EdgeMAX EdgeRouter software release v1.9.1

  • U
    Beta Testers

    New EdgeMAX software version v1.9.1 for EdgeRouter products has been released and is available here:

    More details can be found in the release notes below. I would like to thank everyone for their participation in the community, as always helping with testing, reporting issues, providing feedback, suggestions! We certainly could not have done it without you  Thank you very much!

    [Release Notes v1.9.1]


    Changes since v1.9.0

    New features

    • [FW Update] Add automated firmware update check. This is just a first step in providing automated firmware updates and current functionality only checks for update but does not download actual firmware. Complete automatic firmware update funtionality will be provided in future release.

    Enhancements and bug fixes

    • [Web UI] Fix bug when app categories were not showing up in basic queue in safari. Discussed here

    • [Web UI] Fix EdgeOS compromise due to XSS in encoder error handling

    • [Web UI] Fix IP address validation bug in "Load Balancing2" wizard

    • [Web UI] Fix broken dashboard in Firefox. Discussed here

    • [Web UI] Fix bug when "Basic Setup" wizard with dhcp & vlan generates wrong NAT config. Discussed here

    • [BGP] Fix bug when "ribd" was constantly consuming 10% CPU with full BGP routing table. Discussed here

    • [Routing] Fix random "nsm" daemon crash when multiple interfaces flap simultaneously.Discussed here

    • [Routing] Fix incomplete default gateway when pppoe link fails. Discussed here

    • [Routing] Fix bug when "ribd" was sometimes stuck consuming 100% CPU after link to default gateway failed.Discussed here

    • [Routing] Fix bug when "set ip-next-hop x.y.z.w" route-map CLI command had no effect

    • [Routing] Fix bug when "show ip route" CLI command was showing "Network not in table" error instead of default gateway

    • [Routing] Fix bug when custom routing tables sometimes were not populated after boot. Discussed here

    • [Routing] Improve memory management in routing daemons (i.e. bgpd, nsm, ribd…).

    • [RIP] Fix wrong RIP distance. Discussed here

    • [VPLS] Show VPLS instance expiration time via "show vpls xxx mac-address" CLI command

    • [VPLS] Fix kernel crash when VPLS interface loses link. Discussed here

    • [Interfaces] Add VLAN to pseudo-ethernet interface configuration

    • [Interfaces] Allow switch0 to be added to br0 on ER-X

    • [Interfaces] Add "proxy_arp_pvlan" option to VLAN interfaces

    • [Interfaces] Add ipip6 encapsulation to ipv6-tunnel interface

    • [Interfaces] Setup default multicast routes over GRE ipv6 PtP links

    • [Interfaces] The auto-negotiation of SFP port on ER-X-SFP and EP-R6 is changed to enabled by default. Discussed here

    • [CLI] Add warning message when saving config to non-default location

    • [CLI] Change commit-confirm message

    • [DHCP] Fix remote command injection through DHCP request

    • [DHCP] Fix high CPU load when diffing DHCP lease files. Discussed here

    • [DHCP] Fix garbage output when running "show dhcpv6-pd duid" CLI command on ER-X

    • [DHCP] Fix error when DHCP static lease with dot in name (i.e. "lch.cern") was not written to /etc/hosts and thus could not be resolved by dnsmasq. Discussed here

    • [Firewall] Add vtun6 interface type to mss-clamp6 firewall option

    • [Firewall] Fix bug when "show firewall statistics" CLI command ignored ipv6-tunnel interface

    • [Kernel] Add fix for CVE-2016-5696. Discussed here

    • [Kernel] Enable "netconsole" on ER-X

    • [NTP] Remove deprecated "dynamic" NTP option. Discussed here

    • [IPsec] Fix IPSec over IPv6 conditional expression bug. Discussed here

    • [L2TP] Fix bug when L2TP config was not cleared from ipsec config files after deletion

    • [IPsec] Fix bug when VPN configuration disappears after reboot if 'dhcp-interface' has no address. Discussed here

    • [UPNP] Fix UPnP2 firewall rules

    • [DNSmasq] Fix bug when dnsmasq config becomes corrupted if DHCP server exports static route. Discussed here

    • [LoadBalancing] Fix bug when L2TP interface lost connectivity in load-balancing scenario because connected routes got deleted from load balancing routing tables. Discussed here

    Updated software components

    • [Kernel] - Fix CVE-2016-5195 aka “Dirty COW”. Discussed here
    •  - Upgraded PHP to 7.0.12\. Fix: CVE-2016-7418, CVE-2016-7417, CVE-2016-7416, CVE-2016-7414, CVE-2016-7413, CVE-2016-7412, CVE-2016-7411, CVE-2016-7134, CVE-2016-7133, CVE-2016-7132, CVE-2016-7131, CVE-2016-7130, CVE-2016-7129, CVE-2016-7128, CVE-2016-7127, CVE-2016-7126, CVE-2016-7125, CVE-2016-7124

    Known issues

    • [IPSec] IPSec ofload on ER-X/ER-X-SFP/EP-R6 platforms is causing packet corruption of L2TP and IPV6 site-to-site VPN traffic. Discussed here and here. If you are using either L2TP or IPv6 site-to-site VPN then you should disable IPSEc offload:```
      set system offload ipsec disable
    • [Interfaces] The auto-negotiation of SFP port on ER-X-SFP and EP-R6 is changed to enabled by default. Discussed here. This change may affect the SFP link. If you need fixed 1000/full on eth5, please configure it via CLI: ```
      set interfaces ethernet eth5 speed 1000
      set interfaces ethernet eth5 duplex full

  • N
    Beta Testers

    Error donwload links

  • P
    Beta Testers

    Works fine for me (ER-Pro version)

  • U
    Beta Testers

    Yeah, I know.

    I will updated links as soon as I upload firmware to https://www.ubnt.com/download/edgemax

  • P
    Beta Testers

    BTW: Why authorization-keys are removed on upgrade from config?

  • U
    Beta Testers

    : are you talking about SSH authorization keys? Are you sure config was **saved **before doing upgrade?

  • P
    Beta Testers

    yes and i am sure config was saved. Tested on two ER Pros, upgrade from 1.8 to 1.9.1

  • D
    Super Users

    Only reason I've seen for that is (assuming they were in the config) you never saved the running config to the boot config.

    If they were in $HOME/.ssh/authorized_keys for the user (rather than in the config), that's more likely because $HOME gets rebuilt on firmware upgrades …

  • G
    Beta Testers

    Can we please get these firmware release announcements locked?

  • Beta Testers

    Would it be possible to revert to the former file naming scheme, at least on release versions?  Seeing e50 or e100 in a filename is far easier than trying to remember whether 0209f36fcde841418fcf1668194cf4c7 or 008e8acaaeaf4f4db47616ebc25ee474 is the right file to upload when you're in the field.

    thank you~

  • C
    Beta Testers

    Please disable comments on the blog posts - that's what the discussion forums are for.

    Many of us subscribe to updates on the blog because there is no other way to receive a notification of firmware updates and we receive emails for every comment!!

pppoe dont autenticate over vpls1 Posts 11Views 452
Log in to reply

Looks like your connection to Ubiquiti Networks Community was lost, please wait while we try to reconnect.