Hello 

We are switching from Optimum to Fios 1Gbps.  My current setup is Edgerouter -> Edgeswitch -> Cloud Key -> Unifi AP's.

I have a couple of questions:

1) Can my Edgerouter support the bandwidth? From what I am reading with hardware offloading yes but does anyone have experience?

2) What do I need to do / be aware of to make the switch to keep using my router?  I am reading the best setup is to get the ONT setup next to my rack and have ethernet hand off to my edgerouter.  What would that mean for my setup?

Thanks for help

Phil

hello,

setting up a bridge, normally would use a switch0 for this but the erpro doesn't have this feature...

if im not mistaken this would only bridge the interfaces and not pass vlan tags, correct?

 set interfaces ethernet eth5 bridge-group bridge br0
 set interfaces ethernet eth6 bridge-group bridge br0

what if you do this?

 set interfaces bridge br0 vif 36 

i would REALLY like to avoid using a bridge for each vlan on these interfaces.

Hi,

I have recently bought ER-8-XG, and I must admit, I wasn't hoping that it is going to get loud.

So, I started digging how I can lower noise on 3 fans that are spinning ~ 10 000 RPM when router is not even under load.

I found solution that someone has already changed fans on his Edgerouter PRO 8.

You can find thread on this link.

So my question remains, can I change all 3 fans on my ER-8-XG fan for these lower noise fans?

I am confused because my fans are spinning ~10-11k RPM, and those up to 2-3k RPM.

Thanks in advance.

Good evening.

I recently got an ER-X for my home network.

Currently it has only 2 devices connected to it, a server and a nas. But for some reason file transfer speeds to not exceed 30MB/s.

The same server and nas are also connected to a unmanaged switch on a different subnet, and there i get full gigabit transfer speeds. (so it's not because of a possible slow nas)

The configuration of the ER-X is as following:

ubnt@ubntx:~$ show configuration
interfaces {
    ethernet eth0 {
        address 192.168.1.254/24
        description WAN0
        duplex auto
        speed auto
    }
    ethernet eth1 {
        description LAN1
        duplex auto
        speed auto
    }
    ethernet eth2 {
        description LAN2
        duplex auto
        speed auto
    }
    ethernet eth3 {
        description LAN3
        duplex auto
        speed auto
    }
    ethernet eth4 {
        description LAN4
        duplex auto
        speed auto
    }
    loopback lo {
    }
    switch switch0 {
        address 10.0.10.254/24
        mtu 1500
        switch-port {
            interface eth1 {
            }
            interface eth2 {
            }
            interface eth3 {
            }
            interface eth4 {
            }
            vlan-aware disable
        }
    }
}
protocols {
    static {
    }
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name DHCP_1 {
            authoritative disable
            subnet 10.0.10.0/24 {
                default-router 10.0.1.254
                dns-server 192.168.1.***
                dns-server 192.168.1.***
                lease 86400
                start 10.0.10.1 {
                    stop 10.0.10.253
                }
                static-mapping 01 {
                    ip-address 10.0.10.249
                    mac-address ***
                }
                static-mapping 02 {
                    ip-address 10.0.10.240
                    mac-address ***
                }
            }
        }
        static-arp disable
        use-dnsmasq disable
    }
    gui {
        http-port 80
        https-port 443
        older-ciphers enable
    }
    lldp {
        interface all {
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
    unms {
        connection wss://********
    }
}
system {
    gateway-address 192.168.1.1
    host-name ubntx
    login {
        user ubnt {
            authentication {
                encrypted-password ****************
                plaintext-password ****************
            }
            full-name ""
            level admin
        }
    }
    name-server 192.168.1.249
    name-server 192.168.1.100
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    offload {
        hwnat enable
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone UTC
}

As per other forum suggestions, hwnat offloading is already enabled:

ubnt@ubntx:~$ show ubnt offload
IPSec offload module: not loaded

HWNAT offload module: loaded

Traffic Analysis    :
  export    : disabled
  dpi       : disabled
    version       : 1.422

When i look at the statistics page in UNMS, i see traffic going over eth1 and eth2, but not over switch0. Is this normal behavior?

Oh, and the firmware is 1.10.7.

Anybody has some suggestions as what might be wrong?

We are planning to deploy a few thousand EdgeRouters, but we need to be able to limit what devices are assigned an IP Address via DHCP.

How can we configure a MAC prefix filter for the DHCP server in the EdgeRouter?

Ideally we would like to do this via the CLI.

Hi, 

I have a question that I have not been able to definitely answer about upnp2.  I have an EdgeRouter Lite running v1.10.6.  

I currently have the following upnp2 configuration:   

    upnp2 {
        acl {
            rule 10 {
                action allow
                description "Allow 1"
                external-port 0-65535
                local-port 0-65535
                subnet 192.168.1.100/32
            }
        }
        listen-on eth1
        nat-pmp enable
        secure-mode enable
        wan eth0
    }

I'm looking to allow client 192.168.1.100 to make use of upnp and this is working well.  However, I would like no other device in my /24 network to make use of upnp.  Is my current configuration appropriate?  Am I missing something?  If I hadn't added rule 10 above, is the service just running, but not allowing any clients to make use of it or is it allowing ALL clients to use it?  

Thanks in advance.  

Note:  in principle, I would like NOT to use UPnP at all, but this way FIOS remote DVR access works without trouble.  Once I can figure out a reliable way to configure the port forwards, then I'll likely move to that and disable UPnP.  

I have a dual WAN balancing setup and unique hostnames for each WAN interface. My dynamic dns service requires the update to come from the IP that is being updated. I've noticed that the updates don't always go out from the right interface and when that happens I get an error from my dns service that I don't own the IP.

I'm at a loss for how to force the update to go out from the correct interface and any ideas would be appreciated.

Does anyone have a config in which they are routing traffic over wiregaurd? I was able to get my ER-X (Remote/Mobile) to connect to my ER-4 (Main). I am able to access network resources behind the ER-4 which is part of what I want. However I want to go a step further and route specifc clients by IP entirely over wiregaurd.

Attached is the base santized config that I am working with. When I try to configure the PBR using a specifc IP, the clientt is no longer able to connect to the internet.

ER-X:

Wireguard (WG0) Interface Address: 172.16.3.5/24

ETH0: DHCP (Internet)
ETH1 (Main LAN): 192.168.30.1/24
ETH2-ETH4/SWITCH0: 192.168.40.1/24

Remote Endpoint: ERXFDQN.com:55555

ER-4:

Wireguard (WG0) Interface Address: 172.16.3.1/24

Remote Endpoint: ER4FDQN.com:55555

Here are the final commands that I arrived at that I thought would work for the routing over Wireguard portion:

set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface wg0

set firewall modify WG-VPN rule 10 description "WG-VPN"
set firewall modify WG-VPN rule 10 source address 192.168.30.38/32
set firewall modify WG-VPN rule 10 modify table 1
set firewall modify WG-VPN rule 10 action modify

set interfaces ethernet eth1 firewall in modify WG-VPN

set service nat rule 5000 description WG-VPN
set service nat rule 5000 log disable
set service nat rule 5000 outbound-interface wg0
set service nat rule 5000 source address 192.168.30.38/32
set service nat rule 5000 type masquerade

I also came cross a couple guides that suggested creating a 2nd rule to out other IPs if using the same subnet:

set protocols static table 2 interface-route 0.0.0.0/0 next-hop-interface eth0
set firewall modify WG-VPN rule 20 description "Rest of network"
set firewall modify WG-VPN rule 20 source address 192.168.30.0/24
set firewall modify WG-VPN rule 20 modify table 2
set firewall modify WG-VPN rule 10 action modify

Base config without the commands above.

firewall {
    all-ping enable
    broadcast-ping disable
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        enable-default-log
        rule 10 {
            action accept
            description "Allow established/related"
            log enable
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            log enable
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        enable-default-log
        rule 10 {
            action accept
            description "Allow established connections"
            log enable
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            log enable
            state {
                invalid enable
            }
        }
        rule 21 {
            action accept
            description VPN
            log disable
            protocol tcp_udp
            source {
                port 40924
            }
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address dhcp
        description Internet
        dhcp-options {
            default-route no-update
            default-route-distance 210
            name-server no-update
        }
        dhcpv6-pd {
            pd 0 {
                interface eth1 {
                    host-address ::1
                    prefix-id 1
                    service slaac
                }
                interface eth2 {
                    host-address ::1
                    prefix-id 2
                    service slaac
                }
                interface eth3 {
                    host-address ::1
                    prefix-id 3
                    service slaac
                }
                interface eth4 {
                    host-address ::1
                    prefix-id 4
                    service slaac
                }
                prefix-length /60
            }
            rapid-commit enable
        }
        duplex auto
        firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
        }
        speed auto
    }
    ethernet eth1 {
        address 192.168.30.1/24
        description LAN
        duplex auto
        speed auto
    }
    ethernet eth2 {
        description Local
        duplex auto
        speed auto
    }
    ethernet eth3 {
        description Local
        duplex auto
        speed auto
    }
    ethernet eth4 {
        description Local
        duplex auto
        speed auto
    }
    loopback lo {
    }
    switch switch0 {
        address 192.168.40.1/24
        description Local
        mtu 1500
        switch-port {
            interface eth2 {
            }
            interface eth3 {
            }
            interface eth4 {
            }
            vlan-aware disable
        }
    }
    wireguard wg0 {
        address 172.16.3.5/24
        description Remote
        listen-port 55555
        mtu 1420
        peer PUBLIC-KEY {
            allowed-ips 172.16.3.1/32
            allowed-ips 192.168.10.1/24
            allowed-ips 192.168.1.1/24
            description Main-ER
            endpoint FDQN.com:55555
            persistent-keepalive 25
        }
        private-key PRIVATE_KEY
        route-allowed-ips true
    }
}
port-forward {
    auto-firewall disable
    hairpin-nat enable
    lan-interface eth1
    lan-interface eth2
    lan-interface eth3
    lan-interface eth4
    lan-interface switch0
    lan-interface wg0
    wan-interface eth0
}
protocols {
    static {
    }
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LAN2 {
            authoritative enable
            subnet 192.168.40.0/24 {
                default-router 192.168.40.1
                dns-server 192.168.40.1
                lease 86400
                start 192.168.40.38 {
                    stop 192.168.40.243
                }
            }
        }
        shared-network-name MAIN {
            authoritative enable
            subnet 192.168.30.0/24 {
                default-router 192.168.30.1
                dns-server 192.168.30.1
                domain-name UNKNOWN
                lease 86400
                start 192.168.30.38 {
                    stop 192.168.30.243
                }
                unifi-controller 192.168.1.2
            }
        }
        static-arp disable
        use-dnsmasq enable
    }
    dns {
        dynamic {
            interface eth0 {
                service custom-Google_DNS_VPN {
                    host-name DDNS
                    login *******************
                    password ******************
                    protocol dyndns2
                    server domains.google.com
                }
                web dyndns
            }
        }
        forwarding {
            cache-size 400
            listen-on switch0
            listen-on eth1
            listen-on eth2
            listen-on eth3
            listen-on eth4
            listen-on wg0
            name-server 1.1.1.1
            name-server 2606:4700:4700::1001
            name-server 1.0.0.1
            name-server 2606:4700:4700::1111
            options listen-address=192.168.30.1
            options strict-order
        }
    }
    gui {
        http-port 80
        https-port 5082
        listen-address 192.168.30.1
        older-ciphers disable
    }
    nat {
        rule 5010 {
            description "masquerade for WAN"
            outbound-interface eth0
            type masquerade
        }
    }
    ssh {
        listen-address 192.168.30.1
        port 22
        protocol-version v2
    }
    ubnt-discover {
        disable
    }
    unms {
        disable
    }
    upnp2 {
        listen-on eth1
        listen-on eth2
        listen-on eth3
        listen-on eth4
        listen-on wg0
        nat-pmp enable
        port 1900
        secure-mode enable
        wan eth0
    }
}
system {
    domain-name UNKnOWN
    host-name DDNS
    login {
        user CHANGED {
            authentication {
                encrypted-password ********************************************************************.
                plaintext-password ""
            }
            level admin
        }
    }
    name-server 127.0.0.1
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    offload {
        hwnat enable
        ipsec enable
    }
    static-host-mapping {
        host-name UNKNOWN {
            alias UNKNOWN.DOMAIN
            inet 192.168.10.14
        }
        host-name UNKNOWN.DOMAIN {
            alias UNKNOWN.DOMAIN
            alias UNKNOWN.DOMAIN
            inet 192.168.10.19
        }
        host-name UNKNOWN.DOMAIN {
            alias UNKNOWN.DOMAIN
            inet 192.168.20.30
        }
        host-name UNKNOWN.DOMAIN{
            alias UNKNOWN.DOMAIN
            inet 192.168.10.11
        }
        host-name UNKNOWN.DOMAIN{
            alias UNKNOWN.DOMAIN
            inet 192.168.10.2
        }
        host-name UNKNOWN.DOMAIN {
            alias UNKNOWN.DOMAIN
            inet 192.168.10.8
        }
        host-name UNKNOWN.DOMAIN {
            alias UNKNOWN.DOMAIN
            inet 192.168.10.12
        }
        host-name UNKNOWN.DOMAIN {
            alias UNKNOWN.DOMAIN
            inet 192.168.10.1
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
        host 192.168.10.14 {
            facility all {
                level info
            }
        }
    }
    time-zone America/New_York
    traffic-analysis {
        dpi enable
        export enable
    }
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@4:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.10.7.5127989.181001.1227 */

I came across some of your threads/comments on similar issues maybe you could shed some light on what I may  be missing or doing wrong.

Thanks.

I have a pair of EdgeRouter X running firmware 1.10.7

I am trying to setup dynamic dns. I have a managed DDNS service through no-ip.com that runs on our own domain.

I have a pair of cisco routers that I am replacing, and these are able to update the managed DDNS no problem.

I have setup the DDNS though the edge gui with the noip options. Server is dynupdate.no-ip.com

Username and password are correct. If I change a character in the username or password, the DDNS service status is noconnect. 

Through SSH, running show dns dynamic status, i get:

interface : eth0
ip address : 199.x.x.249
host-name : bcpmkamloops.ddns.xxxx.ca
last update : Thu Oct 11 22:01:34 2018
update-status: good

IP is correct, host-name is correct, status is good.

But if I do an nslookup from any other system at the hostname, it shows the IP of 127.0.0.1

In the managed DDNS portal page, I see the most recent IP of 127.0.0.1

If I manually force a change to another IP through my DDNS portal, I can see it that forced change happen with nslookup.

If I manually force a change through the edgerouter GUI, or with the command "update dns dynamic interface eth0", I get a success message and the status shows good - but the IP address never updates.

There are no special characters in the password, but there is a # character in the username - this is required by the vendor.

As a test, I setup a free DDNS account through afraid, and I can update those with these routers, so the rest of my config is ok.

What other troubleshooting steps can I follow to see what is causing the DDNS update to fail?

We have a community broadband system with a single internet connection distributed via several AirMAX transparent bridges connected by edge routers (working as switches) to multiple nano beam clients - operating as routers providing private LAN addresses to users.

i.e. every nano beam is on a shared 192.168.1.X WAN network and has a 192.168.10.X LAN network.

I want to add a mobile 3/4G modem (supplying its own 192.168.0.1 network) to one of the intermediate edge router switches (on a single port) that is connecting two transparent wireless bridges. I want only one client nanobeam to use it for it's internet connection.

How do I do this? Do I just need to configure the edge router (that the mobile modem is connected to) and the client nano beam or do I have to configure the intermediate switches? Is this a classic VLAN problem? Can it be done through the GUI?

Below is my current upnp2 configuration:

    upnp2 {
        acl {
            rule 10 {
                action allow
                external-port 1024-65535
                local-port 0-65535
                subnet 192.168.2.0/24
            }
            rule 90 {
                action deny
                description "Deny everything else"
                external-port 0-65535
                local-port 0-65535
                subnet 0.0.0.0/0
            }
        }
        listen-on eth2
        listen-on eth2.20
        nat-pmp enable
        secure-mode enable
        wan eth0

I have a load balanced dual wan setup (eth0 and eth1), so I made a load balance group that will use only eth0 a "modify" rule that will route traffic from a spesific address-group through eth0 and bypass load balancing. The reason is that upnp2 only supports a single wan interface. The address group contains the IP's of game consoles, and the whole purpose of this is to make sure all the game consoles gets to open the ports they need by using upnp, or in this case upnp2.

So ideally my ACL rules for upnp2 would use the same address group instead of my lan subnet, but I have not found a way to do that. But then again I haven't found any good documentation, and the format seems to vary a lot as I've found older references to upnp2 acl's with a very different format than what's used today.

So, does anyone know if there is a way to use standard "address groups" in upnp2 access control lists?

Hi all, 

I have an ER-X, a 16 port smart switch with hardwired Ethernet to all rooms in my house and two Unifi access points. I have a setup with 4 VLANs (main, kids, guests and home automation/IoT) with time constraints for the kids’ VLAN. My current EdgeOS version is 1.10.0 and everything works great. It took me a while to get it set up exactly as I wanted it, and I haven’t tinkered with it since. I tend to forget the details after a while, so unless I have to, I don’t want to dive back in. I’m thinking; If it ain’t broke, don’t fix it.

Now, I see that new versions of EdgeOS are released regularly and from what I read on the forum, they tend to cause problems for some users and certain setups. So when should I upgrade mye ER-X’s OS? Does, for instance 1.10.0 have any know security issues which requires me to upgrade? Can I read from the version number which version address security issues?

Thanks in advance for your advice. 

I'm struggling with getting my VOIP setup to work as described in this other thread . However as I get no suggestions there and am foultering at a very basic step, I would like to solve that first. 

I'm trying to add a pseudo-ethernet interface to my WAN port (eth0) so that I can get two IP addresses by DHCP.

I add the interface, specify the MAC address and enable it. This all works well and I get the correct IP. However, without making any other change, all routing out onto the internet breaks entirely. What am I doing wrong? I would like to route all default traffick out using the eth0 and then use the peth0 for either policy-baced routing (PBR) for a distinct VLAN or a 1:1 NAT to a spedific IP address (preferable).

I have tried to add a static interface-route for eth0 (as the IP address and next-hop router change, I cannot have a static route based on IP)

However, this does not appear to work. In the IP route table it states:

*> 0.0.0.0/0 [210/0] is directly connected, eth0

instead of the "VIA" statement it should and the routing does not work at all.  Is there a way for the interface-route do snap op the current "next-hop" router?

Thank you for the help!

Hello,

I have been inspired by an appenwar blog post to create an SQM bump-in-the-wire, i.e. given an existing functional network with a discrete modem and router, insert a black box in between them that reduces the chance and effects of bufferbloat (from the upstream modem). The existing router has everything needed for that network except modern anti-bufferbloat tech. My scenario assumes an asymmetric Internet connection of 150/10 Mbps.

appenwar created his Bump with OpenWRT, using cake as the queue discipline, installed on a cheap consumer brand router device.

Is similar possible with an Edgerouter (I assume with only an HTB + fq_codel queue discipline)? Is it possible with an Edgerouter ER-X, if no other functionality is used on the ER-X?

I have used the wizard to setup failover between two internet connections on port 0 and 1. It works, but it takes around 30 seconds.

How do I bring this down?

Thanks.

As the title says, I'm looking for at way to automatically wake up the plex server on my LAN (Edgerouter PoE), when I access the plex app on a remote device.

I had this working on my previous router, running advanced tomato firmare, by using the following configuration (source: https://www.reddit.com/r/PleX/comments/3f7d0u/plex_wol_my_setup/):  

Login to the router and go to: Administration > Scripts

Add the following lines to the "Firewall" section

# Rule to log all new connections on WAN for the plex server

 iptables -I FORWARD -i vlan2 -p tcp --dport 32400 -m state --state NEW -j LOG --log-prefix "PLEX WAN connection "

Then, add the following lines to the "WAN Up" section:

#!/bin/sh

#script for sending WOL packets when traffic to plex-port on HTPC:
sh /jffs/scripts/wake_htpc.sh

By adding the lines to the "Firewall" section, all new TCP connections to dst port 32400 are now sent to /var/log/messages. They look like this:

 Jul 30 14:13:04 unknown user.warn kernel: PLEX WAN Connection IN=vlan2 OUT=br0 src=xxx.xxx.xxx.xxx DST=192.168.1.yyy LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=4796 DF PROTO=TCP SPT=51833 DPT=32400 SEQ=3659947144 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020403DA0402080A02144E340000000001030308)

(Note, you could just omit the -i in the FORWARD chain and combine them into a single rule, but I have them separate just in case I want to do something different on WAN vs LAN).

Anyway, I have one final script which is checking that /var/log/messages file every few seconds for new lines. If it finds the above line, it tries to ping the plex server. If no response, sends a wol message.

Create new file "wake_htpc.sh" in /jffs/scripts and make it executable

Edit the file with VI and copy/paste the below script into it, then save & exit

#!/bin/sh TARGET=192.168.1.223 MAC=(omitted) PORTS="(32400)" INTERVAL=2 NUMP=1 OLD_LC=`wc -l /var/log/messages | awk '{print $1}'` while sleep $INTERVAL do     # Only care about new lines since the script last ran     LC=`wc -l /var/log/messages | awk '{print $1}'`     NEWLINES=`expr $LC - $OLD_LC`     if [ "$LC" -ne "$OLD_LC" ]; then         # Could handle WAN vs LAN different if I wanted. Just do the same thing on either for now...         LINE=`tail -$NEWLINES /var/log/messages | egrep "PLEX .* DST=$TARGET .* DPT=$PORTS" | tail -1`         src=`echo $LINE | awk '{print $10}' | sed -e "s/src=//g"`         if [ "$SRC" != "" ]; then             # Found a matching line. Try to ping the server             RET=`ping -c $NUMP -W 1 $TARGET 2> /dev/null | awk '/packets received/ {print $4}'`             if [ "$RET" -ne "$NUMP" ]; then                 # Guess it's sleeping. Send WoL.                 echo "[`date -Iseconds`] $SRC causes WOL. Line was $LINE"  >> /var/log/wol                 /usr/sbin/ether-wake $MAC                 # Could sleep for 20 minutes I guess...I mean, there's no real reason to check again.                 # Whatever...10 seconds is fine.                 sleep 10             fi         fi     fi     OLD_LC=`wc -l /var/log/messages | awk '{print $1}'` done

Reboot router and test.

And that's it.

Whenever someones opens a plex app (android, windows, etc), it will turn on my server. It takes about 10-12 seconds for my media to show up from the hibernate state which isn't too bad. The script will take a maximum of 3 seconds to send the WoL and a minimum of 1 second (ping on tomato has a minimum of 1 second ping reply wait). The PLEX app might just wait a few seconds for server discovery if it doesn't get a reply right away. Haven't really tried to shorten it yet.

Any ideas as to how I might get the same functionality on the EdgeRouter?

Hi,

I have strange issue with my ER-4 Router, I'm trying to configure ip on interface which is ok and the interface is up but it's like the OS looks at the interface as down, i can even do capture traffic and i can see packet comming in but the router doesn't send any traffic to it. 

x:~$ show configuration commands | grep eth0
set interfaces ethernet eth0 address 10.200.0.2/31
set interfaces ethernet eth0 duplex auto
set interfaces ethernet eth0 ip ospf dead-interval 40
set interfaces ethernet eth0 ip ospf hello-interval 10
set interfaces ethernet eth0 ip ospf priority 1
set interfaces ethernet eth0 ip ospf retransmit-interval 5
set interfaces ethernet eth0 ip ospf transmit-delay 1
set interfaces ethernet eth0 mtu 1526
set interfaces ethernet eth0 speed auto
set protocols vpls interface eth0 instance vpls-test
x:~$ ping 10.200.0.3
PING 10.200.0.3 (10.200.0.3) 56(84) bytes of data.
^C
--- 10.200.0.3 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2008ms

x:~$ show interfaces ethernet eth0 brief
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 10.200.0.2/31 u/u
x:~$ show interfaces ethernet eth0 capture
Capturing traffic on eth0 ...
15:30:00.727126 IP 10.200.0.3 > 224.0.0.5: OSPFv2, Hello, length 44
15:30:00.818959 ARP, Request who-has 10.200.0.2 tell 10.200.0.3, length 46
15:30:01.818905 ARP, Request who-has 10.200.0.2 tell 10.200.0.3, length 46
15:30:02.819204 ARP, Request who-has 10.200.0.2 tell 10.200.0.3, length 46
15:30:03.818905 ARP, Request who-has 10.200.0.2 tell 10.200.0.3, length 46
15:30:04.818904 ARP, Request who-has 10.200.0.2 tell 10.200.0.3, length 46
^C

x:~$

also routing table seams strange "incompleate"

x:~$ show ip route
bgp connected kernel rip summary table
cache forward ospf static supernets-only
x:~$ show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
> - selected route, * - FIB route, p - stale info

IP Route Table for VRF "default"
S *> 0.0.0.0/0 [210/0] via 157.97.2.1, eth2
C *> 10.0.0.0/24 is directly connected, eth1.10
C *> 10.0.0.1/32 is directly connected, eth1.10
C *> 10.0.2.0/24 is directly connected, eth1.20
C *> 10.0.2.1/32 is directly connected, eth1.20
C *> 10.0.3.0/24 is directly connected, eth1.30
C *> 10.0.3.1/32 is directly connected, eth1.30
O *> 10.0.9.0/24 [110/11] via 10.200.0.1, eth3, 01:51:24
C *> 10.0.10.0/24 is directly connected, eth1.100
S 10.0.10.0/24 [1/0] via 10.0.0.2, eth1.10
C *> 10.0.10.1/32 is directly connected, eth1.100
R *> 10.32.14.112/29 [120/2] via 192.168.1.1, eth1.40, 01:52:21
R *> 10.34.168.196/30 [120/2] via 192.168.1.1, eth1.40, 01:52:21
C *> 10.147.250.0/29 is directly connected, eth1.55
C *> 10.200.0.0/31 is directly connected, eth3
C *> 10.200.0.2/31 is incomplete
R *> 78.40.249.54/32 [120/2] via 192.168.1.1, eth1.40, 01:52:21
R *> 78.40.249.55/32 [120/2] via 192.168.1.1, eth1.40, 01:52:21
C *> 127.0.0.0/8 is directly connected, lo
C *> 157.97.2.0/23 is directly connected, eth2
C *> 172.16.0.0/32 is directly connected, lo
O *> 172.16.0.1/32 [110/11] via 10.200.0.1, eth3, 01:51:24
R *> 191.255.255.0/30 [120/2] via 192.168.1.1, eth1.40, 01:52:21
C *> 192.168.1.0/24 is directly connected, eth1.40

Gateway of last resort is not set
x:~$

Hey guys,

I got this router with the idea it will reduce my bufferbloat but it's only able to do so for the upload side. My speeds are 70 d and 6.5 up.
When I set the download limit to 10 the bufferbloat goes aways but that obviously isn't acceptable.
My modem is a motorola surfboard sbg6580.

It appears that the Edgerouter (at least my Edgerouter X on the latest FW 1.10.7) is Debian 7. This was end of life in May 2018. Are there concerns with what this means for security as there are no upstream security fixes being provided by Debian since May? Looking for some insight here, as it seems silly for me to continue to deploy a device based on an unsupported OS, or maybe I'm just missing something.