Would be really useful to be able to monitor battery voltage on an EdgePower with DC PSU. The system log displays this info every minute.
All you need is to add snmp and some OID's for voltage, temperature, standby, live state, etc.
The firewall rule "ipsec match-ipsec" command allows matching ipsec traffic inbound-only via "-m policy --dir in --pol ipsec". There does not appear to be any way to filter traffic in the outbound direction.
This is a security issue because it means that there is (apparently) no way to prevent outbound IPSec traffic leakage when tunnels have gone down.
Current EdgeMax customers may, right now, be unwittingly sending unencrypted traffic which was meant to be encrypted.
Unless I am mistaken, this isn't just a feature request, this is an ongoing security threat to Ubiquiti customers.
Currently EdgeOS still allows HMAC (message authentication code) algorithms that are considered weak and obsolete, including 'hmac-md5'. Similarly CBC encryption ciphers are still allowed and are also considered weak and obsolete. While there may be environments where these are required there should be the ability to disable these as appropriate.
As a more proper complete request the EdgeOS UI (BUI and CLI) should provide for the ability to configure:
- Authentication methods
- Encryption Cipher algorithms
- Message Authentication Code (HMAC) algorithms
There is limited support for specifically disabling password-encryption but this request seeks more encompassing ability.
As mentioned in post https://community.ubnt.com/t5/EdgeMAX/Share-bandwidth-evenly-per-IP-address/m-p/1844147.
For example if my total download limit is 1000 kbit/s and I have two hosts on the network (host A and host B).
If host A is downloading a single file and host B is downloading a single file, each host should get 500 kbit/s.
If host A is downloading two files and host B is downloading a single file, each host should get 500 kbit/s, host A will get 250 kbit/s for each file download and host B will get 500 kbit/s for the download.
If only a single host is downloading, it should get the full 1000 kbit/s.
It can be easily configured on pfSense: https://www.gridstorm.net/pfsense-traffic-limiting-fair-share/
Using tc on Linux, it can be done using the following to limit outgoing traffic on eth0 to 1000 kbit/s and fairly share the allocated 1000 kbit/s per host regardless of number of connections opened by each host:
tc qdisc add dev eth0 root handle 1: htb
tc class add dev eth0 parent 1: classid 1:1 htb rate 1000kbit
tc qdisc add dev eth0 parent 1:1 handle 10: sfq perturb 10
tc filter add dev eth0 parent 1: protocol ip u32 match u32 0 0 flowid 1:1
tc filter add dev eth0 parent 10: protocol ip handle 10 flow hash keys nfct-dst divisor 1024
Essentially it is SFQ queue type with flow classifier set to assign packets to different flows based only on IP address (destination IP address in the above example) rather than source IP + source port + destination IP + destination port. This helps to avoid a single computer opening multiple connections to hog more bandwidth.
In comparison to HFQ, this works on subnets larger than /22.
Can you please add ip source guard feature to edgeswitches? Also DHCP spoofing with DHCP OPTION 82 (DHCP option 82provides additional security when DHCP is used to allocate network addresses. It enables the controller to act as a DHCP relay agent to prevent DHCP client requests from untrusted sources)
IP Source Guard is a security feature that restricts IP traffic on untrusted Layer 2 ports by filtering traffic based on the DHCP snooping binding database or manually configured IP source bindings. This feature helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host.
EdgeRouter Pro can and are often used as mission-critical routers in networks. It is a nice piece of hardware and the software make it a very viable alternative. It would be great to make the next generation of EdgeRouter Pro series power-redundant, so they can be connected to two power feeds at the same time.
This will help design fully-redundant networks, with both failure tolerance in case of one internal PSU failure as well as redundant and avoid SPoF design from a power perspective.
Many thanks and keep up the good work!
Would be nice to be able to see the PPPoE connection uptime. My old router running OpenWRT/LEDE firmware had this implemented. Any word on when we could see this on the EdgeOS platform?
New to this forum and I believe I posted in the wrong place originally.
HERE is my original post with some progress on a simple PPPoE uptime script.
I'd like to request that the 6rd functionality be extended to operate properly with a dynamic IP address. The current solution is to use a cron script to rewrite the configuration every 5 minutes, which isn't really that great. A forum member suggested some syntax that might work well. The best solution would be to have an ISP with dual-stack support, but that isn't always possible, sadly.
In 2013, there have been an increase in IPv6 deployments by ISPs globally. In the country where I resides in, all FTTH (Fiber-to-the-Home) ISPs/RSPs have deployed IPv6.
I believe it is becoming more and more important for routers to support IPv6, and likely to be essential in 2014. I would like to strongly suggest and request Ubiquiti team to look into having IPv6 Support in GUI as part of the 2014 roadmap.
EdgeMax Router Lite and POE are great routers in terms of performance and affordability. It is a pity that the shortfalls in GUI is keeping some not-as-savvy (knowledgeable but not good with CLIs) consumers away.
For a lot of customers we use the security gateway for some basic network setup. The main reason we choose for the SGW is because we can easily monitor the connection with a remote hosted unifi controller.
Now that the ER-X-SFP is here we would love to use that device to power the AP's at our customers.
Is it possible to add the posibility to register an edgemax router with the unifi controller to show up in the Network Health of the unifi controller. Preferrable with the speedtest function.
- eryp on: snmp for EdgePower
romiscuous PVLAN Trunk Ports
- waterside on: Allow custom SNMP parameters via CLI
- ZPrime on: Ethernet AGENT monitoring for UPS graceful shutdown
- UBNT-cmb on: UniFi not showing EdgeRouter X SFP
- UBNT-cmb on: DHCP server validation
n on group items
- UBNT-cmb on: Request: UniFi controller support in EdgeOS
IPSEC with overlappin
- snmp for EdgePower
romiscuous PVLAN Trunk Ports
- SECURITY ISSUE: Support iptables -m policy --dir out --pol ipsec
- DHCP Server Port-Based Address Allocation
- Request: ipv6 interface id setting
Request: Support autonegota
tion of speed/dupl ex on gigabit SFPs
- Ability to configure SSH security parameters
- Allow custom SNMP parameters via CLI
- Ethernet AGENT monitoring for UPS graceful shutdown