Sie sind auf Seite 1von 18

Configuring a Ubiquiti EdgeRouter Lite for KPN |

https://kriegsman.io/2016/01/configuring-a-ubiquit

KRIEGSMAN.io

Home

Contact

Configuring a Ubiquiti EdgeRouter Lite for KPN

This guide explains how to configure your EdgeRouter Lite

including routed IPTV, VOIP and IPv6

Configuration is based on the following connection scheme

eth0 = WAN (NTU)Configuration is based on the following connection scheme eth1 = LAN/IPTV (Switch w/IGMP snooping) eth2 =

eth1 = LAN/IPTV (Switch w/IGMP snooping)is based on the following connection scheme eth0 = WAN (NTU) eth2 = VOIP (Experia Box)

eth2 = VOIP (Experia Box)eth0 = WAN (NTU) eth1 = LAN/IPTV (Switch w/IGMP snooping) The EdgeRouter Lite is configured by

The EdgeRouter Lite is configured by default on eth0 . Connect an

Ethernet cable from the Ethernet port of your computer to the port labeled

eth0 on the EdgeRouter Lite.

Configure the Ethernet adapter on your host system with a static IP

address on the 192.168.1.x subnet (e.g., 192.168.1.100).

IP address on the 192.168.1.x subnet (e.g., 192.168.1.100). Recent Posts Configuring a Ubiquiti EdgeRouter Lite for

Recent Posts

Configuring a Ubiquiti EdgeRouter Lite for KPN

Archives

January 2016

Social   
Social

To Access the router’s command line interface. You can use the CLI

button while inside the Web UI or by using an SSH program such as

PuTTY. PuTTY is generally quicker.

Launch an SSH session to 192.168.1.1. Both username and password are

ubnt.

) Setup interface eth1 and configure the DHCP/DNS server

1
1
2
2
3
3

configure

 

set interfaces ethernet eth1 address

 
 

192.168.2.254/24

 
4
4

set interfaces ethernet eth1 description "eth1

- LAN"
- LAN"
5
5

set interfaces ethernet eth1 duplex auto

 
6
6
7
7

set interfaces ethernet eth1 speed auto

 

Configuring a Ubiquiti EdgeRouter Lite for KPN |

https://kriegsman.io/2016/01/configuring-a-ubiquit

8
8

set service dhcp-server disabled false

 
9
9

set service dhcp-server hostfile-update disable

10
10

set service dhcp-server shared-network-name LAN

authoritative enable

 
11
11

set service dhcp-server shared-network-name LAN

subnet 192.168.2.0/24

 
12
12

set service dhcp-server shared-network-name LAN

subnet 192.168.2.0/24 default-router

 

192.168.2.254

 
13
13

set service dhcp-server shared-network-name LAN

subnet 192.168.2.0/24 dns-server 8.8.8.8

 
14
14

set service dhcp-server shared-network-name LAN

subnet 192.168.2.0/24 dns-server 8.8.4.4

 
15
15

set service dhcp-server shared-network-name LAN

subnet 192.168.2.0/24 lease 86400

 
16
16

set service dhcp-server shared-network-name LAN

subnet 192.168.2.0/24 start 192.168.2.50

 
17
17

set service dhcp-server shared-network-name LAN

subnet 192.168.2.0/24 start 192.168.2.50 stop

 
18
18

192.168.2.200

 
 
19
19

set service dns forwarding cache-size 150

 
20
20

set service dns forwarding listen-on eth1

21
21

set service dns forwarding name-server 8.8.8.8

22
22

set service dns forwarding name-server 8.8.4.4

23
23

set service dns forwarding options listen-

 
24
24
25
25
26
26
27
27

address=192.168.2.254

 
commit
commit
save
save
exit
exit

Reconnect the Ethernet cable from the Ethernet port of your computer to the port labeled eth1 on the EdgeRouter Lite. Connect an Ethernet cable from the NTU to the port labeled eth0 and connect an Ethernet cable from the WAN port of the ExperiaBox to the port labeled eth2 .

Reconfigure the Ethernet adapter on your host system with DHCP.

Launch an SSH session to 192.168.2.254. Both username and password are ubnt.

) Configure firewall

1
1
2
2
3
3
4
4
5
5
6
6
7
7
8
8
9
9
10
10

configure

set firewall all-ping enable

set firewall broadcast-ping disable

set firewall ipv6-receive-redirects

disable

set firewall ipv6-src-route disable

set firewall ip-src-route disable

set firewall log-martians enable

set firewall receive-redirects disable

set firewall send-redirects enable

Configuring a Ubiquiti EdgeRouter Lite for KPN |

https://kriegsman.io/2016/01/configuring-a-ubiquit

11 set firewall source-validation disable 12 set firewall syn-cookies enable 13 14 set firewall name
11
set firewall source-validation disable
12
set firewall syn-cookies enable
13
14
set firewall name WAN_IN default-action drop
15
set firewall name WAN_IN description "WAN to
Internal"
16
set firewall name WAN_IN enable-default-log
17
set firewall name WAN_IN rule 10 action accept
18
set firewall name WAN_IN rule 10 description
"Allow established/related"
19
set firewall name WAN_IN rule 10 log enable
20
set firewall name WAN_IN rule 10 protocol all
21
set firewall name WAN_IN rule 10 state
established enable
22
set firewall name WAN_IN rule 10 state invalid
disable
23
set firewall name WAN_IN rule 10 state new
disable
24
set firewall name WAN_IN rule 10 state related
enable
25
26
set firewall name WAN_IN rule 20 action drop
27
set firewall name WAN_IN rule 20 description
"Drop invalid state"
28
set firewall name WAN_IN rule 20 log enable
29
set firewall name WAN_IN rule 20 protocol all
30
set firewall name WAN_IN rule 20 state
established disable
31
set firewall name WAN_IN rule 20 state invalid
enable
32
set firewall name WAN_IN rule 20 state new
disable
33
set firewall name WAN_IN rule 20 state related
disable
34
35
set firewall name WAN_LOCAL default-action drop
36
set firewall name WAN_LOCAL description "WAN to
router"
37
set firewall name WAN_LOCAL enable-default-log
38
set firewall name WAN_LOCAL rule 10 action
accept
39
set firewall name WAN_LOCAL
rule 10 description
"Allow established/related"
40
set firewall name WAN_LOCAL
rule 10 log disable
41
set firewall name WAN_LOCAL rule 10 protocol
all
42
set firewall name WAN_LOCAL rule 10 state
established enable
43
set firewall name WAN_LOCAL rule 10 state
invalid disable
44
set firewall name WAN_LOCAL rule 10 state new
disable
45
set firewall name WAN_LOCAL rule 10 state
related enable
46
47
set firewall name WAN_LOCAL rule 20 action drop
48
set firewall name WAN_LOCAL rule 20 description
"Drop invalid state"
49
set firewall name WAN_LOCAL rule 20 log disable
50
set firewall name WAN_LOCAL rule 20 protocol
all

Configuring a Ubiquiti EdgeRouter Lite for KPN |

https://kriegsman.io/2016/01/configuring-a-ubiquit

51
51

set firewall name WAN_LOCAL rule 20 state

 

established disable

 
52
52

set firewall name WAN_LOCAL rule 20 state

 

invalid enable

 
53
53

set firewall name WAN_LOCAL rule 20 state new

disable
disable
54
54

set firewall name WAN_LOCAL rule 20 state

 
55
55
56
56
57
57
58
58

related disable

 
commit
commit
save
save
exit
exit

) Generate the configuration line for user-id, used to set the pppoe authentication

1
1
2
2
sudo su
sudo su

pppoe_id=$(ifconfig | grep -m 1 eth0 | awk

 
 

'{print $5}' | awk -F':' '{print "set

 

interfaces ethernet eth0 vif 6 pppoe 0 user-id

"$1"-"$2"-"$3"-"$4"-"$5"-"$6"@internet"}')

 
3
3
4
4

echo "$pppoe_id"

 
exit
exit
1 configure 2 3 delete interfaces ethernet eth0 address 4 5 set interfaces ethernet eth0
1
configure
2
3
delete interfaces ethernet eth0 address
4
5
set interfaces ethernet eth0 description "eth0
- FTTH"
6
set interfaces ethernet eth0 duplex auto
7
set interfaces ethernet eth0 speed auto
8
set interfaces ethernet eth0 mtu 1512
9
10
set interfaces ethernet eth0 vif 6 description
"eth0.6 - Internet"
11
set interfaces ethernet eth0 vif 6 mtu 1508
12
13
(YOUR SET LINE FOR USER-ID, received from
previous step)
14
set interfaces
ethernet eth0 vif 6 pppoe 0
password kpn
15
set interfaces ethernet eth0 vif 6 pppoe 0
default-route auto
16
set interfaces ethernet eth0 vif 6 pppoe 0
name-server auto
17
set interfaces ethernet eth0 vif 6 pppoe 0
idle-timeout 180
18
set interfaces ethernet eth0 vif 6 pppoe 0 mtu
1500
19
20
set interfaces ethernet eth0 vif 6 pppoe 0
firewall in name WAN_IN
21
set interfaces ethernet
eth0 vif 6 pppoe 0
firewall local name WAN_LOCAL
22

Configuring a Ubiquiti EdgeRouter Lite for KPN |

23
23

set system name-server 8.8.8.8

24
24
25
25
26
26
27
27
28
28

set system name-server 8.8.4.4

commit
commit
save
save
exit
exit

https://kriegsman.io/2016/01/configuring-a-ubiquit

) Configure hardware offloading for the IPv4 connection

1
1
2
2
3
3
4
4
5
5
6
6
7
7
8
8
9
9

configure

set system offload ipv4 forwarding enable

set system offload ipv4 pppoe enable

set system offload ipv4 vlan enable

commit save exit
commit
save
exit

) Configure NAT to allow the LAN to access the internet

1 configure 2 3 set service nat rule 5010 description "KPN Internet" 4 set service
1
configure
2
3
set service nat rule 5010 description "KPN
Internet"
4
set service nat rule 5010 log enable
5
set service nat rule 5010 outbound-interface
pppoe0
6
set service nat rule 5010 protocol all
7
set service nat rule 5010 source address
192.168.2.0/24
8
set service nat rule 5010 type masquerade
9
10
commit
11
save
12
exit

) Enable Traffic inspection (DPI)

1 2 3 4 5 6 7 8
1
2
3
4
5
6
7
8

configure

set system traffic-analysis dpi enable

set system traffic-analysis export enable

commit save exit
commit
save
exit

) Add the Debian APT repository (to install tools like nano/iptraf)

Configuring a Ubiquiti EdgeRouter Lite for KPN |

https://kriegsman.io/2016/01/configuring-a-ubiquit

1 configure 2 3 set system package repository wheezy components "main contrib non-free" 4 set
1
configure
2
3
set system package repository wheezy components
"main contrib non-free"
4
set system package
repository wheezy
distribution wheezy
5
set system package
repository wheezy url
http://mirror.leaseweb.com/debian
6
set system package repository wheezy-security
components main
7
set system package repository wheezy-security
distribution wheezy/updates
8
set system package repository wheezy-security
url http://security.debian.org
9
10
commit
11
save
12
exit
13
14
sudo apt-get update

) Install packages with

1
1

sudo apt-get install package

) Configure a bridge between WAN and ExperiaBox for VOIP

1
1
2
2
3
3
4
4
5
5
6
6
7
7
8
8
9
9
10
10
11
11
12
12
13
13
14
14
15
15
16
16
17
17

configure

set interfaces bridge br0

set interfaces ethernet eth0 vif 7 bridge-group

bridge br0
bridge br0

set interfaces ethernet eth0 vif 7 description

"eth0.7 - VOIP"

set interfaces ethernet eth0 vif 7 mtu 1500

set interfaces ethernet eth2 description "eth2

- ExperiaBox"

set interfaces ethernet eth2 duplex auto

set interfaces ethernet eth2 speed auto

set interfaces ethernet eth2 vif 7 bridge-group

bridge br0
bridge br0

set interfaces ethernet eth2 vif 7 description

"eth2.7 - ExperiaBox VOIP"

set interfaces ethernet eth2 vif 7 mtu 1500

commit save exit
commit
save
exit

) Setup routed IPTV

1
1

configure

Configuring a Ubiquiti EdgeRouter Lite for KPN |

https://kriegsman.io/2016/01/configuring-a-ubiquit

2 3 set interfaces ethernet eth0 vif 4 address dhcp 4 set interfaces ethernet eth0
2
3
set interfaces ethernet eth0 vif 4 address dhcp
4
set interfaces ethernet eth0 vif 4 description
"eth0.4 - IPTV"
5
set interfaces ethernet eth0 vif 4 dhcp-options
client-option "send vendor-class-identifier
"IPTV_RG";"
6
set interfaces ethernet eth0 vif 4 dhcp-options
client-option "request subnet-mask, routers,
rfc3442-classless-static-routes;"
7
set interfaces ethernet eth0 vif 4 dhcp-options
default-route no-update
8
set interfaces ethernet
eth0 vif 4 dhcp-options
default-route-distance 210
9
set interfaces ethernet eth0 vif 4 dhcp-options
name-server update
10
11
commit
12
save
13
exit

) Modify our DHCP configuration to include IPTV parameters

1
1
2
2
3
3
4
4
5
5
6
6
7
7
8
8

configure

set service dhcp-server global-parameters

"option vendor-class-identifier code 60 =

string;"
string;"

set service dhcp-server global-parameters

"option broadcast-address code 28 =

ip-address;"
ip-address;"
commit save exit
commit
save
exit

) NAT rules are required for the IPTV settop box to connect to the IPTV platform

) The following commands will return 2 configuration lines required.

1
1
2
2
sudo su
sudo su

r_ip=$(show dhcp client leases | grep router |

 

awk '{ print $3 }');

 
3
3

iptv_static=$(echo "set protocols static route

213.75.112.0/21 next-hop $r_ip")

 
4
4
5
5

echo -e "$iptv_static"

 
exit
exit
1 2 3 4
1
2
3
4

configure

set service nat rule 5000 description IPTV

set service nat rule 5000 log disable

Configuring a Ubiquiti EdgeRouter Lite for KPN |

https://kriegsman.io/2016/01/configuring-a-ubiquit

5
5

set service nat rule 5000 outbound-interface

 
eth0.4
eth0.4
6
6

set service nat rule 5000 protocol all

 
7
7

set service nat rule 5000 destination address

 

213.75.112.0/21

 
8
8
9
9
10
10

set service nat

rule 5000 type masquerade

 
 

(YOUR SET LINE FOR STATIC ROUTE, received from

11
11
12
12
13
13
14
14

previous step)

 
commit
commit
save
save
exit
exit

> Setup the IGMP Proxy

1
1
2
2
3
3
4 5 6 7 8
4
5
6
7
8
9
9
10
10
11
11
12
12

configure

set protocols igmp-proxy interface eth0.4

alt-subnet 0.0.0.0/0

set protocols igmp-proxy interface eth0.4 role

upstream
upstream

set protocols igmp-proxy interface eth0.4

threshold 1
threshold 1

set protocols igmp-proxy interface eth1

alt-subnet 0.0.0.0/0

set protocols igmp-proxy interface eth1 role

downstream
downstream

set protocols igmp-proxy interface eth1

threshold 1
threshold 1
commit save exit
commit
save
exit

) Configure an IPv6 Firewall

1
1
2
2
3
3
4 5
4
5
6 7
6
7
8 9 10 11
8
9
10
11

configure

set firewall ipv6-name WANv6_IN default-action

drop
drop

set firewall ipv6-name WANv6_IN description

"WAN inbound traffic forwarded to LAN"

set firewall ipv6-name WANv6_IN enable-

default-log
default-log

set firewall ipv6-name WANv6_IN rule 10 action

accept
accept

set firewall ipv6-name WANv6_IN rule 10

description "Allow established/related

sessions"
sessions"

set firewall ipv6-name WANv6_IN rule 10 state

established enable

set firewall ipv6-name WANv6_IN rule 10 state

related enable

set firewall ipv6-name WANv6_IN rule 20 action

Configuring a Ubiquiti EdgeRouter Lite for KPN |

https://kriegsman.io/2016/01/configuring-a-ubiquit

drop
drop

set firewall ipv6-name WANv6_IN rule 20

description "Drop invalid state"

set firewall ipv6-name WANv6_IN rule 20 state

invalid enable

set firewall ipv6-name WANv6_LOCAL default-

action drop
action drop

set firewall ipv6-name WANv6_LOCAL description

"WAN inbound traffic to the router"

set firewall ipv6-name WANv6_LOCAL enable-

default-log
default-log

set firewall ipv6-name WANv6_LOCAL rule 10

action accept

set firewall ipv6-name WANv6_LOCAL rule 10

description "Allow established/related

sessions"
sessions"

set firewall ipv6-name WANv6_LOCAL rule 10

state established enable

set firewall ipv6-name WANv6_LOCAL rule 10

state related enable

set firewall ipv6-name WANv6_LOCAL rule 20

action drop
action drop

set firewall ipv6-name WANv6_LOCAL rule 20

description "Drop invalid state"

set firewall ipv6-name WANv6_LOCAL rule 20

state invalid enable

set firewall ipv6-name WANv6_LOCAL rule 30

action accept

set firewall ipv6-name WANv6_LOCAL rule 30

description "Allow IPv6 icmp"

set firewall ipv6-name WANv6_LOCAL rule 30

protocol ipv6-icmp

set firewall ipv6-name WANv6_LOCAL rule 40

action accept

set firewall ipv6-name WANv6_LOCAL rule 40

description "allow dhcpv6"

set firewall ipv6-name WANv6_LOCAL rule 40

destination port 546

set firewall ipv6-name WANv6_LOCAL rule 40

protocol udp
protocol udp

set firewall

ipv6-name WANv6_LOCAL rule 40

source port 547

commit save exit
commit
save
exit

) Setup IPv6 on the pppoe interface and create a static route over the pppoe interface

1 2 3
1
2
3

configure

set interfaces ethernet eth0 vif 6 pppoe 0

Configuring a Ubiquiti EdgeRouter Lite for KPN |

https://kriegsman.io/2016/01/configuring-a-ubiquit

firewall in ipv6-name WANv6_IN 4 set interfaces ethernet eth0 vif 6 pppoe 0 firewall local
firewall in ipv6-name WANv6_IN
4
set interfaces ethernet eth0 vif 6 pppoe 0
firewall local ipv6-name WANv6_LOCAL
5
6
set interfaces ethernet eth0 vif 6 pppoe 0 ipv6
enable
7
set interfaces ethernet eth0 vif 6 pppoe 0 ipv6
address autoconf
8
set interfaces ethernet eth0 vif 6 pppoe 0 ipv6
dup-addr-detect-transmits 1
9
10
set interfaces ethernet eth0 vif 6 pppoe 0
dhcpv6-pd no-dns
11
set interfaces ethernet eth0 vif 6 pppoe 0
dhcpv6-pd pd 0 interface eth1 prefix-id :1
12
set interfaces ethernet eth0 vif 6 pppoe 0
dhcpv6-pd pd 0 interface eth1 service slaac
13
set interfaces ethernet eth0 vif 6 pppoe 0
dhcpv6-pd pd 0 prefix-length /48
14
set interfaces ethernet eth0 vif
6 pppoe 0
dhcpv6-pd rapid-commit disable
15
16
set protocols static interface-route6 ::/0
next-hop-interface pppoe0
17
18
commit
19
save
20
exit

) Setup router-advert and set ipv6 name server

1 configure 2 3 set interfaces ethernet eth1 ipv6 dup-addr- detect-transmits 1 4 set interfaces
1
configure
2
3
set interfaces ethernet eth1 ipv6 dup-addr-
detect-transmits 1
4
set interfaces ethernet eth1 ipv6 router-advert
cur-hop-limit 64
5
set interfaces ethernet eth1 ipv6 router-advert
link-mtu 0
6
set interfaces ethernet eth1 ipv6 router-advert
managed-flag false
7
set interfaces ethernet eth1 ipv6 router-advert
max-interval 600
8
set interfaces ethernet eth1 ipv6 router-advert
name-server 2001:4860:4860::8888
9
set interfaces ethernet eth1 ipv6 router-advert
name-server 2001:4860:4860::8844
10
set interfaces ethernet eth1 ipv6 router-advert
radvd-options "RDNSS 2001:4860:4860::8888
2001:4860:4860::8844 {};"
11
12
set interfaces ethernet eth1 ipv6 router-advert
other-config-flag false
13
set interfaces ethernet
eth1 ipv6 router-advert
reachable-time 0
14
set interfaces ethernet eth1 ipv6 router-advert
retrans-timer 0
15
set interfaces ethernet eth1 ipv6 router-advert

Configuring a Ubiquiti EdgeRouter Lite for KPN |

https://kriegsman.io/2016/01/configuring-a-ubiquit

 

send-advert true

 
16
16

set interfaces ethernet eth1 ipv6 router-advert

prefix ::/64 autonomous-flag true

 
17
17

set interfaces ethernet eth1 ipv6

router-advert

prefix ::/64 on-link-flag true

 
18
18

set interfaces ethernet eth1 ipv6 router-advert

19
19
20
20

prefix ::/64 valid-lifetime 2592000

 
 

set system name-server 2001:4860:4860::8888

 
21
21
22
22
23
23
24
24
25
25

set system name-server 2001:4860:4860::8844

commit
commit
save
save
exit
exit

) Configure hardware offloading for the IPv6 connection

1 2 3 4 5 6 7 8
1
2
3
4
5
6
7
8

configure

set system offload ipv6 forwarding enable

set system offload ipv6 pppoe enable

commit save exit
commit
save
exit

) It is possible that after the IPv6 configuration, the default route is

changed or the IGMP proxy stopped. Simple fix to get up and running with your new configuration.

1 reboot
1
reboot

You should have a working setup!

Here is the full configuration file (/config/config.boot). Before you load the full configuration on your edgerouter, make sure you replace the following [MAC] – [ROUTER-IP] – [NAT-MASK]

1 2 3 4 5 6 7
1
2
3
4
5
6
7
firewall {
firewall {
[ROUTER-IP] – [NAT-MASK] 1 2 3 4 5 6 7 firewall { all-ping enable broadcast-ping disable

all-ping enable

[NAT-MASK] 1 2 3 4 5 6 7 firewall { all-ping enable broadcast-ping disable ipv6-name WANv6_IN
[NAT-MASK] 1 2 3 4 5 6 7 firewall { all-ping enable broadcast-ping disable ipv6-name WANv6_IN

broadcast-ping disable

ipv6-name WANv6_IN {

default-action drop

disable ipv6-name WANv6_IN { default-action drop description "WAN inbound traffic enable-default-log
disable ipv6-name WANv6_IN { default-action drop description "WAN inbound traffic enable-default-log

description "WAN inbound traffic

enable-default-log

forwarded to LAN"

drop description "WAN inbound traffic enable-default-log forwarded to LAN" 11 of 18 07/10/2016 11:00 AM

Configuring a Ubiquiti EdgeRouter Lite for KPN |

https://kriegsman.io/2016/01/configuring-a-ubiquit

KPN | https://kriegsman.io/2016/01/configuring-a-ubiquit rule 10 { action accept description "Allow
rule 10 {
rule 10 {
rule 10 { action accept description "Allow established/related
rule 10 { action accept description "Allow established/related

action accept

description "Allow

established/related sessions"

description "Allow established/related sessions" state { established enable related enable } } rule 20 {
state {
state {
"Allow established/related sessions" state { established enable related enable } } rule 20 { action drop

established enable

related enable

sessions" state { established enable related enable } } rule 20 { action drop description "Drop
sessions" state { established enable related enable } } rule 20 { action drop description "Drop
}
}
} rule 20 {
}
rule 20 {
state { established enable related enable } } rule 20 { action drop description "Drop invalid
action drop
action drop
established enable related enable } } rule 20 { action drop description "Drop invalid state" state
established enable related enable } } rule 20 { action drop description "Drop invalid state" state

description

"Drop invalid state"

state {
state {

invalid enable

"Drop invalid state" state { invalid enable } } router" } rule 10 { ipv6-name WANv6_LOCAL
"Drop invalid state" state { invalid enable } } router" } rule 10 { ipv6-name WANv6_LOCAL
}
}
"Drop invalid state" state { invalid enable } } router" } rule 10 { ipv6-name WANv6_LOCAL
}
}
"Drop invalid state" state { invalid enable } } router" } rule 10 { ipv6-name WANv6_LOCAL
"Drop invalid state" state { invalid enable } } router" } rule 10 { ipv6-name WANv6_LOCAL
"Drop invalid state" state { invalid enable } } router" } rule 10 { ipv6-name WANv6_LOCAL
router"
router"
invalid state" state { invalid enable } } router" } rule 10 { ipv6-name WANv6_LOCAL {
invalid state" state { invalid enable } } router" } rule 10 { ipv6-name WANv6_LOCAL {
}
}
rule 10 {
rule 10 {
state { invalid enable } } router" } rule 10 { ipv6-name WANv6_LOCAL { default-action drop

ipv6-name WANv6_LOCAL {

default-action drop

description "WAN inbound traffic to the

enable-default-log

action accept

inbound traffic to the enable-default-log action accept description "Allow established/related sessions"

description "Allow

established/related sessions"

description "Allow established/related sessions" state { established enable related enable } } rule 20 {
state {
state {
"Allow established/related sessions" state { established enable related enable } } rule 20 { action drop

established enable

related enable

sessions" state { established enable related enable } } rule 20 { action drop description "Drop
sessions" state { established enable related enable } } rule 20 { action drop description "Drop
}
}
} rule 20 {
}
rule 20 {
state { established enable related enable } } rule 20 { action drop description "Drop invalid
action drop
action drop
established enable related enable } } rule 20 { action drop description "Drop invalid state" state
established enable related enable } } rule 20 { action drop description "Drop invalid state" state

description

"Drop invalid state"

state {
state {

invalid enable

"Drop invalid state" state { invalid enable } } } rule 30 { action accept description
"Drop invalid state" state { invalid enable } } } rule 30 { action accept description
} }
}
}
}
}
rule 30 {
rule 30 {
invalid state" state { invalid enable } } } rule 30 { action accept description "Allow

action accept

state { invalid enable } } } rule 30 { action accept description "Allow IPv6 icmp"
state { invalid enable } } } rule 30 { action accept description "Allow IPv6 icmp"

description "Allow IPv6 icmp"

protocol ipv6-icmp

rule 40 {
rule 40 {
"Allow IPv6 icmp" protocol ipv6-icmp rule 40 { action accept description "allow dhcpv6" destination
"Allow IPv6 icmp" protocol ipv6-icmp rule 40 { action accept description "allow dhcpv6" destination
"Allow IPv6 icmp" protocol ipv6-icmp rule 40 { action accept description "allow dhcpv6" destination

action accept

description "allow dhcpv6"

destination {

port 546
port 546
description "allow dhcpv6" destination { port 546 } protocol udp source { } } } name
description "allow dhcpv6" destination { port 546 } protocol udp source { } } } name
}
}
protocol udp
protocol
udp
dhcpv6" destination { port 546 } protocol udp source { } } } name WAN_IN {
source {
source {
dhcpv6" destination { port 546 } protocol udp source { } } } name WAN_IN {
dhcpv6" destination { port 546 } protocol udp source { } } } name WAN_IN {
}
}
}
}
destination { port 546 } protocol udp source { } } } name WAN_IN { port
destination { port 546 } protocol udp source { } } } name WAN_IN { port
destination { port 546 } protocol udp source { } } } name WAN_IN { port
destination { port 546 } protocol udp source { } } } name WAN_IN { port
destination { port 546 } protocol udp source { } } } name WAN_IN { port
}
}

name WAN_IN {

{ port 546 } protocol udp source { } } } name WAN_IN { port 547
port 547
port
547

ip-src-route disable

log-martians enable

ipv6-receive-redirects disable

ipv6-src-route disable

default-action drop

Configuring a Ubiquiti EdgeRouter Lite for KPN |

https://kriegsman.io/2016/01/configuring-a-ubiquit

KPN | https://kriegsman.io/2016/01/configuring-a-ubiquit description "WAN to Internal" enable-default-log
KPN | https://kriegsman.io/2016/01/configuring-a-ubiquit description "WAN to Internal" enable-default-log
KPN | https://kriegsman.io/2016/01/configuring-a-ubiquit description "WAN to Internal" enable-default-log

description "WAN to Internal"

enable-default-log

rule 10 {
rule 10 {
"WAN to Internal" enable-default-log rule 10 { action accept description "Allow log enable
"WAN to Internal" enable-default-log rule 10 { action accept description "Allow log enable

action accept

description "Allow

log enable
log enable

established/related"

description "Allow log enable established/related" protocol all state { established enable invalid disable }
protocol all
protocol all
"Allow log enable established/related" protocol all state { established enable invalid disable } new disable
state {
state {
log enable established/related" protocol all state { established enable invalid disable } new disable related

established enable

invalid disable

protocol all state { established enable invalid disable } new disable related enable } rule 20
protocol all state { established enable invalid disable } new disable related enable } rule 20
protocol all state { established enable invalid disable } new disable related enable } rule 20
protocol all state { established enable invalid disable } new disable related enable } rule 20
}
}
new disable
new disable

related enable

} rule 20 {
}
rule 20 {
invalid disable } new disable related enable } rule 20 { action drop description "Drop invalid
action drop
action drop
} new disable related enable } rule 20 { action drop description "Drop invalid state" log
} new disable related enable } rule 20 { action drop description "Drop invalid state" log

description

"Drop invalid state"

log enable
log enable
protocol all
protocol all
"Drop invalid state" log enable protocol all state { established disable invalid enable new disable
state {
state {
"Drop invalid state" log enable protocol all state { established disable invalid enable new disable related

established disable

invalid enable

protocol all state { established disable invalid enable new disable related disable } } } name
protocol all state { established disable invalid enable new disable related disable } } } name
new disable
new disable

related disable

disable invalid enable new disable related disable } } } name WAN_LOCAL { default-action drop rule
disable invalid enable new disable related disable } } } name WAN_LOCAL { default-action drop rule
}
}
disable invalid enable new disable related disable } } } name WAN_LOCAL { default-action drop rule
}
}
disable invalid enable new disable related disable } } } name WAN_LOCAL { default-action drop rule
}
}

name WAN_LOCAL {

enable new disable related disable } } } name WAN_LOCAL { default-action drop rule 10 {
enable new disable related disable } } } name WAN_LOCAL { default-action drop rule 10 {
enable new disable related disable } } } name WAN_LOCAL { default-action drop rule 10 {
enable new disable related disable } } } name WAN_LOCAL { default-action drop rule 10 {

default-action drop

rule 10 {
rule 10 {

action accept

description "WAN to

router"

enable-default-log

description "WAN to router" enable-default-log description "Allow log disable established/related"
description "WAN to router" enable-default-log description "Allow log disable established/related"

description "Allow

log disable
log disable

established/related"

description "Allow log disable established/related" protocol all state { established enable invalid disable new
protocol all
protocol all
"Allow log disable established/related" protocol all state { established enable invalid disable new disable
state {
state {
log disable established/related" protocol all state { established enable invalid disable new disable related

established enable

invalid disable

protocol all state { established enable invalid disable new disable related enable } } rule 20
protocol all state { established enable invalid disable new disable related enable } } rule 20
new disable
new disable

related enable

enable invalid disable new disable related enable } } rule 20 { action drop description "Drop
enable invalid disable new disable related enable } } rule 20 { action drop description "Drop
}
}
} rule 20 {
}
rule 20 {
invalid disable new disable related enable } } rule 20 { action drop description "Drop invalid
action drop
action drop
new disable related enable } } rule 20 { action drop description "Drop invalid state" log
new disable related enable } } rule 20 { action drop description "Drop invalid state" log

description

"Drop invalid state"

log disable
log disable
protocol all
protocol all
"Drop invalid state" log disable protocol all state { established disable invalid enable } } }
state {
state {
invalid state" log disable protocol all state { established disable invalid enable } } } options

established disable

invalid enable

protocol all state { established disable invalid enable } } } options { } new disable
protocol all state { established disable invalid enable } } } options { } new disable
protocol all state { established disable invalid enable } } } options { } new disable
protocol all state { established disable invalid enable } } } options { } new disable
}
}
} } options {
}
}
options {
state { established disable invalid enable } } } options { } new disable related disable
}
}
{ established disable invalid enable } } } options { } new disable related disable receive-redirects
new disable
new disable

related disable

receive-redirects disable

Configuring a Ubiquiti EdgeRouter Lite for KPN |

https://kriegsman.io/2016/01/configuring-a-ubiquit

KPN | https://kriegsman.io/2016/01/configuring-a-ubiquit } send-redirects enable source-validation disable
KPN | https://kriegsman.io/2016/01/configuring-a-ubiquit } send-redirects enable source-validation disable
KPN | https://kriegsman.io/2016/01/configuring-a-ubiquit } send-redirects enable source-validation disable
}
}

send-redirects enable

source-validation disable

syn-cookies enable

interfaces { bridge br0 {
interfaces {
bridge br0 {
disable syn-cookies enable interfaces { bridge br0 { aging 300 bridged-conntrack disable max-age 20 priority
disable syn-cookies enable interfaces { bridge br0 { aging 300 bridged-conntrack disable max-age 20 priority
aging 300
aging 300

bridged-conntrack disable

max-age 20
max-age 20

priority 32768

300 bridged-conntrack disable max-age 20 priority 32768 description "br0 - Telefonie" hello-time 2 }
300 bridged-conntrack disable max-age 20 priority 32768 description "br0 - Telefonie" hello-time 2 }
300 bridged-conntrack disable max-age 20 priority 32768 description "br0 - Telefonie" hello-time 2 }

description "br0 - Telefonie"

hello-time 2
hello-time 2
32768 description "br0 - Telefonie" hello-time 2 } promiscuous disable stp false ethernet eth0 { description
32768 description "br0 - Telefonie" hello-time 2 } promiscuous disable stp false ethernet eth0 { description
32768 description "br0 - Telefonie" hello-time 2 } promiscuous disable stp false ethernet eth0 { description
32768 description "br0 - Telefonie" hello-time 2 } promiscuous disable stp false ethernet eth0 { description
}
}
32768 description "br0 - Telefonie" hello-time 2 } promiscuous disable stp false ethernet eth0 { description

promiscuous disable

stp false
stp false

ethernet eth0 {

hello-time 2 } promiscuous disable stp false ethernet eth0 { description "eth0 - FTTH" duplex auto
hello-time 2 } promiscuous disable stp false ethernet eth0 { description "eth0 - FTTH" duplex auto

description

"eth0 - FTTH"

duplex auto
duplex auto
mtu 1512 speed auto vif 4 {
mtu 1512
speed auto
vif 4 {
- FTTH" duplex auto mtu 1512 speed auto vif 4 { address dhcp description "eth0.4 -
address dhcp
address dhcp
duplex auto mtu 1512 speed auto vif 4 { address dhcp description "eth0.4 - IPTV" dhcp-options
duplex auto mtu 1512 speed auto vif 4 { address dhcp description "eth0.4 - IPTV" dhcp-options

description

"eth0.4 - IPTV"

dhcp-options {

dhcp description "eth0.4 - IPTV" dhcp-options { client-option "send vendor- class-identifier

client-option "send vendor-

class-identifier

"IPTV_RG";"

vendor- class-identifier "IPTV_RG";" client-option "request subnet-mask, routers,

client-option "request

subnet-mask, routers, rfc3442-classless-static-

routes;"
routes;"
subnet-mask, routers, rfc3442-classless-static- routes;" } } vif 6 { default-route no-update default-route-distance
subnet-mask, routers, rfc3442-classless-static- routes;" } } vif 6 { default-route no-update default-route-distance
subnet-mask, routers, rfc3442-classless-static- routes;" } } vif 6 { default-route no-update default-route-distance
subnet-mask, routers, rfc3442-classless-static- routes;" } } vif 6 { default-route no-update default-route-distance
}
}
}
}
vif 6 {
vif 6 {
routers, rfc3442-classless-static- routes;" } } vif 6 { default-route no-update default-route-distance 210
routers, rfc3442-classless-static- routes;" } } vif 6 { default-route no-update default-route-distance 210
routers, rfc3442-classless-static- routes;" } } vif 6 { default-route no-update default-route-distance 210

default-route no-update

default-route-distance 210

name-server update

description "eth0.6 - Internet"

mtu 1508
mtu 1508
pppoe 0 {
pppoe 0
{
description "eth0.6 - Internet" mtu 1508 pppoe 0 { default-route auto dhcpv6-pd { no-dns pd 0
description "eth0.6 - Internet" mtu 1508 pppoe 0 { default-route auto dhcpv6-pd { no-dns pd 0

default-route auto

dhcpv6-pd {
dhcpv6-pd {
no-dns
no-dns
pd 0 {
pd 0 {
1508 pppoe 0 { default-route auto dhcpv6-pd { no-dns pd 0 { interface eth1 { prefix-id
1508 pppoe 0 { default-route auto dhcpv6-pd { no-dns pd 0 { interface eth1 { prefix-id
1508 pppoe 0 { default-route auto dhcpv6-pd { no-dns pd 0 { interface eth1 { prefix-id

interface eth1 {

prefix-id :1
prefix-id :1

service slaac

prefix-length /48

eth1 { prefix-id :1 service slaac prefix-length /48 } } } rapid-commit disable firewall { in
eth1 { prefix-id :1 service slaac prefix-length /48 } } } rapid-commit disable firewall { in
eth1 { prefix-id :1 service slaac prefix-length /48 } } } rapid-commit disable firewall { in
}
}
eth1 { prefix-id :1 service slaac prefix-length /48 } } } rapid-commit disable firewall { in
eth1 { prefix-id :1 service slaac prefix-length /48 } } } rapid-commit disable firewall { in
}
}
eth1 { prefix-id :1 service slaac prefix-length /48 } } } rapid-commit disable firewall { in
eth1 { prefix-id :1 service slaac prefix-length /48 } } } rapid-commit disable firewall { in
}
}
eth1 { prefix-id :1 service slaac prefix-length /48 } } } rapid-commit disable firewall { in

rapid-commit disable

firewall {
firewall {
in {
in {
prefix-length /48 } } } rapid-commit disable firewall { in { } ipv6-name WANv6_IN name WAN_IN
prefix-length /48 } } } rapid-commit disable firewall { in { } ipv6-name WANv6_IN name WAN_IN
prefix-length /48 } } } rapid-commit disable firewall { in { } ipv6-name WANv6_IN name WAN_IN
prefix-length /48 } } } rapid-commit disable firewall { in { } ipv6-name WANv6_IN name WAN_IN
}
}
/48 } } } rapid-commit disable firewall { in { } ipv6-name WANv6_IN name WAN_IN local

ipv6-name WANv6_IN

name WAN_IN
name WAN_IN
local {
local {
firewall { in { } ipv6-name WANv6_IN name WAN_IN local { } } ipv6-name WANv6_LOCAL name
firewall { in { } ipv6-name WANv6_IN name WAN_IN local { } } ipv6-name WANv6_LOCAL name
firewall { in { } ipv6-name WANv6_IN name WAN_IN local { } } ipv6-name WANv6_LOCAL name
firewall { in { } ipv6-name WANv6_IN name WAN_IN local { } } ipv6-name WANv6_LOCAL name
}
}
firewall { in { } ipv6-name WANv6_IN name WAN_IN local { } } ipv6-name WANv6_LOCAL name
}
}

ipv6-name WANv6_LOCAL

name WAN_LOCAL

idle-timeout 180

Configuring a Ubiquiti EdgeRouter Lite for KPN |

https://kriegsman.io/2016/01/configuring-a-ubiquit

183 ipv6 { 184 address { 185 autoconf 186 } 187 dup-addr-detect-transmits 1 188 enable
183
ipv6
{
184
address {
185
autoconf
186
}
187
dup-addr-detect-transmits 1
188
enable {
189
}
190
}
191
mtu 1500
192
name-server auto
193
password kpn
194
user-id [MAC]@internet
195
}
196
}
197
vif 7 {
198
bridge-group {
199
bridge br0
200
}
201
description "eth0.7 - Telefonie"
202
mtu 1500
203
}
204
}
205
ethernet eth1 {
206
address 192.168.2.254/24
207
description "eth1 - LAN"
208
duplex auto
209
ipv6
{
210
dup-addr-detect-transmits 1
211
router-advert {
212
cur-hop-limit 64
213
link-mtu 0
214
managed-flag false
215
max-interval 600
216
name-server
2001:4860:4860::8888
217
name-server
2001:4860:4860::8844
218
other-config-flag false
219
prefix ::/64 {
220
autonomous-flag true
221
on-link-flag true
222
valid-lifetime 2592000
223
}
224
radvd-options "RDNSS
2001:4860:4860::8888 2001:4860:4860::8844 {};"
225
reachable-time 0
226
retrans-timer 0
227
send-advert true
228
}
229
}
230
speed auto
231
}
232
ethernet eth2 {
233
description
"eth2 - ExperiaBox"
234
duplex auto
235
speed auto
236
vif 7 {
237
bridge-group {
238
bridge br0
239
}
240
description "eth2.7 - ExperiaBox

Configuring a Ubiquiti EdgeRouter Lite for KPN |

https://kriegsman.io/2016/01/configuring-a-ubiquit

VOIP" }
VOIP"
}
}
}
VOIP" } } mtu 1500 loopback lo { } } protocols { igmp-proxy {
VOIP" } } mtu 1500 loopback lo { } } protocols { igmp-proxy {
VOIP" } } mtu 1500 loopback lo { } } protocols { igmp-proxy {

mtu 1500

loopback lo {

}
}
} protocols {
}
protocols {
igmp-proxy {
igmp-proxy {
} } mtu 1500 loopback lo { } } protocols { igmp-proxy { interface eth0.4 {

interface eth0.4 {

threshold 1
threshold 1
} } protocols { igmp-proxy { interface eth0.4 { threshold 1 alt-subnet 0.0.0.0/0 role upstream }
} } protocols { igmp-proxy { interface eth0.4 { threshold 1 alt-subnet 0.0.0.0/0 role upstream }

alt-subnet 0.0.0.0/0

role upstream

eth0.4 { threshold 1 alt-subnet 0.0.0.0/0 role upstream } interface eth1 { threshold 1 } }
eth0.4 { threshold 1 alt-subnet 0.0.0.0/0 role upstream } interface eth1 { threshold 1 } }
}
}
eth0.4 { threshold 1 alt-subnet 0.0.0.0/0 role upstream } interface eth1 { threshold 1 } }

interface eth1 {

threshold 1
threshold 1
0.0.0.0/0 role upstream } interface eth1 { threshold 1 } } alt-subnet 0.0.0.0/0 role downstream static
0.0.0.0/0 role upstream } interface eth1 { threshold 1 } } alt-subnet 0.0.0.0/0 role downstream static
0.0.0.0/0 role upstream } interface eth1 { threshold 1 } } alt-subnet 0.0.0.0/0 role downstream static
} }
}
}

alt-subnet 0.0.0.0/0

role downstream

static {
static {
1 } } alt-subnet 0.0.0.0/0 role downstream static { interface-route6 ::/0 { route 213.75.112.0/21 { }

interface-route6 ::/0 {

route 213.75.112.0/21 {

static { interface-route6 ::/0 { route 213.75.112.0/21 { } next-hop-interface pppoe0 { } } } }
static { interface-route6 ::/0 { route 213.75.112.0/21 { } next-hop-interface pppoe0 { } } } }
static { interface-route6 ::/0 { route 213.75.112.0/21 { } next-hop-interface pppoe0 { } } } }
}
}
static { interface-route6 ::/0 { route 213.75.112.0/21 { } next-hop-interface pppoe0 { } } } }

next-hop-interface pppoe0 {

}
}
{ route 213.75.112.0/21 { } next-hop-interface pppoe0 { } } } } service { next-hop [ROUTER-IP]
{ route 213.75.112.0/21 { } next-hop-interface pppoe0 { } } } } service { next-hop [ROUTER-IP]
} } }
}
}
}
service {
service {
{ } next-hop-interface pppoe0 { } } } } service { next-hop [ROUTER-IP] { } dhcp-server

next-hop [ROUTER-IP] {

}
}

dhcp-server {

{ } } } } service { next-hop [ROUTER-IP] { } dhcp-server { disabled false global-parameters
{ } } } } service { next-hop [ROUTER-IP] { } dhcp-server { disabled false global-parameters

disabled false

global-parameters "option vendor-class-

global-parameters "option broadcast-

shared-network-name LAN

{

authoritative enable

subnet 192.168.2.0/24 {

default-router 192.168.2.254

identifier code 60 = string;"

192.168.2.254 identifier code 60 = string;" address code 28 = ip-address;" hostfile-update disable
192.168.2.254 identifier code 60 = string;" address code 28 = ip-address;" hostfile-update disable
192.168.2.254 identifier code 60 = string;" address code 28 = ip-address;" hostfile-update disable

address

code 28 = ip-address;"

code 60 = string;" address code 28 = ip-address;" hostfile-update disable dns-server 8.8.8.8 dns-server
code 60 = string;" address code 28 = ip-address;" hostfile-update disable dns-server 8.8.8.8 dns-server

hostfile-update disable

address code 28 = ip-address;" hostfile-update disable dns-server 8.8.8.8 dns-server 8.8.4.4 lease 86400 start
address code 28 = ip-address;" hostfile-update disable dns-server 8.8.8.8 dns-server 8.8.4.4 lease 86400 start
address code 28 = ip-address;" hostfile-update disable dns-server 8.8.8.8 dns-server 8.8.4.4 lease 86400 start
address code 28 = ip-address;" hostfile-update disable dns-server 8.8.8.8 dns-server 8.8.4.4 lease 86400 start
address code 28 = ip-address;" hostfile-update disable dns-server 8.8.8.8 dns-server 8.8.4.4 lease 86400 start

dns-server 8.8.8.8

dns-server 8.8.4.4

lease 86400
lease 86400

start 192.168.2.50 {

8.8.8.8 dns-server 8.8.4.4 lease 86400 start 192.168.2.50 { } } dns { } } forwarding {
8.8.8.8 dns-server 8.8.4.4 lease 86400 start 192.168.2.50 { } } dns { } } forwarding {
8.8.8.8 dns-server 8.8.4.4 lease 86400 start 192.168.2.50 { } } dns { } } forwarding {
} } dns {
}
}
dns {
}
}
}
}
forwarding {
forwarding {
86400 start 192.168.2.50 { } } dns { } } forwarding { stop 192.168.2.200 cache-size 150

stop 192.168.2.200

cache-size 150

listen-on eth1

{ stop 192.168.2.200 cache-size 150 listen-on eth1 name-server 8.8.8.8 name-server 8.8.4.4 options listen-
{ stop 192.168.2.200 cache-size 150 listen-on eth1 name-server 8.8.8.8 name-server 8.8.4.4 options listen-
{ stop 192.168.2.200 cache-size 150 listen-on eth1 name-server 8.8.8.8 name-server 8.8.4.4 options listen-
{ stop 192.168.2.200 cache-size 150 listen-on eth1 name-server 8.8.8.8 name-server 8.8.4.4 options listen-

name-server 8.8.8.8

name-server 8.8.4.4

options listen-

address=192.168.2.254

eth1 name-server 8.8.8.8 name-server 8.8.4.4 options listen- address=192.168.2.254 } 16 of 18 07/10/2016 11:00 AM
}
}

Configuring a Ubiquiti EdgeRouter Lite for KPN |

https://kriegsman.io/2016/01/configuring-a-ubiquit

} }
}
}
gui {
gui
{
} } gui { https-port 443 nat { rule 5000 { description IPTV

https-port 443

nat {
nat {
rule 5000 {
rule 5000 {
} } gui { https-port 443 nat { rule 5000 { description IPTV destination { }
} } gui { https-port 443 nat { rule 5000 { description IPTV destination { }

description IPTV

destination {

443 nat { rule 5000 { description IPTV destination { } address 213.75.112.0/21 log disable outbound-interface
443 nat { rule 5000 { description IPTV destination { } address 213.75.112.0/21 log disable outbound-interface
}
}
443 nat { rule 5000 { description IPTV destination { } address 213.75.112.0/21 log disable outbound-interface

address 213.75.112.0/21

log disable
log disable
IPTV destination { } address 213.75.112.0/21 log disable outbound-interface eth0.4 protocol all source { } }
IPTV destination { } address 213.75.112.0/21 log disable outbound-interface eth0.4 protocol all source { } }

outbound-interface eth0.4

protocol all
protocol all
source {
source {
log disable outbound-interface eth0.4 protocol all source { } } type masquerade rule 5010 { description
}
}
disable outbound-interface eth0.4 protocol all source { } } type masquerade rule 5010 { description "KPN
}
}

type masquerade

rule 5010 {
rule 5010 {
eth0.4 protocol all source { } } type masquerade rule 5010 { description "KPN Internet" log
eth0.4 protocol all source { } } type masquerade rule 5010 { description "KPN Internet" log
eth0.4 protocol all source { } } type masquerade rule 5010 { description "KPN Internet" log
eth0.4 protocol all source { } } type masquerade rule 5010 { description "KPN Internet" log
eth0.4 protocol all source { } } type masquerade rule 5010 { description "KPN Internet" log

description "KPN Internet"

log enable
log enable

outbound-interface pppoe0

protocol all
protocol all
source {
source {
log enable outbound-interface pppoe0 protocol all source { } } } ssh { address 192.168.2.0/24 type
log enable outbound-interface pppoe0 protocol all source { } } } ssh { address 192.168.2.0/24 type
}
}
log enable outbound-interface pppoe0 protocol all source { } } } ssh { address 192.168.2.0/24 type
} } ssh {
}
}
ssh {
pppoe0 protocol all source { } } } ssh { address 192.168.2.0/24 type masquerade port 22

address 192.168.2.0/24

type masquerade

port 22
port 22
} } } ssh { address 192.168.2.0/24 type masquerade port 22 } } system { protocol-version
} }
}
}
system {
system {
address 192.168.2.0/24 type masquerade port 22 } } system { protocol-version v2 host-name ubnt login {
address 192.168.2.0/24 type masquerade port 22 } } system { protocol-version v2 host-name ubnt login {
address 192.168.2.0/24 type masquerade port 22 } } system { protocol-version v2 host-name ubnt login {

protocol-version v2

host-name ubnt

login {
login {
user ubnt {
user ubnt {
{ protocol-version v2 host-name ubnt login { user ubnt { authentication { encrypted-password

authentication {

v2 host-name ubnt login { user ubnt { authentication { encrypted-password $1$zKNoUbAo$gomzUbYvgyUMcD436Wo66. }

encrypted-password

$1$zKNoUbAo$gomzUbYvgyUMcD436Wo66.

{ encrypted-password $1$zKNoUbAo$gomzUbYvgyUMcD436Wo66. } level admin } } name-server 2001:4860:4860::8888
}
}
level admin }
level admin
}
$1$zKNoUbAo$gomzUbYvgyUMcD436Wo66. } level admin } } name-server 2001:4860:4860::8888 name-server
}
}
$1$zKNoUbAo$gomzUbYvgyUMcD436Wo66. } level admin } } name-server 2001:4860:4860::8888 name-server

name-server 2001:4860:4860::8888

name-server 2001:4860:4860::8844

name-server 8.8.8.8

name-server 2001:4860:4860::8844 name-server 8.8.8.8 name-server 8.8.4.4 ntp { server 0.ubnt.pool.ntp.org { }
name-server 2001:4860:4860::8844 name-server 8.8.8.8 name-server 8.8.4.4 ntp { server 0.ubnt.pool.ntp.org { }
name-server 2001:4860:4860::8844 name-server 8.8.8.8 name-server 8.8.4.4 ntp { server 0.ubnt.pool.ntp.org { }
name-server 2001:4860:4860::8844 name-server 8.8.8.8 name-server 8.8.4.4 ntp { server 0.ubnt.pool.ntp.org { }

name-server 8.8.4.4

ntp {
ntp
{
name-server 8.8.8.8 name-server 8.8.4.4 ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org {
name-server 8.8.8.8 name-server 8.8.4.4 ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org {
name-server 8.8.8.8 name-server 8.8.4.4 ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org {
name-server 8.8.8.8 name-server 8.8.4.4 ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org {
name-server 8.8.8.8 name-server 8.8.4.4 ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org {
name-server 8.8.8.8 name-server 8.8.4.4 ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org {
name-server 8.8.8.8 name-server 8.8.4.4 ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org {
name-server 8.8.8.8 name-server 8.8.4.4 ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org {

server 0.ubnt.pool.ntp.org {

}
}

server 1.ubnt.pool.ntp.org {

}
}

server 2.ubnt.pool.ntp.org {

}
}

server 3.ubnt.pool.ntp.org {

}
}
} offload {
}
offload {
{ } server 3.ubnt.pool.ntp.org { } } offload { ipv4 { forwarding enable 17 of 18
ipv4 {
ipv4
{
{ } server 3.ubnt.pool.ntp.org { } } offload { ipv4 { forwarding enable 17 of 18

forwarding enable

Configuring a Ubiquiti EdgeRouter Lite for KPN |

https://kriegsman.io/2016/01/configuring-a-ubiquit

pppoe enable vlan enable }
pppoe enable
vlan enable
}
pppoe enable vlan enable } ipv6 { forwarding enable pppoe enable } } /debian package
ipv6 {
ipv6
{
pppoe enable vlan enable } ipv6 { forwarding enable pppoe enable } } /debian package {

forwarding enable

pppoe enable
pppoe enable
vlan enable } ipv6 { forwarding enable pppoe enable } } /debian package { repository wheezy
} }
}
}
/debian
/debian
package {
package {
{ forwarding enable pppoe enable } } /debian package { repository wheezy { password "" components

repository wheezy {

password ""
password ""
} /debian package { repository wheezy { password "" components "main contrib non-free" distribution
} /debian package { repository wheezy { password "" components "main contrib non-free" distribution
} /debian package { repository wheezy { password "" components "main contrib non-free" distribution

components "main contrib non-free"

distribution wheezy

"main contrib non-free" distribution wheezy } } } syslog { url http://mirror.leaseweb.com username
"main contrib non-free" distribution wheezy } } } syslog { url http://mirror.leaseweb.com username
"main contrib non-free" distribution wheezy } } } syslog { url http://mirror.leaseweb.com username
}
}
"main contrib non-free" distribution wheezy } } } syslog { url http://mirror.leaseweb.com username
"main contrib non-free" distribution wheezy } } } syslog { url http://mirror.leaseweb.com username
"main contrib non-free" distribution wheezy } } } syslog { url http://mirror.leaseweb.com username
"main contrib non-free" distribution wheezy } } } syslog { url http://mirror.leaseweb.com username
"main contrib non-free" distribution wheezy } } } syslog { url http://mirror.leaseweb.com username
"main contrib non-free" distribution wheezy } } } syslog { url http://mirror.leaseweb.com username
} } syslog {
}
}
syslog {
contrib non-free" distribution wheezy } } } syslog { url http://mirror.leaseweb.com username ""

url http://mirror.leaseweb.com

username ""

repository wheezy-security {

components main

distribution wheezy/updates

password ""
password ""

url http://security.debian.org

username ""
username ""
global {
global {
url http://security.debian.org username "" global { facility all { } } } } time-zone UTC }

facility all {

username "" global { facility all { } } } } time-zone UTC } } level
username "" global { facility all { } } } } time-zone UTC } } level
}
}
username "" global { facility all { } } } } time-zone UTC } } level
username "" global { facility all { } } } } time-zone UTC } } level
username "" global { facility all { } } } } time-zone UTC } } level
}
}
}
}
username "" global { facility all { } } } } time-zone UTC } } level
}
}

time-zone UTC

"" global { facility all { } } } } time-zone UTC } } level notice
"" global { facility all { } } } } time-zone UTC } } level notice
"" global { facility all { } } } } time-zone UTC } } level notice
} }
}
}
level notice
level notice

facility protocols {

level debug
level debug

traffic-analysis {

dpi enable
dpi enable

export enable