• Jul 15, 2015

    EdgeRouter Lite and VPN Connections

    When I was going through a variety of routers before I ended up with the EdgeRouter Lite, I found that my connection to my work VPN would drop several times a day which became quite annoying. The connection was a standard Cisco IPSec VPN connection using the built in Mac VPN Client. I've setup VPNs before (site to site using Cisco boxes) as well as a VPN Server (OS X), so I do have some experience with VPNs. I tried to tweak settings (OS X's VPN client is built on top of raccoon) to no avail.

    After I setup the EdgeRouter Lite, I tried to connect to my VPN and found that the VPN (except for 1 day) remained connected for the entire day! This was great news and is likely due to how the router handles NAT. For people that work from home, maintaining a connection to a VPN is absolutely vital. Some router manufacturers might not care much about this as they figure that home users don't use VPNs; this is an oversight that I'm glad the enterprise grade EdgeRouter Lite handles well.

    Yet another reason that I'm pleased with the EdgeRouter Lite.

  • Jul 9, 2015

    Review: Ubiquiti Networks EdgeRouter Lite

    Earlier this year I started to have problems with my Internet connection. As most people do, I blamed my cable company. I filed a trouble ticket and a technician came out. He checked the signals, replaced a few connectors and called it good. After he came out, I still experienced blips where I completely lost connectivity for up to 30 seconds. The tech suggested I try replacing my router. As I've never had problems with Apple routers (I have a Time Capsule), I basically said "whatever".

    While I still wanted to blame the cable company, I went ahead and order a TP-Link Archer 8 router from Costco.com to give it a whirl. The router was easy to setup and I had it running for a week. After about a week, the web UI stopped responding and required a reboot; support had no idea why and just suggested I reboot the router when it happened. I didn't like that answer as I like routers to just work, so I returned it to Costco. (Another issue I had with it is that it had an on/off switch; there doesn't need to be a power switch on a router.) Other than the web UI not responding, it seemed to work well for the week I used it.

    I decided to take a stab at another router; this one was a Netgear router that I bought at the Costco store. Configuration was easy (and it did have a power switch which I didn't like) and it ran for about a day before the 2.4 GHz network stopped responding and required a reboot. This was not good as my son was quite upset that his Squeezebox Radio wouldn't work when he got up. This router didn't get a second chance and went right back to Costco.

    My luck was kind of running out with routers. I remembered that I had backed the Securifi Almond+ on Kickstarter and I had it sitting on my shelf. I fired it up to use as a router. Setup, like the others, was easy and I was up and running. I went through a few software updates and it performed quite well for well over 2 months. I didn't, however, take the last few software updates as there were reports of problems with them. I had wanted an integrated automation hub/router, but the automation stuff isn't up to what I want, yet.

    A colleague and I had been discussing routers over this whole time and we were both convinced that the Apple AirPort Extreme/Time Capsule wasn't the fastest router. (Routers have processors in them and have to make decisions about where each packet goes; the more traffic going through the network and the more devices, the more processing power a router needs.) He had been reading about the Ubiquiti Networks EdgeRouter Lite and decided to pick one up. The router is less than $100 and is only a router and not a WiFi access point.

    I've used a Ubiquiti Networks access point in the past and the performance for price was phenomenal. When my colleague got his router and started using it, I got a text that said "Holy cow, this router is fast!". He's on a 75 Mbps/75 Mbps FIOS connection. A few days after he got the router, I decided to bite the bullet and get one.

    This router is definitely not a router for the average consumer. As I've configured Linux networking for almost 20 years, I wasn't intimidated by the box. The web UI on this is much better than any other web UI I've seen for a device like this. It has pretty graphs and the latest firmware uses deep packet inspection (DPI) to show you the bandwidth used by each device and what services the devices are using. Initial setup was a little trickier as I had to upgrade the firmware (new firmware came out the day before I received mine), add a new admin user, figure out which wizard to use, and change a few network settings. This router has 3 ports; it is NOT a switch, so the 3 ports are designed for 3 separate network interfaces. One interface is the WAN (cable modem) while the other 2 are for separate LANs. I configured 1 LAN for my home network and the other LAN for my Ooma; no real reason to separate the Ooma, but I had the port available and I can monitor bandwidth for it separately.

    While everything worked fine for my wired network, I had to reconfigure my Time Capsule to simply be a wireless access point which wasn't hard.

    Screen Shot 2015 07 09 at 4 49 46 PM

    After the setup, I was pleased as punch with the graphs and the performance was quite snappy for accessing web pages. While most people would be done and happy, I wasn't content! I wanted to get my guest WiFi network working. In a separate post, I've written about the experience.

    Now my router has been running for 1 week without any hiccups. I've done some reconfiguring, but have not had to restart the router. This is NOT common in the consumer routers I've touched, but is very much UNIX like where you can bring network interfaces down and then back up. This router has so many options that I've only scratched the surface on what it can do. It is definitely a geek's tool.

    Screen Shot 2015 07 09 at 4 51 37 PM

    Pros

    • Very fast router.
    • Excellent web user interface.
    • Extremely flexible (VLANs, VPNs, etc.)
    • Vibrant user community.
    • Well supported with firmware updates.

    Cons

    • Some pieces are not very user friendly.
    • Command line need to configure some things.
    • Not a full fledged switch, so a separate switch will be needed.
    • Not a WiFi access point, so a separate WiFi access point is needed.
    • Limited documentation.

    Summary

    This router is an excellent router for someone that has a networking background and likes to tinker. The configurations are endless and can be tuned to the needs of almost any small setup. It is NOT a consumer router. For my uses, it is excellent and appears to be quite stable. The performance is more than I can ask for on my 50 Mbps/5 Mbps connection and I wish I had more bandwidth to really put this router through its paces.

    I am looking forward to the web UI enhanced for IPv6 when that is rolled out. While the router handles IPv6 through the command line, there are only a few pieces in the web UI to support it. If Ubiquiti keeps up with the firmware, I expect to see this in the future.

    If you have a really fast connection and feel that your router isn't snappy, something like this router could be the ticket. However, don't get this expecting it to be completely plug and play. If you have never used ipfilter or similar firewall tool and don't know what to do with separate ethernet interfaces named eth0, eth1, and eth2, stay far away from this router.

  • Jul 5, 2015

    Setting up a guest network with the EdgeRouter Lite

    I recently purchased a Ubiquiti Networks EdgeRouter Lite to act as the router to my home network. As this box is only a router and not a WiFi access point, I'm using my Apple Time Capsule as an access point. By doing this and not using the Time Capsule, I lost the ability to have a separate guest network that wouldn't interact with my main network and wouldn't have access to my internal resources. After a bit of searching, I found out that the Time Capsule (and Airport Extreme)'s guest network uses a VLAN tag of 1003. A VLAN is a virtual LAN designed to separate traffic without physically separating it. I knew that the EdgeRouter Lite was extremely powerful and could do all kinds of wacky things with a VLAN; the question was just how could I do it.

    I've been dabbling with Linux networking for almost 20 years, so firewall, DNS, DHCP, etc. don't scare me. It was just a matter of putting the right pieces in the right places without having to resort to the command line.

    Here's what I did:

    1. From the Dashboard, click Add Interface and select VLAN.

      Screen Shot 2015 07 05 at 1 59 24 PM

    2. Set up the VLAN as 1003 and attach it to the physical interface of your LAN. Give it an IP address in the range of a private IP block, but make sure you end it in a /24 to specify the proper subnet (I originally did /32 as I though it was supposed to be the exact IP address).

      Screen Shot 2015 07 05 at 1 59 56 PM

    3. Click on the Services tab. Click Add DHCP Server. Set it up similar to the image below.


      Screen Shot 2015 07 05 at 2 00 48 PM

    4. Click on the DNS tab under services. Click Add Listen interface and select the VLAN interface. Make sure you hit save.

      Screen Shot 2015 07 05 at 2 01 25 PM

    At this point, you should be able to connect to your Guest Network and connect to the Internet. However, you'll be able to access the EdgeRouter as well as other devices on your LAN. Next thing you have to do is secure the VLAN.

    1. Click on Firewall/NAT and then click on Add Ruleset. This is for packets coming into the router destined for somewhere else (not the router). Set up the default policy for Accept. Click Save.

      Screen Shot 2015 07 05 at 5 00 24 PM

    2. From the Actions menu next to the Ruleset, click Interfaces.


      Screen Shot 2015 07 05 at 5 11 50 PM

    3. Select your VLAN interface and the in direction.


      Screen Shot 2015 07 05 at 5 12 44 PM

    4. Click Rules and then Add New Rule. Click on Basic and name it LAN. Select Drop as the Action.


      Screen Shot 2015 07 05 at 5 14 38 PM

    5. Click Destination and enter 10.0.1.0/24 or whatever your LAN IP range is. Then click Save. This will drop all packets from the VLAN destined for your LAN. Save.


      Screen Shot 2015 07 05 at 5 14 52 PM

    6. Repeat 1 and 2 above (name it GUEST_LOCAL). From the Interface, select the VLAN interface and the local direction. However, set up the default policy as Drop.

    7. Add a new rule. Set it to Accept on UDP port 53.


      Screen Shot 2015 07 05 at 5 18 22 PM
      Screen Shot 2015 07 05 at 5 18 28 PM

    8. Save.

    Now you can test this by connecting to the guest network and accessing the Internet. Then try connecting to a device on your LAN or connecting to the EdgeRouter Lite. Both actions should fail.

    I've tested this and it is working well on my network; if I've missed anything, please let me know!

  • Mar 24, 2015

    Fixing my faucet, a year and a half later

    When we were remodeling our house, we had to pick everything, including the kitchen sink! My wife and I went shopping for a kitchen faucet months before it was ready to be installed so that we could get it ordered and get it out of the way. We wanted a detachable sprayer and wanted it in stainless steel. We went to our local Pacific Sales and looked at all the kitchen faucets (and there were a ton). The one feature we hated on just about all of them was that the detachable spray heads were made out of plastic while the rest of the faucet was made out of stainless steel (or at least some type of metal). The plastic would chip, change color or just not hold up based on past experience. Even though many consumer faucets carry a lifetime warranty, I didn't want to deal with that (been there, done that).

    We stumbled across the Brizo Solna (made by Delta) and thought that the hidden spray head was great as the plastic for the spray head wouldn't been seen. We ordered it and then picked it up a few weeks later (or so). The plumber installed it when we were ready and that was that. A few days after it was installed (the plumber was still around doing something), I asked the plumber why the spray head wasn't flush and didn't retract well and he said it had to do with the weight on the hose and the position of the pipes. Oh well, I guessed I'd have to live with it even though it wasn't quite a clean look.

    A few months ago, I discovered that if I pushed the spray head all the way up into the faucet it would stay. It seemed a little clunky, but it was better than what we had before. This evening, I noticed that the spray head was no longer staying, so I started pushing on a tab to see what would happen and discovered that the MagneDock® magnet was stuck to the spray head when it should have been in the faucet.

    Now things were starting to make sense; the MagneDock® piece was never seated properly and I had to get it back in place. I took the neck of the faucet off and the spray head. I then started pushing the magnet back in place. I pushed it down with the handle of a pair of pliers and presto, it stuck. I tried the spray head and it clicked into place; I pulled it off and tried again. Holy cow, I had been living with this problem for 1.5 years and never even thought of investigating it.

    So after I put everything back together, I tried again and just like magic, the spray head clicked back into place. Looking at the assembly instructions, it indicated that the magnet was part of the neck, but that it wasn't a separate piece. I almost feel like an idiot that I didn't figure this out for so long, but the good news is that I figured it out and as pleased as punch that I feel like I have a new faucet!