but substituting the script linked below for his if you want IPv6.

GF-ERL-Commands - Update version of Edge-Setup-Interfacesv2
Note: I created this script off of the completed config, so it may need a little tweaking.

You'll probably want to change at least line 132 for the hostname and line 141 for the time zone.
Don't forget to change the password for the ubnt user (either through cli or the gui).

GF-ERL - Full Config - Easier to read if you only want to see how things are setup

Important Note:
When switching from the Network Box to the EdgeRouter you must wait for the DHCPv6 prefix the Network Box had to expire or the CPU on the EdgeRouter will be at 100% until it does. This is because of the way the EdgeRouter handles what are called unsolicited DHCPv6-PD advertisements. The EdgeRouter spawns a new DHCPv6-PD responder for every unsolicited advertisement but is never able to receive a prefix or address, this causes high CPU on the EdgeRouter which will cause slow throughput and no IPv6 connectivity.
What I did was unplug the Network Box before I went to bed and plugged in the EdgeRouter went I woke up. The lease time is one hour, so you don't really need to wait as long as I did.

Important Note about TV Service:
Since I don't have TV service I didn't create an updated version of the TV script yet. Do NOT run the TV script after running the updated one I linked, it won't work without changing a few things in the TV script. If you have gen 2 gear (e.g. GFRG2XX written on the bottom of your network box) then you have a combined Network and Storage box that can't just be removed or your TV service will stop working.

Powering the Fiber Jack with PoE (Power over Ethernet):
If you have a newer fiber jack (model GFLT110) you can power it with any 802.3af compliant power injector. I'm running mine with the TP-LINK TL-PoE150S.

Screenshots:
This is from a program named Cacti. It's monitoring the EdgeRouter via SNMP. Cacti is easy to setup on a Linux distribution like Ubuntu.

Monitoring CPU, interface discards/errors, and interface bandwidth. (There's an extra interface that's not in the script/config for guest WiFi - eth2.)







EdgeRouter WebUI:

Dashboard










The Config Tree view that can be used to configure anything that the CLI can.

Ubiquiti is still working on adding all the features in the main web UI but most of the basic stuff is there.






Update 10-13-2015: Added DHCPv6 lease time comment.