Reply
New Member
Posts: 2
Registered: ‎12-18-2016

Re: EdgeMAX EdgeRouter software version v1.10.8 has been released!

I'm finding the Hairpin (loopback or reflection) NAT stopped working in my configuration after updating from 1.9.1 to the 1.10.7.

Multiple vlans configured in my setup. After the upgrade, a client on the same vlan as the hairpin NAT resource is not able to access it, but from another vlan the harpin NAT was working.

I re-installed the 1.9.1 firmware and things recovered without any other changes. 

 

Is there any functionality changes in the hairpin NAT that require additional config in this fw release?   The most I've done to setup all my rules is check the box to enable hairpin NAT and create all the DNAT rules with "other, +" as the inbound interface. 

 

New Member
Posts: 2
Registered: ‎12-18-2016

Re: EdgeMAX EdgeRouter software version v1.10.8 has been released!

Apparently hairpin nat changes in v1.9.7 forward. https://community.ubnt.com/t5/EdgeRouter/1-9-7-hairpin-NAT-broken/td-p/2017210
I added snat/masq rules for all the destination addresses and that allowed the configuration to work with the new firmware. Rather annoying.
Emerging Member
Posts: 52
Registered: ‎01-13-2016
Kudos: 46

Re: EdgeMAX EdgeRouter software version v1.10.8 has been released!

1.10.8 runs unecessary daemons for services that aren't configured; example: https://community.ubnt.com/t5/EdgeRouter/v1-10-8-bug-ldpd-running-without-ldp-configured-or-enabled/...

New Member
Posts: 2
Registered: ‎12-27-2018

Re: EdgeMAX EdgeRouter software version v1.10.8 has been released!

My L2TP VPN broke after upgrading to 1.10.8.

Was working fine before upgrade. Now it dies on IPSec connection.

Emerging Member
Posts: 71
Registered: ‎03-26-2017
Kudos: 8
Solutions: 2

Re: EdgeMAX EdgeRouter software version v1.10.8 has been released!

Do you have UNMS enabled? If so - LLDP will start. See 2.0.0-b2 release notes about "set service unms lldp disable"
Emerging Member
Posts: 52
Registered: ‎01-13-2016
Kudos: 46

Re: EdgeMAX EdgeRouter software version v1.10.8 has been released!


@apevnev wrote:
Do you have UNMS enabled? If so - LLDP will start. See 2.0.0-b2 release notes about "set service unms lldp disable"

this is not that. Label Distribution Protocol (LDP) is implemented in ldpd. this has nothing to do with Link-Layer Discovery Protocol (LLDP). also, no, these devices are not talking to UNMS. 

Emerging Member
Posts: 71
Registered: ‎03-26-2017
Kudos: 8
Solutions: 2

Re: EdgeMAX EdgeRouter software version v1.10.8 has been released!

Ah, sorry I misread that Man Sad
Just checked mine - none of them run ldpd
New Member
Posts: 19
Registered: ‎12-16-2017

Re: EdgeMAX EdgeRouter software version v1.10.8 has been released!

[ Edited ]

I've returned to 1.10.7. With this 1.10.8 the router (Edgerouter Lite) seems to lose his ipv6 every few days.

 

Edit: Problem also seems to be present in 1.10.7.

New Member
Posts: 5
Registered: ‎10-23-2015

Re: EdgeMAX EdgeRouter software version v1.10.8 has been released!

Positive report here. 1.10.8 works fine for me with Erlite-3.

 

The below story tells about a problem that possibly was fixed by 1.10.8 (but it is not possible to prove it).

 

I recently switched to 100/100 fiber from DOCSIS 100/20. The new ISP was nice enough to bridge a port for free (without taking a monthly fee like some UK ISPs!) in the combined triple-play router/fiber converter (and they promised IPv6 being deployed in 2019).

 

I had an older firmware version installed, can't remember which. After a few days on fiber, the WAN interface suddenly lost its IP address. It has never happened before, as long as I can recall. Toggling WAN off and on again in the Erlite-3 restored the IP address. There was nothing in the logs that showed what the problem had been. Ran tcpdump to wireshark for DHCP for a day, but couldn't find anything odd.

 

Now I do have an IPv6 tunnel. Release notes for 1.10.8 says:

 

[DHCP] - Fix bug when DHCP client failed to restore IPv4 address after interface link flap if IPv6 address was configured on same interface

So I upgraded to 1.10.8 and it hasn't happened again (for about a month). Either it was a coincidence or the above fix in 1.10.8 solved the problem.

 

New Member
Posts: 36
Registered: ‎10-19-2014
Kudos: 15
Solutions: 1

Re: EdgeMAX EdgeRouter software version v1.10.8 has been released!

Could you explain what the new fan stuff is?  the notes didn't refrence anything.

 

 

  • [System] - Add support for new fan HW introduced in new ER-8-XG hardware revision
  • [FAN] - Improve fan control on ER-8-XG model (requires bootloader upgrade)

 

I imagine my er-8-xg isn't one of the new ones but I can provide my SN if that'd help.

 

is it auto throttling or something else?

 

New Member
Posts: 17
Registered: ‎12-28-2018

Re: EdgeMAX EdgeRouter software version v1.10.8 has been released!

Updated a new out of box ER-X last night to v1.10.8. Received a "Update Complete.. must Reboot" message then ER-x can not be connected to. 

 

Here is my complete description: https://community.ubnt.com/t5/EdgeRouter/Bricked-Edgerouter-X-updating-to-v1-10-8-Please-help/td-p/2...

 

Any ideas before I return it? 

Emerging Member
Posts: 85
Registered: ‎06-25-2015
Kudos: 26
Solutions: 1

Re: EdgeMAX EdgeRouter software version v1.10.8 has been released!

If you can SSH to it, change the default boot image back to the previous version and reboot.

New Member
Posts: 17
Registered: ‎12-28-2018

Re: EdgeMAX EdgeRouter software version v1.10.8 has been released!

Sorry because I'm quite new at this but do I need to open it and connect a console cable to SSH to it? 

Emerging Member
Posts: 85
Registered: ‎06-25-2015
Kudos: 26
Solutions: 1

Re: EdgeMAX EdgeRouter software version v1.10.8 has been released!

Let's go through the basics. Can you ping the router? If so, then you should be able to open an ssh connection to the router. This means either using a Unix/Linux machine OR using puTTY or installing the Windows Optional Component OpenSSH.

New Member
Posts: 17
Registered: ‎12-28-2018

Re: EdgeMAX EdgeRouter software version v1.10.8 has been released!

Thanks for following up iposner. 

 

See my results in image below for ipconfig

 

http://imgur.com/gallery/r4PgJIK

 

This is with the router connected to my PC and port eth0 

 

This is the same way it was connected when I was in the GUI.

Emerging Member
Posts: 85
Registered: ‎06-25-2015
Kudos: 26
Solutions: 1

Re: EdgeMAX EdgeRouter software version v1.10.8 has been released!

Sent you a private message.

New Member
Posts: 4
Registered: ‎12-29-2018

Re: EdgeMAX EdgeRouter software version v1.10.8 has been released!

Update is working fine for me both for Edgerouter X and Edgerouter Lite.

 

I wanted to do some offline pentesting and actually found both devices vulnerable.

It is "The Moon" exploit which linksys has a guide of fixing here: https://www.linksys.com/us/support-article?articleNum=136147

 

However in attempt to manually fix this issue, the router refuses to let me remove http port for gui (maybe that won't even fix the issue?)

 

Any plans on closing this exploit?

Emerging Member
Posts: 85
Registered: ‎06-25-2015
Kudos: 26
Solutions: 1

Re: EdgeMAX EdgeRouter software version v1.10.8 has been released!

Have you tried pinging the router? Presumably your router interface is 192.168.1.1, so try running "ping 192.168.1.1"

 

Senior Member
Posts: 3,234
Registered: ‎08-06-2015
Kudos: 1383
Solutions: 186

Re: EdgeMAX EdgeRouter software version v1.10.8 has been released!

@milez_teg -

 

How do you know your ER is "vulnerable"?  "The Moon" is unique and specific to old Linksys routers and has nothing to do with EdgeRouters.

 

Scanner software produces reports that should then be used as guidance for further investigation and evaluation.  They should not be taken as a golden definitive.  In this case you'll need more details from your pentest to understand why it reports the ER as vulnerable, from which you can then investigate further to see if additional action is required or if this is a false-positive.

 

You would use the native firewall capabilities to protect your router, especially on any external-facing (untrusted) interfaces.

 

Did you use any of the wizards as a starting point for your configuration?  You can (and should) enable a default firewall configuration using those which will protect your router, and you can build upon that configuration further as needed.

 

New Member
Posts: 17
Registered: ‎12-28-2018

Re: EdgeMAX EdgeRouter software version v1.10.8 has been released!

[ Edited ]

I will reconnect and try this when I get home from work today. I found a forum thread where 3 people bricked their ER-x after the firmware update and they all were able to reconnect after leaving it unplugged for a day.  They said it had to "rest" lol. 

 

That thread is here: https://community.ubnt.com/t5/EdgeRouter/EdgeRouter-X-bricked/td-p/1593241

Reply