I believe there are various threads in the EdgeMax forum discussing and making available various scripts to auto-populate and compile list of networks and addresses from various reliable sources such as SpamHaus to block.
Is it possible for UBNT to consider making this a feature available to all users who may not be skilled enough to do so manually?
It seems the Qualcomm Fast Path module improves the performance a lot.
It will be great if this can be added into EdgeOS.
Several ISPs (Google Fibre in the US, Orange in France) require that DHCP traffic have the 802.1p bit set for it to be recognized by the ONT. This is a requirement to replace the ISP-provided router by an Ubiquiti one.
At the moment, workarounds exist (e.g. Using a switch to set the DHCP QoS for Google Fiber, Same options in French, patching the router's DHCP client) but they are cumbersome and not user-friendly. Moreover, the switch-based workarounds are not compatible with a dual IPv4/IPv6 setup.
It would be great if the DHCP clients could be patched so as to allow users to configure its requests.
With the edge router this is already the case, the edge switch should be the same. With EdgeOS HTTPS is enabled with an auto generated 2048 bit SHA-256 cert and http -> https redirect, not the insecure manulaly generated 1024bit SHA-1 cert one has to specifically enable in edgeswitch. The EdgeSwtich should ship with secure defualts, not the very insecure defaults that take a fair amount of effort to try and make secure. SSH v1 should not be offered as an option, and the ability to use edsa or better ed25519 keys should be added. Disabling telnet by default would be a plus.
there is a similar request for USG:
ZeroTier is a VERY simple VPN/SDN client that is cross platform. They have a debian jessie build for mips64 and the guys at zerotier are very responsive so I'm sure they'd work with ubiquiti to get a build going. The configuration options are also very simple. join, leave, and status so a UI would be cake.
I would like to see the feature implemented of having an L2TP over IPSec client running on the EdgeRouter. We have serval instances where we need this for client implementation where native IPSec to IPSec is due to technical restriction on the remote end is not an option. My thoughts to the features would be:
- ideally configurable via GUI
- define specific remote networks for routing (or have them advertised by head-end)
- status shown in vpn section
I have also seen some others asking for such a solution in the forums, so I am hoping for some support for this implementation request.
please change the dyndns gui (and cli) to:
Update-URL: [ ]*
*(replace the IP with <ip>, the username with <user>, the password with <password> and the ID or domain with<id>)
Username: [ ]
Password: [ ]
ID or Domain: [ ]
Thats much simpler as the current and usable with every dyndns service, for the common you can provide a dropdown menu with predefined urls.
With best regards Matthias Lönartz
Is it possible to change the HW reset button function such as
- Push-hold 1-5 seconds - reboot
- Push-hold 5-10 seconds - boot to alternate (2nd/previous) image (if exists of course) <- NEW FUNCTIONALITY
- Push-hold 10+ seconds - wipe/restore config.boot (same functionality as today)
I'd like to see this especially on ER models that don't have HW console port i.e. ER-X, ER-X-SFP and similar.
This will help with recovery of botched configs. Instead of resetting config.boot to defaults and restoring backup and/or previous image this will speed up things significantly. Especially on remote locations one can instruct local staff to hold the button for 5-6 seconds and get the router to previous state in no time.
I would like to have support added for the Cake shaper (https://www.bufferbloat.net/projects/codel/wiki/Cake/). This shaper is working well for me with Smart Queue Management on LEDE 17.01 to eliminate bufferbloat (https://www.bufferbloat.net/projects/) better than the EdgeMax Smart Queue feature and fairly share bandwidth per LAN IP address rather than per connection on an ADSL2+ link. I have "dual-dsthost nat" set for the ingress queueing discipline and "dual-srchost nat" set for the egress queueing discipline.
sch_cake kernel module:
Patch to add cake support to iproute2:
I am using the layer_cake.qos script at the moment.
The way that Ubiquti devices store time for system clock initialization is prone to failure. Ubiquiti stores time in file content where other systems, such as OpenWRT/LEDE, update and restore from file modify timestamps. The later is much more likely to retain a valid value in the face of untimely power loss.
Case in point: today I had to troubleshoot a VPN client connection failure due to an existing but empty file at /etc/ubnt/last_time resulting in an initial system time of 1969-12-31.
Changing to metadata reference is fairly easy. See the patch below.
--- a/etc/init.d/ubnt-rcS +++ b/etc/init.d/ubnt-rcS @@ -29,8 +29,11 @@ if [ ! -e "$LAST_TIME_FILE" ]; then echo '2015-01-01 00:00' >$LAST_TIME_FILE + touch --date='2015-01-01 00:00' $LAST_TIME_FILE fi - /bin/date -s "$(cat $LAST_TIME_FILE)" >/dev/null 2>&1 + local last_time="$(date -r $LAST_TIME_FILE +%s)" + local sys_time="$(date +%s)" + [ $sys_time -lt $last_time ] && /bin/date -s @$last_time >/dev/null 2>&1 mkdir /run/lock /run/sendsigs.omit.d /dev/shm/network touch /var/log/wtmp
To see how LEDE does it, take a look at their /etc/init.d/sysfixtime
It would be nice to see something like AirControl or UniFi for managing / viewing multiple edge routers (centralized configuration backups, mass firmware updates, etc). Anything like this in the works? Maybe call it EdgeControl and mimic the functionality of AirControl?
EdgeSwitches currently support/use several standard MIBs, however there are some OIDs that are unique/proprietary to EdgeSwitches and are not defined elsewhere.
Observium and others apparently have obtained a set of EdgeSwitch MIBs, included as part of their (3rd-party) monitoring solution distributions but not otherwise available from UBNT directly. The last count has almost 40 separate MIB files for EdgeSwitches.
There are now a pair of UniFi MIBs available and referenced in the release notes for current releases, but there do not seem to be any other MIBs available.
It seems most are searching for and using these 3rd-party references, but ideally UBNT should be providing these directly. Perhaps another section on the product download pages for 'SNMP MIBS" in addition to the existing "Firmware" and "Documentation" sections could be added with this content?
When a microwave link loses capacity (typically due to rain fade or interference) we should really make changes to both traffic shaping and load balancing. Routing protocols don't really understand variable capacity links, so routers don't have the information they need to be able manage this condition.
Ubiquiti is one of few vendors selling (and controlling firmware for) both microwave radios and routers. If EdgeOS were able to 'see' realtime link capacity on airFiber links, we could build higher capacity, more reliable networks.
- VWT on: EdgeRouter SSH keys save after reboot/upgrade
- ftthmh on: DHCP Client - Set 802.1p QoS on requests
- fipse on: Show failover/LB status on GUI homesceen
- DSerebryakov on: Multicast support on vti interfaces with ripd routing
- waterside on: Config Backup via SSH
- CASTooling on: https and ssh enabled by default and update to support modern crypto for EdgeSwitch
- nathanielban on: ES-8-Lite
- perennialmind on: Make clock initialization more robust
- waterside on: OverlayFS - Use it to make all writes to memory except those that we want to be persistent
- picormorant on: Add Qualcomm Fast Path support
- RFC 6296 Support (IP6-IP6 Npt)
- Don't Require Creation of Local User When Authenticating GUI/SSH Login Against Radius Server
- Open VPN in GUI (like ipSec)
- SLA Probe Status in Dashboard
- EdgeRouter SSH keys save after reboot/upgrade
- Support OpenDNS's myip.opendns.com methode for detecting public-ip
- Dying Gasp
- EdgePower, alarm
- Content-/ Webfiltering
- save pcap from GUI