Reply
New Member
Posts: 19
Registered: ‎12-16-2017

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!


@UBNT-afomins wrote:

 

@fontaaaaaa
> On a ER-Lite3 here ... Also the PPPoE adapter disconnected.
Please clarify this

a) Do you mean that PPPoE connected, work for some time and then disconnected forever?

b) Or do you mean that PPPoE never connected?

 


The webinterface simply stated "disconnected" on a certain moment, even though internet was working just fine.
The part in yellow was orange text and was disconnected:

 

Because I didn't get an IPv6 address WAN address (Internal machines still got an IPv6 address), I rolled back to 1.10.8. 

Therefor I can't check how and what anymore.

Member
Posts: 106
Registered: ‎04-02-2015
Kudos: 22
Solutions: 1

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

[ Edited ]

Has anyone run into a SIP issue? Phones where only getting 1 way audio after upgrading to 2.0, rolled back to 1.10.8 and problem is gone.

 

Description:

Phone > Router for department network (no nat etc) > EdgerRouter > Cloud hosted PBX.

 

On 2.0 who ever you call could hear you but you can not hear the other side.

Emerging Member
Posts: 71
Registered: ‎03-26-2017
Kudos: 8
Solutions: 2

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

[ Edited ]

I have on-prem FreePBX, been working just fine, including outside trunks. I have sip conntrack disabled on ER though.

Established Member
Posts: 969
Registered: ‎02-12-2013
Kudos: 246
Solutions: 89

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

@notfixingit

Over in the 2.0.0-beta.3 thread (which as far as I know is the same version as 2.0.0 release) there is a post by @DeviceLocksmith that says:


SIP helper does not work - SDP packets still show internal IPs. On 1.x it is working as expected.
I did some research and it appears that this should now be handled through iptables, but the command below did not help

iptables -t raw -A PREROUTING -p udp --dport 5060 -j CT --helper sip

In packet capture when I make an outbound SIP call I see internal addresses in both SIP and SDP headers. In 1.x SIP ALG replaces them with external addresses.

Here is what fixed the issue. Not sure if it's the right config file, but it worked:

echo 'net.netfilter.nf_conntrack_helper=1' | sudo tee -a /etc/sysctl.d/30-vyatta-router.conf
reboot

I've also had to use "set system conntrack modules sip enable-indirect-signalling" to fix external IP over NAT that I did not have to use before, but it is working now, so it seems that this is correct setting, it just does not take effect without a reboot for some reason.
New Member
Posts: 2
Registered: ‎01-05-2019

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

Do you have hwnat offloading enabled?

I haven't upgarded to 2.0 so far, but on 1.10.8 I have SIP Problems with hwnat enabled.
UBNT-Jordan also confirmed the issue, when hwnat offloading is enabled.

-> https://community.ubnt.com/t5/EdgeRouter/Paket-loss-with-hwnat-enabled-to-Wireguard-device

Emerging Member
Posts: 88
Registered: ‎12-21-2018
Kudos: 49

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!


@notfixingit wrote:

Has anyone run into a SIP issue? Phones where only getting 1 way audio after upgrading to 2.0, rolled back to 1.10.8 and problem is gone.

 

Description:

Phone > Router for department network (no nat etc) > EdgerRouter > Cloud hosted PBX.

 

On 2.0 who ever you call could hear you but you can not hear the other side.


You could have your PBX/SBC handle NAT (which includes SIP and SDP headers), or have EdgerRouter SIP ALG take care of that. For the latter, this is what worked for me: 

  

Spoiler
 
configure
set system conntrack modules sip enable-indirect-media
set system conntrack modules sip enable-indirect-signalling
set system conntrack modules sip port 5060
commit
save
exit

echo 'net.netfilter.nf_conntrack_helper=1' | sudo tee -a /etc/sysctl.d/30-vyatta-router.conf

reboot

 

 

 


@apevnev wrote:

Update a couple of ER-4 / ER-6p

 

Generally it went pretty good, couple problems with IPv6.

 

One site lost all IPv6 connectivity to the local clients, I suspect because of radvd started after dhcp6c obtained a prefix for the local interfaces

$ ps aux | grep dhcp
root      5978  0.0  0.3   4904  3764 ?        Ss   07:58   0:00 /usr/sbin/dhcpd3 -pf /var/run/dhcpd.pid -cf /opt/vyatta/etc/dhcpd.conf -lf /var/run/dhcpd.leases
root      6447  0.0  0.0   2176   360 ?        Ss   07:58   0:00 /usr/sbin/dhcp6c -c /var/run/dhcp6c-eth0-pd.conf -p /var/run/dhcp6c-eth0-pd.pid -df eth0
root      7199  0.0  0.1   4012  1152 ?        Ss   07:59   0:00 /usr/sbin/dhcpd3 -6 -pf /var/run/dhcpdv6.pid -cf /opt/vyatta/etc/dhcpdv6.conf -lf /var/run/dhcpdv6.leases
$ ps aux | grep radv
root      6363  0.0  0.0   2600   128 ?        Ss   07:58   0:00 /usr/sbin/radvd --logmethod stderr_clean
root      6364  0.0  0.0   2600   128 ?        S    07:58   0:00 /usr/sbin/radvd --logmethod stderr_clean

You can see how radv PID is less than dhcp6c PID. UBNT needs to restart radvd in dhcp6c script after lease is obtained or if there is a change in the leased address.

 

Solution was pretty easy

sudo systemctl restart radvd

The real issue here is that DHCP6c starts as part of the vyatta-router.service in systemd, and does not have a proper systemd service. Decoupling it from vyatta-router.service and having it start as a separate service, like in Fedora could help with service startup race condition.

Emerging Member
Posts: 71
Registered: ‎03-26-2017
Kudos: 8
Solutions: 2

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

[ Edited ]

@DeviceLocksmith wrote:
The real issue here is that DHCP6c starts as part of the vyatta-router.service in systemd, and does not have a proper systemd service. Decoupling it from vyatta-router.service and having it start as a separate service, like in Fedora could help with service startup race condition.

 

I agree that this will guarantee a proper startup order, however it may not fix all cases. Typical example - power is restored to the modem and router at the same time, modem did not establish a link by the time EdgeRouter started, dhcp6c did not assign IPv6 addresses to the interfaces, radv and dhcpv6 server failed to start even though they started after dhcp6c.

 

Using renew-script fixes it reliably.

Regular Member
Posts: 579
Registered: ‎11-19-2012
Kudos: 305
Solutions: 6

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

[ Edited ]

Gents not funny. Its not 1 April yet.

 

ER Lite3.

 

Upgraded via web console.. no errors 'upgrade complete' reboot.

 

Network doesnt return. Reset Button works but doesn't bring back fact default. No 192.168.1.1. Effectively bricked.

 

I don't have a console cable with me but luckily have an image of the original version - so currently loading fresh 1.1.x os on to USB key.

 

Somebody needs to take this version back into BETA straight away. This is a complete debacle.

Emerging Member
Posts: 88
Registered: ‎12-21-2018
Kudos: 49

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

[ Edited ]

I would like to report a bug that is present in both 1.x and 2.x:

 

Upgrade script logic in /etc/ubnt/ubnt-rcS may lead to a deadlock on first boot when there are .deb packages in /config/data/firstboot/install-packages and one of the .deb package installers has interactive install mode, such as in cases where it is asking if existing config needs to be overwritten.


Example package: https://community.ubnt.com/ubnt/attachments/ubnt/EdgeMAX/235001/2/ocserv0.12.1-EdgeOS2x.zip

 

 

Spoiler
root@router:/config/data/firstboot/install-packages# dpkg -i ocserv_0.12.1-1~edgeos2xx+1_mips.deb
(Reading database ... 37106 files and directories currently installed.)
Preparing to unpack ocserv_0.12.1-1~edgeos2xx+1_mips.deb ...
Unpacking ocserv (0.12.1-1~edgeos2xx+1) over (0.12.1-1~edgeos2xx+1) ...
Setting up ocserv (0.12.1-1~edgeos2xx+1) ...

Configuration file '/config/ocserv/ocserv.conf'
 ==> File on system created by you or by a script.
 ==> File also in package provided by package maintainer.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** ocserv.conf (Y/I/N/O/D/Z) [default=N] ? ^C

When ubnt-rcS is running on first boot, the boot halts with this message, which is ubnt-rcS.service calling dpkg from ubnt-rcS:

 

 

[  *  ] A start job is running for Create vyatta file system. 

This boot halt is caused by dpkg running in background in interactive mode, waiting for user input. SSH and GUI are unavailable and I could not interrupt this from serial console. Power cycle resolves the issue.

 

 

The proposed fix is modifying the /etc/ubnt/ubnt-rcS/ubnt-rcS.sh to have dpkg run in unattended mode, as described here. It should not run interactively on upgrade, since there is no way to respond to interactive prompt.

 

Old file contents:

 

            echo 'Installing additional packages on first boot'
            dpkg -i "${pkgs[@]}"
            echo Done

Proposed file contents:

 

 

            echo 'Installing additional packages on first boot'
            dpkg --force-confold -i "${pkgs[@]}" < /dev/null
            echo Done

 

 

New Member
Posts: 2
Registered: ‎01-10-2019

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

ER4 updated 1.10.8 to 2.0.0 and it works. Looks like it handle just fine my 1gbit wan

New Member
Posts: 36
Registered: ‎10-19-2014
Kudos: 15
Solutions: 1

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

net.netfilter.nf_conntrack_helper

 

Newer kernel versions disable this by default, they likely didn't explicitly enable it.  Not sure who to ping to notify and get it fixed.

Emerging Member
Posts: 88
Registered: ‎12-21-2018
Kudos: 49

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

Right, it is now supposed to be setup through iptables CT target now, but vyatta frontend is not designed for that, so enabling the oldschool helper is an easier approach.
Member
Posts: 109
Registered: ‎08-09-2013
Kudos: 60
Solutions: 2

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

[ Edited ]

@doc_karl Hears like the same problems as I had. Have you tried multiple reboots? (I did mine by unplugging the router from power).

For me I went thrugh theese steps

1. reboot: boot did not go well

2. reboot: boot went through, but took about 10 mins. Could not login at all, but the router had its interfaces and IPs working

3. reboot: everything worked as it should, faster boot than 2, but still toook some time

 

But I totally agree, this release seams a bit flimsy, and really should have gone through some more testing before released.

Regular Member
Posts: 579
Registered: ‎11-19-2012
Kudos: 305
Solutions: 6

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

[ Edited ]

Thanks @faye for your thoughts -

 

I had read through all the comments on this post and figured I might put off the upgrade till the next version came out, but then I saw @ClaudeSS's comment early on:-

 

Ok, so what I do is upgrade using the GUI, when and if it says "upgrade failed", 
I just reboot and its on the new load when it comes back up.

 

So I thought - I'll give that a try with my local router first - after all "not much to lose - it's local" - and then if that goes smoothly I'll test for a week or so and roll out to the other more hard to get to routers (in my case - 3000 miles away.. lol ) . So I upgraded via the gui - no errors - 'reboot to apply' - yeah! applied... router never came back up... or it did (the right ethernet lights were on) but inaccessible via SSH, GUI, SSH Recovery... nada. Put the walking shoes on and headed down the mountain to the office.. 

 

Once I got there what I found was that no amount of reboots could fix it (even hard power on/off). I did wait around 20 mins the first 2 times in the hope that it would come back up, but no dice. So I ended up doing the following:-

 

  • Tried using reset button without power off - strange new progression of lights on the ERL-3 - like traffic lights - side to side...
  • Tried logging in to 192.168.1.1 - not successful.
  • Tried resetting by holding in reset button and turning on power until last light blinked.
  • Tried logging in to 192.168.1.1 - not successful.
  • Remove the USB key from inside the ERL.
  • Burn a copy of that key that I had taken previously (when I first bought the router - blank slate) back on to the key.
  • Go through firmware upgrades from version on the key (1.2)->1.10.3->1.10.8->2.0 and upgrade bootloader. Each progressive upgrade ran fine after reboot.
  • When I got to V2.0, I loaded my backed up working config.
  • Config worked - openvpn tunnels and ppoe back up and running on v2. Walked back up the hill to the house.
  • This got it all running again until my first Sudo Reboot - strange errors at the reboot prompt, router did not come back.
  • Walked back down the hill. Started back at step 1. Reburnt USB key, upgrades, bootloader, load config... but this time left firmware at 1.10.8.
  • It's now back working as it was before the attempted upgrade.. have tried a number of reboots, she's stable.

All up 3 or 4 hours - I'm tempted to try a third time (3rd time lucky?) but I'll be waiting for the next version methinks.

 

.

Regular Member
Posts: 579
Registered: ‎11-19-2012
Kudos: 305
Solutions: 6

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

[ Edited ]

In my opinion, @BuckeyeNet is right on the money... extract below. Sure there's gonna be a bunch of people that have no problems at all but there's enough that do to clearly demonstrate there are some integration bugs to iron out... so go forth with great caution.

 

__________

 

But I definitely wouldn't recommend this update to people that

 

  1. Don't have a backup of their config
  2. Don't have a spare of the same type with the existing config loaded
  3. Are not physically present at the location of the device to be upgraded
  4. Don't have a console connected to the device when the router is updated.

It seems at this time, the ability to connect to a serial console is almost a requirement. (with either a "rollover" console cable for routers with externally accessible console ports, or a ubs to ttl (3.3v) adapter for routers (like ERX) with console header pins)

New Member
Posts: 2
Registered: ‎09-03-2018

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

Your patience is commandable, Sir.
I think I will do the same (er-lite 3 on dual wan).
Emerging Member
Posts: 55
Registered: ‎11-17-2017
Kudos: 4

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

We were very unsuccessful in the main office. 2.0.0 came back up but we had no routing going to the internet at all. We were still able to access local resources but could not get any internet. Since we used UNMS to do the upgrade the old 10.8 firmware remained on the device so I was able to SSH into it and roll it back to 10.8. At the satellite offices the upgrade was very successful. As far as we can tell there haven't been any issues (yet). It's only been 2 days tho.

 

All satellite offices and the main office use the exact same router model so this isn't a model specific issue. Seems related to configuration. We have a ton of NAT dest and NAT source configurations at the main office, some QoS on the SIP lines and some custom logging settings. At the satellite offices they are strictly basic setup only with the only firewall change for SSH open to main office IP only. but it seems config related. As a test I took a spare ER and re-created the main office network in the lab. Had the same result but if I used the satellite office config, it worked on the same unit. So this has to be config-specific failures. Just don't know what it may be in the config that triggers issues.

New Member
Posts: 23
Registered: ‎05-28-2018

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

[ Edited ]

My current version is running perfectly fine for past

 

 stats.JPG

 

Not going to test unless its good. May be jump to 2.01 if it is stable and can do hw offload even with 1 connection.

New Member
Posts: 7
Registered: ‎07-01-2015
Kudos: 1
Solutions: 1

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

Upgraded 2 ER3-Lite and 1 ER8-Pro with zero issues.  All functions work as exected including ipv6, dhcpv6-pd, and the vti over ipsec tunnels that connect networks at 3 different locations.  

Ubiquiti Employee
Posts: 1,228
Registered: ‎07-20-2015
Kudos: 1444
Solutions: 81

Re: EdgeMAX EdgeRouter software version v2.0.0 has been released!

@@DeviceLocksmit
> set task-scheduler task eap-tls executable path /config/scripts/restart-eap-tls
> it was present before upgrade to 2.0 and is no longer in config after upgrade.
Can you please check if "restart-eap-tls" script is present after upgrade and if it has executale permission:

ls -la /config/scripts/restart-eap-tls

 

 

@DeviceLocksmith
> It appears that current kernel in 2.0 in at least Cavium builds is vulnerable to DoS FragmentSmack vulnerability.
> There is a kernel test that tests for both the CVE-2018-5390 vulnerability and a bug in original vulnerability fix.
> I've compiled the test for Cavium and it currently fails
That's strange because this is supposed to be fixed since v2.0.0-beta.1:

1) We fixed CVE-2018-5390 by merging this commit

2) We mitigated CVE-2018-5391 by lowering frag_high_thresh/frag_low_thresh as described here

We shall take a look that test and will investigate why test fails with v2.0.0

 

@Harman20
> My password is now invalid after the update. To be fair, it was a several hundred character password with high ANSI characters.
> It's the WebGUI login password. The password for my admin account gave me invalid login errors after I ran the update. I have since downgraded to the previous version.

I'm still not able to reproduce this issue - 400 char long password works fine when login via SSH, console and WebGUI

  1. How did you revert to old version? Can you login via SSH?
  2. Try clearing cookies and then login via WebGUI again. Did it help?


@krl
> My ER-X in switch mode with Vlans was no longer accessible via GUI or SSH after the update to Edge OS 2.0.
> interfaces swtich switch0 switch-port interface eth3 vlan pvid 10

Forum user @ClaudeSS made a correct statemetn about this issue in this post:

 

And anyone else trying to set it up as a switch with vlans. After adding the vlan and IP 
to the switch. You currently have to reboot the router before the vlan is actually added.
This is a work around until this is fixed in a future release. After rebooting it will work fine.
If you loose access just power cycle and everything will work.

 

 

 

@tomharristech
> I'm using an ER4 and my GUI isn't working after the upgrade
> Here are the contents of my lighttpd.conf file
That's weird, I have exactly the same lighttpd.conf and it works fine.
Please provide output of following shell commands:

 

journalctl -u lighttpd.service
sudo cat /var/log/lighttpd/error.log

@mbrack
> Since beta3, and also with this release, I suddenly suffer from this kernelmessage when my manually binded, route-based, VTI-tunnel is brought down:
> kernel:unregister_netdevice: waiting for vti0 to become free. Usage count = xxx
I also see same error messages on ER-X/ER-X-SFP when dynamic interface (pppoe, vtun, vti) disappears. I saw this happening only if hwnat is enabled.

  1. What is your ER model?
  2. If offloading enabled?

@gharris999
> Updated my ER-X to 2.0.0 via ssh. Then, before rebooting, disabled hwnat and saved the config.
Order of those steps suggests that hwnat was enabled after reboot, because new firmware version inherits config that was active when you ran upgrade. Can you please test v2.0.0 again and this time disable hwnat before doing upgrade.

 

@ogo
> same annoying snmpd error: error on subcontainer 'ia_addr' insert (-1)
> Jan 10 09:13:58 gw snmpd[4620]: /etc/snmp/snmpd.conf: line 22: Error: unknown notification OID
> Jan 10 09:13:58 gw snmpd[4620]: notificationEvent OID: linkDown
> Jan 10 09:13:58 gw snmpd[4620]: /etc/snmp/snmpd.conf: line 23: Error: unknown notification OID
> Jan 10 09:13:58 gw snmpd[4620]: /etc/snmp/snmpd.conf: line 24: Warning: Unknown token: monitor.
> Jan 10 09:13:58 gw snmpd[4620]: /etc/snmp/snmpd.conf: line 25: Warning: Unknown token: monitor.
Those are knonw erros caused by regression in SNMP. We are going to fix them inupcoming hotfix releases

 

@faye
> Upgraded one of my two ERLs yesterday. Did not come up after reboot.
> saw some corrupt sectors warning(USB storage has been changed once before on this deveice)
> After a second reboot, everything worked fine.
I would suggest that USB storage is failing again.

 

@notfixingit
> Has anyone run into a SIP issue? Phones where only getting 1 way audio after upgrading to 2.0, rolled back to 1.10.8 and problem is gone.
This might be caused new netfilter that does not detect related flows unless "nf_conntrack_helper" is enabled.
Try runnig following command from shell:

sudo sh -c "echo 1 > /proc/sys/net/netfilter/nf_conntrack_helper"

Did it help?


@doc_kar
> Network doesnt return. Reset Button works but doesn't bring back fact default. No 192.168.1.1. Effectively bricked.

  1. Does interface LED light blink when you plug in cable?
  2. Try login with ssh-recovery -> https://help.ubnt.com/hc/en-us/articles/360002231073-EdgeRouter-How-to-Use-SSH-Recovery-

@DeviceLocksmith
> Upgrade script logic in /etc/ubnt/ubnt-rcS may lead to a deadlock on first boot when there are .deb packages in /config/data/firstboot/install-packages and one of the .deb package installers has interactive install mode,
> It should not run interactively on upgrade, since there is no way to respond to interactive prompt.
I created a bug ticket to track this issue. Thank you.

 

@prometheanfire
> net.netfilter.nf_conntrack_helper
> Newer kernel versions disable this by default, they likely didn't explicitly enable it. Not sure who to ping to notify and get it fixed.
This is known issue, we shall make it enabled by default in v2.0.1

 

@doc_karl
> When I got to V2.0, I loaded my backed up working config.
> This got it all running again until my first Sudo Reboot - strange errors at the reboot prompt, router did not come back.

  1. Can you please post those strange errors?
  2. Please post your configuration and I will try to reproduce it on my lab router

@pfrabott
> 2.0.0 came back up but we had no routing going to the internet at all.
Please post sanitized configuration and I will try to reproduce this issue on mhy lab router

Reply