I've lost count on how many times I've been asked to write a tutorial however because my current router has a rather complex configuration on it I could never get a chance to do it. Truth is, the Edgerouter has to be one of the most rock solid routers I've ever used and in the 2 years I've had it, it's never needed a complete reconfigure. Apologies for it taking a while to come up with a guide (I've had Earthquakes, flooding as well as work and family commitments to adhere to). I initially created this guide with the Edgerouter PoE however have updated it to reflect both the Edgerouter 4 and later firmware.Also I better say it, a huge thanks to Go Wireless for providing me an Edgerouter 4 to replace my ageing Edgerouter Lite! Configuration Guide Parameters:This configuration will assume you're on a UFB / Vodafone FibreX connection - for VDSL / ADSL connections it is advisable to get a Draytek DV130 to put in bridge mode. I won't be writing a guide for this as I simply don't have any way to test anymore.Getting Started:Once you get your new EdgeRouter before you plug it in use your existing internet connection and navigate to the Ubiquiti Firmware site to grab the latest version of the firmware for your router model.1) Connect your Edgerouter to your PC / Switch via "eth0" - leave your ONT out of it for now. The Edgerouter will take up-to 5mins to initially boot.2) Set an IP on your computer in the 192.168.1.0/24 range:2) Navigate to https://192.168.1.1 in your web browser (Chrome or Firefox) - since the Edgerouter uses a self-signed certificate you can ignore the certificate warning.3) Login with username + password ubnt. We'll be changing this.3) When it asks you to do the "Basic Setup" wizard we'll be clicking "No" just at the moment. It just brings you into the Wizards screen.4) If you're needing to update your firmware click "System" and scroll down to "Upload system image" - upload the file you've prepared earlier. When the router is done uploading it'll ask nicely if it can reboot to apply the firmware.Bring in the Wizard!Now you've got your Edgerouter on its latest firmware and you're back in the web interface you can now wrangle the Wizards within. Back when I first set up my Edgerouter we never had these so honestly, this generation should be grateful.1) Click on Wizards up near the top - it'll bring you to this screen:2) We'll be running the WAN+2LAN2 wizard. My configuration is for UFB / DHCP over VLAN 10 (same as Orcon and Vodafone FibreX) however I'll also show you how to do PPPoE. This wizard is really straightforward. For the Edgerouter PoE and the newer Edgerouters there are some additional options relating to ports 2,3,4 of which Edgerouter Lite users can disregard.For UFB over IPoE (including Vodafone Fibre X):Internet Connection Type: DHCPVLAN: Yes, your internet connection is on a VLAN - tick this box and your VLAN ID is 10.Enable the default firewall.Do not tick Bridging - this will severely hinder the performance of the Edgerouter.For UFB / VDSL / ADSL PPPoE:Internet Connection Type: PPPoE (enter your ISP provided account name + password. BigPipe / Skinny / Spark has to be anything but blank for both, for 2degrees this is usually your 2degrees login name you use to login via the website @snap.net.nz along with the password you also use to login)VLAN: If you're on BigPipe, bridging with a Draytek or on an ISP that doesn't offer VLAN then keep this unticked, otherwise change this to VLAN 10.Enable the default firewall.Do not tick Bridging - this will severely hinder the performance of the Edgerouter.Edgerouter PoE users:Configure your LAN Ports eth2 to eth4 - we'll be using 192.168.2.1/24 for this guide with eth1 as our primary LAN. These interfaces are switched in hardware and so you can use these for your main network.Once completed your configuration should look something like this:Hit Apply - a prompt will come up asking if you're sure.The router will ask to reboot to apply its configuration - like a good router you need to confirm 3x before it'll actually reboot.Getting Internet:Now, you'll want to connect your ONT, that Vodafone "CNT" (Cable Network Terminal - now we can see why they didn't call it that) or your Draytek to the router:eth0: ONT, CNT or Modem.eth1: Your switch.eth2-eth4: Unused (unless if you're using the Edgerouter PoE you'll want to connect your AP to this).Additional things:You'll note that doing a Speedtest you may get really really poor speeds like this:You can see this in the console if you type "show ubnt offload".The reason is the wizards don't enable offloading by default. Open up the Console (top right), log in with the same user you use for the WebUI and type these directly into the terminal:configureset system offload ipv4 vlan enableset system offload ipv4 pppoe enableset system offload ipv4 forwarding enableset system offload ipv6 forwarding enableset system offload ipv6 vlan enablecommitsaveexitFor the Edgerouter X:configureset system offload hwnat enableset system offload ipsec enablecommitsaveHere is a Speedtest taken directly after those commands (no reboot required):I've found on the Edgerouter 4 and later versions of the firmware that offloading is enabled by default however not enabled for VLAN.Port Forwarding + Hairpin NAT:Something you'll also want to do is select your WAN interface under the Port Forwarding screen for Hairpin NAT. Select this beside "WAN Interface" and add your LAN interfaces under here. From this screen, it is straight forward to enable Port Forwarding. Hit Apply once you're done.UPnP:This is useful for gaming, torrent downloads or anything else requiring port forwards. I don't recommend enabling it if you don't need it else you may become part of a massive DDOS attack.If however you want to it is best to go via the console and use the following example (where your WAN is PPPoE):configureedit service upnp2set listen-on eth1set nat-pmp enableset secure-mode enableset wan pppoe0commitsaveReplace listen-on with your LAN interface and wan with your outside interface (pppoe0, eth0).Firewall:It is always worth going into Firewall/NAT and looking at your Firewall Policies to ensure you've got the correct interfaces enabled. Check these:IPv6:Note: The below is for 2degrees (prefix-length /56). Adapt as required for your ISP but should work with Voyager also.PPPoE Configuration:Clean up your old configuration first - note, all configuration needs to be done under the "configure" command for it to work. When cleaning up rules, if you've never used IPv6 before it is quite common for this to error - don't worry about it, just move on to the next step depending on your ISP configuration:configuredelete interface eth0 pppoe 0 dhcpv6-pddelete interface eth0 pppoe 0 vif 10 dhcpv6-pddelete interface eth0 pppoe 0 ipv6delete interface eth1 ipv6commitsaveThen set dhcpv6-pd up on your WAN interface (eth0 pppoe 0)NOTE: Please pay attention to the below - don't blindly copy and paste it. If you're on a VLAN you'll need to edit the commands with "vif 10" like so: "interfaces ethernet eth0 vif 10..."set interfaces ethernet eth0 vif 10 pppoe 0 ipv6 enableedit interfaces ethernet eth0 vif 10 pppoe 0 dhcpv6-pd pd 0set prefix-length /56set interface eth1 host-address ::1set interface eth1 prefix-id :0set interface eth1 service slaactopset interfaces ethernet eth0 pppoe 0 dhcpv6-pd prefix-onlycommitsaveRegarding prefix-only - set this if you're on 2degrees and Voyager to avoid 100% CPU use and excessive logging on your Edgerouter. Untested on other ISP's.If you're wanting eth2 or any internal VLAN's set up for IPv6 then basically repeat with "eth2 prefix-id :2" and so-on. If you've got your own internal DNS you're wanting to use you'll need to run "set no-dns" above also.Set a default route:set protocols static interface-route6 ::/0 next-hop-interface pppoe0commitsaveIf you're on Voyager:Since Voyager don't support full a full 1500byte MTU on PPPoE (VDSL + UFB) it is important to enable MSS Clamping on both the IPv4 and IPv6 protocols to prevent problems. The following works well from my testing:set firewall options mss-clamp interface-type pppoeset firewall options mss-clamp mss 1452set firewall options mss-clamp6 interface-type pppoeset firewall options mss-clamp6 mss 1432commitsaveIPoE (Orcon, Trustpower & Vodafone):This is a little easier... We're assuming eth0 is your WAN interface with VLAN 10:edit interfaces ethernet eth0 vif 10 dhcpv6-pd pd 0set prefix-length /56set interface eth1 host-address ::1set interface eth1 prefix-id :0set interface eth1 service slaactopcommitsaveFirewall Rules (applies to all IPv6 configurations):For Firewalling since I don't want to make a massive post the firewall configuration I use is available on https://murfy.nz/files/er_v6.txt - Don't just copy and paste this, ensure it is going to work for you before using it. I personally use a little bit of a different configuration since I have different needs however this configuration will just enable a basic firewall that drops all incoming except related and allows ICMPv6 (ping). Despite later Edgerouter configuration getting a bit better with IPv6 it is still recommended to reboot it after making any IPv6 related changes.Ubiquiti UNMS:This allows secure remote management of your Edgerouter and EdgeOS devices and is now free (see post here). This does work very well from experience also but does require at-least 10 devices to be connected to the cloud controller. Still great for WISP's or people with a collection of routers / switches / P2P access points.Changing IP / Moving to a Static IP:This has become a little bit of a thing lately since some providers are doing CG-NAT. If your ISP changes you either to a Static IP address or from CG-NAT to Dynamic you don't normally need to do anything. If in doubt, reboot your router.-----If you've got any questions then feel free to fire away below. My record during this tutorial of the Chrome Dinosaur game is 8296.Last edited: 06/02/2020
↧