Reply
Ubiquiti Employee
Posts: 1,228
Registered: ‎07-20-2015
Kudos: 1444
Solutions: 81

EdgeMAX EdgeRouter software version v1.9.7+hotfix.1 has been released!

See release notes here:

https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-security-release-v1-9...

 

This is 1.9.7+hotfix.1 release fixes major bugs and security issues that were found in 1.9.7 release:

  • [UNMS] Fix bug when configuration was randomly reset to default values after upgrade if UNMS service was configured. Discussed here
  • [SSH] Fix security vulnerability via SSH when operator user was able to read/write configuration and gain full admin privileges
  • [OpenVPN] Backport patch for multiple OpenVPN vulnerabilities (CVE-2017-7508, CVE-2017-7520 and CVE-2017-7521). Discussed here.

 

Known major issues that are not yet fixed:

  • Load-balancing is broken. Discussed here

 

 

Established Member
Posts: 839
Registered: ‎10-13-2016
Kudos: 324
Solutions: 42

Re: EdgeMAX EdgeRouter software version v1.9.7+hotfix.1 has been released!

https://community.ubnt.com/t5/EdgeMAX/1-9-7-hairpin-NAT-broken/td-p/2017210/jump-to/first-unread-mes...

 

hairpin nat fix PLEASE

 

110+ sites / 100+ routers / 200+ switches / 300+ aps
UniFi / EdgeMAX / AirMAX / AirFiber
Emerging Member
Posts: 89
Registered: ‎04-13-2017
Kudos: 17
Solutions: 1

Re: EdgeMAX EdgeRouter software version v1.9.7+hotfix.1 has been released!

Ubiquiti Employee
Posts: 2,643
Registered: ‎05-08-2017
Kudos: 463
Solutions: 384

Re: EdgeMAX EdgeRouter software version v1.9.7+hotfix.1 has been released!

@phillipmcmahon I rolled back to an earlier version of EdgeOS and I did not see the NTP servers listed as well.

 

Which version were you using before v1.9.7 that showed the NTP servers in the GUI system tab?

 

Ben

 


 

Ben Pin | Ubiquiti Support

Emerging Member
Posts: 81
Registered: ‎07-30-2016
Kudos: 13
Solutions: 6

Re: EdgeMAX EdgeRouter software version v1.9.7+hotfix.1 has been released!

I've never seen the ntp servers exposed in the gui. What I did find is that one can customize the ntp server being queried with a simple configuration command in the cli:

set system ntp server *server of your choice*
Emerging Member
Posts: 89
Registered: ‎04-13-2017
Kudos: 17
Solutions: 1

Re: EdgeMAX EdgeRouter software version v1.9.7+hotfix.1 has been released!

ah ha. i don't know why but i just assumed this was an issue and hadn't yet rolled back to verify. my bad. thanks for taking the time to reply.

Member
Posts: 142
Registered: ‎09-03-2016
Kudos: 6
Solutions: 2

Re: EdgeMAX EdgeRouter software version v1.9.7+hotfix.1 has been released!

Doesn't really look like the hotfix is important for home users, so I suspect I'll hold off.

New Member
Posts: 31
Registered: ‎05-28-2017
Kudos: 12

Re: EdgeMAX EdgeRouter software version v1.9.7+hotfix.1 has been released!

Maybe you were thinking of the NTP settings in the config tree in the GUI?

 

Emerging Member
Posts: 81
Registered: ‎07-30-2016
Kudos: 13
Solutions: 6

Re: EdgeMAX EdgeRouter software version v1.9.7+hotfix.1 has been released!

Lastly, I just stood up a UNMS instance and you can input the ntp servers to be queried in the UI. UNMS looks pretty sweet!
Senior Member
Posts: 2,840
Registered: ‎05-19-2013
Kudos: 1252
Solutions: 26

Re: EdgeMAX EdgeRouter software version v1.9.7+hotfix.1 has been released!

'NTP Server(s)' setting have never been in the GUI since EdgeOS version 1.3.0 (or even earlier 1.2.x) except when the 'Config Tree' feature was introduced.
New Member
Posts: 9
Registered: ‎07-22-2015
Kudos: 2

Re: EdgeMAX EdgeRouter software version v1.9.7+hotfix.1 has been released!

For anyone wondering, i was able to upgrade from a ERX on 1.9.7 linked to UNMS to version 1.9.7+hotfix1 without losing the config. I had experienced losing the config previously by rebooting the router without knowing it was a bug till this release, but thankfully it upgraded and came back with this fw.
Emerging Member
Posts: 71
Registered: ‎05-24-2014
Kudos: 35
Solutions: 2

Re: EdgeMAX EdgeRouter software version v1.9.7+hotfix.1 has been released!


@UBNT-afomins wrote:

 

  • Load-balancing is broken. Discussed here

 

 


 

This is a show stopper.

 

And https://community.ubnt.com/t5/EdgeMAX/Fails-to-create-pid-file-if-pppoe-user-contains-slash-quot-quo... is not fixed, too.

 

Because version 1.9.7 contains fixes for security vulnarabilities and you're still struggling to fix all the broken stuff in 1.9.7 and therefore forcing customers to revert to version 1.9.1.1 you should add all the security related fixes to it and release a 1.9.1.2 until you get 1.9.7 fixed.

 

Sorry to say, but I've never seen a firmware version hiding so many show stoppers and I'm using your stuff many years now. You're doing too much stuff for such a small company. Focus and get your QC back on track. Please.

Emerging Member
Posts: 66
Registered: ‎12-15-2015
Kudos: 33
Solutions: 3

Re: EdgeMAX EdgeRouter software version v1.9.7+hotfix.1 has been released!

I'd install this new version on 2 devices :

  • erpoe : no (new) issue for now
  • erx : config marked as invalid after reboot

=>login ubnt@192.168.1.1

configure

load /config/config.boot.invalid.2017-08-07-2000

commit => success (weird, what was invalid ?), but can't login with my ssh key (properly imported with loadkey and works with exact same config on my erpoe), password login is ok

 

Double check ~/.ssh/authorized_keys => pub key is good
Verify sshd_config, same as erpoe's one

Check logs, no error (and no trace of any rejected key in auth.log !!)

Reboot and surpise !, my user id as changed from 1000 to 1002 (it's still 1000 on my erpoe)

 

 

admin@erx1:/config$ ls -lan /home/admin
total 12
drwxr-xr-x    3 1000     100            432 Aug  7 22:01 .
drwxr-xr-x    4 0        0              288 Aug  7 20:00 ..
-rw-r--r--    1 1000     100            220 Sep 25  2014 .bash_logout
-rw-r--r--    1 1000     100            265 Aug  3 12:27 .bashrc
-rw-r--r--    1 1000     100            675 Sep 25  2014 .profile
drwxr-x---    2 1000     100            232 Aug  7 22:01 .ssh
admin@erx1:/config$ ls -lan /home/admin/.ssh
total 4
drwxr-x---    2 1000     100            232 Aug  7 22:01 .
drwxr-xr-x    3 1000     100            432 Aug  7 22:01 ..
-rw-r-----    1 1002     100            832 Aug  8 23:45 authorized_keys
cat /etc/passwd
[...] admin:x:1002:100:Administrator:/home/admin:/bin/vbash

 

(fyi : my primary user is "admin" and I had deleted "ubnt" account)

 

Not a big deal to correct (sudo chown -R admin /home/admin) but that's a bug

Emerging Member
Posts: 56
Registered: ‎08-08-2017
Kudos: 6
Solutions: 1

Re: EdgeMAX EdgeRouter software version v1.9.7+hotfix.1 has been released!

I have an ER8 Pro running 1.9.7.  My ISP is Comcast and everything was running fine, including IPv6.  I upgraded to firmware 1.9.7+Hotfix.1 and now I get no IPv6 connection with Comcast.

 

I've rebooted the router a couple of times and no luck with getting IPv6 connectivity.  I'm attaching my Config.

 

Does this new firmware require any changes to IPv6 configurations?

 

Thanks,

MM

Attachment
Emerging Member
Posts: 56
Registered: ‎08-08-2017
Kudos: 6
Solutions: 1

Re: EdgeMAX EdgeRouter software version v1.9.7+hotfix.1 has been released!

Did some looking around and found this....

Mario@ER8-PRO:~$ tail -n 50 /var/log/dhcp6c.log
Aug/08/2017 19:09:00: dhcp6_ctl_init: bind(control sock): Address already in use
Aug/08/2017 19:09:00: client6_init: failed to initialize control channel
Mario@ER8-PRO:~$

Trying to figure out the fix for this.....
Emerging Member
Posts: 56
Registered: ‎08-08-2017
Kudos: 6
Solutions: 1

Re: EdgeMAX EdgeRouter software version v1.9.7+hotfix.1 has been released!

Got it figured out.... Need to add the following option to the WAN Interface...

ipv6 {
address {
autoconf
}

Now Comcast IPv6 on the WAN interface, as well as LAN interfaces working just fine...
New Member
Posts: 12
Registered: ‎05-30-2015
Kudos: 3

Re: EdgeMAX EdgeRouter software version v1.9.7+hotfix.1 has been released!

[ Edited ]
Member
Posts: 142
Registered: ‎09-03-2016
Kudos: 6
Solutions: 2

Re: EdgeMAX EdgeRouter software version v1.9.7+hotfix.1 has been released!

[ Edited ]

I decided "What the heck" and decided to update my ERL to 1.9.7+hotfix.1 after all.

I uploaded the file from a local machine through the GUI (using Chrome) and… it never completed (the little spinny just kept going and going and going…)

I quit Chrome and logged in via ssh and found this:

ubnt@ubnt:~$ add system image https://dl.ubnt.com/firmwares/edgemax/v1.9.7/ER-e100.v1.9.7+hotfix.1.5005851.tar
System has already been upgraded and need a reboot before upgrade
ubnt@ubnt:~$ show system image
The system currently has the following image(s) installed:

v1.9.7+hotfix.1.5005851.170803.0322 (default boot)
v1.9.7.5001798.170720.0132 (running image)

A reboot is needed to boot default image
ubnt@ubnt:~$ reboot
Proceed with reboot? [confirm][y]

Post-reboot everything came up just fine, so there is a bug of some sort in the 1.9.7 GUI where it can't tell when the upload of the .tar file from a local image is complete; the GUI just spins forever when in fact the new image has been loaded and needs the reboot to activate. Banghead

 

(Also, please fix the message; it should read the system "needs a reboot before upgrade.")

New Member
Posts: 8
Registered: ‎03-12-2017
Kudos: 1

Re: EdgeMAX EdgeRouter software version v1.9.7+hotfix.1 has been released!

[ Edited ]

I upgraded an ER-X today to the latest release, and the WAN kept going offline after a minute or two in a very basic default configuration that doesn't even have DHCP enabled.  In the end, I've determined that the device is no longer functional in the Load Balancing default wizard setup and the WAN will constantly stop routing traffic even though its status / DHCP address etc is normal.  Resetting the device to the default "basic setup" single WAN cfg using the same wiring cfg (two cables, just WAN & LAN in identical ports).  This firmware update is pretty terrible...

 

I also upgraded an ERL3 which I was using as a stand in for a Cisco RV320 at a SMB site which has zero stability issues but has performance bugs in its PPTP server (throughput is about 2.5x faster with the ERL3 on a 15Mb upload connection).  It became unstable after a few days once updated from 1.9.1.1 to 1.9.7, although not laughably unstable like these ER-X bugs.  I've reverted the site back to the slow but stable RV320 again, and from what I'm seeing here I doubt the new hotfix firmware is going to be enough of an improvement to be worth rolling the dice on swapping it back in.

 

On 1.9.1.1 with the ERL3, its DHCP server wouldn't pass the custom domain suffix to the LAN, so I had to reconfigure the network to move the services into a server when I implemented the ERL3 initially.  I was really surprised by such a basic functionality bug there, too.

 

Ubiquiti Employee
Posts: 1,228
Registered: ‎07-20-2015
Kudos: 1444
Solutions: 81

Re: EdgeMAX EdgeRouter software version v1.9.7+hotfix.1 has been released!


@LsiCorp wrote:

... I've determined that the device is no longer functional in the Load Balancing default wizard setup and the WAN will constantly stop routing traffic even though its status / DHCP address etc is normal. ...

 

I also upgraded an ERL3 which I was using as a stand in for a Cisco RV320 at a SMB site which has zero stability issues but has performance bugs in its PPTP server (throughput is about 2.5x faster with the ERL3 on a 15Mb upload connection).  It became unstable after a few days once updated from 1.9.1.1 to 1.9.7, although not laughably unstable like these ER-X bugs.  I've reverted the site back to the slow but stable RV320 again, and from what I'm seeing here I doubt the new hotfix firmware is going to be enough of an improvement to be worth rolling the dice on swapping it back in.

 

On 1.9.1.1 with the ERL3, its DHCP server wouldn't pass the custom domain suffix to the LAN, so I had to reconfigure the network to move the services into a server when I implemented the ERL3 initially.  I was really surprised by such a basic functionality bug there, too.

 


> .ER-X .. I've determined that the device is no longer functional in the Load Balancing default wizard setup and the WAN will constantly stop routing traffic even though its status / DHCP address etc is normal. ...

Yes, we are aware of this issue right now we are working on 1.9.7+hotfix.2 to fix it.

 

> ERL3 ...It became unstable after a few days once updated from 1.9.1.1 to 1.9.7

Could you plase elaborate what kind of stability issue did you notice on ERL3?

 

Reply