There is a lot going on in EdgeRouters regarding DNS activity/settings and most of it is undocumented (as far as I can tell). It is difficult to see/keep track of all the settings and what they are doing when interfacing with the EdgeRouter. I would like to see all the DNS settings displayed on the System tab. I wold also like to be able to adjust the settings in the same place. Please see the first paragraph labeled "1." in this post for further details.
Connected to the request in: https://community.ubnt.com/t5/UniFi-Feature-Requests/Request-Edgemax-live-statistics/idi-p/2537826
The idea is an API for UniFi to collect statistics from the EdgeMAX products and displaying them on the UniFi controller without configuration support as I understand that is and will not be an option.
The idea is to make Unifi a better source of information on all devices and make it all more unified.
Please add support for Wireguard and Babeld in EdgeOS. Both of these, even at the early stages of their development, are far better than the existing alternatives. They both already work on EdgeOS, and Wireguard already has vyatta support.
There are a number of requests that depend on having firmware based on a newer Linux kernel. The 3.10 series kernel is already EOL as of Nov. 5, 2017 (a couple of weeks prior to this posting) and not recommended for use by its maintainer, even if it were upgraded to the latest 3.10.108 instead of the current 3.10.14:
As I understand it, there are challenges to upgrading the EdgeOS kernel due to dependencies on the Cavium and MediaTek SDKs, as well as UnionFS support not being in newer kernels. It should be possible to overcome each of these things with some effort and investment, and it's a requirement for keeping the EdgeOS platform relevant.
This request originally came about because of an effort to include the Cake shaper, which would bring a real improvement for control of latency under load as compared to the currently shipped fq_codel. Cake has been compiled for EdgeOS, but is very difficult to keep backported to the 3.10 series:
However, a newer kernel is also necessary to maintain a secure, stable and performant platform in general. The 4.4 kernel series has a projected long-term EOL of Feb, 2022, and thus might be a good minimum version to target.
Most of my network is regular 1gig ethernet and my ES24L performas admirably. My SOHO NAS (Synology) has 10GBase-T and my main editing Mac also has 10GBase-T RJ45 as standard.
Simple, I thought. Get a small switch with 2 or more 10GBase-T RJ45s and a few regular 1gig RJ45 ports to allow the single connection from my Mac to have direct access to the NAS at 10gig speeds whilst retaining 1 gig access to the WAN and LAN.
I was surprised to find that UBNT has zero products to cater for the SOHO enviroment with its accelerating transition to 10gig copper for PC to NAS connections. Even the SFP ports on my ES-24L and ER8 are limited to 1gig (not that I want or need a fibre link).
Is UBNT going to cater for this market soon or should I just grab a small Netgear GS110MX to provide both 1gig LAN and 10gig NAS links to my Mac?
Basically looking to have this functionality be available from the GUI:
I'd like to be able to have the following:
- Clients on LAN (including multiple VLANs) use the EdgeRouter for DNS
- EdgeRouter registers DHCP and other static entries in local DNS database (for split DNS)
- All other queries that would go to an external resolver instead go through DNSCrypt, which has its own config for what resolver(s) it will use
Currently on all EdgeRouters, disabling a port, leaves the ethernet carrier up and the lights continue to blink.
In the case of EdgeRouters with switch chips, data continues to pass through the switch on disabled ports assigned to a switch. On routed ports (not on a switch), the routing is stopped, but ethernet hardware kept up on both ethernet and SFP ports.
The desired behavior is to drop the hardware ethernet carrier state when a port is disabled. This allows quick ospf triggering of port down state and is common sense behavior when someone plugs a cable into a disabled port.
For those with alpha forum access, see also here:
I believe there are various threads in the EdgeMax forum discussing and making available various scripts to auto-populate and compile list of networks and addresses from various reliable sources such as SpamHaus to block.
Is it possible for UBNT to consider making this a feature available to all users who may not be skilled enough to do so manually?
we currently run vyos as a vm in our infrusturcture. (in a commercial setting) while vyos is a great router os, lack of commercial support or fulltime development means it lacks a steady relase cycle.
before vyos, we used vyatta with much success. unfortunately brocade saw things differently, and sought to overprice vrouter and effectivly end all suport for the community edition. With the commercial edition restricively expensive we moved to vyos.
if Ubnt were willing to release a commercial edition of edgeos AS A VM with either a licenseing option or by purchasing a hardware router with the ability to 'migrate' the serial number to a vm etc. we would be the first to purchase it.
i know this has been asked before, however knowing that ubnt has hired a few of the previous dev team at vyatta, i feel this would be a nice homage to their roots of the USG, Edgerouter, and edgeswitch lines.
EDIT: If ubnt would like to support the large enterprise and carriers a VM is a must. alot of these types of infrustructures already have a full Hypervisor cluster in place which has much higher levels of redundancy than a single hardware appliance can provide.
many of the top network vendors have this already, from Cisco, to Fortinet, to Juniper. if UBNT wants to gain market share against those brands this would be a fairly easy way to do so with very litle R&D cost, as compared to a hardware device.
I would like to see the feature implemented of having an L2TP over IPSec client running on the EdgeRouter. We have serval instances where we need this for client implementation where native IPSec to IPSec is due to technical restriction on the remote end is not an option. My thoughts to the features would be:
- ideally configurable via GUI
- define specific remote networks for routing (or have them advertised by head-end)
- status shown in vpn section
I have also seen some others asking for such a solution in the forums, so I am hoping for some support for this implementation request.
Would it be possible to change the firewall rule delete confirmation to include the rule description along with the number? For those of us with hundreds or thousand of rules to manage it would make things a little easier to have one last piece of confirmation that we're deleting the proper rule besides just the number. I think it would help new users too.
Also a similar warning/confirmation on the DNAT and SNAT rules would really help.
Problem: My password manager pops up every time the page refreshes
Cause: The URL for logon is at https://<name--of-server>/ and the password manager triggers on same. It cannot be configured to respond ONLY on https://<name--of-server>/ and sees this as https://<name--of-server>/*
Solution: Redirect to https://<name--of-server>/logon or anything but https://<name--of-server>/ for logon. The password manager would recognize ONLY that URL (https://<name--of-server>/logon) and would not pop up on any other pages.
Posted in Feature Request as it's not really a bug. Password Manager is Ascendo DataVault for Windows.
This issue was fixed for UNMS 0.13.0, it would be nice if it propagated to the entire product line!
- UBNT-benpin on: RPKI and MP-BGP support
- UBNT-benpin on: Ability to disable port forwards, rather then delete them
- ubentran1 on: Allow Cut And Paste in CLI
- UBNT-benpin on: No-op firewall rule action
- UBNT-benpin on: Native DNS over TLS or DNS over HTTPS support
- 0Oo0 on: Prevent DNS Queries Returning Loopback
- UBNT-benpin on: EdgeSwitch - Skedule Power On/Off
- waterside on: Notes to Self
- netnerd on: Ethernet interface LED must display orange when a 10 Mbit device is connected to ER-4 or ER-6P
- poisonsnak on: EdgeSwitch 10GBase-T RJ45 Switch For Small Networks
- MP-BGP Support
- RPKI and MP-BGP support
- Ability to disable port forwards, rather then delete them
- Allow Cut And Paste in CLI
- Show System Date And Time In Header of GUI
- No-op firewall rule action
- Trunk Support for Private VLANS
- Show ALL DNS Settings on System Tab
- Add Fortnite to the game category (rule.xml)
- Native DNS over TLS or DNS over HTTPS support