Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

New Idea

RFC 6296 Support (IP6-IP6 Npt)

Submitted by - Wednesday
Status: New Idea

The title says it all.  This is needed to be able to use ipv6 in a dual WAN scenario.

Simply to Use Block/Black List for Emerging Threats using Multiple Sources (e.g. Spamhaus)

Submitted by -
Status: New Idea

I believe there are various threads in the EdgeMax forum discussing and making available various scripts to auto-populate and compile list of networks and addresses from various reliable sources such as SpamHaus to block.





Is it possible for UBNT to consider making this a feature available to all users who may not be skilled enough to do so manually?

DHCP Client - Set 802.1p QoS on requests

Submitted by - 3 weeks ago
Status: New Idea

Several ISPs (Google Fibre in the US, Orange in France) require that DHCP traffic have the 802.1p bit set for it to be recognized by the ONT. This is a requirement to replace the ISP-provided router by an Ubiquiti one.


At the moment, workarounds exist (e.g. Using a switch to set the DHCP QoS for Google Fiber, Same options in French, patching the router's DHCP client) but they are cumbersome and not user-friendly. Moreover, the switch-based workarounds are not compatible with a dual IPv4/IPv6 setup.


It would be great if the DHCP clients could be patched so as to allow users to configure its requests.

https and ssh enabled by default and update to support modern crypto for EdgeSwitch

Submitted by -
Status: New Idea

With the edge router this is already the case, the edge switch should be the same. With EdgeOS HTTPS is enabled with an auto generated 2048 bit SHA-256 cert and http -> https redirect, not the insecure manulaly generated 1024bit SHA-1 cert one has to specifically enable in edgeswitch. The EdgeSwtich should ship with secure defualts, not the very insecure defaults that take a fair amount of effort to try and make secure. SSH v1 should not be offered as an option, and the ability to use edsa or better ed25519 keys should be added. Disabling telnet by default would be a plus. 

Send DPI statistics to UniFi controller.

Submitted by -
Status: New Idea

Please allow for DPI data to be sent to the UniFi controller. I do not need to be able to make any changes from UniFi. I would just like to populate DPI statistics.

Include ZeroTier client and UI

Submitted by -
Status: New Idea

there is a similar request for USG:



ZeroTier is a VERY simple VPN/SDN client that is cross platform.  They have a debian jessie build for mips64 and the guys at zerotier are very responsive so I'm sure they'd work with ubiquiti to get a build going.  The configuration options are also very simple.  join, leave, and status so a UI would be cake.

L2TP over IPSec client implementation

Submitted by -
Status: New Idea

Dear all,


I would like to see the feature implemented of having an L2TP over IPSec client running on the EdgeRouter. We have serval instances where we need this for client implementation where native IPSec to IPSec is due to technical restriction on the remote end is not an option. My thoughts to the features would be:

- ideally configurable via GUI

- define specific remote networks for routing (or have them advertised by head-end)

- status shown in vpn section


I have also seen some others asking for such a solution in the forums, so I am hoping for some support for this implementation request.


Kind regards,



save pcap from GUI

Submitted by - 3 weeks ago
Status: New Idea



l love the option to take packet capture from GUI. 

Would be nice to have the option to save packet capture to the .pcap file.

I know we can get this done over the CLI, but GUI would be a better choice.





GUI options for IPv6

Submitted by -
Status: New Idea

It would be useful for those of us not conversant with CLI, if the IPv6 Prefix Delegation could be changed within the GUI.


Thank you

SSL certs from https://letsencrypt.org

Submitted by -
Status: New Idea

I really would liek to see the end of Self-signed certs and implemnetion of https://letsencrypt.org for EdgeOS.

This would be great move in right direction for out of the box SSL.


Request: More universal dyndns

Submitted by - 3 weeks ago
Status: New Idea

please change the dyndns gui (and cli) to:

Update-URL: [ ]*
*(replace the IP with <ip>, the username with <user>, the password with <password> and the ID or domain with<id>)
Username: [ ]
Password: [ ]
ID or Domain: [ ]

Thats much simpler as the current and usable with every dyndns service, for the common you can provide a dropdown menu with predefined urls.

With best regards Matthias Lönartz

Boot to alternate image using HW reset button

Submitted by -
Status: New Idea

Is it possible to change the HW reset button function such as


  1. Push-hold 1-5 seconds - reboot
  2. Push-hold 5-10 seconds - boot to alternate (2nd/previous) image (if exists of course) <- NEW FUNCTIONALITY
  3. Push-hold 10+ seconds - wipe/restore config.boot (same functionality as today)

I'd like to see this especially on ER models that don't have HW console port i.e. ER-X, ER-X-SFP and similar.


This will help with recovery of botched configs. Instead of resetting config.boot to defaults and restoring backup and/or previous image this will speed up things significantly. Especially on remote locations one can instruct local staff to hold the button for 5-6 seconds and get the router to previous state in no time.

Cake shaper support

Submitted by -
Status: New Idea

I would like to have support added for the Cake shaper (https://www.bufferbloat.net/projects/codel/wiki/Cake/). This shaper is working well for me with Smart Queue Management on LEDE 17.01 to eliminate bufferbloat (https://www.bufferbloat.net/projects/) better than the EdgeMax Smart Queue feature and fairly share bandwidth per LAN IP address rather than per connection on an ADSL2+ link. I have "dual-dsthost nat" set for the ingress queueing discipline and "dual-srchost nat" set for the egress queueing discipline.


sch_cake kernel module:



Patch to add cake support to iproute2:



QoS scripts:




I am using the layer_cake.qos script at the moment.

Make clock initialization more robust

Submitted by -
Status: New Idea

The way that Ubiquti devices store time for system clock initialization is prone to failure. Ubiquiti stores time in file content where other systems, such as OpenWRT/LEDE, update and restore from file modify timestamps. The later is much more likely to retain a valid value in the face of untimely power loss.


Case in point: today I had to troubleshoot a VPN client connection failure due to an existing but empty file at /etc/ubnt/last_time resulting in an initial system time of 1969-12-31.


Changing to metadata reference is fairly easy. See the patch below.


--- a/etc/init.d/ubnt-rcS
+++ b/etc/init.d/ubnt-rcS
@@ -29,8 +29,11 @@

   if [ ! -e "$LAST_TIME_FILE" ]; then
     echo '2015-01-01 00:00' >$LAST_TIME_FILE
+    touch --date='2015-01-01 00:00' $LAST_TIME_FILE
-  /bin/date -s "$(cat $LAST_TIME_FILE)" >/dev/null 2>&1
+  local last_time="$(date -r $LAST_TIME_FILE +%s)"
+  local sys_time="$(date +%s)"
+  [ $sys_time -lt $last_time ] && /bin/date -s @$last_time >/dev/null 2>&1

   mkdir /run/lock /run/sendsigs.omit.d /dev/shm/network
   touch /var/log/wtmp


To see how LEDE does it, take a look at their /etc/init.d/sysfixtime

OSPF on EdgeSwitch

Submitted by -
Status: New Idea

Need OSPF on Edgeswitches for use in campus networks...

EdgeOS support for Microwave Adaptive Bandwidth

Submitted by -
Status: New Idea

When a microwave link loses capacity (typically due to rain fade or interference) we should really make changes to both traffic shaping and load balancing.  Routing protocols don't really understand variable capacity links, so routers don't have the information they need to be able manage this condition.


Turns out Cisco and SIAE are already doing this.  They call it Microwave Adaptive Bandwidth.


Ubiquiti is one of few vendors selling (and controlling firmware for) both microwave radios and routers.  If EdgeOS were able to 'see' realtime link capacity on airFiber links, we could build higher capacity, more reliable networks.

Ability to configure SSH security parameters

Submitted by -
Status: New Idea

Currently EdgeOS still allows HMAC (message authentication code) algorithms that are considered weak and obsolete, including 'hmac-md5'.  Similarly CBC encryption ciphers are still allowed and are also considered weak and obsolete.  While there may be environments where these are required there should be the ability to disable these as appropriate.


As a more proper complete request the EdgeOS UI (BUI and CLI) should provide for the ability to configure:

  • Authentication methods
  • Encryption Cipher algorithms
  • Message Authentication Code (HMAC) algorithms

There is limited support for specifically disabling password-encryption but this request seeks more encompassing ability.


Export DPI data to unifi controller

Submitted by -
Status: New Idea


What I am asking is that knowing that the edgerouter X SFP has limited resources, could there be a way to export /push the dpi data into a stand alone unifi controller or cloud key that has more resources. I am happy with the edge router as it is I just would like to have the dpi data from the edge router show up in the unifi controller. all the configuration can stay with the edge router interface and cli just have an option to export the dpi data in a smiliar manner as the syslog.

Hardware offloading for QoS

Submitted by -
Status: New Idea

Apologies if this is a duplicate - I couldn't find it as a feature request although I found a few forum posts discussing it. Hardware acceleration for packets subject to QoS would be a very nice addition, especially for the ERL platform. Quick search for cavium documentation indicates the processor may include fixed function logic for QoS. Even only some QoS features could be supported it would still be a very nice inclusion.

GUI for OpenVpn

Submitted by -
Status: New Idea

GUI for simple setup of OpenVpn Server mode would be great. Nothing fancy, just similar to what DD-WRT support today. Ideally, L2TP, PPTP and SSTP with local users support. This will be great for SOHO.