Just in case there are any out there who are on the fence about getting an edgerouter product and/or switching from a more familiar device (pfsense for me), let me try to help your thought process a bit. I recently purchased an ER4 and got a very basic config set up. Realized very quickly that having a strong pfsense background was good but the reliance on the GUI and behind the scenes configuration that occurs when you click apply/save meant that a more advanced configuration would require some blood, sweat, tears, and investment of more than an a few hours. CLI was daunting as was trying to make sense of the boot.conf file for troubleshooting. Wanted to just roll over to my trusted pfsense box many times but stuck it out. I've got a bit of an OCD like that.

Can happily report that this device is freaking amazing and I have learned so much as a result of just exploring and forcing myself to make it work. PPPoE internet connection, LAN plus 2 vlans, peer to peer ipsec which connects to a point 7000 miles away for network management and unifi video monitoring, remote access openvpn using certificate based authentication, decent number of user defined firewall rules, DNAT to keep my FireTV from calling out to Google DNS, multiple routing tables, and a policy based openvpn connection for location/identity obfuscation and Netflix. Ipsec gets great throughput as do the openvpn connections though admittedly not as fast. CPU hasn't been higher than 25% or so.

Super pleased with the performance and form factor and the cost was amazingly cheap for what this thing can do. If you have been thinking about going edgerouter, do it! UNMS complements it nicely as well. Now I gotta figure out what more to do. Ideas? 😀

Hi all

I am fairly new to Unify and wonder if you could shed some light on how firewall direction should work.

I've got a QNAP behind an Edge Lite router and have recently been getting email warnings from QNAP saying that various IPs have been banned due to multiple connection attempts. I've checked ER logs and can't get my head around why the source IP is my QNAP's IP address (.65) and the destination is the banned IP. 

I am guessing it's my setup but could someone advice what needs to be changed please?

<4>1 2018-08-06T07:02:27+01:00 Ubiquity kernel - - - kernel: [LAN_IN-default-A]IN=eth1 OUT=eth0 MAC=44:d9:e7:41:36:9a:24:5e:be:12:22:9b:08:00 src=192.168.1.65 DST=92.37.143.72 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=443 DPT=32479 WINDOW=29200 RES=0x00 ACK SYN URGP=0 <4>1 2018-08-06T07:02:27+01:00 Ubiquity kernel - - - kernel: [LAN_IN-default-A]IN=eth1 OUT=eth0 MAC=44:d9:e7:41:36:9a:24:5e:be:12:22:9b:08:00 src=192.168.1.65 DST=92.37.143.72 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=18040 DF PROTO=TCP SPT=443 DPT=32479 WINDOW=237 RES=0x00 ACK URGP=0 <4>1 2018-08-06T07:02:28+01:00 Ubiquity kernel - - - kernel: [LAN_IN-default-A]IN=eth1 OUT=eth0 MAC=44:d9:e7:41:36:9a:24:5e:be:12:22:9b:08:00 src=192.168.1.65 DST=92.37.143.72 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=443 DPT=32460 WINDOW=29200 RES=0x00 ACK SYN URGP=0 <4>1 2018-08-06T07:02:28+01:00 Ubiquity kernel - - - kernel: [LAN_IN-default-A]IN=eth1 OUT=eth0 MAC=44:d9:e7:41:36:9a:24:5e:be:12:22:9b:08:00 src=192.168.1.65 DST=92.37.143.72 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=18047 DF PROTO=TCP SPT=443 DPT=32479 WINDOW=245 RES=0x00 ACK FIN URGP=0 <4>1 2018-08-06T07:02:28+01:00 Ubiquity kernel - - - kernel: [LAN_IN-default-A]IN=eth1 OUT=eth0 MAC=44:d9:e7:41:36:9a:24:5e:be:12:22:9b:08:00 src=192.168.1.65 DST=92.37.143.72 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=58059 DF PROTO=TCP SPT=443 DPT=32460 WINDOW=237 RES=0x00 ACK URGP=0

I have followed https://help.ubnt.com/hc/en-us/articles/205202560 to add BIND to my EdgeMax. This works (I can run nslookup/dig). But when I dig an address it still uses the internal DNS server that has been configured in the System tab in the GUI

But now I want to configure DNS (to replace the internal half of a split-DNS that is running on a server). But I can't find the location of the configuration (e.g. named.conf) or the configuration files where I define the zones. I also have some questions:

1. How do I make the DNS service on the EdgeMax actually run. Using dig is not running the service?
2. How do I make sure my own DNS only listens on the inside?
3. How do I make sure my DNS survives a reboot or a software upgrade?
4. What to do with the existing DNS setup in config,boot (GUI-managed)?

    dns {
        forwarding {
            cache-size 150
            listen-on eth0
            listen-on switch0
        }

Hi All,

I seem to have a Dual WAN setup and have attempted to setup load balancing. I believe the setup is working as I can failover between line.

nmcrae@ubnt:~$ show load-balance status

Group A

  interface   : pppoe0

  carrier     : up

  status      : active

  gateway     : pppoe0

  route table : 201

  weight      : 100%

  flows

      WAN Out : 1234

      WAN In  : 12

    Local Out : 4119

  interface   : pppoe1

  carrier     : up

  status      : failover

  gateway     : pppoe1

  route table : 202

  weight      : 0%

  flows

      WAN Out : 22

      WAN In  : 1

    Local Out : 40

Group B

  interface   : pppoe0

  carrier     : up

  status      : failover

  gateway     : pppoe0

  route table : 203

  weight      : 0%

  flows

      WAN Out : 0

      WAN In  : 0

    Local Out : 0

  interface   : pppoe1

  carrier     : up

  status      : active

  gateway     : pppoe1

  route table : 204

  weight      : 100%

  flows

      WAN Out : 0

      WAN In  : 0

    Local Out : 0

I want to have 100% of all traffic (excpet VLAN60 172.16.60.0/24) to go down one route PPPoE0 and 100% of traffic for 172.16.60.0 to go down PPPoE1. If a failure occurs there is failover for each. I will plan to add some traffic onto PPPoE1 at a later stage once I have the concept.

Issue 1 - What I have tried to setup doesnt seem to work as expected. Failover is ok, but all traffic goes to one connection.

Issue 2 - The failover takes too long, I expcetd this to happen quicker, can you set the trigger to happen sooner?

Forgive me if this has already been answered elsewhere, but the threads I found regarding slow LAN throughput didn't have any solutions for me.

I'm running iPerf3 tests across two laptops with gigabit ethernet ports connected to the same router via hardwire ethernet connections. When they are both connected to a Netgear R7000, the tests come back in the mid 900 mbps. When connected to the EdgeRouter X, it spans between the low 300s to mid 400s mbps. I have turned on hardware acceleration and the router is basically in its default state, save for changing the DNS servers used (which shouldn't affect local connections) and some static IPs assigned.

To recap, when testing the connection between the laptops, they are either BOTH connected to the R7000 or BOTH connected to the ER-X or with one connected to one and the other connected to the other (so basically every permutation). It's only when the ER-X is involved that the throughput drops down to 300-400. Are there settings I need to change to get this to work?

Hi,

My router is ER-X-SFP. (Firmware v1.10.5) I started by setup it using Wizard to have Load Balance between 2 ISPs. It works great until I copy config from there to use on another location.  I have changed it to work with VLAN in this location.  Now I have 2 problems which are Load Balance Access from External WAN port and Hairpin NAT.

ISP1 - eth0 - pppoe Connection
ISP2 - eth1 - DHCP Connection from another Router in 192.168.3.0/24
 
ISP 1                  ISP 2
  |                           |
  |                    Router 192.168.3.0/24
  |                           |
  |                           |       
  ------------------------
              |
       ER-X (Main)
              |
    Managed Switch
              |
   --------------------------------------------------
     |                |                 |                   |
VLAN95   VLAN98    VLAN99      VLAN100


    Load Balance (ETH0 = pppoe, ETH1 = DHCP from another Router) and
    4 VLAN (ETH2-4) ETH 2 is connected to Managed Switch to use with other devices. ETH3-4 is using to connect to Unifi AP.
    
    VLAN 95 is use as a native LAN as a requirement in Unifi AP.
    VLAN 98 is primary internal network.
    VLAN 99 is for Guest User.
    VLAN 100 is for CCTV
    
    VLAN 95, 98 can access anything in the network including Devices in VLAN 99, 100.
    VLAN 99, 100 can only access Internet, nothing else. Both can access each other.
    
    My 2 problems are
    1. I can only access from WAN into my network through ETH1. In order to switch from ETH1 to PPPOE (ETH0), I have to add static route 0.0.0.0/0 to Interface pppoe.  (This behavior is strange consider I have ER-X in another location and I can access through both WAN ports whenever I want.)
    2. Hairpin NAT doesn't work with this network setup.

    I also noticed that the traffic for both WAN hit DNAT, Firewall.  However, ETH1 will work while another doesn't.  (or ETH0/pppoe will work if I add static route.)  it seems like it's the routing/load balance issue.

Thank you.

Hello

I had finally managed to configure my router, and it was working. I used two load-balancing groups, WAN1 and WAN2, where WAN1 was using eth0 and had eth1 as fail-over only and WAN2 had it the other way around. I don't need fail-over, I just want to redirect one computer out on the other line (so I guess I can delete the fail-over interface but there was a warning so I kept it). The computer I want to use eth1 has a static ip and that ip is in an adress group which is the source for WAN2. Firewall rules accordingly.

Anyway. I tested it and it worked as supposed. Then I went away for a week and now that Im back nothing gets directed out via eth1. I knew I did some small changes after I "solved" it so I went back to the config I had saved, where it was working, but it din't help. Also, I tried disconnecting eth0 but then I had no internet access so the fail-over doesn't work either.

Any ideas? Config as follows:

firewall {
    all-ping enable
    broadcast-ping disable
    group {
        address-group wan2 {
            address 192.168.1.40
        }
    }
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    modify WLB {
        rule 10 {
            action modify
            modify {
                lb-group WAN2
            }
            source {
                group {
                    address-group wan2
                }
            }
        }
        rule 20 {
            action modify
            modify {
                lb-group WAN1
            }
        }
    }
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        rule 10 {
            action accept
            description "Allow established/related"
            log disable
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            log disable
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            description "Allow established/related"
            log disable
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            log disable
            state {
                invalid enable
            }
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address dhcp
        description WAN1
        duplex auto
        firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
        }
        poe {
            output off
        }
        speed auto
    }
    ethernet eth1 {
        address dhcp
        description WAN2
        duplex auto
        firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
        }
        poe {
            output off
        }
        speed auto
    }
    ethernet eth2 {
        address 192.168.1.1/24
        description LAN
        duplex auto
        firewall {
            in {
                modify WLB
            }
        }
        poe {
            output off
        }
        speed auto
    }
    ethernet eth3 {
        description Local
        duplex auto
        poe {
            output off
        }
        speed auto
    }
    ethernet eth4 {
        description Local
        disable
        duplex auto
        poe {
            output off
        }
        speed auto
    }
    ethernet eth5 {
        duplex auto
        speed auto
    }
    loopback lo {
    }
    switch switch0 {
        description Local
        mtu 1500
        switch-port {
            vlan-aware disable
        }
    }
}
load-balance {
    group WAN1 {
        interface eth0 {
        }
        interface eth1 {
            failover-only
        }
        lb-local enable
        lb-local-metric-change disable
    }
    group WAN2 {
        interface eth0 {
            failover-only
        }
        interface eth1 {
        }
        lb-local enable
        lb-local-metric-change disable
    }
}
protocols {
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LAN {
            authoritative enable
            subnet 192.168.1.0/24 {
                default-router 192.168.1.1
                dns-server 192.168.1.1
                lease 86400
                start 192.168.1.38 {
                    stop 192.168.1.243
                }
                static-mapping NORRIS {
                    ip-address 192.168.1.40
                    mac-address 10:bf:48:82:a6:37
                }
                static-mapping nangijala {
                    ip-address 192.168.1.39
                    mac-address 74:d4:35:9b:24:12
                }
            }
        }
        static-arp disable
        use-dnsmasq disable
    }
    dns {
        forwarding {
            cache-size 150
            listen-on switch0
            listen-on eth2
        }
    }
    gui {
        http-port 80
        https-port 4433
        older-ciphers enable
    }
    nat {
        rule 5010 {
            description "masquerade for WAN"
            log disable
            outbound-interface eth0
            protocol all
            type masquerade
        }
        rule 5011 {
            description "masquerade for WAN2"
            log disable
            outbound-interface eth1
            protocol all
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
}
system {
    host-name ubnt
    login {
        user tengil {
            authentication {
                encrypted-password
            }
            level admin
        }
    }
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone UTC
    traffic-analysis {
        dpi enable
        export enable
    }
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.10.1.5067582.180305.1832 */

Following the advise of a forum member I moved to this forum.

Got an edgerouter X sfp about a year ago to try out and it seemed to be ok until last week when it started to act up and would not allow me to connect to it with web browser or any other means. In the end I had to default the unit which brought it back to life. I updated the firmware to the latest version and put it on the shelve as a spare. Today I needed to use this unit ,but again I cannot browse to it or ping it either. So my faith in this product is not very high. Is there any reliable router out there. My  system has only 15 clients connected so it shouldn't be a big ask.

I'd received help getting ipv6 to work with a routing on a stick configuration, but I moved from that to inter-vlan routing on the switch and lan to wan routing with the edgerouter. Clients aren't getting a ipv6 address. What am I doing wrong?

I'm connecting an ES-8-150w sfp port 9 to an ER-6P sfp port 5 with /30 ip addresses.

Hi, 

just a student, i have some devices already  in UNMS but i am unable to access the EdgepointR6 device via https.

Below is the Topology

Internet ----> Edgerouter Pro (Public IP eth0) ---> eth1 10.10.10.1 ---------------> EdgepointR6 (eth0 - 10.10.10.2)

hoping someone can help.. thanks!

Is there a way to backup and restore the OpenVPN setting on an Edgeourter X?

Or, anyone have any ideas how to easily recreate an OpenVPN config without impacting the clients and without all the manual effort on the router?

I just set up the router using the WAN+2LAN2 wizzard in order to get one port separated from the switch.    And, then I did the OpenVPN config using CLI.   

However, now that I have learned more about my first use of the router I think I want all the ports on the switch and use VLANs.  I just purchased a UniFi AP AC LR access point and want to take advantaage of the VLAN capability so I can have my wireless cameras and Amazon Echo use the AP and be separate from family laptops using the same wireless UniFi access point. 

I am not sure but that may force me to start all over on the router-not sure.   But if I do have to start all over I don't look forward to recreating the OpenVPN config again.

I’m trying to set up a guest vlan to use nameserver1 and a private vlan to use nameserver2. Do I have to use two Ethernet ports (ie eth0 and eth1) or can I use just one? I have one isp connection.

I am working to set-up port-forwarding "manually" in a EdgeRouter Pro and am having issues.

It seems that I may be having HAIRPIN NAT issues as the traffic from inside my network, using the my full public IP addressort never seems to make it to it's destination.

The WAN comes in on eth0

The LAN is on eth1

The inside destination IP is 192.168.1.15

The port is 5160

The traffic on the inside is on VLAN 10

I am attaching the Firewall configuration and aprreciate any and all assistance or recomendations.

Thank you in advance!

----------------
Configuration File
----------------
firewall {
    all-ping enable
    broadcast-ping disable
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        enable-default-log
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action accept
            description "PBXact Allow 5160"
            destination {
                group {
                }
                port 5160
            }
            log enable
            protocol udp
            state {
                established enable
                invalid disable
                new enable
                related enable
            }
        }
        rule 40 {
            action accept
            description "PBXact Allow 4569"
            destination {
                group {
                }
                port 4569
            }
            log enable
            protocol udp
            state {
                established enable
                invalid disable
                new enable
                related enable
            }
        }
        rule 60 {
            action accept
            description "PBXact Allow RTP (10000-20000)"
            destination {
                group {
                    address-group ADDRv4_eth1
                }
                port 10000-20000
            }
            log enable
            protocol tcp_udp
        }
        rule 70 {
            action accept
            description "HikVision NVR Allow 8040"
            destination {
                port 8040
            }
            log enable
            protocol tcp_udp
        }
        rule 80 {
            action accept
            description "HikVision NVR Allow 8000"
            destination {
                address 192.168.30.60
                port 8000
            }
            log enable
            protocol tcp_udp
        }
        rule 90 {
            action accept
            description "HikVision NVR Allow 10554"
            destination {
                port 10554
            }
            log enable
            protocol tcp_udp
        }
        rule 100 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}

nat {
        rule 1 {
            description "HikVision HTTP"
            destination {
                group {
                }
                port 8040
            }
            inbound-interface eth0
            inside-address {
                address 192.168.30.60
                port 8040
            }
            log disable
            protocol tcp_udp
            source {
            }
            type destination
        }
        rule 2 {
            description "HikVision SERVER"
            destination {
                group {
                }
                port 8000
            }
            inbound-interface eth0
            inside-address {
                address 192.168.30.60
                port 8000
            }
            log disable
            protocol tcp_udp
            source {
            }
            type destination
        }
        rule 3 {
            description "HikVision RTSP"
            destination {
                group {
                }
                port 10554
            }
            inbound-interface eth0
            inside-address {
                address 192.168.30.60
                port 10554
            }
            log disable
            protocol tcp_udp
            source {
            }
            type destination
        }
        rule 4 {
            description "PBXact Chan_SIP"
            destination {
                group {
                }
                port 5160
            }
            inbound-interface eth0
            inside-address {
                address 192.168.1.15
                port 5160
            }
            log disable
            protocol tcp_udp
            source {
            }
            type destination
        }
        rule 5 {
            description "PBXact HAIRPIN Chan_SIP"
            destination {
                group {
                }
                port 5160
            }
            inbound-interface eth1
            inside-address {
                address 192.168.1.15
                port 5160
            }
            log disable
            protocol tcp
            source {
            }
            type destination
        }
        rule 6 {
            description "PBXact HAIRPIN Chan_SIP-VLAN"
            destination {
                group {
                }
                port 5160
            }
            inbound-interface eth1.10
            inside-address {
                address 192.168.1.15
                port 5160
            }
            log disable
            protocol tcp
            source {
            }
            type destination
        }
        rule 7 {
            description "PBXact  IAX protocol"
            destination {
                group {
                }
                port 4569
            }
            inbound-interface eth0
            inside-address {
                address 192.168.1.15
                port 4569
            }
            log disable
            protocol tcp_udp
            source {
            }
            type destination
        }
        rule 8 {
            description "PBXact HAIRPIN IAX protocol"
            destination {
                group {
                }
                port 4569
            }
            inbound-interface eth1
            inside-address {
                address 192.168.1.15
                port 4569
            }
            log disable
            protocol tcp_udp
            source {
            }
            type destination
        }
        rule 9 {
            description "PBXact HAIRPIN IAX protocol-VLAN"
            destination {
                group {
                }
                port 4569
            }
            inbound-interface eth1.10
            inside-address {
                address 192.168.1.15
                port 4569
            }
            log disable
            protocol tcp_udp
            source {
            }
            type destination
        }
        rule 10 {
            description "PBXact Allow RTP (10000-20000)"
            destination {
                group {
                }
                port 10000-20000
            }
            inbound-interface eth0
            inside-address {
                address 192.168.1.15
                port 10000-20000
            }
            log disable
            protocol tcp_udp
            type destination
        }
        rule 11 {
            description "PBXact HAIRPIN Allow RTP (10000-20000)"
            destination {
                group {
                }
                port 10000-20000
            }
            inbound-interface eth1
            inside-address {
                address 192.168.1.15
                port 10000-20000
            }
            log disable
            protocol tcp_udp
            type destination
        }
        rule 12 {
            description "PBXact HAIRPIN Allow RTP-VLAN (10000-20000)"
            destination {
                group {
                }
                port 10000-20000
            }
            inbound-interface eth1.10
            inside-address {
                address 192.168.1.15
                port 10000-20000
            }
            log disable
            protocol tcp_udp
            type destination
        }
        rule 5010 {
            description "masquerade for WAN"
            outbound-interface eth0
            type masquerade
        }
        rule 5012 {
            description PBXact-hairpin-5160
            destination {
                address 192.168.1.15
                port 5160
            }
            log disable
            outbound-interface eth1
            protocol tcp
            source {
                address 192.168.1.0/24
            }
            type masquerade
        }
        rule 5014 {
            description PBXact-hairpin-10000-20000
            destination {
                address 192.168.1.15
                port 10000-20000
            }
            log disable
            outbound-interface eth1
            protocol tcp
            source {
                address 192.168.1.0/24
            }
            type masquerade
        }
    }

Hello guys, i am newbie in the networking. I have in plan to build network like this:

I am fine, I have this network in development, and i already tested it with one zyxel managed switch and it is working. But unfortunatelly i have just one zyxel, and i can´t test the second one (network model) switch with vlans.

Will this work please?

Will the second switch work as it is on the topology?

I found some packets with a spoofed ip. Is there any valid reason, or we got some trojan?

[WAN_OUT-50-D]IN=switch0 OUT=eth0 MAC=redacted src=104.243.243.44 DST=201.37.90.199 LEN=52 TOS=0x00 PREC=0x00 TTL=61 ID=37086 DF PROTO=TCP SPT=59849 DPT=49506 WINDOW=65535 RES=0x00 ACK SYN URGP=0
[WAN_OUT-50-D]IN=switch0 OUT=eth0 MAC=redacted src=104.243.243.44 DST=201.37.90.199 LEN=52 TOS=0x00 PREC=0x00 TTL=61 ID=326 DF PROTO=TCP SPT=59849 DPT=49506 WINDOW=65535 RES=0x00 ACK SYN URGP=0

This was the result of 

rule  action   proto     packets  bytes                                   
----  ------   -----     -------  -----                                   
50    drop     all       136      7312                                    
  condition - saddr !192.168.0.0/16  LOG enabled                                

I have just brought an EdgeRouter X, but I cannot save basics setup after saving initial configuration setting (Firmware version at v1.9.7-hotfix.3). Router software just loops. I must reset router to get into box. I cannot figure out why this is happening. Can any some help me with problem? Included pictures of what I am seeing at time of config.

Thanks.

PC systems that I tired initial config on

Desktop

1. OS: 32 bit Win7
2. Browser(s) that used

• IE 11
• Chrome
• Firefox

Laptop

1. OS: 64 bit Win7
2. Browser(s) that used

• IE 11
• Chrome
• Firefox

I've had a UAP-PRO and Linksys EA6300 combo for several years and have no issues using the UniFi controller.  I've been watching the ERLITE-3 for several years as I am tired of the normal brand routers.

Background:  I've hardwired everything in my house that has an ethernet port and ran it all to an in-wall cabinet that I also installed. Some of my devices include an Onkyo AVR (remote app for streaming, etc), Apple TV, Samsung laser printer, PS3....

I used the basic wizard to set up the ERLITE and added the second VLAN (192.168.1.1 and 192.168.2.1).  I put the UAP-PRO on one LAN and the hardwired switch on the other.  Outside of the basic wizard setup, I've only done the hardware offloading per this article :https://help.ubnt.com/hc/en-us/articles/115006567467-EdgeRouter-Hardware-Offloading

The issue I'm encountering now is that via wifi on my iPhone, I cannot connect to the Apple TV to use the remote.  Same with my Onkyo.  Basically, I can no longer wirelessly connect to my devices that are hardwired.  I switched my Apple TV to wifi and the remote app immediately started working, which led me to the conclusion that the 2 LAN's aren't communicating.

I'm sure this is something simple, but any help at all would be appreciated!!!

With the EdgeOS now on 1.10.x branch, is DPI feature still affecting overall throughput or hardware offloading?

Devices: ERL and ERPOE

Internet Connection: 1Gbps Symmetric FTTH

With EdgeOS now on 1.10.x branch, is SHA256 or SHA512 hashing still not being hardware offloaded?

Based on a dated article written on basis of 1.9.1, is it still valid/no change in EdgeOS 1.10.x?

https://help.ubnt.com/hc/en-us/articles/115006567467-EdgeRouter-Hardware-Offloading-Explained

Hello everybody,

i got a little problem on my configuration of an er-x and OpenVPN. First a network overview:

- ER-X in a WAN/LAN configuration (Firmware 1.10.5)

- ETH1 is WAN-Port with IP 141.xx.xx.180/29 (subnet 141.xx.xx.176/29)

- ETH2-4 are LAN-Ports with 192.168.2.0/24 subnet

- OpenVPN installed and working properly

Now my main problem is, that i dont want to reach IPs on the LAN-subnet via OpenVPN, but IPs on the WAN-side. There are some IPs i want access via HTTPS and RDP.

At that point i dont have a clue:

- which push-route i have to set on the vtun0 interface

- whether i have to set some source oder destination NAT rules

I'm looking forward for some help to get me get this working.

Kind regards

Chris