EdgeMAX EdgeRouter software release v2.0.1

by Ubiquiti Employee 4 weeks ago - last edited Wednesday

New release v2.0.1 is available here:




Note: The ER-X/ER-X-SFP/EP-R6 has more limited storage, and in some cases, an upgrade may fail due to not enough space. If this happens, remove the old backup image first (using "delete system image" command, see here for more details) before doing an upgrade.


[Release Notes v2.0.1]




Changes since v2.0.0


New features:

  • n/a

Enhancements and bug fixes:

  • !!! [Offloading] - Fix regression in v1.10.2 when offloading on Cavium-based routers would stop functioning after 1 month of uptime. Discussed here
  • [Offloading] - Fix bug when offloading did not work on ER-12
  • [Offloading] - Fix regression in v2.0.0  when hwnat throughput on ER-X is not consistent and CPU-load is very "jumpy". Discussed here
  • [Firewall] - Setup wizards now enable default IPv6 firewall to protect ER from being discoverable from WAN via IPv6 link-local address
  • [Firewall] - Fix regression in v2.0.0 when firewall did not match related flows of FTP/SIP/PPTP... and many other protocols. Discussed here
  • [Firewall] - Fix regression in v2.0.0 when firewall on bridge interface did not work. Discussed here and here
  • [Interface] - Set physical link of ethernet interface to DOWN when disabling interface from CLI or WebGUI. Discussed here and here
  • [Discovery] - Restore pre-v2.0.0 functionality when unicast UDP discovery message from WAN were ignored. This is needed to protect ER from being used for amplification DDoS attacks if firewall was not configured
  • [IPv6] - Fix regression in v2.0.0 when radvd crashed if OpenVPN interface was configured. Discussed here
  • [IPv6] - Fix bug when DHCPv6 client would stuck when running "release dhcpv6 interface" if IPv6 address was not acquired
  • [IPv6] - Fix bug when IPv6 address auto-configuration doesn't work upon reboot. Discussed here and here
  • [OSPFv3] - Fix "command not found" error when setting OSPFv3 interface
  • [DHCPv6] - Fix bug when DHCPv6 lease file were preserved when deleting DHCPv6 server configuration
  • [Config] - Fix regression in v2.0.0 when firewall configuration was slower when DNS server was not reachable. Discussed here
  • [Config] - Refactor legacy code that used to slow down system boot. Discussed here
  • [QoS] - Fix bug when new 'egress-qos' settings would not be reapplied until system reboot
  • [DHCPv6] - Fix bug when DHCPv6 would keep old address if DHCP pool range would change
  • [CLI] - Increase CLI auto-completion buffer size. Discussed here
  • [Tech-Support] - Hide configured password when running "show tech-support" CLI command
  • [IPSec] - Fix bug when IPSec log-rotation failed 
  • [Webproxy] - Fix regression in v2.0.0 when webproxy configuration failed. Discussed here
  • [Logging] - Set 2Mb systemd log file limit on ER-X/ER-X-SFP/EP-R6
  • [Interface] - Fix regression in v2.0.0 when ethernet interface on ER-X would randomly stop passing traffic after 1-5 days of uptime. Discussed here
  • [Interface] - Fix bug when VLAN on bridge interface would not work on ER-12/ER-12P
  • [Interface] - Fix regression in v2.0.0 when VLAN with  'vlan-aware' would not work correctly on ER-X. Discussed here
  • [Interface] - Fix regression in v2.0.0  when "unregister_netdevice" kernel error when ECMP routes were configured and hwnat enabled on ER-X. Discussed here
  • [Interface] - Fix bug when packets greater than 1500 would not pass on ER-X even if MTU was correct
  • [PPPoE] -  Fix regression in v2.0.0 when PPPoE did not work if switch0 is enabled on ER-PoE. Discussed here
  • [Boot] - Fix multiple minor errors that were reported on ER-X during boot. Discussed here
  • [Kernel] - Restore "modules.order" file on ER-X which is needed when installing 3rd party kernel modules. Discussed here

Known issues:

  • IPSec offloading does not work on ER-X/ER-X-SFP and EP-R6.
  • !!! [UPDATE] Hardware NAT offloading can cause stability issues on ER-X/ER-X-SFP and EP-R6. Consider disabling hardware NAT offloading before upgrade.
  • [UPDATE] Forwarding performance of v2.0.x firmware is a little bit worse than in v1.10.x (more CPU load and less throughput) which is more noticable on low-power ER models. Consider following CPU-load + Mbps comparison:
* ER-X-SFP (offloading):     25% CPU +  980 Mbps in `v1.10.8` vs  29% CPU +  973 Mbps in `v2.0.1`
* ER-X-SFP (no-offloading): 100% CPU +  517 Mbps in `v1.10.8` vs  76% CPU +  749 Mbps in `v2.0.1`
* ER-Lite (offloading):      55% CPU + 1980 Mbps in `v1.10.8` vs  58% CPU + 1970 Mbps in `v2.0.1`
* ER-Lite (no-offloading):  100% CPU +  209 Mbps in `v1.10.8` vs 100% CPU +  208 Mbps in `v2.0.1`

Updated software components:

  • ISC DHCP 4.1-ESV-R15
  • apt 1.4.9
  • apt-transport-https 1.4.9
  • base-files 9.9+deb9u8
  • curl 7.52.1-5+deb9u9
  • gnupg 2.1.18-8~deb9u4
  • gnupg-agent 2.1.18-8~deb9u4
  • gpgv 2.1.18-8~deb9u4
  • libapt-pkg5.0 1.4.9
  • libc-bin 2.24-11+deb9u4
  • libc6 2.24-11+deb9u4
  • libcurl3 7.52.1-5+deb9u9
  • libcurl3-gnutls 7.52.1-5+deb9u9
  • libgnutls-openssl27 3.5.8-5+deb9u4
  • libgnutls30 3.5.8-5+deb9u4
  • libpam-systemd 232-25+deb9u9
  • libpython2.7-minimal 2.7.13-2+deb9u3
  • libpython2.7-stdlib 2.7.13-2+deb9u3
  • libseccomp2 2.3.1-2.1+deb9u1
  • libssl1.0.2 1.0.2r-1~deb9u1
  • libssl1.1 1.1.0j-1~deb9u1
  • libsystemd0 232-25+deb9u9
  • libudev1 232-25+deb9u9
  • linux-igd 1.0+cvs20070630-5+deb9u1
  • mgetty 1.1.36-3+deb9u1
  • multiarch-support 2.24-11+deb9u4
  • openssh-client 1:7.4p1-10+deb9u6
  • openssh-server 1:7.4p1-10+deb9u6
  • openssh-sftp-server 1:7.4p1-10+deb9u6
  • openssl 1.1.0j-1~deb9u1
  • openvpn 2.4.0-6+deb9u3
  • python2.7 2.7.13-2+deb9u3
  • python2.7-minimal 2.7.13-2+deb9u3
  • ssh 1:7.4p1-10+deb9u6
  • systemd 232-25+deb9u9
  • systemd-sysv 232-25+deb9u9
  • tzdata 2018i-0+deb9u1
  • udev 232-25+deb9u9

Bootloader enhancements and fixes:

  • Upgraded bootloader for ER-4/ER-6/ER-12 to fix random bug when Ethernet ports did not pass traffic after reboot.