Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
New Idea

RFC 6296 Support (IP6-IP6 Npt)

Submitted by - Wednesday
Status: New Idea

The title says it all.  This is needed to be able to use ipv6 in a dual WAN scenario.

Simply to Use Block/Black List for Emerging Threats using Multiple Sources (e.g. Spamhaus)

Submitted by -
Status: New Idea

I believe there are various threads in the EdgeMax forum discussing and making available various scripts to auto-populate and compile list of networks and addresses from various reliable sources such as SpamHaus to block.

 

https://community.ubnt.com/t5/EdgeMAX/Using-spamhaus-lists/td-p/578909

https://community.ubnt.com/t5/EdgeMAX/Emerging-Threats-Blacklist/td-p/645375

 

Is it possible for UBNT to consider making this a feature available to all users who may not be skilled enough to do so manually?

Add Qualcomm Fast Path support

Submitted by -
Status: Accepted

It seems the Qualcomm Fast Path module improves the performance a lot.

 

It will be great if this can be added into EdgeOS.

 

See also:

https://forum.lede-project.org/t/qualcomm-fast-path-for-lede/4582

DHCP Client - Set 802.1p QoS on requests

Submitted by - 3 weeks ago
Status: New Idea

Several ISPs (Google Fibre in the US, Orange in France) require that DHCP traffic have the 802.1p bit set for it to be recognized by the ONT. This is a requirement to replace the ISP-provided router by an Ubiquiti one.

 

At the moment, workarounds exist (e.g. Using a switch to set the DHCP QoS for Google Fiber, Same options in French, patching the router's DHCP client) but they are cumbersome and not user-friendly. Moreover, the switch-based workarounds are not compatible with a dual IPv4/IPv6 setup.

 

It would be great if the DHCP clients could be patched so as to allow users to configure its requests.

https and ssh enabled by default and update to support modern crypto for EdgeSwitch

Submitted by -
Status: New Idea

With the edge router this is already the case, the edge switch should be the same. With EdgeOS HTTPS is enabled with an auto generated 2048 bit SHA-256 cert and http -> https redirect, not the insecure manulaly generated 1024bit SHA-1 cert one has to specifically enable in edgeswitch. The EdgeSwtich should ship with secure defualts, not the very insecure defaults that take a fair amount of effort to try and make secure. SSH v1 should not be offered as an option, and the ability to use edsa or better ed25519 keys should be added. Disabling telnet by default would be a plus. 

Send DPI statistics to UniFi controller.

Submitted by -
Status: New Idea

Please allow for DPI data to be sent to the UniFi controller. I do not need to be able to make any changes from UniFi. I would just like to populate DPI statistics.

Include ZeroTier client and UI

Submitted by -
Status: New Idea

there is a similar request for USG:

https://community.ubnt.com/t5/UniFi-Routing-Switching-Feature/Add-ZeroTier-Client-on-USG-for-more-VPN-flexibility/idi-p/1985611

 

ZeroTier is a VERY simple VPN/SDN client that is cross platform.  They have a debian jessie build for mips64 and the guys at zerotier are very responsive so I'm sure they'd work with ubiquiti to get a build going.  The configuration options are also very simple.  join, leave, and status so a UI would be cake.

L2TP over IPSec client implementation

Submitted by -
Status: New Idea

Dear all,

 

I would like to see the feature implemented of having an L2TP over IPSec client running on the EdgeRouter. We have serval instances where we need this for client implementation where native IPSec to IPSec is due to technical restriction on the remote end is not an option. My thoughts to the features would be:

- ideally configurable via GUI

- define specific remote networks for routing (or have them advertised by head-end)

- status shown in vpn section

 

I have also seen some others asking for such a solution in the forums, so I am hoping for some support for this implementation request.

 

Kind regards,

 

Edge2Unifi

save pcap from GUI

Submitted by - 3 weeks ago
Status: New Idea

Hi,

 

l love the option to take packet capture from GUI. 

Would be nice to have the option to save packet capture to the .pcap file.

I know we can get this done over the CLI, but GUI would be a better choice.

 

Thx,

Myky

 

GUI options for IPv6

Submitted by -
Status: New Idea

It would be useful for those of us not conversant with CLI, if the IPv6 Prefix Delegation could be changed within the GUI.

 

Thank you

SSL certs from https://letsencrypt.org

Submitted by -
Status: New Idea

I really would liek to see the end of Self-signed certs and implemnetion of https://letsencrypt.org for EdgeOS.

This would be great move in right direction for out of the box SSL.

 

Request: More universal dyndns

Submitted by - 3 weeks ago
Status: New Idea

Hello,
please change the dyndns gui (and cli) to:

Update-URL: [ ]*
*(replace the IP with <ip>, the username with <user>, the password with <password> and the ID or domain with<id>)
Username: [ ]
Password: [ ]
ID or Domain: [ ]

Thats much simpler as the current and usable with every dyndns service, for the common you can provide a dropdown menu with predefined urls.

With best regards Matthias Lönartz

Boot to alternate image using HW reset button

Submitted by -
Status: New Idea

Is it possible to change the HW reset button function such as

 

  1. Push-hold 1-5 seconds - reboot
  2. Push-hold 5-10 seconds - boot to alternate (2nd/previous) image (if exists of course) <- NEW FUNCTIONALITY
  3. Push-hold 10+ seconds - wipe/restore config.boot (same functionality as today)

I'd like to see this especially on ER models that don't have HW console port i.e. ER-X, ER-X-SFP and similar.

 

This will help with recovery of botched configs. Instead of resetting config.boot to defaults and restoring backup and/or previous image this will speed up things significantly. Especially on remote locations one can instruct local staff to hold the button for 5-6 seconds and get the router to previous state in no time.

Update to OpenVPN 2.4.0 on Edgerouter

Submitted by -
Status: Accepted

Please update the OpenVPN version as the current server only supports TLS 1.0)

 

Thanks

Cake shaper support

Submitted by -
Status: New Idea

I would like to have support added for the Cake shaper (https://www.bufferbloat.net/projects/codel/wiki/Cake/). This shaper is working well for me with Smart Queue Management on LEDE 17.01 to eliminate bufferbloat (https://www.bufferbloat.net/projects/) better than the EdgeMax Smart Queue feature and fairly share bandwidth per LAN IP address rather than per connection on an ADSL2+ link. I have "dual-dsthost nat" set for the ingress queueing discipline and "dual-srchost nat" set for the egress queueing discipline.

 

sch_cake kernel module:

https://github.com/dtaht/sch_cake

 

Patch to add cake support to iproute2:

https://raw.githubusercontent.com/lede-project/source/master/package/network/utils/iproute2/patches/950-add-cake-to-tc.patch

 

QoS scripts:

https://github.com/tohojo/sqm-scripts/blob/master/src/layer_cake.qos

https://github.com/tohojo/sqm-scripts/blob/master/src/piece_of_cake.qos

 

I am using the layer_cake.qos script at the moment.

Make clock initialization more robust

Submitted by -
Status: New Idea

The way that Ubiquti devices store time for system clock initialization is prone to failure. Ubiquiti stores time in file content where other systems, such as OpenWRT/LEDE, update and restore from file modify timestamps. The later is much more likely to retain a valid value in the face of untimely power loss.

 

Case in point: today I had to troubleshoot a VPN client connection failure due to an existing but empty file at /etc/ubnt/last_time resulting in an initial system time of 1969-12-31.

 

Changing to metadata reference is fairly easy. See the patch below.

 

--- a/etc/init.d/ubnt-rcS
+++ b/etc/init.d/ubnt-rcS
@@ -29,8 +29,11 @@

   if [ ! -e "$LAST_TIME_FILE" ]; then
     echo '2015-01-01 00:00' >$LAST_TIME_FILE
+    touch --date='2015-01-01 00:00' $LAST_TIME_FILE
   fi
-  /bin/date -s "$(cat $LAST_TIME_FILE)" >/dev/null 2>&1
+  local last_time="$(date -r $LAST_TIME_FILE +%s)"
+  local sys_time="$(date +%s)"
+  [ $sys_time -lt $last_time ] && /bin/date -s @$last_time >/dev/null 2>&1

   mkdir /run/lock /run/sendsigs.omit.d /dev/shm/network
   touch /var/log/wtmp

 

To see how LEDE does it, take a look at their /etc/init.d/sysfixtime

Edgerouter Centralized Management Console

Submitted by -
Status: Accepted

It would be nice to see something like AirControl or UniFi for managing / viewing multiple edge routers (centralized configuration backups, mass firmware updates, etc). Anything like this in the works? Maybe call it EdgeControl and mimic the functionality of AirControl?

Please publish SNMP MIBs

Submitted by -
Status: Accepted

EdgeSwitches currently support/use several standard MIBs, however there are some OIDs that are unique/proprietary to EdgeSwitches and are not defined elsewhere.

 

Observium and others apparently have obtained a set of EdgeSwitch MIBs, included as part of their (3rd-party) monitoring solution distributions but not otherwise available from UBNT directly.  The last count has almost 40 separate MIB files for EdgeSwitches.

 

There are now a pair of UniFi MIBs available and referenced in the release notes for current releases, but there do not seem to be any other MIBs available.

 

It seems most are searching for and using these 3rd-party references, but ideally UBNT should be providing these directly.  Perhaps another section on the product download pages for 'SNMP MIBS" in addition to the existing "Firmware" and "Documentation" sections could be added with this content?

 

OSPF on EdgeSwitch

Submitted by -
Status: New Idea

Need OSPF on Edgeswitches for use in campus networks...

EdgeOS support for Microwave Adaptive Bandwidth

Submitted by -
Status: New Idea

When a microwave link loses capacity (typically due to rain fade or interference) we should really make changes to both traffic shaping and load balancing.  Routing protocols don't really understand variable capacity links, so routers don't have the information they need to be able manage this condition.

 

Turns out Cisco and SIAE are already doing this.  They call it Microwave Adaptive Bandwidth.

 

Ubiquiti is one of few vendors selling (and controlling firmware for) both microwave radios and routers.  If EdgeOS were able to 'see' realtime link capacity on airFiber links, we could build higher capacity, more reliable networks.