.. title: Tinkering with Ubiquiti EdgeRouter Lite
.. slug: tinkering-with-ubiquiti-edgerouter-lite
.. date: 2017-06-07 05:00:15 UTC
.. updated: 2017-06-07 05:00:15 UTC
.. tags: edgeos, freebsd, lede, networking, openbsd, openwrt
.. category:
.. link:
.. description:
.. type: text
I have been tinkering with my home network for a while now. Over time I have
settled on some requirements:
* Low power usage
* Almost zero noise
* Three or more gigabit (or higher) network interfaces
* Support for multiple operating systems (OS)
* Optional but highly desired: supported by FreeBSD, OpenBSD, or NetBSD
`Ubiquiti EdgeRouter Lite `_
(*ERL* for short) is a small and lightweight device that fits all these
requirements.
.. TEASER_END: Read more
Honorable Mentions
==================
Before I talk about my experience with ERL I want to mention some other devices
I have investigated or trialed in my pursuit of a "perfect" device for my
home network's gateway and firewall needs.
I have run
`TP-Link AC1200 Archer C5 v1.20 `_
flashed with `OpenWRT `_
for a good period of time. It runs admirably on a less-than-50 Mbps WAN with
multiple HD or better video streams. It has limited flash storage and not many
OSes support it. Big thumbs up to the OpenWRT and
`LEDE `_ teams for their awesome work in supporting
such a variety of devices. More recently I have delegated it to wireless
access point (WAP) services only. It has great range and covers about 1900
square feet of indoors space very well when placed strategically.
I have also run `Mikrotik RB750GL `_.
The box is tiny, light, and has five gigabit network interfaces: one
for WAN and the rest up to your imagination. It runs RouterOS, whose
configuration is initially daunting and documentation is not easily digestible.
However, if you persist with it, it becomes easy to understand and configure.
It has very powerful features which I did not have a chance to check out but
the wider community has great things to say (among some consistent complaints)
about it. Not-so-surprisingly OpenWRT also supports this model so if you like
or understand it better then that options is also available. I would recommend
the box and stock OS to anyone who wants advanced networking features.
I have been keeping an eye on `Netgate `_
for a while. They have a good variety of systems that support
`pfSense `_. However, none of them are in the
sub-$100 range like ERL, Archer C5, or RB750GL. I can't afford to spend $299+
on an Intel-based firewall at this time. They do have a new ARM-based micro
firewall, `SG-1000 `_, at $149 which
seems reasonsable. I'm hoping for some chatter from the community on how well
it performs before I invest in one. That said, I have used pfSense in
production in a high traffic high availability voice over IP (VoIP) system and
found it to be an excellent OS.
Another Intel-based firewall box that has piqued my interest is Compulab's
`fitlet-X `_. It has four
gigabit ports and comes in barebones models starting at $262. The price is sure
to increase after adding the missing RAM and storage. Once again the price
point is prohibitive in my current situation. If I ever get something like this
I'd be sure to try pfSense, `OPNsense `_,
`VyOS `_, `Untangle `_,
`Sophos UTM Essential Firewall `_,
and `BSD Router Project `_ on it. Of course,
FreeBSD, OpenBSD, and many Linux distributions are also good candidates for
this hardware.
Some more devices to keep on your radar are UniFi Security Gateway and other
EdgeRouter and Mikrotik models.
ERL
===
The thing I absolutely love about ERL is that its storage can be easily
replaced: it's a single USB drive that easily disconnects. In my tinkering I
must have already broken all kinds of warranties but it's a cheap enough device
that I don't care as long as I learn something from it.
Since I can replace storage, I can invest in more disk space. This allows me to
install a server OS (say OpenBSD) -- versus a network OS (say EdgeOS) -- to run
other applications. For example, I can run Python scripts if needed, or a tiny
web server or something. It doesn't matter right now what I actually run; what
matters more is that I have the ability to do so.
It gets warm to the touch after a while but never too hot to be of concern.
Many OSes support ERL, such as EdgeOS, LEDE/OpenWRT, FreeBSD, OpenBSD, and
NetBSD. That provides significant opportunity to tinker and find the right
solution for you.
Since it has three network interfaces it is more flexible than a device with
just two interfaces. I can bridge two interfaces for LAN (as I did in OpenBSD
below) or create two separate LAN networks (as I did in FreeBSD below).
I am also a big fan of the console port. I needed it to install OpenBSD but it
proved invaluable when I was running FreeBSD and LEDE as well. I don't think
I can go back to a device that doesn't either have console access or an HDMI
output. I need that low level access since it opens new doors, like replacing
the stock OS with another open source OS.
The opportunities provided by ERL are not available in many other competitor
products at the same price point. It's a truly remarkable product and I am
fully satisfied with it. Needless to say, I recommend it to every person who
wants to take control of their home network gateway/router.
EdgeOS
======
ERL comes with EdgeOS
(`PDF user guide `_)
installed. I have watched a few videos introducing it but have not used it
myself. After the excellent design decisions that went into making ERL I'm sure
Ubiquiti's software is also top notch. I will give it a try one of these days,
especially since it's apparently built on VyOS.
FreeBSD
=======
I started by installing
`FreeBSD on ERL `_.
It took a lot of research into how to replace EdgeOS with another OS but it
turned out to be fairly easy. Getting a FreeBSD 12.0-CURRENT image to install
was also doable thanks to
`Colin Percival `_.
After I got it running -- with more help from community documentation -- the
device worked very well. It handled my home's network load easily. Then tragedy
struck: network on ERL would hang after irregular intervals. I researched a lot
and came across a similar issue:
`(Workaround) FreeBSD 10.1, sudden network down `_.
I suspect it is a driver issue. I should help the community by filing a bug
report but I was burnt out enough with all the research that went into making
this all work that I decided to drop the idea of running FreeBSD.
LEDE (OpenWRT)
==============
Since I have some experience with OpenWRT I decided to give it a try. LEDE
project had a newer build than OpenWRT so I went with that. It installed easily
-- although I needed to use my Raspberry Pi 2 running Ubuntu MATE to create
the disk -- and ran flawlessly. Configuring it was simple as well.
It did have a quirk out of the box that eth1 was WAN and eth0 was LAN. Most
other OSes do it the other way around as that's what most people probably
expect. But it's no big deal and I didn't change the config back because it
still worked.
OpenBSD
=======
A thing that kept nagging me while LEDE was running flawlessly was that it was
a Linux distribution and not a BSD. It's a silly thing but I have consumed the
kool aid that BSDs are better engineered than Linux. I have absolutely no solid
proof for this. Neither do I have anecdotal evidence to support it since I have
had nothing but great experiences using Linux and FreeBSD.
A second thing I wanted was to learn `PF `_.
I already use PF on my FreeBSD box running on
`Digital Ocean `_. I have learned quite a bit
setting up that box but I wanted to learn more techniques. I have to admit
`Peter N. M. Hansteen `_ and
`Ted Unangst `_ have played a significant role
in making PF something I *must* learn. Their marketing message -- that OpenBSD
and PF are much better compared to other solutions -- has worked on me.
This is my first OpenBSD install and I leveraged a lot of experience I gained
by running FreeBSD and LEDE on ERL. That made it easier for me to install
`OpenBSD on ERL `_.
I must note that the apprehension I had of moving to OpenBSD because of the
reputation it carries -- serious people use it for its focus on security and
simplicity -- melted away. OpenBSD has excellent manual pages and community
documentation. Everything that I needed to do was explained in some easily
discoverable place. Moving to OpenBSD is not as hard as it initially looks.
Conclusion
==========
As I write this post OpenBSD is running and my home network is "protected" by
PF (as best as I could write its rulesets). Speed tests -- although not the
most reliable metrics -- are showing no slow downs. I have both IPv4 and IPv6
connectivity. All the features I wanted are already implemented in this setup.
I have not yet encountered mysterious network hangs either.
I am grateful for the work that went into making ERL as well as all the OSes
that support it. We all stand on the shoulders of giants and everyone involved
in making this an excellent solution deserves a huge round of applause.
Go ahead and tinker to your heart's content.