No problem

I have mine sitting in AWS and configured email too, so I get an email if the router loses internet

cjmchch: Just wondering Michael Murphy if there is a way on the edgerouter 4 to show uptime of my internet connectivity or some other way of determining if my internet connection drops off.

I've had a couple of recent issues where one of my 24/7 computers has failed to connect to an external range of servers and times out. I'm trying to isolate whether it is an issue with regard the connection or a computer/internal network problem issue or not.

As @dfnt states UNMS will work well along with external monitoring (I use the pro plan of UptimeRobot to do this). It is quite important to run it on an external server to your network (if possible) as then it'll be able to deliver emails to you when your connection goes down. I also use SMTP2GO for email delivery from it. I had it running quite a while on a VM hosted by Scaleway (https://www.scaleway.com/) which can be somewhat slow but is cheap and works fine for my needs. It is important to get a VM with support for Docker (so rule out anything running with OpenVZ).

You basically get a page like this:

The only downside with UNMS is it is quite prone to false-positives. I've had it before when the UNMS server itself lost access to the internet and thus I got email notifications that both my sites were down. Other than that, it works well (also, is still a Beta).

Thanks Michael for this guide, got my ER-X set up for UFB.

I was surprised at how small the ER-X is and what it's able to do.

In an attempt to get one son off his xbox, (yes I know I'm the parent, but I'm sick of the "just one more kill!!!!") I added the following rules.  The rules kick in, (seems the xbox is clever enough to swap from eth to wifi when the eth rule kicks in, so low status on the eth, then the wifi kicks in and the status climb), but the Xbox game (Fortnite in this case) keeps working, and he can still talk to his mates?   When I was testing this on laptop, I set up a -t ping to www.google.co.nz, it never dropped, but browsing sure did....  

Any suggestions on why this would not be working, much appreciated.

Hi

I've printed out the first few pages of this tutorial and read through the rest. I have a new Edgerouter Lite router which I purchased to replace the HG659b which Spark gave me as part of my UFB install. The HG659b is doing a minimal job - no DHCP, no forwarding, no WLAN, no special rules - but it is going catatonic regularly because the number of devices in the mix reaches its 32 device limit.

The tutorial and discussion goes into a lot of customisation which may be of interest to me later once I have the device in and doing the simple job that the Huawei is currently doing. I don't want to have to change everything at once. I'm happy to look at refinements later.

So the requirement is that the new router sit between Spark's ONT and an ethernet switch; that it have a fixed IP address of 192.168.0.254, that the ONT connect to its eth0, that a local ethernet switch connect to eth1, and that the ER Lite act as a default gateway to the internet for everything in the local network that doesn't say otherwise.

As I understand it, I need to: take one of my laptops off the existing network, give it a static IP address like 192.168.1.2, connect it to the edgerouter lite's eth0 port with an ethernet cable, switch the ER Lite on, wait for it to boot up, open a browser on my laptop at 192.168.1.1, log in as ubnt/ubnt, update the firmware to the latest version (which I have already copied to the laptop I intend to use for this job), and restart it.

As far as I can tell at this point the next steps are to: (1) set the ER Lite to use a static IP address to 192.168.0.254, (2) do whatever configuring is required for Spark UFB before connecting the ER Lite in the place of the HG659b, (3) power it down, (4) connect it up where the HG659b is, (5) restart it, and everything should just work. At that point I'm ready to see what new things the ER Lite can bring to the network without having everything compromised while I'm doing it.

I may have missed it, but nobody in the tutorial or the discussion seems to touch on (1). Have I got this in the right sequence, and have I missed anything important?

Thanks in advance

T

@aquatarkus I don't understand why you're just using an Edgerouter Lite as a "dumb gateway" as you call it - if there is no DHCP on the HG659 and you're not using it for WiFi or anything then you shouldn't have any issues with the device limit as I believe this is a part of its DHCP server. This is incredibly overkill.

But essentially following the guide and disabling the DHCP server will get you the same result for now.

nicmair:

 

Any suggestions on why this would not be working, much appreciated.

 

Have you got DPI enabled on the EdgeRouter? Would be interesting to see whether fortnite gets classified as anything when you look under Traffic Analysis.

You can create firewall rules based on DPI e.g. here

I had a look at the Games category but it doesn't contain epicgames or fortnite in the list, but it does have xbox.

Just modify your rule and select Games as the application

New alpha release 2.0.0-beta.1 is available here:

• ER-X, ER-X-SFP and EP-R6: https://dl.ubnt.com/firmwares/edgemax/v2.0.x/ER-e50.v2.0.0-beta.1.5132607.tar
  (SHA256:8afb361e810ac6827adbe40d019e9c2025e921f3dc69c9f355726fb685301178)

• ERLite-3 and ERPoe-5: https://dl.ubnt.com/firmwares/edgemax/v2.0.x/ER-e100.v2.0.0-beta.1.5132607.tar
  (SHA256:61ccbd7ddc75c4de75de7cf330d2ca87ea0595e0178a6fd77ba9062ce42470f6)

• ER-8, ERPro-8 and EP-R8: https://dl.ubnt.com/firmwares/edgemax/v2.0.x/ER-e200.v2.0.0-beta.1.5132607.tar 
  (SHA256:ac2f6fb5636c9eebbded9ef9038f55f8cefea495e1817a5a7ac4c2c943316689) 

• ER-4, ER-6P and ER-12: https://dl.ubnt.com/firmwares/edgemax/v2.0.x/ER-e300.v2.0.0-beta.1.5132607.tar
  (SHA256:056979d2bcff8d3fa67aa7147a8bee68e6abbe0f00c93b58bd4a2b6b80f6ebb6)

• ER-8-XG: https://dl.ubnt.com/firmwares/edgemax/v2.0.x/ER-e1000.v2.0.0-beta.1.5132607.tar
  (SHA256:0cad4ad2278cbb0d145d5d5165018f8525be72519cd9db97bd0a5b33c41486ad)

Note: The ER-X/ER-X-SFP/EP-R6 has more limited storage, and in some cases, an upgrade may fail due to not enough space. If this happens, remove the old backup image first (using "delete system image" command, see here for more details) before doing an upgrade.

More details can be found in the release notes below. Please give it a try if you are interested in the new features/changes to help us test them so that we can get the release out sooner! Thanks very much!

[Release Notes v2.0.0-beta.1]

Changelog

Changes since v2.0.0-alpha.3

New features:

• [Discovery] - Add TCP and IPv6 support to UBNT-Discovery protocol
• [Bootloader] - Include latest bootloader into firmware image
• [Bootloader] - Add new bootloader CLI command "show system boot-image" and "add system boot-image"
• [IPSec] - Add new "vpn ipsec gobal-config" CLI command that allows overriding any strongswan config option. For instance following commands reconfigures bypass-lan plugin by excluding eth0 from bypass list:set vpn ipsec global-config "charon.plugins.bypass-lan.load := yes" set vpn ipsec global-config "charon.plugins.bypass-lan.interfaces_ignore := eth0"Syntax of "vpn ipsec gobal-config" should be compliant with format-options.py utility from strongswan suite as defined here

Enhancements and bug fixes:

• [Performance] - Fix regression in v2.0.0-alpha.1 that caused up to 50% throughput degradation when comparing with v1.10.x firmware (both offloaded and non-ofloaded scenarios). 
• [Offload] - Restore IPSec offloading for Cavium-based routers (ER-8, ER8-Pro, ER4, ER-6P, ER-Infinity, ER-Lite and ER-PoE) that was missing since v2.0.0-alpha.1
• [Offload] - Fix regression in v2.0.0-alpha.1 when offloaded IPV4/IPv6 flows were not flushed upon routing table changes
• [Offload] - Restore "hwnat" offloading functionality for Mediatek-based routes (ER-X/ER-X-SFP/EP-R6) that was missing since v2.0.0-alpha.1
• [Offload] - Fix regression in v2.0.0.0-alpha.1 that caused "ERROR - size of flow bucket is not cache-aligned" error message when offloading was enabled on ER-Lite/ER-PoE
• [Interface] - Fix bug that cased Ethernet interfaces to be always included to switch-ports on ER-12
• [Interfaces] - Fix bug when VLAN was broken on [eth5 ~ eth9] interfaces on ER-10X
• [CLI] - Add "show ubnt offload xxx" CLI commands that were missing since v2.0.0-alpha.1
• [CLI] - Fix bug that caused "show firewall" and lots of other CLI errors caused by missing Switch.pm package
• [OSPFv3] - Fix bug when instance-id of OSPFv3 interface was not updated. Discussed here
• [LED] - Fix bug that caused LEDs to to stay illuminated when ER was administratively shutdown
• [LED] - Fix bug that caused LEDs flickering when running "show system image" CLI command
• [DNS] - Fix bug when DNS forwarding sometimes was not working via DHCP client interfaces
• [DNS] - Fix regression in v2.0.0-alpha.2 when DNSSEC failed because of missing "/usr/share/dnsmasq-base/trust-anchors.conf"  file. Discussed here
• [WebGUI] - Fix regression in v2.0.0-alpha.3 when WebGUI dashboard was not updated on ER-PoE and ER-Lite if UNMS was enabled. Discussed here
• [OpenVPN] - Fix regression in v2.0.0-alpha.3 when some OpenVPN config options caused "Commit Failure". Discussed here
• [FlowAccounting] - Fix regression in v2.0.0-alpha.3 when flow-accounting functionality did not work on ER-X/ER-X-SFP/EP-R6. Discussed here.
• [IPSec] - Fix bug that caused IPSec to be started even if it was not configured
• [IPSec] - Removed "farp" and "dhcp" strongswan plugins that caused problems with internal DHCP server. Discussed here and here.
• [Login] - Fix regression in v2.0.0-alpha.1 that caused login prompt via Console to appear before ER was fully configured
• [PoE] - Fix regression that was not propelry fixed v2.0.0-alpha.3 and caused PoE to be enabled after doing factory reset from WebGUI. Discussed here and here
• [SSH] - Removed deprecated SSHv1 options that caused error messages in syslog. Discussed here
• [Packages] - Fix APT errors when downloading 3rd party packages. Discussed here

Known issues:

• n/a

Updated software components:

• Kernel v4.14.54 for ER-X/ER-X-SFP/EP-R6 models

Oh nice, ipsec offloading is back!

I'd hold off upgrading, it breaks ipv6 connectivity

New EdgeRouter firmware 1.10.8 has been released for beta community  [ New ]    Options 17 hours ago

New stable release v1.10.8 is available here:

• ER-X, ER-X-SFP and EP-R6: https://dl.ubnt.com/firmwares/edgemax/v1.10.x/ER-e50.v1.10.8.5142457.tar
  (SHA256:e919af2cf4761747b169902e3c2f85f0f82abb29f783edc27abdb0cd7e249608)
• ERLite-3 and ERPoe-5: https://dl.ubnt.com/firmwares/edgemax/v1.10.x/ER-e100.v1.10.8.5142440.tar
  (SHA256:30f1d7364528e4addad892b9f6652d15a400eca238f4392e56a4e446eb5fe0d5)

• ER-8, ERPro-8 and EP-R8: https://dl.ubnt.com/firmwares/edgemax/v1.10.x/ER-e200.v1.10.8.5142441.tar 
  (SHA256:39cd0e3571bd40607bfd23222bea5f6a18fa6facad034df882c483ba2ce97e50) 

• ER-4, ER-6P and ER-12: https://dl.ubnt.com/firmwares/edgemax/v1.10.x/ER-e300.v1.10.8.5142457.tar
  (SHA256:667cfc3e10d5bcc227e270dd10543773096fcd590f4e964622c4443123b17c91)

• ER-8-XG: https://dl.ubnt.com/firmwares/edgemax/v1.10.x/ER-e1000.v1.10.8.5142441.tar
  (SHA256:63a8ec67f7969f112e48323f925b0219148aa106c714c0b0288cf5109d71ad51)

Note: The ER-X/ER-X-SFP/EP-R6 has more limited storage, and in some cases, an upgrade may fail due to not enough space. If this happens, remove the old backup image first (using "delete system image" command, see here for more details) before doing an upgrade.

More details can be found in the release notes below. Please give it a try if you are interested in the new features/changes to help us test them so that we can get the release out sooner! Thanks very much!

[Release Notes v1.10.8]

Changelog

Changes since v1.10.7

New features:

• n/a

Enhancements and bug fixes:

• [System] - Add support for new fan HW introduced in new ER-8-XG hardware revision
• [LoadBalancing] - Fix bug when LoadBalancing would not recover if failed interface restores link after being down for a long time (more than an hour)
• [Bootloader] - Fix bug when bootloader partition was randomly erased during bootloader upgrade on ER-4/ER-6P/ER-12 models (very-very unlikely but still possible). Discussed here 
• [LED] - Fix wrong "locate" LED functionality on ER-12
• [LED] - Update system LED notification for ER-8-XG model (requires bootloader upgrade)
• [FAN] - Improve fan control on ER-8-XG model (requires bootloader upgrade)
• [Offloading] - Fix bug when "show ubnt offload flows" caused router to crash if offloading was disabled
• [CLI] - Fix incomplete "dhcpv6-server preference" help message
• [Routing] - Fix bug when static ECMP routes from custom routing tables would not be restored when nexthop interface flaps. Discussed here
• [DHCP] - Fix bug when DHCP client failed to restore IPv4 address after interface link flap if IPv6 address was configured on same interface
• [Netflow] - Allow setting FQDN as Netflow server. Discussed here
• [Techsupport] - Fix bug that caused "Invalid input detected" in tech-support file when running 
  "show tech-support" or "generate tech-support archive" CLI commands
• [IPSec] - add logrotation of "/var/log/charon.log" file. Discussed here

Bootloader upgrade:

• [ER-Lite/ER-PoE] - Fix incorrectly calculated size of flash storage in boot log (this is pure cosmetic fix and does not affect any functionality). 
• [ER-8-XG] - Fix incorrect LED light behavior during boot
• [ER-8-XG] - Improve FAN control logic for some earlier hardware builds during boot

Note: Latest bootloader is stored inside EdgeOS firmware since v1.10.7. You can check currently installed bootloader version with "show system boot-image" CLI command and then upgrade it with "add system boot-image" CLI command .

Known issues:

• n/a

Updated software components:

• n/a

Today we publish v1.10.8 on beta forum, and If no major issues will be discovered then v1.10.8 will be published on main forum and UNMS in the beginning of December.

Awesome guide, helped me get setup straight away!

Great tutorial, I just need to block Google DNS now so I can get a Chromecast Ultra up and running.

Can someone give an old man tips in laymans terms how to go about it or point me in the right direction ?

GeekGuy:

 

Great tutorial, I just need to block Google DNS now so I can get a Chromecast Ultra up and running.

 

Can someone give an old man tips in laymans terms how to go about it or point me in the right direction ?

 

Have a look at this ... https://community.ubnt.com/t5/EdgeRouter/Blocking-Google-s-Public-DNS-servers/td-p/1256887