Both sides previous revision
Previous revision
Next revision
|
Previous revision
Next revision
Both sides next revision
|
userdoc:tt_edgerouter-x [2018/12/25 08:30] abelbeck |
userdoc:tt_edgerouter-x [2022/08/29 07:12] mkeuter [Alternatives to the EdgeRouter X] |
AstLinux supports many different x86 (32-bit and 64-bit) hardware devices, so when a remote VPN endpoint is desired in your AstLinux constellation it makes sense to first consider yet another AstLinux solution. Quite often AstLinux is the best solution ... familiarity, full-system firmware upgrades, and if true, you can quit reading any further. | AstLinux supports many different x86 (32-bit and 64-bit) hardware devices, so when a remote VPN endpoint is desired in your AstLinux constellation it makes sense to first consider yet another AstLinux solution. Quite often AstLinux is the best solution ... familiarity, full-system firmware upgrades, and if true, you can quit reading any further. |
| |
As an alternative for a remote VPN endpoint, the Ubiquiti Networks [[https://www.ubnt.com/edgemax/edgerouter-x/|EdgeRouter-X]] occupies a special sweet-spot of quality hardware and low price (currently, January 2019). While similarly priced to a [[https://www.raspberrypi.org/|Raspberry Pi]] complete system, the EdgeRouter-X has quality hardware designed for networking, including a built-in 5-port Gbit ethernet switch. Additionally, the EdgeRouter-X is only 40%-50% of the cost of the **least** expensive multi-NIC x86 system required by AstLinux. | As an alternative for a remote VPN endpoint, the Ubiquiti Networks [[https://www.ubnt.com/edgemax/edgerouter-x/|EdgeRouter-X]] occupies a special sweet-spot of quality hardware and low price (currently, January 2019). While similarly priced to a [[https://www.raspberrypi.org/|Raspberry Pi]] complete system, the EdgeRouter-X has quality hardware designed for networking, including a built-in 5-port Gbit ethernet switch. Additionally, the EdgeRouter-X is less-than-half the cost of the **least** expensive multi-NIC x86 system required to run AstLinux. |
| |
{{:userdoc:edgerouter-x-photo.png?nolink|EdgeRouter-X}} | {{:userdoc:edgerouter-x-photo.png?nolink|EdgeRouter-X}} |
| |
Since the EdgeRouter-X is not x86 hardware, AstLinux will not run on it. The default EdgeRouter-X firmware is EdgeOS, documentation found here: [[https://www.ubnt.com/downloads/guides/edgemax/EdgeOS_UG.pdf|EdgeOS User Guide]]. The WireGuard VPN is currently available for EdgeOS as a third-party ''.deb'' package found here: [[https://github.com/Lochnair/vyatta-wireguard|vyatta-wireguard]]. | Since the EdgeRouter-X is not x86 hardware, AstLinux will not run on it. The default EdgeRouter-X firmware is EdgeOS, documentation found here: [[https://www.ubnt.com/downloads/guides/edgemax/EdgeOS_UG.pdf|EdgeOS User Guide]]. The WireGuard VPN is currently available for EdgeOS as a third-party ''wireguard-e50-<revision>.deb'' package found here: [[https://github.com/Lochnair/vyatta-wireguard|vyatta-wireguard]]. |
| |
Alternatively, the [[https://openwrt.org/toh/ubiquiti/ubiquiti_edgerouter_x_er-x_ka|OpenWrt Project]] offers firmware specifically built for the EdgeRouter-X with impressive performance. The current standard ''18.06.1'' release performs NAT routing at near 1 Gbps line speed, and WireGuard VPN performance at around 180 Mbps. Quite impressive for a 880 MHz CPU. | Alternatively, the [[https://openwrt.org/toh/ubiquiti/ubiquiti_edgerouter_x_er-x_ka|OpenWrt Project]] offers firmware specifically built for the EdgeRouter-X with impressive performance. The current standard ''18.06.1'' release performs NAT routing at near 1 Gbps line speed, and WireGuard VPN performance at around 180 Mbps. Quite reasonable for a 32-bit, 880 MHz CPU. |
| |
It could be said that the EdgeRouter-X with OpenWrt and the WireGuard VPN in the kernel is an ideal solution for a remote VPN endpoint. The rest of this documentation describes how to install the current release of OpenWrt ''18.06.1'' on a Ubiquiti Networks EdgeRouter-X (ER-X). | It could be said that the EdgeRouter-X with OpenWrt and the WireGuard VPN in the kernel is an ideal solution for a remote VPN endpoint. The rest of this documentation describes how to install the current release of OpenWrt ''18.06.1'' on a Ubiquiti Networks EdgeRouter-X (ER-X). |
It is assumed the 1st LAN network of AstLinux is ''192.168.101.1/24'', adjust accordingly below if yours is different. | It is assumed the 1st LAN network of AstLinux is ''192.168.101.1/24'', adjust accordingly below if yours is different. |
| |
Do not connect power to the ER-X, yet. | !!Do not connect power to the ER-X, yet.!! |
| |
Connect the ER-X ''eth0'' port to the AstLinux LAN ''192.168.101.1/24'' network (yellow cable). | Connect the ER-X ''eth0'' port to the AstLinux LAN ''192.168.101.1/24'' network (yellow cable). |
| |
With the "System Load Linux to SDRAM via TFTP" chosen, you need to specify two IP addresses and the name of the TFTP filename ''openwrt.bin'', as show above. | With the "System Load Linux to SDRAM via TFTP" chosen, you need to specify two IP addresses and the name of the TFTP filename ''openwrt.bin'', as show above. |
| |
| !!Note:!! Some OpenWRT devices work exclusively with ''192.168.1.1'' + ''192.168.1.2'' as the device + server IP addresses! ((use e.g.\\ ''ifconfig eth1:1 192.168.1.2 netmask 255.255.255.0 up''\\ to add an additional virtual address to the server)) |
| |
Type RETURN and the ER-X should reboot into the factory initramfs-kernel of OpenWrt. After the dmesg logs appear to stop, type RETURN again, you should see a login as shown below: | Type RETURN and the ER-X should reboot into the factory initramfs-kernel of OpenWrt. After the dmesg logs appear to stop, type RETURN again, you should see a login as shown below: |
{{:userdoc:edgerouter-x-firewall-wg-interface.png?nolink|Firewall WireGuard Interface}} | {{:userdoc:edgerouter-x-firewall-wg-interface.png?nolink|Firewall WireGuard Interface}} |
| |
| ===== Alternatives to the EdgeRouter X ===== |
| |
| The EdgeRouter-X is now hard to get or EOL. Kind of alternatives are the "travel router" devices from [[https://www.gl-inet.com/products/|GL.inet]] as they based on OpenWRT and already include WireGuard and OpenVPN. |
| |
| |
| \\ |
| \\ |
| ---- |