Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

New Idea

Simply to Use Block/Black List for Emerging Threats using Multiple Sources (e.g. Spamhaus)

Submitted by -
Status: New Idea

I believe there are various threads in the EdgeMax forum discussing and making available various scripts to auto-populate and compile list of networks and addresses from various reliable sources such as SpamHaus to block.





Is it possible for UBNT to consider making this a feature available to all users who may not be skilled enough to do so manually?

Add Qualcomm Fast Path support

Submitted by - a week ago
Status: New Idea

It seems the Qualcomm Fast Path module improves the performance a lot.


It will be great if this can be added into EdgeOS.


See also:


extend both ping and traceroute commands to allow for the source ip/interface

Submitted by - 3 weeks ago
Status: New Idea

It would be nice to see an extension to current traceroute/ping commands so that the source ip could be specified - without the need to use sudo and compatibile with operator level access.


Could this be implemented please?

Expose IPv6 bgp peers via SNMP

Submitted by - 3 weeks ago
Status: New Idea

Currently only IPv4 peers are exposed via SNMP.


I use librenms for network monitoring and this would have helped to keep track of the IPv6 peer statuses.

L2TP over IPSec client implementation

Submitted by -
Status: New Idea

Dear all,


I would like to see the feature implemented of having an L2TP over IPSec client running on the EdgeRouter. We have serval instances where we need this for client implementation where native IPSec to IPSec is due to technical restriction on the remote end is not an option. My thoughts to the features would be:

- ideally configurable via GUI

- define specific remote networks for routing (or have them advertised by head-end)

- status shown in vpn section


I have also seen some others asking for such a solution in the forums, so I am hoping for some support for this implementation request.


Kind regards,



Send DPI statistics to UniFi controller.

Submitted by -
Status: New Idea

Please allow for DPI data to be sent to the UniFi controller. I do not need to be able to make any changes from UniFi. I would just like to populate DPI statistics.

Boot to alternate image using HW reset button

Submitted by -
Status: New Idea

Is it possible to change the HW reset button function such as


  1. Push-hold 1-5 seconds - reboot
  2. Push-hold 5-10 seconds - boot to alternate (2nd/previous) image (if exists of course) <- NEW FUNCTIONALITY
  3. Push-hold 10+ seconds - wipe/restore config.boot (same functionality as today)

I'd like to see this especially on ER models that don't have HW console port i.e. ER-X, ER-X-SFP and similar.


This will help with recovery of botched configs. Instead of resetting config.boot to defaults and restoring backup and/or previous image this will speed up things significantly. Especially on remote locations one can instruct local staff to hold the button for 5-6 seconds and get the router to previous state in no time.

Investigate moving to Free Range Router

Submitted by - 4 weeks ago
Status: New Idea

Free Range Router (FRR) is a fork of Quagga maintained by the Linux Foundation.


Started by Qugga contributors including Cumulus Networks, 6Wind and BigSwitch this looks to be a faster developed and maintained fork of Quagga.


Has UBNT considered migrating to FRR? Or will UBNT wait for VyOS to change (If it does).



Enable hardware offloading with using iptables conntrack module

Submitted by - 3 weeks ago
Status: New Idea



I have a EdgeRouter PoE, and i need to use the conntrack iptables module.


The problem is that i use the conntrack iptables module the packets are not offloaded.


For example if i use a rule like:

iptables -A CHAIN -m state --state RELATED,ESTABLISHED -j ACCEPT

the packets are offloaded (i use the state iptables module)


but if i use a rule like:

iptables -A CHAIN -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

the packets are NOT offloaded (i use the conntrack iptables module)


Can you update the conntrack module so the packets are offloaded on EgdeRouter Max



SSL certs from https://letsencrypt.org

Submitted by -
Status: New Idea

I really would liek to see the end of Self-signed certs and implemnetion of https://letsencrypt.org for EdgeOS.

This would be great move in right direction for out of the box SSL.


Cake shaper support

Submitted by -
Status: New Idea

I would like to have support added for the Cake shaper (https://www.bufferbloat.net/projects/codel/wiki/Cake/). This shaper is working well for me with Smart Queue Management on LEDE 17.01 to eliminate bufferbloat (https://www.bufferbloat.net/projects/) better than the EdgeMax Smart Queue feature and fairly share bandwidth per LAN IP address rather than per connection on an ADSL2+ link. I have "dual-dsthost nat" set for the ingress queueing discipline and "dual-srchost nat" set for the egress queueing discipline.


sch_cake kernel module:



Patch to add cake support to iproute2:



QoS scripts:




I am using the layer_cake.qos script at the moment.

Export DPI data to unifi controller

Submitted by -
Status: New Idea


What I am asking is that knowing that the edgerouter X SFP has limited resources, could there be a way to export /push the dpi data into a stand alone unifi controller or cloud key that has more resources. I am happy with the edge router as it is I just would like to have the dpi data from the edge router show up in the unifi controller. all the configuration can stay with the edge router interface and cli just have an option to export the dpi data in a smiliar manner as the syslog.

GUI options for IPv6

Submitted by -
Status: New Idea

It would be useful for those of us not conversant with CLI, if the IPv6 Prefix Delegation could be changed within the GUI.


Thank you

Hardware offloading for QoS

Submitted by -
Status: New Idea

Apologies if this is a duplicate - I couldn't find it as a feature request although I found a few forum posts discussing it. Hardware acceleration for packets subject to QoS would be a very nice addition, especially for the ERL platform. Quick search for cavium documentation indicates the processor may include fixed function logic for QoS. Even only some QoS features could be supported it would still be a very nice inclusion.

better ipv6 GUI support

Submitted by -
Status: New Idea

ipv6 support in the GUI needs to be significantly improved. Specifically routing, as there is nothing at all.  

Update to OpenVPN 2.4.0 on Edgerouter

Submitted by -
Status: Accepted

Please update the OpenVPN version as the current server only supports TLS 1.0)



Edgerouter Centralized Management Console

Submitted by -
Status: Accepted

It would be nice to see something like AirControl or UniFi for managing / viewing multiple edge routers (centralized configuration backups, mass firmware updates, etc). Anything like this in the works? Maybe call it EdgeControl and mimic the functionality of AirControl?

Please publish SNMP MIBs

Submitted by -
Status: Accepted

EdgeSwitches currently support/use several standard MIBs, however there are some OIDs that are unique/proprietary to EdgeSwitches and are not defined elsewhere.


Observium and others apparently have obtained a set of EdgeSwitch MIBs, included as part of their (3rd-party) monitoring solution distributions but not otherwise available from UBNT directly.  The last count has almost 40 separate MIB files for EdgeSwitches.


There are now a pair of UniFi MIBs available and referenced in the release notes for current releases, but there do not seem to be any other MIBs available.


It seems most are searching for and using these 3rd-party references, but ideally UBNT should be providing these directly.  Perhaps another section on the product download pages for 'SNMP MIBS" in addition to the existing "Firmware" and "Documentation" sections could be added with this content?


Ability to configure SSH security parameters

Submitted by -
Status: New Idea

Currently EdgeOS still allows HMAC (message authentication code) algorithms that are considered weak and obsolete, including 'hmac-md5'.  Similarly CBC encryption ciphers are still allowed and are also considered weak and obsolete.  While there may be environments where these are required there should be the ability to disable these as appropriate.


As a more proper complete request the EdgeOS UI (BUI and CLI) should provide for the ability to configure:

  • Authentication methods
  • Encryption Cipher algorithms
  • Message Authentication Code (HMAC) algorithms

There is limited support for specifically disabling password-encryption but this request seeks more encompassing ability.


OSPF on EdgeSwitch

Submitted by -
Status: New Idea

Need OSPF on Edgeswitches for use in campus networks...