EdgeMax software release v1.2.0

by Previous Employee UBNT-ancheng on ‎07-09-2013 09:11 AM

EdgeMax software release v1.2.0 for EdgeRouter Lite and EdgeRouter PoE is now available from our downloads page: http://www.ubnt.com/download#edgemax.


This release adds support for the newly-announced EdgeRouter PoE model, new features, and enhancements and bug fixes. Many of these are inspired and contributed by the community, so thanks everyone for your participation and contributions! Icon Smile



[Release Notes v1.2.0]


Changes since v1.1.0

New features

  • Add support for new EdgeRouter PoE features (our Web page has more information including documentation for the EdgeRouter PoE).
  • [HW acceleration] Add hardware acceleration support for IPv6 forwarding. It is disabled by default and can be enabled using the "system ipv6-offload enable" setting.
  • [PBR] Add support for per-connection load balancing using connection marking and probabilistic matching


Changes and bug fixes

  • [HW acceleration] Improve offload algorithms for timeout-sensitive applications. This may resolve/alleviate the timeout-related issues of certain applications reported previously.
  • [HW acceleration] Improve offload algorithms for some netfilter operations
  • [PPPoE] Add pppd-related attributes to RADIUS dictionary to support RADIUS Interim Accounting Updates (RFC 2869). This was suggested and tested by community members (see this thread)!
  • [PPPoE] Allow specifying MTU 1500 for PPPoE client (RFC 4638). Note that there are still issues on the PPP side, and therefore using MTU 1500 may not work in some environments.
  • [PPPoE] Allow VLAN interfaces to be used for PPPoE server
  • [PPPoE] Don't set mru option if MTU is 1500, which enables RFC 4638 support (MTU 1500 for PPPoE) in some environments according to forum reports
  • [PPPoE] Add IPv6 settings for PPPoE client interfaces, which allows a PPPoE client interface to work with IPv6 address according to forum reports
  • [PPP] Enable IPv6 support in pppd build
  • [IPv6] Add free-form "radvd-options" setting for radvd configuration. This may be useful for users who need to use certain radvd options that are not yet in the CLI configuration (e.g., as discussed here and here), for example:
    set interfaces ethernet eth0 ipv6 router-advert radvd-options "RDNSS 2620:0:ccc::2 2620:0:ccd::2 { };"
  • [NetFlow] Add 'ingress-capture' setting for configuring where flows are captured. This is also suggested by community members in this thread.
  • [CLI] Remove unnecessary quotes from config "commands" output, for example, the output of the "show configuration commands" operation command (previously all words are quoted; now only the values are)
  • [DNS forwarding] Add "options" configuration setting to allow any dnsmasq options to be set from the configuration, for example, 
    set service dns forwarding options "server=/remote.local/"
  • [Webproxy] Add support for using free blacklist for URL filtering, which supports blocking based on URL categories defined in the blacklist
  • [Interface] Fix validation for duplicate IP address on bridge, tunnel, loopback, and pseudo-ethernet interfaces
  • [Interface] Disallow deleting physical interfaces from configuration. This prevents accidental deletion and is implemented after discussions with community members.
  • [Bridging] Fix offload-related performance issue with certain bridged interfaces. This should provide more consistent performance for all bridged interfaces.
  • [System] Fix CVE-2013-1427 for lighttpd
  • [System] Fix "rename system image" command
  • [PPTP] Fix attribution for PPTP client scripts/templates
  • [Web UI] Add support to show kernel routes in the Routing tab
  • [Web UI] Fix a corner case where UI may stop working after some time (e.g., days). Several community members have reported such behavior (for example this thread), and this fix may resolve the issue.
  • [Web UI] Allow specifying range of one IP for DHCP server
  • [Web UI] Allow specifying /31 addresses to interface
  • [Web UI] Fix some cosmetic issues (labels, widths, etc.)
  • [QoS] Fix commit error with active PPPoE interface
  • [Firewall] Fix commit error when applying ruleset whose creation fails
  • [Firewall] Fix handling of port names with dash
  • [Firewall] Fix "show firewall modify" command
  • [IPsec] Fix CVE-2013-2944 for strongSwan
  • [DHCP] Fix subnet validation to allow non-existent subnets, permitting DHCP relay operation, for example
  • [DHCP] Add validation to require balanced quotes in free-form parameters


Updated software components

  • Add wide-dhcpv6-client package. Note that there is no configuration support for this in the CLI yet. However, several community members have reported successes with this package (for example see discussions here and here) which is why we are including it.
  • Update krb5 to 1.8.3+dfsg-4squeeze7: Fix CVE-2002-2443
  • Add the "mtr" application
  • Update PHP to 5.3.22
  • Update bind9 to 1:9.7.3.dfsg-1~squeeze10: Fix CVE-2013-2266
  • Update curl 7.21.0-2.1+squeeze3: Fix CVE-2013-1944
  • Update ddclient to 3.8.1-1. This brings ddclient more up-to-date with better support for more providers (for example as tested by the community in this thread).
  • Update libxml2 2.7.8.dfsg-2+squeeze7: Fix CVE-2013-0338, CVE-2013-0339