Emerging Member
Posts: 48
Registered: ‎10-16-2018
Kudos: 20
Solutions: 1

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!


@jbo55 wrote:
What is the advantage of upgrading to 2.0 (from 1.10.7) for a home user like myself ( ER4, a few VLANS, basic Firewall protection)?
Security updates? Overall improvement in router performance? Better interface? Quicker WLAN speeds? Why is Debian distribution Stretch better than Wheezy?

Right now there is no advantage for your case, only probably issues and if you are unaware of the differences then I strongly recommend you disregard V2.0.0 and update to 1.10.8. 

New Member
Posts: 4
Registered: ‎09-03-2017

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

Emerging Member
Posts: 82
Registered: ‎08-08-2017
Kudos: 12
Solutions: 1

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!


@bodean wrote:

@mxmartins wrote:

The issues with IPv6 RAs, and no IPv6 addresses on network devices, @UBNT-sandisn fixed the issue with radvd.  He provided a new version of radvd (https://community.ubnt.com/t5/EdgeRouter-Beta/EdgeMAX-EdgeRouter-firmware-version-v2-0-0-beta-2-has-...) that can used to replace the original radvd version (in usr/sbin).

 

I guess the fix will be incorporated in the next 2.0 release.

 

Thank you @UBNT-sandisn



@mxmartins wrote:

The issues with IPv6 RAs, and no IPv6 addresses on network devices, @UBNT-sandisn fixed the issue with radvd.  He provided a new version of radvd (https://community.ubnt.com/t5/EdgeRouter-Beta/EdgeMAX-EdgeRouter-firmware-version-v2-0-0-beta-2-has-...) that can used to replace the original radvd version (in usr/sbin).

 

I guess the fix will be incorporated in the next 2.0 release.

 

Thank you @UBNT-sandisn


I thought IPV6 was working on 2.0 (except for the ERX models)...?


@bodean

 

Regarding IPv6 working, partially would be the best way to describe it...

 

You may get an IPv6 address on your WAN interface, maybe some LAN interfaces as well  (there is an issue UBNT is aware of where with Comcast ISP even this does not work unless you release dhcpv6-pd on all interfaces, and then renew dhcpv6-pd on your WAN interface).

 

Additionally, the issue with the radvd service problem meant none of the devices connected to your LAN received IPv6 Router Advertisements, therefore, no IPv6 address on any LAN devices....

Member
Posts: 116
Registered: ‎12-21-2018
Kudos: 65

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

I am getting DHCPv6-PD /60 from ATT Fiber, with ER-4 connected straight to ONT, and sending RAs to clients on multiple VLANs with radvd with no issues. I had to use a newer wpa_supplicant to work around service startup race condition, but it has nothing to do with software included in 2.0. IPv6 works just fine for me.
Emerging Member
Posts: 75
Registered: ‎03-26-2017
Kudos: 9
Solutions: 2

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!


@DeviceLocksmith wrote:
I am getting DHCPv6-PD /60 from ATT Fiber, with ER-4 connected straight to ONT, and sending RAs to clients on multiple VLANs with radvd with no issues. I had to use a newer wpa_supplicant to work around service startup race condition, but it has nothing to do with software included in 2.0. IPv6 works just fine for me.

How did you get around the AT&T Modem? I tohught it was required? Or at least EAP Proxy is needed.

 

@mxmartins

I have IPv6 working no problem on multiple sites with ER4 and ER6p, mix of AT&T U-Verse (thru their BGW210-700) and Spectrum cable. I needed to "systemctl restart rtadvd" on one site to get rtadvd going properly though.

Member
Posts: 116
Registered: ‎12-21-2018
Kudos: 65

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

@apevnev I've developed a tool that converts EAP-TLS credentials from Motorola/Arris RG format into PEM files usable by wpa_supplicant. I am using wpa_supplicant for 802.1x authentication.

Emerging Member
Posts: 60
Registered: ‎01-01-2016
Kudos: 34
Solutions: 3

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

Jello!

 

The IPv6 router advertisements are dying for me too. ER-4 on Cox in NA. Offload on or off didn't matter. Reverting to 1.10.x made everything work again.

 

Looks like we are receiving the PD from upstream, as all the interfaces addressed themselves as ::1. Also, the ER-4 was not sending out RAs for my ULA address space either. I'm sure this will get ironed out soon.

Emerging Member
Posts: 55
Registered: ‎10-09-2014
Kudos: 4
Solutions: 1

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

The issues I've come across on v2.0 (including  betas) on my ER4 with zones and quite a lot of ACLs

 

* NAT seems broken. IPv4 does not route outside of the ER4 on some reboots. Usually if I reboot the device again it starts to work. ipv6 through a he.net tunnel works though.

 

*radvd seems semi-broken. it fails to announce to one of my networks on boot. If I manually restart the service after boot it announces OK again.

 

Might there be a race condition during startup perhaps? Feels like some services and maybe NAT starts up before all vif-interfaces are created.

New Member
Posts: 12
Registered: ‎07-05-2018

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

[ Edited ]

I think that RTSP is broken, I had it working with 1.10.8 but on 2.0.0 it does not work at all, I can't use my ISP VOD.

 

(Same config used)

New Member
Posts: 38
Registered: ‎03-16-2015
Kudos: 4
Solutions: 3

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!


@DeviceLocksmith wrote:

@apevnev I've developed a tool that converts EAP-TLS credentials from Motorola/Arris RG format into PEM files usable by wpa_supplicant. I am using wpa_supplicant for 802.1x authentication.


Would you be willing to share this tool with the community?  This is great news for ATT fiber users! (like myself)

New Member
Posts: 24
Registered: ‎10-13-2014
Kudos: 33

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

I updated one ER-Lite and one ER-4 device to 2.0.0 and there is a problem with OpenVPN. The push routes functionality is no longer working and I can find the following in /var/log/messages

Jan 20 19:56:36 ubnt openvpn[2660]: Profile/1.2.3.4 Options error: Unrecognized option or missing or extra parameter(s) in /var/run/openvpn/ccd/vtun0/Profile:1: push (2.4.4)
Jan 20 19:56:36 ubnt openvpn[2660]: Profile/1.2.3.4 Options error: Unrecognized option or missing or extra parameter(s) in /var/run/openvpn/ccd/vtun0/Profile:2: push (2.4.4)

 

The interfaces openvpn vtun0 config part looks like this:

encryption aes256
hash sha256
local-port 1194
mode server
openvpn-option --comp-lzo
openvpn-option "--push dhcp-option DNS 192.168.1.1"
protocol udp6
server {
     client Profile {
         push-route 192.168.1.0/24
         push-route 192.168.2.0/24
     }
     subnet 192.168.255.0/24
}
tls {
    ...
}

 

It looks like the push-route statements are not converted correctly. In /var/run/openvpn/ccd/vtun0/Profile, I can find the following:

push route 192.168.1.0 255.255.255.0
push route 192.168.2.0 255.255.255.0

But it should instead look as following:

push "route 192.168.1.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"

Also I think it is necessary for the openvpn-option setting to accept quotes, e.g.

set openvpn-option '--push "dhcp-option DNS 192.168.1.1"'

 

As a workaround, I currently edited /var/run/openvpn/ccd/vtun0/Profile manually and added the quotes. This fixed the problem and allowed me to connect to the devices in these subnets again. But this is probably gone after the next reboot..

 

If you are wondering about the 2.4.4 in the log messages at the top. I first updated openvpn to stretch-backports (from 2.4.0 to 2.4.4) which did not fix the problem, of course.

Emerging Member
Posts: 46
Registered: ‎11-04-2018
Kudos: 2
Solutions: 1

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

[ Edited ]

For me happened:

1x Raspberry Pi 3 did not get IP address..

2x Samsung LAN printer ML-2580N lost connection and did not get IP address..

 

I have ER-4 and using IPv4 with non advanced configuration.

 

Also router restarted by own after internet (PPoE) stopped working ...

 

So waiting for 2.0.1...

Emerging Member
Posts: 82
Registered: ‎08-08-2017
Kudos: 12
Solutions: 1

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!


@clemens wrote:

I updated one ER-Lite and one ER-4 device to 2.0.0 and there is a problem with OpenVPN. The push routes functionality is no longer working and I can find the following in /var/log/messages

Jan 20 19:56:36 ubnt openvpn[2660]: Profile/1.2.3.4 Options error: Unrecognized option or missing or extra parameter(s) in /var/run/openvpn/ccd/vtun0/Profile:1: push (2.4.4)
Jan 20 19:56:36 ubnt openvpn[2660]: Profile/1.2.3.4 Options error: Unrecognized option or missing or extra parameter(s) in /var/run/openvpn/ccd/vtun0/Profile:2: push (2.4.4)

 

The interfaces openvpn vtun0 config part looks like this:

encryption aes256
hash sha256
local-port 1194
mode server
openvpn-option --comp-lzo
openvpn-option "--push dhcp-option DNS 192.168.1.1"
protocol udp6
server {
     client Profile {
         push-route 192.168.1.0/24
         push-route 192.168.2.0/24
     }
     subnet 192.168.255.0/24
}
tls {
    ...
}

 

It looks like the push-route statements are not converted correctly. In /var/run/openvpn/ccd/vtun0/Profile, I can find the following:

push route 192.168.1.0 255.255.255.0
push route 192.168.2.0 255.255.255.0

But it should instead look as following:

push "route 192.168.1.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"

Also I think it is necessary for the openvpn-option setting to accept quotes, e.g.

set openvpn-option '--push "dhcp-option DNS 192.168.1.1"'

 

As a workaround, I currently edited /var/run/openvpn/ccd/vtun0/Profile manually and added the quotes. This fixed the problem and allowed me to connect to the devices in these subnets again. But this is probably gone after the next reboot..

 

If you are wondering about the 2.4.4 in the log messages at the top. I first updated openvpn to stretch-backports (from 2.4.0 to 2.4.4) which did not fix the problem, of course.


I thought this issue was resolved....  I ran into the same issue with the --push redirect-gateway statement....  All the OpenVPN commands that required the quotes around them were a problem...

 

You need to bring this issue to the attention of @UBNT-afomins ....  He should be able to get someone to look into it...

New Member
Posts: 2
Registered: ‎11-26-2018

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

[ Edited ]

@captainsteubing wrote:

I was somewhat surprised to see this release today, and was hoping I could use it. Hopefully this feedback can assist @UBNT-afomins.

 

Unfortunately I have to go back to v1.10.8 due to significant performance degradation with all of the 2.0 software versions. I've got a very simple configuration, no complexities. 1Gbps Fibre WAN connection, on eth5. and a /24 LAN on switch0.8.

 

HWNAT is enabled.

 

Running iPerf to an endpoint to a few hops away across the WAN connection.

  • v1.10.8 - 914Mbps down, 902 up (maxes out the WAN connection).
  • v2.0.0 betas & release - 426Mbps down, 151Mbps up.

 



Same issue with the ER12 with edgeos 1.10.8 I am maxing all ports at 945Mbps then install 2.0 firmware all my ports drop down to 600Mbps. This firmware needs more work there is no way this should be a release version.

New Member
Posts: 30
Registered: ‎08-01-2018
Kudos: 19

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!


@sgtwheats wrote:

@captainsteubing wrote:

I was somewhat surprised to see this release today, and was hoping I could use it. Hopefully this feedback can assist @UBNT-afomins.

 

Unfortunately I have to go back to v1.10.8 due to significant performance degradation with all of the 2.0 software versions. I've got a very simple configuration, no complexities. 1Gbps Fibre WAN connection, on eth5. and a /24 LAN on switch0.8.

 

HWNAT is enabled.

 

Running iPerf to an endpoint to a few hops away across the WAN connection.

  • v1.10.8 - 914Mbps down, 902 up (maxes out the WAN connection).
  • v2.0.0 betas & release - 426Mbps down, 151Mbps up.

 



Same issue with the ER12 with edgeos 1.10.8 I am maxing all ports at 945Mbps then install 2.0 firmware all my ports drop down to 600Mbps. This firmware needs more work there is no way this should be a release version.


 

Agree!  Where is 2.0.1 with the fixes already?!

Highlighted
New Member
Posts: 1
Registered: ‎02-07-2016

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

i upgraded on ER-6p to v2.0.0. Lost my webproxy config. When trying to commit initial setting (listen-address) it says squid.conf is not present, but when checking directory /etc/squid, squid.conf is present. cli and gui showing the same problem.

Emerging Member
Posts: 82
Registered: ‎08-08-2017
Kudos: 12
Solutions: 1

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!


@clemens wrote:

I updated one ER-Lite and one ER-4 device to 2.0.0 and there is a problem with OpenVPN. The push routes functionality is no longer working and I can find the following in /var/log/messages

Jan 20 19:56:36 ubnt openvpn[2660]: Profile/1.2.3.4 Options error: Unrecognized option or missing or extra parameter(s) in /var/run/openvpn/ccd/vtun0/Profile:1: push (2.4.4)
Jan 20 19:56:36 ubnt openvpn[2660]: Profile/1.2.3.4 Options error: Unrecognized option or missing or extra parameter(s) in /var/run/openvpn/ccd/vtun0/Profile:2: push (2.4.4)

 

The interfaces openvpn vtun0 config part looks like this:

encryption aes256
hash sha256
local-port 1194
mode server
openvpn-option --comp-lzo
openvpn-option "--push dhcp-option DNS 192.168.1.1"
protocol udp6
server {
     client Profile {
         push-route 192.168.1.0/24
         push-route 192.168.2.0/24
     }
     subnet 192.168.255.0/24
}
tls {
    ...
}

 

It looks like the push-route statements are not converted correctly. In /var/run/openvpn/ccd/vtun0/Profile, I can find the following:

push route 192.168.1.0 255.255.255.0
push route 192.168.2.0 255.255.255.0

But it should instead look as following:

push "route 192.168.1.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"

Also I think it is necessary for the openvpn-option setting to accept quotes, e.g.

set openvpn-option '--push "dhcp-option DNS 192.168.1.1"'

 

As a workaround, I currently edited /var/run/openvpn/ccd/vtun0/Profile manually and added the quotes. This fixed the problem and allowed me to connect to the devices in these subnets again. But this is probably gone after the next reboot..

 

If you are wondering about the 2.4.4 in the log messages at the top. I first updated openvpn to stretch-backports (from 2.4.0 to 2.4.4) which did not fix the problem, of course.


@clemens

 

I just looked at my ER8-XG configuration, and I have routes being pushed on my 3 OpenVPN configurations without any problem.

 

The only difference that I see is that I have my OpenVPN server pushing the routes. Not sure your config is doing that since your config looks a little different than mine....

 

Here what my OpenVPN config looks like:

 

Spoiler
openvpn vtun0 {
description "OpenVPN Server"
hash sha512
local-port 1194
mode server
openvpn-option "--tls-auth /config/auth/TLS-HMAC-AUTH.key 0"
openvpn-option "--keepalive 10 60"
openvpn-option "--push redirect-gateway def1"
openvpn-option --persist-tun
openvpn-option --persist-key
openvpn-option --tls-server
openvpn-option "--client-config-dir /config/auth/ccd"
openvpn-option "--server-ipv6 xxxx:xxxx:c001:9c66::/64"
openvpn-option "--push redirect-gateway ipv6"
openvpn-option "--cipher AES-256-GCM"
protocol udp
server {
domain-name ER8-XG-VPN0.home
name-server 10.8.0.1
push-route 192.168.1.0/24
push-route 192.168.10.0/24
subnet 10.8.0.0/24
}
tls {
ca-cert-file /config/auth/ca.crt
cert-file /config/auth/ER8-XG-VPN.crt
dh-file /config/auth/dh4096.pem
key-file /config/auth/ER8-XG-VPN.key
}
Member
Posts: 116
Registered: ‎12-21-2018
Kudos: 65

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!


@docjay wrote:

@DeviceLocksmith wrote:

@apevnev I've developed a tool that converts EAP-TLS credentials from Motorola/Arris RG format into PEM files usable by wpa_supplicant. I am using wpa_supplicant for 802.1x authentication.


Would you be willing to share this tool with the community?  This is great news for ATT fiber users! (like myself)


I have the latest version of the tool available for download at devicelocksmith.com.

 

 


@sgtwheats wrote:

Same issue with the ER12 with edgeos 1.10.8 I am maxing all ports at 945Mbps then install 2.0 firmware all my ports drop down to 600Mbps. This firmware needs more work there is no way this should be a release version.


No such issue here. I get full Gig in both directions on 2.0 using speedtest.net, just like on 1.10. ER-4, so same e300 platform as ER12.

Ubiquiti Employee
Posts: 1,269
Registered: ‎07-20-2015
Kudos: 1590
Solutions: 82

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

@ciedema
> had a 'Saved Failed' again when making a change from the Web Gui,
> The steps to get this result were:
> 1.Open the WebGui
> 2.ssh to the router
> 3.change the config with the CLI, commit and save.
> 4.Refreshing the WebGui as per the Configuration Changed Dialog.
> 5.Inspect the Changed node.
I'm still not able to reproduce 'Save failed' wven with this scenario. In my case WebGUI config is always synchronized.

  1. How often can you reproeuce this issue - permanently or randomly?
  2. Do you see same issue after clearing browser cookies?

@Sammutd88
> RaspberryPI attached to eth2 is assigned a static IP,
> Version 2.0.0 today refused to assign the RPi an IP address upon a reboot of the device
> Deleting the static IP assignment also did not help

  1. So did RPI fail to get inital IP address or it failed to renew old IP address?
  2. Do you have other LAN clients with statically mapped IP addresses? Do they experience similar issue?
  3. Do you have "use-dnsmasq" in your DHCP server config?

@Aggraxis
> The IPv6 router advertisements are dying for me too. ER-4 on Cox in NA
> Also, the ER-4 was not sending out RAs for my ULA address space either.
This shall be fixed in v2.0.1

 

@frinnst
> NAT seems broken. IPv4 does not route outside of the ER4 on some reboots
I doubt that it's NAT issue, those symptoms indicate that routing table is corrupted.
Can you please post output of following CLI commands when NAT is working fine vs when NAT does not work:

show interfaces
show ip route


> radvd seems semi-broken. it fails to announce to one of my networks on boot. If I manually restart the service after boot it announces OK again.
> Might there be a race condition during startup perhaps? Feels like some services and maybe NAT starts up before all vif-interfaces are created
This shall be fixed in v2.0.1

 

@trujulu
> I think that RTSP is broken
I think it's because RTSP is blocked by new firewall. Please use following workaround and report back if it fixed RTSP issue:

echo 'net.netfilter.nf_conntrack_helper=1' | sudo tee -a /etc/sysctl.d/30-vyatta-router.conf
reboot

@clemens
> there is a problem with OpenVPN. The push routes functionality is no longer working
> Jan 20 19:56:36 ubnt openvpn[2660]: Profile/1.2.3.4 Options error: Unrecognized option or missing or extra parameter(s) in /var/run/openvpn/ccd/vtun0/Profile:1: push (2.4.4)

  1. I'm not able to reproduce those error messages with provided OpenVPN config. Maybe there's something else missing?
  2. Please run following oneliner once, reconfigure OpenVPN server and then report back if issue is solved now:
    sed -i 's/system(\"echo push \\\"route $cn $cm\\\" >> $ccd_dir\/$client\")/my $FH; open $FH, \">>\", \"$ccd_dir\/$client\" and print $FH \"push \\\"route $cn $cm\\\"\\n\" and close $FH or system(\"false\");/g' /opt/vyatta/share/perl5/Vyatta/OpenVPN/Config.pm

@sdolenec
> I have ER-4 and using IPv4 with non advanced configuration.
> 1x Raspberry Pi 3 did not get IP address..
> 2x Samsung LAN printer ML-2580N lost connection and did not get IP address..

  1. Do you mean that RPI and printer failed to get initial IP address? Or they failed to renew oldIP address upon lease expiration?
  2. Please post your DHCP server configuration

> Also router restarted by own after internet (PPoE) stopped working ...
Why do you thibk that restart was caused by Internet outage?

 

@sgtwheats
> with the ER12 with edgeos 1.10.8 I am maxing all ports at 945Mbps
> then install 2.0 firmware all my ports drop down to 600Mbps.
I'm not able to reproduce throughput drop on ER-12.

  1. Please post your configuration
  2. Please describe how traffic flows via ER-12

@Linux
> Lost my webproxy config.
> When trying to commit initial setting (listen-address) it says squid.conf is not present,
> but when checking directory /etc/squid, squid.conf is present.
I see same error on my test machine:

df: /var/spool/squid3: can't find mount point
Couldn't open /etc/squid3/squid.conf - No such file or directory at /opt/vyatta/share/perl5/Vyatta/Webproxy.pm line 408.

This will be fixed in v2.0.1

 

New Member
Posts: 7
Registered: ‎04-08-2017
Kudos: 3

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

Inquiring minds would like to have some sort of idea when 2.0.1 will be posted? Is there a beta available now hidden on the beta forum somewhere?

Thanks in advance!