I've been using my ER-X for the last few months with no problems. It's a fairly simple conifguration with no offload, no QOS, and no DPI enabled. I recently upgraded to 1.8.5 and was checking my ISP speeds and it crashed the router. Hoping it was a fluke I tried it again and it crashed the router again. I used speedtest.net and speedtest.xmission.com (my ISP's speedtest site) and they both crash the router when I run the speed test. The crash seems to occur at the end of the download portion. The speedtests are being run from a NATed client on the 192.168.134.0 network to the WAN on ETH0. My WAN connection is 250mpbs up/250 mbps down and runs the ER-X CPU to 95-100 % during the speedtest. Other than crashing when running the speedtest the router performs as expected. Here's my sanitized config. Anyone see problems with it? Thanks in advance!
set firewall all-ping enable set firewall broadcast-ping disable set firewall group address-group GroupWMailServer address set firewall group address-group GroupWMailServer description 'IP of GroupW emai l server' set firewall group address-group GroupWWebServer address set firewall group address-group GroupWWebServer description 'IP of GroupW Web S erver' set firewall group network-group GroupWPrivateNetwork description 'GroupW Privat e Internal Network' set firewall group network-group GroupWPrivateNetwork network 192.168.134.0/24 set firewall group network-group GroupWPublicNetwork description 'GroupW Public Internet Facing Network' set firewall group network-group GroupWPublicNetwork network set firewall group network-group GroupWTestNetwork description 'Groupw Test Netw ork' set firewall group network-group GroupWTestNetwork network 192.168.3.0/24 set firewall ipv6-receive-redirects disable set firewall ipv6-src-route disable set firewall ip-src-route disable set firewall log-martians enable set firewall name GroupWTestNetwork_In default-action accept set firewall name GroupWTestNetwork_In description 'Limit test network access' set firewall name GroupWTestNetwork_In rule 1 action drop set firewall name GroupWTestNetwork_In rule 1 description 'Drop invalid' set firewall name GroupWTestNetwork_In rule 1 log disable set firewall name GroupWTestNetwork_In rule 1 protocol all set firewall name GroupWTestNetwork_In rule 1 state established disable set firewall name GroupWTestNetwork_In rule 1 state invalid enable set firewall name GroupWTestNetwork_In rule 1 state new disable set firewall name GroupWTestNetwork_In rule 1 state related disable set firewall name GroupWTestNetwork_In rule 2 action accept set firewall name GroupWTestNetwork_In rule 2 description 'Allow established con nections' set firewall name GroupWTestNetwork_In rule 2 log disable set firewall name GroupWTestNetwork_In rule 2 protocol all set firewall name GroupWTestNetwork_In rule 2 state established enable set firewall name GroupWTestNetwork_In rule 2 state invalid disable set firewall name GroupWTestNetwork_In rule 2 state new disable set firewall name GroupWTestNetwork_In rule 2 state related disable set firewall name GroupWTestNetwork_In rule 3 action drop set firewall name GroupWTestNetwork_In rule 3 description 'Disable access to Gro upW private network' set firewall name GroupWTestNetwork_In rule 3 destination group network-group Gr oupWPrivateNetwork set firewall name GroupWTestNetwork_In rule 3 log disable set firewall name GroupWTestNetwork_In rule 3 protocol all set firewall name GroupWTestNetwork_In rule 3 source group set firewall name GroupWTestNetwork_In rule 4 action drop set firewall name GroupWTestNetwork_In rule 4 description 'Disable access to Gro upW public network' set firewall name GroupWTestNetwork_In rule 4 destination group network-group Gr oupWPublicNetwork set firewall name GroupWTestNetwork_In rule 4 log disable set firewall name GroupWTestNetwork_In rule 4 protocol all set firewall name GroupWTestNetwork_In rule 4 source group set firewall name IsolateGuestVLAN default-action accept set firewall name IsolateGuestVLAN description 'Isolate guest users from each ot her' set firewall name IsolateGuestVLAN rule 1 action accept set firewall name IsolateGuestVLAN rule 1 description 'Allow access to HP CP2025 printer' set firewall name IsolateGuestVLAN rule 1 destination address 192.168.134.121 set firewall name IsolateGuestVLAN rule 1 log disable set firewall name IsolateGuestVLAN rule 1 protocol all set firewall name IsolateGuestVLAN rule 1 source address 192.168.99.0/24 set firewall name IsolateGuestVLAN rule 2 action drop set firewall name IsolateGuestVLAN rule 2 description 'Drop packets to GroupW pu blic network' set firewall name IsolateGuestVLAN rule 2 destination group network-group GroupW PublicNetwork set firewall name IsolateGuestVLAN rule 2 log disable set firewall name IsolateGuestVLAN rule 2 protocol all set firewall name IsolateGuestVLAN rule 3 action drop set firewall name IsolateGuestVLAN rule 3 description 'Drop packets to other gue st addresses' set firewall name IsolateGuestVLAN rule 3 destination address 192.168.0.0/16 set firewall name IsolateGuestVLAN rule 3 log disable set firewall name IsolateGuestVLAN rule 3 protocol all set firewall name WAN_IN_CVW default-action drop set firewall name WAN_IN_CVW description 'Carls rules for UTOPIA/XMission' set firewall name WAN_IN_CVW rule 1 action accept set firewall name WAN_IN_CVW rule 1 description 'Allow Established' set firewall name WAN_IN_CVW rule 1 log disable set firewall name WAN_IN_CVW rule 1 protocol all set firewall name WAN_IN_CVW rule 1 state established enable set firewall name WAN_IN_CVW rule 1 state invalid disable set firewall name WAN_IN_CVW rule 1 state new disable set firewall name WAN_IN_CVW rule 1 state related enable set firewall name WAN_IN_CVW rule 2 action accept set firewall name WAN_IN_CVW rule 2 description 'SMTP to Email Server' set firewall name WAN_IN_CVW rule 2 destination group address-group GroupWMailSe rver set firewall name WAN_IN_CVW rule 2 destination port smtp set firewall name WAN_IN_CVW rule 2 log enable set firewall name WAN_IN_CVW rule 2 protocol tcp set firewall name WAN_IN_CVW rule 3 action accept set firewall name WAN_IN_CVW rule 3 description 'HTTPS to email server' set firewall name WAN_IN_CVW rule 3 destination group address-group GroupWMailSe rver set firewall name WAN_IN_CVW rule 3 destination port https set firewall name WAN_IN_CVW rule 3 log enable set firewall name WAN_IN_CVW rule 3 protocol tcp set firewall name WAN_IN_CVW rule 4 action accept set firewall name WAN_IN_CVW rule 4 description 'Port 80 to GroupW Web Server' set firewall name WAN_IN_CVW rule 4 destination group address-group GroupWWebSer ver set firewall name WAN_IN_CVW rule 4 destination port 80 set firewall name WAN_IN_CVW rule 4 log enable set firewall name WAN_IN_CVW rule 4 protocol tcp_udp set firewall name WAN_IN_CVW rule 5 action drop set firewall name WAN_IN_CVW rule 5 description 'Drop Invalid State' set firewall name WAN_IN_CVW rule 5 log disable set firewall name WAN_IN_CVW rule 5 protocol all set firewall name WAN_IN_CVW rule 5 state established disable set firewall name WAN_IN_CVW rule 5 state invalid enable set firewall name WAN_IN_CVW rule 5 state new disable set firewall name WAN_IN_CVW rule 5 state related disable set firewall name WAN_LOCAL default-action drop set firewall name WAN_LOCAL description 'WAN to router' set firewall name WAN_LOCAL rule 1 action accept set firewall name WAN_LOCAL rule 1 description 'Allow established/related' set firewall name WAN_LOCAL rule 1 state established enable set firewall name WAN_LOCAL rule 1 state related enable set firewall name WAN_LOCAL rule 2 action accept set firewall name WAN_LOCAL rule 2 description 'Allow PPTP port 1723 for PPTP VP N' set firewall name WAN_LOCAL rule 2 destination port 1723 set firewall name WAN_LOCAL rule 2 log disable set firewall name WAN_LOCAL rule 2 protocol tcp set firewall name WAN_LOCAL rule 3 action accept set firewall name WAN_LOCAL rule 3 description 'Allow PPTP GRE for PPTP VPN' set firewall name WAN_LOCAL rule 3 log disable set firewall name WAN_LOCAL rule 3 protocol gre set firewall name WAN_LOCAL rule 4 action accept set firewall name WAN_LOCAL rule 4 description 'Allow port 500 for L2TP VPN IKE traffic' set firewall name WAN_LOCAL rule 4 destination port 500 set firewall name WAN_LOCAL rule 4 log disable set firewall name WAN_LOCAL rule 4 protocol udp set firewall name WAN_LOCAL rule 5 action accept set firewall name WAN_LOCAL rule 5 description 'Allow UDP L2TP VPN traffic on po rt 1701' set firewall name WAN_LOCAL rule 5 destination port 1701 set firewall name WAN_LOCAL rule 5 log disable set firewall name WAN_LOCAL rule 5 protocol udp set firewall name WAN_LOCAL rule 6 action accept set firewall name WAN_LOCAL rule 6 description 'Allow ESP protocol for L2TP VPN' set firewall name WAN_LOCAL rule 6 log disable set firewall name WAN_LOCAL rule 6 protocol 50 set firewall name WAN_LOCAL rule 7 action accept set firewall name WAN_LOCAL rule 7 description 'Allow UDP port 4500 for NAT on L 2TP VPN' set firewall name WAN_LOCAL rule 7 destination port 4500 set firewall name WAN_LOCAL rule 7 log disable set firewall name WAN_LOCAL rule 7 protocol udp set firewall name WAN_LOCAL rule 8 action accept set firewall name WAN_LOCAL rule 8 description 'Allow ping of firewall from WAN' set firewall name WAN_LOCAL rule 8 log disable set firewall name WAN_LOCAL rule 8 protocol icmp set firewall name WAN_LOCAL rule 9 action drop set firewall name WAN_LOCAL rule 9 description 'Drop invalid state' set firewall name WAN_LOCAL rule 9 state invalid enable set firewall name WAN_Out default-action accept set firewall name WAN_Out description 'WAN outbound firewall rules' set firewall name WAN_Out rule 1 action drop set firewall name WAN_Out rule 1 description 'Drop invalid outbound WAN Packets' set firewall name WAN_Out rule 1 log disable set firewall name WAN_Out rule 1 protocol all set firewall name WAN_Out rule 1 state established disable set firewall name WAN_Out rule 1 state invalid enable set firewall name WAN_Out rule 1 state new disable set firewall name WAN_Out rule 1 state related disable set firewall receive-redirects disable set firewall send-redirects enable set firewall source-validation disable set firewall syn-cookies enable set interfaces ethernet eth0 address dhcp set interfaces ethernet eth0 description 'Internet: UTOPIA/XMission' set interfaces ethernet eth0 duplex auto set interfaces ethernet eth0 firewall in name WAN_IN_CVW set interfaces ethernet eth0 firewall local name WAN_LOCAL set interfaces ethernet eth0 firewall out name WAN_Out set interfaces ethernet eth0 speed auto set interfaces ethernet eth1 description 'eth1 - Currently unused' set interfaces ethernet eth1 disable set interfaces ethernet eth1 duplex auto set interfaces ethernet eth1 firewall out set interfaces ethernet eth1 speed auto set interfaces ethernet eth2 address 192.168.134.1/24 set interfaces ethernet eth2 description 'GroupW Private LAN + VLAN Trunk' set interfaces ethernet eth2 duplex auto set interfaces ethernet eth2 speed auto set interfaces ethernet eth2 vif 10 address 192.168.99.1/24 set interfaces ethernet eth2 vif 10 description 'Guest Connections' set interfaces ethernet eth2 vif 10 firewall in name IsolateGuestVLAN set interfaces ethernet eth2 vif 10 firewall local name IsolateGuestVLAN set interfaces ethernet eth3 address 166.70.126.217/29 set interfaces ethernet eth3 description 'GroupW Public Lan 166.70.126.216/29' set interfaces ethernet eth3 duplex auto set interfaces ethernet eth3 speed auto set interfaces ethernet eth4 description 'Port on switch0' set interfaces ethernet eth4 duplex auto set interfaces ethernet eth4 poe output off set interfaces ethernet eth4 speed auto set interfaces loopback lo set interfaces switch switch0 address 192.168.3.1/24 set interfaces switch switch0 description 'GroupW test LAN' set interfaces switch switch0 firewall in name GroupWTestNetwork_In set interfaces switch switch0 firewall local name GroupWTestNetwork_In set interfaces switch switch0 firewall out set interfaces switch switch0 mtu 1500 set interfaces switch switch0 switch-port interface eth4 set interfaces switch switch0 switch-port vlan-aware disable set port-forward auto-firewall disable set port-forward hairpin-nat disable set port-forward wan-interface eth0 set protocols static set service dhcp-server disabled false set service dhcp-server hostfile-update disable set service dhcp-server shared-network-name GuestWirelessDHCP authoritative disa ble set service dhcp-server shared-network-name GuestWirelessDHCP subnet 192.168.99. 0/24 default-router 192.168.99.1 set service dhcp-server shared-network-name GuestWirelessDHCP subnet 192.168.99. 0/24 dns-server 8.8.8.8 set service dhcp-server shared-network-name GuestWirelessDHCP subnet 192.168.99. 0/24 dns-server 8.8.4.4 set service dhcp-server shared-network-name GuestWirelessDHCP subnet 192.168.99. 0/24 lease 86400 set service dhcp-server shared-network-name GuestWirelessDHCP subnet 192.168.99. 0/24 start 192.168.99.100 stop 192.168.99.199 set service dhcp-server shared-network-name Switch0 authoritative disable set service dhcp-server shared-network-name Switch0 subnet 192.168.3.0/24 defaul t-router 192.168.3.1 set service dhcp-server shared-network-name Switch0 subnet 192.168.3.0/24 dns-se rver 8.8.8.8 set service dhcp-server shared-network-name Switch0 subnet 192.168.3.0/24 dns-se rver 8.8.4.4 set service dhcp-server shared-network-name Switch0 subnet 192.168.3.0/24 lease 86400 set service dhcp-server shared-network-name Switch0 subnet 192.168.3.0/24 start 192.168.3.100 stop 192.168.3.199 set service dns set service gui http-port 80 set service gui https-port 443 set service gui older-ciphers enable set service nat rule 5010 description 'Masquerade for GroupW private network' set service nat rule 5010 log disable set service nat rule 5010 outbound-interface eth0 set service nat rule 5010 protocol all set service nat rule 5010 source group network-group GroupWPrivateNetwork set service nat rule 5010 type masquerade set service nat rule 5012 description 'Masquerade for switch0 - test network' set service nat rule 5012 log disable set service nat rule 5012 outbound-interface eth0 set service nat rule 5012 protocol all set service nat rule 5012 source address 192.168.3.0/24 set service nat rule 5012 type masquerade set service nat rule 5013 description 'Masquerade for VLAN 10' set service nat rule 5013 log disable set service nat rule 5013 outbound-interface eth0 set service nat rule 5013 protocol all set service nat rule 5013 source address 192.168.99.0/24 set service nat rule 5013 type masquerade set service snmp community public authorization ro set service snmp contact 'Carl Woldberg' set service snmp listen-address 192.168.134.1 port 161 set service snmp location Peachtree set service ssh port 22 set service ssh protocol-version v2 set system domain-name GroupW2000.com set system flow-accounting ingress-capture pre-dnat set system flow-accounting interface eth2 set system flow-accounting interface eth1 set system flow-accounting interface eth0 set system flow-accounting netflow engine-id 1 set system flow-accounting netflow server 192.168.134.107 port 2055 set system flow-accounting netflow version 5 set system flow-accounting syslog-facility daemon set system host-name PeachtreeRouter set system login user ubnt authentication encrypted-password set system login user ubnt level admin set system name-server 192.168.134.10 set system ntp server 0.ubnt.pool.ntp.org set system ntp server 1.ubnt.pool.ntp.org set system ntp server 2.ubnt.pool.ntp.org set system ntp server 3.ubnt.pool.ntp.org set system offload hwnat disable set system static-host-mapping set system syslog global facility all level notice set system syslog global facility protocols level debug set system time-zone America/Denver set system traffic-analysis dpi disable set system traffic-analysis export disable set traffic-control set vpn ipsec auto-firewall-nat-exclude disable set vpn ipsec ipsec-interfaces interface eth0 set vpn ipsec nat-networks allowed-network 10.0.0.0/8 set vpn ipsec nat-networks allowed-network 172.16.0.0/12 set vpn ipsec nat-networks allowed-network 192.168.0.0/16 set vpn ipsec nat-traversal enable set vpn l2tp remote-access authentication local-users set vpn l2tp remote-access authentication mode radius set vpn l2tp remote-access authentication radius-server 192.168.134.11 key set vpn l2tp remote-access client-ip-pool start 192.168.134.35 set vpn l2tp remote-access client-ip-pool stop 192.168.134.39 set vpn l2tp remote-access dns-servers server-1 192.168.134.10 set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret set vpn l2tp remote-access ipsec-settings ike-lifetime 3600 set vpn l2tp remote-access mtu 1024 set vpn l2tp remote-access outside-address set vpn l2tp remote-access outside-nexthop set vpn pptp remote-access authentication local-users username set vpn pptp remote-access authentication mode radius set vpn pptp remote-access authentication radius-server set vpn pptp remote-access client-ip-pool start 192.168.134.30 set vpn pptp remote-access client-ip-pool stop 192.168.134.34 set vpn pptp remote-access dns-servers server-1 192.168.134.10 set vpn pptp remote-access mtu 1492 set vpn pptp remote-access outside-address