I believe there are various threads in the EdgeMax forum discussing and making available various scripts to auto-populate and compile list of networks and addresses from various reliable sources such as SpamHaus to block.
Is it possible for UBNT to consider making this a feature available to all users who may not be skilled enough to do so manually?
It seems the Qualcomm Fast Path module improves the performance a lot.
It will be great if this can be added into EdgeOS.
It would be nice to see an extension to current traceroute/ping commands so that the source ip could be specified - without the need to use sudo and compatibile with operator level access.
Could this be implemented please?
I would like to see the feature implemented of having an L2TP over IPSec client running on the EdgeRouter. We have serval instances where we need this for client implementation where native IPSec to IPSec is due to technical restriction on the remote end is not an option. My thoughts to the features would be:
- ideally configurable via GUI
- define specific remote networks for routing (or have them advertised by head-end)
- status shown in vpn section
I have also seen some others asking for such a solution in the forums, so I am hoping for some support for this implementation request.
Is it possible to change the HW reset button function such as
- Push-hold 1-5 seconds - reboot
- Push-hold 5-10 seconds - boot to alternate (2nd/previous) image (if exists of course) <- NEW FUNCTIONALITY
- Push-hold 10+ seconds - wipe/restore config.boot (same functionality as today)
I'd like to see this especially on ER models that don't have HW console port i.e. ER-X, ER-X-SFP and similar.
This will help with recovery of botched configs. Instead of resetting config.boot to defaults and restoring backup and/or previous image this will speed up things significantly. Especially on remote locations one can instruct local staff to hold the button for 5-6 seconds and get the router to previous state in no time.
Free Range Router (FRR) is a fork of Quagga maintained by the Linux Foundation.
Started by Qugga contributors including Cumulus Networks, 6Wind and BigSwitch this looks to be a faster developed and maintained fork of Quagga.
Has UBNT considered migrating to FRR? Or will UBNT wait for VyOS to change (If it does).
I have a EdgeRouter PoE, and i need to use the conntrack iptables module.
The problem is that i use the conntrack iptables module the packets are not offloaded.
For example if i use a rule like:
iptables -A CHAIN -m state --state RELATED,ESTABLISHED -j ACCEPT
the packets are offloaded (i use the state iptables module)
but if i use a rule like:
iptables -A CHAIN -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
the packets are NOT offloaded (i use the conntrack iptables module)
Can you update the conntrack module so the packets are offloaded on EgdeRouter Max
I would like to have support added for the Cake shaper (https://www.bufferbloat.net/projects/codel/wiki/Cake/). This shaper is working well for me with Smart Queue Management on LEDE 17.01 to eliminate bufferbloat (https://www.bufferbloat.net/projects/) better than the EdgeMax Smart Queue feature and fairly share bandwidth per LAN IP address rather than per connection on an ADSL2+ link. I have "dual-dsthost nat" set for the ingress queueing discipline and "dual-srchost nat" set for the egress queueing discipline.
sch_cake kernel module:
Patch to add cake support to iproute2:
I am using the layer_cake.qos script at the moment.
What I am asking is that knowing that the edgerouter X SFP has limited resources, could there be a way to export /push the dpi data into a stand alone unifi controller or cloud key that has more resources. I am happy with the edge router as it is I just would like to have the dpi data from the edge router show up in the unifi controller. all the configuration can stay with the edge router interface and cli just have an option to export the dpi data in a smiliar manner as the syslog.
Apologies if this is a duplicate - I couldn't find it as a feature request although I found a few forum posts discussing it. Hardware acceleration for packets subject to QoS would be a very nice addition, especially for the ERL platform. Quick search for cavium documentation indicates the processor may include fixed function logic for QoS. Even only some QoS features could be supported it would still be a very nice inclusion.
It would be nice to see something like AirControl or UniFi for managing / viewing multiple edge routers (centralized configuration backups, mass firmware updates, etc). Anything like this in the works? Maybe call it EdgeControl and mimic the functionality of AirControl?
EdgeSwitches currently support/use several standard MIBs, however there are some OIDs that are unique/proprietary to EdgeSwitches and are not defined elsewhere.
Observium and others apparently have obtained a set of EdgeSwitch MIBs, included as part of their (3rd-party) monitoring solution distributions but not otherwise available from UBNT directly. The last count has almost 40 separate MIB files for EdgeSwitches.
There are now a pair of UniFi MIBs available and referenced in the release notes for current releases, but there do not seem to be any other MIBs available.
It seems most are searching for and using these 3rd-party references, but ideally UBNT should be providing these directly. Perhaps another section on the product download pages for 'SNMP MIBS" in addition to the existing "Firmware" and "Documentation" sections could be added with this content?
Currently EdgeOS still allows HMAC (message authentication code) algorithms that are considered weak and obsolete, including 'hmac-md5'. Similarly CBC encryption ciphers are still allowed and are also considered weak and obsolete. While there may be environments where these are required there should be the ability to disable these as appropriate.
As a more proper complete request the EdgeOS UI (BUI and CLI) should provide for the ability to configure:
- Authentication methods
- Encryption Cipher algorithms
- Message Authentication Code (HMAC) algorithms
There is limited support for specifically disabling password-encryption but this request seeks more encompassing ability.
- rbees on: Simply to Use Block/Black List for Emerging Threats using Multiple Sources (e.g. Spamhaus)
- alexjonclement on: Export DPI data to unifi controller
- FTZ on: GUI options for IPv6
- DennisSchmitt on: IP Helper on EdgeRouter
- rebelwireless on: F2FS filesystem to increase flash reliability
- Warren_Woolsey on: 48 Port SFP Switch
- vchrizz on: EdgeOS support for Microwave Adaptive Bandwidth
- gebn on: L2TP over IPSec client implementation
- mozerd on: Boot to alternate image using HW reset button
- Moscato on: Cake shaper support
- Add Qualcomm Fast Path support
- 5 port & 8 port edgemax switches that can be configured from the larger edgemax switches firmware
- Mac-Address as Source/Destination in Basic Queue
- Enable hardware offloading with using iptables conntrack module
- 6in4 (sit) hardware offload
- EdgeSwitch Firewall for one way traffic. The local network can no longer be trusted
- extend both ping and traceroute commands to allow for the source ip/interface
- Allow operators to execute bgp commands
- Expose IPv6 bgp peers via SNMP
- Investigate moving to Free Range Router