It would be nice to see something like AirControl or UniFi for managing / viewing multiple edge routers (centralized configuration backups, mass firmware updates, etc). Anything like this in the works? Maybe call it EdgeControl and mimic the functionality of AirControl?
Right now, there is a basic Setup wizard. What are required is basically Wizards to setup Site-2-Site VPN and also RemoteAccess VPN, this can be just a script that will basically just assume there is no VPN,etc in place at the moment. But it should also take care of Firewall,MTU, MSS,etc...
I just learned the EdgeMax software auto-adds my ISP's DNS servers to the resolv.conf file EVEN IF i have specified my own OPENDNS servers. Check your resolv.conf file. SURPRISE!!! Unwanted DNS servers!
agd@curtain:/etc$ cat resolv.conf
nameserver 220.127.116.11 # OPEN DNS Server 1
nameserver 18.104.22.168 # OPEN DNS Server 2
nameserver 22.214.171.124 #nameserver written by /opt/vyatta/sbin/vyatta_update_resolv.pl
nameserver 126.96.36.199 #nameserver written by /opt/vyatta/sbin/vyatta_update_resolv.pl
nameserver 188.8.131.52 #nameserver written by /opt/vyatta/sbin/vyatta_update_resolv.pl
Here is a thread and "working as designed" configmation from UBNT. I doubt many people know this is happening as it is not desired behavior for many of us. If we specify DNS servers to use, that means we probably don't want to use other ones!
Please add a GUI and/or CLI option to prohibit use of upstream DHCP DNS settings.
Please address ASAP UBNT.
+ ikev2 is better for mobile devices
+ ikev2 / eap-mschapv2 works out of the box with Windows, Windows Phone 8.1
+ Strongswan App on Linux, IOS and Android can be used
I was looking at the GUI today to see what IP addresses some of my devices were given. When looking at the leases in the GUI, it would very useful to see a device that should have a static IP address and be able to click on it (or some other GUI affordance) to convert it to a static assignment.
By doing this, the GUI would pre-fill out the MAC address so I don't have to copy and paste it. The GUI would pre-fill out the device name. The GUI would pre-fill out the IP address that is already assigned (well this part might not work since you don't want to statically allocate an address from the dynamic pool).
Anyway, this would be a useful, helpful feature.
I would like to see IKEv2 implemented among the other VPN options. It is a built-in client in Windows 7/8, and strongswan also came out with a very capable client for Android.
Since Strongswan 4.5.2 was incorporated, it should provide robust configuration options. Additionally, IKEv2 configured for remote access, should easily run alongside existing site-site and IKEv1 based RA settings.
Would be really useful to be able to monitor battery voltage on an EdgePower with DC PSU. The system log displays this info every minute.
All you need is to add snmp and some OID's for voltage, temperature, standby, live state, etc.
The major problem that we've encountered with these devices is the impossibility of routing several subnets or even default route to ipsec vpn. I suppose it wouldn't be too difficult to create a virtual interface similar to "tun" lets say "st" which could be bound by user to specific ipsec vpn and then static routes could be configured to it, e.g.:
"set protocols static interface-route 0.0.0.0/0 next-hop-interface st0" or
"set protocols static route 0.0.0.0/0 next-hop x.x.x.x" where x.x.x.x is an address from subnet configured on st0 interface
Limit internet time for children
In the router, there is an option to add MAC addresses that only get internet access during a certain time schedule, for example. Mondays-Fridays 08-21 and Saturday-Sunday 08-22:30. Only those MAC addresses are affected, so the rest of the family can work as usual. It should also work if the child's computers / ipad run Ethernet or WiFi.
Based on the post here, enchance the uPnP support.
1) Provide in the CLI the ability to see the current mapping activitated by uPnP and the device that configured those rules.
2)Provide the ability to reset all the uPnP rules and/or selectively delete them
3)Provide an option for the router to automatically delete them on reboot or retain.
Nice to have would be all this in the GUI as well as turning on / off uPnP in the GUI.
I would also recommending adding a warning when activating uPnP that it provides a security risk and it is not recommended.
It would be great if there was an option when creating a NAT rule to select an option (checkbox perhaps and the ability to choose protocol or a default to tcp) that, with the saving of the NAT rule, create a basic associated firewall rule in the cases where someone simply wants to open port 80 to the public they dont have to create both NAT and Firewall rule.
If one has something more complex in mind... don't check the box, or modify the associated firewall rule after it is created.
Create a standard NAT rule:
Destination port: 80
Translation: to 192.168.1.10
One would check the "create an associated 'accept' firewall rule"
The option to type in the protocol would appear (or be editable when the box is checked) and save the NAT rule which would create the associated firewall rule below:
Destination: address 192.168.1.10
New PortFowarding wizard changes should appear in the Firewall and Nat pages under the security tab.
I think it is unconvenient that firewall and NAT rules created by the port fowarding wizard do not appear in the associated GUI pages.
- UBNT-benpin on: PLEASE ADVISE IF THIS IS A VALID APP
- UBNT-benpin on: REQUEST- FULL ACCOUNT FEATURES UCRM
- DeviceLocksmith on: DNSMasq bind-dynamic
- wessel1512 on: CLI reference for EdgeRouter
- dan7 on: MAC address access-group and access-list
- brotherdust on: MP-BGP Support
- UBNT-benpin on: RPKI and MP-BGP support
- UBNT-benpin on: Ability to disable port forwards, rather then delete them
- ubentran1 on: Allow Cut And Paste in CLI
- UBNT-benpin on: No-op firewall rule action
- EDGEPOINT TO RACK
- Request - Dual Peers/Gateways for Site-to-Site VPN
- UPnP IPv6 Firewall Support (recompile miniupnpd with IPv6 features enabled)
- DPI Firewall Rule Reporting
- Split vyatta-router.service into separate systemd units
- BGP Route Origin Validation support
- Scheduled QOS
- PoE that supports 802.11at/af
- PLEASE ADVISE IF THIS IS A VALID APP
- REQUEST- FULL ACCOUNT FEATURES UCRM