Whilst fiddling around with the Edgemax Lite I came across a bit of an issue whilst connecting
it to my main OpenVPN hub server, the fact that it couldn’t do comp-lzo compression.
Whilst I don’t need to do compression, it’s switched on by default in most OpenVPN distributions
and without it, in my case it caused immense pain on the server end and refused to work.

I hunted high and low for the answer on Ubiquiti’s very good forum and googled the issue to the
Nth degree, but because it’s so new I don’t think anyone has come across this issue yet (or at
least documented it anywhere). So what to do – do I turn off comp-lzo on the server or do I
run another another copy of OpenVPN on it just for the Edgemax?

In the end, I had a bit of a brainwave and remembered it’s a Vyatta, so I googled for that instead
and that lead me to the answer which is :

openvpn-option --comp-lzo

Here’s my complete Openvpn vtun statement :

openvpn vtun0 {
mode client
openvpn-option --comp-lzo
protocol udp
remote-host endpoint-address.com
remote-port 1194
        tls  {
             ca-cert-file /config/auth/ca.crt
             cert-file /config/auth/cert.crt
             key-file /config/auth/cert.key
             }
}

And literally that’s all you have to do (well apart from SCP the keys/certs into config/auth) to
get OpenVPN in default UDP flavour working on the box. I haven’t yet tried any other configs
but if the client config works this well I can’t imagine server/site-to-site won’t be too
complicated to get working.

Well it’s arrived, after quite a wait – the first EdgeMax routers have landed in the UK, was it worth the wait?   For that answer you’ll have to read on and see if it fits with what you are looking for in a small three port router.

 

Here at PM towers it’s happily sat on the end of a BT FTTH (160Mbps) connection and it’s working really well, it does exactly what it says on the box, it’s a three gigabit port router with lot’s of other stuff under the hood (*).

For me personally I can’t rate this box highly enough, Ubiquiti have pulled an absolute blinder :

1. It’s less than 100 pounds for a true line rate gigabit router (**)
2. It’s running Linux under the hood.
3. It’s going to worry a certain big networking equipment manufacturer.
4. It’s really going to worry a certain smaller networking equipment manufacturer in Latvia.
5. I’ll go out on a limb here and say if the bigger box’s (TBA) turn up at a sensible price point, I’ll be replacing a lot of kit from other people with them.
6. You name it, it’ll do it – PPPoE, OpenVPN, IPSec, PPTP, OSPF, BGP, Stateful Firewall, QoS, IPv6,Netflow etc. etc. (you get the picture)

 

As with all good things (especially first couple of revisions on the market), there are a few minor issues :-

1. Documentation is a little poor, but I hope to document here some of the bits I found useful.
2. It’s a little quirky, but fiddling with the CLI is definitely advised.
3. No support for MPLS yet – not the end of the world, but I believe it maybe on the roadmap.
4. It’s a bit like JunOS, you will get used to it, but you’ll have a hard time getting to the bit you need to start with.
5. The gui is definitely a work  “In progress”.

 

In short it’s a great buy – a little quirky, quick as you like, cheap, game changer for sure and get’s two thumbs up from myself at PM towers.

 

 

 

(* For those in the know it’s basically a three port box running Vyatta )

(** I haven’t banged it on the Smartbits to see if I can break it – but by the looks of my initial tests it is genuinely line rate when routing)