EdgeRouter Pro

I’ve been toying with the idea of de-Unifiing our network for a while, but there’s really precious little that’s a drop-in replacement for it that doesn’t have some extreme drawbacks. But after much research, I came up with a handy stopgap solution: with the exception of switches (not sure why), I can run third-party firmware on my Unifi hardware to get off the ecosystem.

I started looking around at what my options were, and found a few articles of folks running BSD (Open and Free, though Open seems to work better) on the USG3 gateway. But doing this means taking everyone offline during the process, and if I brick it then we’re offline permanently until a replacement comes. I figured a quick check to see if I could find a bricked USG3 for cheap, and had no luck… most of them functioned, and thus seemed to go for about $150AUD. But there was a USG-Pro for about that price bidding, so if I was going to buy a backup then flog my old one later, why not upgrade?

Why not indeed, so I watched the auction to see where it went, and it quickly went well out of my price range. Indeed, it finished up at practically brand-new price and I have no idea why.

I did however manage to find something similar: the EdgeRouter Pro 8, which is effectively the same hardware, but without the fancy Unifi firmware… but I’ll be trashing that anyway. So on Thursday after much deliberation (I briefly considered buying a 1U amd64 machine instead but it too was quite expensive and probably heavier on power), and today it got here.

So after work, I set about building a serial cable for it (to avoid repeating the “wires poked into the pin sockets of a null modem cable” from getting the UPS going). I then downloaded OpenWRT (because the installation looked easier than the OpenBSD one, and performance is probably better), created a USB for it (which led to a whole other thing), booted it up and installed it. I literally spent more time soldering together the cable (a smarter individual would have simply ordered one earlier).

After some getting used to figuring out how to configure it, I have two different LAN interfaces, not on the same bridge, discrete interfaces on different subnets. I ran iperf3 on my desktop and laptop and got wire-speed routing between the two. That’ll do nicely!

I’m still lost with OpenWRT, so it’s tempting to try OpenBSD. I’m suspecting that with pf enabled, it won’t perform quite as well as OpenWRT does with the hardware offloading support, but I might give it a go anyway. On the other hand, if I put OpenWRT on the WAPs, I’ll have to learn how to work it anyway, so I’m not sure which way I’ll go yet.

I’ve got a laundry list of things still to configure before I can put it into service:

• VLANs (I think they’re configured correctly)
• Subnets on the VLANs (I think I’ll take the opportunity to rearrange them, but it wouldn’t take long to configure the same ones I have now)
• Firewalls between the VLANs
• BGP
• Local DNS

Plus some other “nice to haves” that I couldn’t be bothered making work on Unifi:

• Pihole, or some other sort of malicious domain blocker.
• Wireguard, instead of L2TP that I set up via Unifi.

Anyway, because it’s not really an EdgeRouter anymore, and I had the labeller out anyway, I’m calling it the FudgeRouter - Fraggle’s EdgeRouter, but with a kiwi accent.

Author:

fwaggle

Published:

2022-05-09T20:51:00+1000

Modified:

2022-05-15T11:31:19+1000

Filed under:

• linux
• networking

Location:

Horsham, VIC, Australia

Navigation: Older Entry Newer Entry