Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

New Idea

OpenVPN hardware offload support

Submitted by -
Status: Invalid

To increase the throughput on OpenVPN connections I'd love to see hardware offloading of OpenVPN connections


Submitted by -
Status: Invalid

add GUI for openvpn server configuration.

Add UniFi Controller in the EdgeRouters

Submitted by -
Status: Invalid

It should be very helpfull to add the UniFi Controller application/tool to the EdgeRouters,

so you can manage your network and your wifi accesspoints from one GUI within the router.

Something as install a package to de edgerouter to add Ubifi controller.


Now I'm forced to use a dedicate device for the UniFi Controller application and leave it on.




Speed up DHCP server

Submitted by -
Status: Invalid

Is there anything that can be done to improve the response of the DHCP server? It can take up to 20 seconds to pick up an address. It has always been very slow with the Edge routers. I just plugged into a venue network and got an address instantly.

While we are on that subject, the ability to delete an address from an existing DHCP lease would be really useful too.


IPSEC VPN bug in EDGEOS post 1.7

Submitted by -
Status: Invalid

In verions 1.7 and earlier of the OS I can backhaul all VPN traffic with the following line;


set vpn ipsec site-to-site peer tunnel 1 remote prefix


In >= 1.8 that configuration breaks local connectivity. While logged into the WAN interface of the ERL all traffic initiated from the ERL to the remote site and to sites on the Internet go through the VPN.


The clients in the LAN behind the ERL become almost entirely isolated.

  • They can't ping the ERL or anything beyond it.
  • Capturing packets on the ERL reveals lots of inconsistencies. Sometimes the entire session is seen, sometimes half the session is seen, and sometimes nothing is seen.
  • When no traffic is passing the ERL I've also noticed that the ERL and the clients lose the MAC for each other.
  • Something on the LAN interface seems to go ito blocking mode.
  • Also the ERL tries to route all traffic from the ERL to the internal clients out the static (and only) default gateway.


The goal is to disable NAT and go over the VPN. I want the remote site to be able to see each of the client IP addresses. For now I have reverted to 1.7 as it is the last version that does not display the aforementioned behaviour.


I do have an environment where I can supply more data if it will help get this fixed in an upcoming release. 

Inbound icmp-ipv6 rule not working by default

Submitted by -
Status: Invalid

I've fixed this issue on my edge router lite, but I though you might want to include it with the default firewall n the next release.

The default firewall has the following rule on the inside LAN interface but not on the WAN interface, and this blocks IPv6 ICMP:

rule 30 {
action accept
description "Allow IPv6 icmp"
protocol ipv6-icmp

The rule needs to be present on both interfaces for ICMP to work

Update Quagga to at least version

Submitted by -
Status: Invalid

The current version of Quagga in EdgeOS 1.7 does not support Point-to-Point interfaces for OSPFv3 (patch). Quagga received lots of changes for ospf6d. Debian Jessie also includes Quagga IIRC EdgeOS still uses and an update would be great.

NAT order of operations

Submitted by -
Status: Invalid

NAT can not be first on incoming packet and last on outgoin packet. It is crucial for security that FW is first (for incoming) and last (for outgoing packets). 

EdgeRouter PRO 6 Additional Features

Submitted by -
Status: Invalid

Addtional Software Features besides the hardware improvements EX:


  • Gateway Anti-Malware, Intrusion Prevention, Application Intelligence and Control
  • Content Filtering Service
  • Enforced Client Anti-Virus and Anti-Spyware service via 3rd party service
  • Comprehensive Anti-Spam Service



Shorewall out of the box?

Submitted by -
Status: Invalid

I have a very new ERP5, and I was going crazy trying to get the firewall configured using iptables via the GUI, until a friend suggested I try Shorewall.  I installed Shorewall, and an hour of work later I was online and routing traffic.  What's the possibility of replacing iptables with shorewall right out of the box?  The rule syntax for iptables is cryptic, opaque, and counter-intuitive; Shorewall's syntax is intuitive and logical, and the way Shorewall interfaces to netfilter is not handicapped by using ipchains compatibility mode as iptables does.

(For that matter, iptables is about to be obsoleted in favor of nftables anyway.)

Load balancing ToughSwitch ubnt

Submitted by -
Status: Invalid

The ToughSwitch have any option for load balancing as bringing some models of Cisco swicht? Latest processes as CEF (Cisco Express Forwarding) switching allow you to roll and package destinations faster, but it means that we use more resources to maintain and adjacencias CEF entries.

I could add that function to the Aryans if the hardware allows it to be a success so we could get much more out

Tilera Based EdgeMax Router

Submitted by -
Status: Invalid

I would like to see a routing platform based off of the tilera platform. I was really hoping to see some use of the tilera platform in previous products. Any chance UBIQUITI will develope a router based on the Tilera Platform?

0 Kudos

IPSEC with overlapping subnets

Submitted by -
Status: Invalid



as discussed in the following threads:




it seems that routing of overlapping subnets is broken since Firmware 1.7.0

It would be nice if it can be fixed / implemented properly again.


0 Kudos

ARm 7+ processor in edge hardware?

Submitted by -
Status: Invalid

any plans to release versions of edgemax  using an arm processor.


There is very little software support for the processor you use. 


Really want to run docker and a nginx reverse proxy container on my gateway.  I can do that on any arm7+ box easily.



0 Kudos

support mikrotik

Submitted by -
Status: Invalid

Good, this is the first time I use the forum and hope to do it correctly .... for you can help me.
We have acquired this model to replace CCR1036 MKT located booth towers communication, problems negotiating interfaces, due to the radio frequencies that are introduced through the Eth cables (due to the cable length used) to manage UBK antennas located on top of the towers.
This model provides us with both 24v and 48v current, as Eth connectivity and Fc and OSPF, MPLS, VLPs required for network connectivity protocols and works very well (we currently start production)
The problem we have is that now we can not access the following devices from the UBK, ie, we have a PowerBox Mkt in one of its outputs, connected through OSPF, whose BGP / VPLS arrives perfectly at central and traffic passes properly, but we can not manage from the central (MKT Edge Router) but arrived perfectly to your IP.
MKT RBorde -> UBK EdgePoint -> MKT PowerBox
It may be some configuration in the UBK we have not taken into account missing?

I await your answers. Thank you very much.

0 Kudos

Cable Test in Edgerouter GUI

Submitted by -
Status: Invalid

I am looking now for an hour how to cable test with the ERPOE. I am sure there was a way to do it with the CLI, but I can't figure it out - so I thought - wouldn't that be lovely to have in the GUI.

0 Kudos

Balanceo de Carga

Submitted by -
Status: Invalid

Seria genial contar con un BALANCEO DE CARGA MODO GRAFICO, para apoyar a usuarios basicos.! 

0 Kudos

Edgerouter X SFP -- control voltage on POE

Submitted by -
Status: Invalid

So I know it can be set up to output 24V.  What about a control to set the output to less than 24V?


I have some devices that need 5V, it would be cleaner to get it's power from its ethernet connection. Less wallwarts is good.



0 Kudos

We need a new product ? or already exists options..

Submitted by -
Status: Invalid

Hello everyone,


Is my first post and I hope to get made understand translating into english.
We want to upgrade whole system from AirMax M to AirMax AC and got to the point when we need a product that provide the option to connect several clients on one CPE ( ex: NanoBeam AC / 1 gig port / all AC have 1 port  ).
To explain what problems we face and why I believe it would be necessary a new type of product ( if not already it is and we know not ).
In buildings with multiple tenants hardly give us consent to install an antenna above but does not accept to give us the power  and saying they do not want to pay for us to provide services to 1 or 5 clients from possible 20 residents so neither can install four antennas for 4 clients.
What we miss it would be a ( 5 / 8 port ) gigabit PoE + switch / unmanaged but with option ( similar new EdgeRouter X )
- 5 port - 4 port POE IN / 1 port POE OUT - POE passthrough 
- 8 port - 7 port POE IN / 1 port POE OUT - POE passthrough
We will install at each client one gigabit POE, and in any case if the other three clients ( form four ) are away and stopped power to be not problem feeding the CPE .
The most used product on costumer site is NanoStation M5 that connect smoothly by 2 customers, and when we have 4 Client we install 2 of them using both ports.
Now to change with new AC, where we have 2 ( NanoStationM5 )  installed will have to install four NanoBeam AC ? ( will not be possible ).
So what options do I have now 
Someone else arrived at the same point where we got now? and if yes what product or what method used .. if possible.
Thanks in advance.
Best regards,
0 Kudos

switch from uClibc to *musl libc*

Submitted by -
Status: Invalid

musl libc is lighter/faster/becoming popular than uClibc.


Here's the comparison:




musl provides consistent quality and implementation behavior from tiny embedded systems to full-fledged servers. Minimal machine-specific code means less chance of breakage on minority architectures and better success with “write once run everywhere” C development.

musl's efficiency is unparalleled in Linux libc implementations. Designed from the ground up for static linking, musl carefully avoids pulling in large amounts of code or data that the application will not use. Dynamic linking is also efficient; by integrating the entire standard library implementation, including threads, math, and even the dynamic linker itself into a single shared object, most of the startup time and memory overhead of dynamic linking have been eliminated.

musl features the first post-NPTL implementation of POSIX threads for Linux, and the first aimed at complete conformance and robustness. Thread cancellation has been re-designed to avoid serious race conditions in the original NPTL design. As for efficiency, the whole threads implementation weighs in at around 10-20k depending on target architecture and compiler settings.

Not only the threads implementation, but all code in musl has been designed for realtime-quality robustness. Low-memory or resource exhaustion conditions are never fatal. musl has no unnecessary dynamic allocation and no unrecoverable late failures. All error conditions can be detected and handled by applications; interfaces for which an application could not reasonably handle failure do not fail.

Using musl maximizes application deployability. Its permissive MIT license is compatible with all FOSS licenses, static-linking-friendly, and makes commercial use painless too. Binaries statically linked with musl have no external dependencies, even for features like DNS lookups or character set conversions that are implemented with dynamic loading on glibc. An application can really be deployed as a single binary file and run on any machine with the appropriate instruction set architecture and Linux kernel or Linux syscall ABI emulation layer.

Finally, musl has simple source code and source tree layout, so it’s easy to customize or track down the cause of unexpected behavior or bugs, or simply learn how the library works.