voipmeister.com voip stuff matters and more

Tech category

Change the USG LAN IP before adoption

I recently bought an Ubiquiti USG and had to ‘adopt’ it into an existing network, using a subnet.

This requires the default ip address on the USG of change to an ip address that can be reached on the existing network. To be more precise, the Unifi controller needs to be able to reach the USG in order to be able to adopt it.

  • Connect a laptop or desktop to the USG on the LAN1 port, make sure the nic is setup to receive an ip address via DHCP
  • Ping the USG to see whether it’s reachable: ping
  • SSH into the USG with the user ubnt and the password ubnt
  • Issue the commands below to change the ip address of the USG:
set interfaces ethernet eth1 address
delete interfaces ethernet eth1 address
  • The SSH session wil drop and you can connect the USG to the existing network.

Another password manager

I was still using KeePassX 0.4.4 on my Mac. This version doesn’t support the Retina display on my Mac, but it wasn’t annoying enough to upgrade/migrate. One of my colleagues mentioned KeePassXC (https://keepassxc.org/), so I decided to give it a test drive.

Be sure to download the digest file as well and compare the digest against:

cat KeePassXC-2.2.0.dmg.DIGEST && shasum -a 256 KeePassXC-2.2.0.dmg

The result should be the same:

d5dec4a01b0fa00f36ebbd8d001ad24a1559d7f897af3d9a2fbdb339b02086bc  KeePassXC-2.2.0.dmg
d5dec4a01b0fa00f36ebbd8d001ad24a1559d7f897af3d9a2fbdb339b02086bc  KeePassXC-2.2.0.dmg

DNS forwarding on the Ubiquiti EdgeRouter X

Today I wanted to properly set up DNS forwarding on my Ubquiti EdgeRouter X. More specifically, I wanted to use the OpenDNS FamilyShield DNS servers:

This means that you if you want to use other nameservers, you should substitute those IP addresses for the ones you prefer.


  • Ubiquiti EdgeRouter X (EdgeOS 1.9.0)
  • eth0 is the WAN port
  • WAN IP is obtained via DHCP
  • LAN DHCP settings are already in place (DNS points to the LAN gateway IP and DNS listening on the interface is configured)


First, we enter configuration mode and delete existing nameservers:

delete system name-server

Then, we set the system nameservers (note that these will be used by the system, not for forwarding):

set system name-server
set system name-server

If the WAN IP adres is obtained via DHCP, you need to tell the router not to update the nameserver configuration:

set interfaces ethernet eth0 dhcp-options name-server no-update

Finally, here”s the most important part:

set service dns forwarding name-server
set service dns forwarding name-server

The round-up is as follows:

release dhcp interface eth0
renew dhcp interface eth0

The last 2 statements make sure that the provider IP settings are being refreshed. On my device, it took some time for the settings to take effect.


There are multiple ways to verify the setup.

1. Check the configuration

You can check the setup on the router with this statement:

show dns forwarding nameservers

The output should be something like:

   Nameservers configured for DNS forwarding
----------------------------------------------- available via ''statically configured'' available via ''statically configured''
2. Surf for some inappropriate content

When surfing for some inappropriate content, the result should be:

Mission accomplished :)

Use ssh keys with your Ubiquiti user

To secure your Ubiquiti user account, you can add your ssh key to the account.

Assuming your on Linux or macOS, these are the steps (make sure you use the IP address of your EdgeRouter):

On your system

cd ~/.ssh
scp ~/.ssh/id_rsa.pub  

On your EdgeRouter

loadkey admin /home/admin/id_rsa.pub

Unfortunately, this gave me:

Not a valid key file format (see man sshd) at /opt/vyatta/sbin/vyatta-load-user-key.pl line 96, <$in> line 1.

The solution is to take the key part out of your id_rsa.pub file en specify the key and the key type both in the configuration tree.

set system login user admin authentication public-keys user@host key ***KEY-BODY-HERE***
set system login user admin authentication public-keys user@host type ssh-rsa
set service ssh disable-password-authentication

Using the macOS builtin tftp server”

Should you ever need a tftp server on your macOS device, you can use the builtin tftp server:

sudo launchctl load -F /System/Library/LaunchDaemons/tftp.plist
sudo launchctl start com.apple.tftpd

The tftp root folder is /private/tftproot

The file /System/Library/LaunchDaemons/tftp.plist holds the configuration.

Stopping the tftp server is as easy as:

sudo launchctl unload -F /System/Library/LaunchDaemons/tftp.plist

Tested and approved’ on macOS Sierra