EdgeMAX EdgeRouter Stable Firmware v2.0.4

Important notes

The ER-X / ER-X-SFP / EP-R6 has more limited storage, and in some cases, an upgrade may fail due to not enough space. If this happens, remove the old backup image first (using " delete system image " CLI command, see here for more details) before doing an upgrade.

More details can be found in the release notes below. Please give it a try if you are interested in the new features/changes to help us test them so that we can get the release out sooner! Thanks very much!

Features

  • [UNMS] - Add support for UNMS v1.0

Improvements

  • [Dnsmasq] - Improve speed of dnsmasq configuration during initial boot.
  • [FactoryReset] - Add eth9 LED blinking when doing factory reset on ER-10X .
  • [TechSupport] - Add more IPSec info to tech-support file.
  • [Bootloader] - Upgrade bootloader automatically for those ERs that have backup bootloader partition ( ER-8 , ERPro-8 , ER-8-XG ).
    4
    下载地址
    ER-X, ER-10X, ER-X-SFP and EP-R6
    其他版本

Fixes:
UNMS - Add support for UNMS v1.0
Dnsmasq - Improve dnsmasq configuration time during initial boot
Qos/Netflow - Fix bug that caused Qos/Netflow malfunction when offloading was enabled
FactoryReset - Add eth9 LED blinking when doing factory reset on ER-10X
LLDP - Fix regression in v2.0.1 when interfaces of switch ports did not transmit LLDP frames
IPv6 - Add config validation that forbids simultaneous use of dhcpv6 and dhcpv6-pd
Discovery - Fix bug when UBNT discovery did not work if UNMS was configured
TechSupport - Add more IPSec info to tech-support file
UPnP - Fix bug when UPnP rules were not properly flushed by “clear upnp2 rules” CLI command
Offloading - Fix bug when syslog&console were filled with “protocol 0800 is buggy” error messages
if gre offloading was enabled
SFP - Fix bug when SFP status sometimes disappeared when SFP module was inserted
Switch - Fix regression in v2.0.0 when counters of switch0 were not incremented on ER-12/ER-12P
Switch - Fix potential packet leaking issue after detaching interface from switch0
Interface - Fix bug when interfaces counters added in switch0 didn’t get updated on ER-10X
Security - Fix bug when ER could be DOSed by opening unauthenticated WebGUI session that would
lead to resource consumption
Boot - Disable interactive prompt when installing new packages from
“/config/data/firstboot/install-packages”
Bootloader - Upgrade bootloader automatically for those ERs that have backup bootloader
partition (ER, ERPro, ER-Infinity)
Bootloader - Include the updated bootloader image for better scenario at TFTP recovery.

Known issues:
Performance - Throughput degradation by 5-10% when comparing with v1.10.9 firmware with older kernel
VPN - IPsec and VLAN offloading on ER-X/ER-X-SFP and EP-R6 does not work
VPN - L2TP remote access VPN does not work with Android6/7 L2TP clients, but works with Android9 client though)
LoadBalancing - LoadBalancing sometimes fails to recover after switching to failover interface
WebGUI - Sometimes statistics in WebGUI is “freezing” and page refresh is needed in order to weke it up
DPI - Sometimes DPI is reporting wrong rx/tx counters

你这个100.88的伪公网地址 :stuck_out_tongue: 好像网上说的,没公网IPv4地址就会有IPv6,我有公网IPv4,PPPoE获取不到IPv6,而且光猫还广播它为IPv6的网关…影响我内网的IPv6路由

我的ipv6获取一切正常,手机、电脑、平板、网络盒子都正常。要先破解光猫,把光猫ip模式设置为ipv4/ipv6模式才行。我现在用的光猫是华为MA5671,不错很稳定的企业级光猫当家用光猫使用。
IPv6测试正常
%E6%B5%8B%E8%AF%95
pc

下周可能还有2.0.5/1.10.10的beta版本,主要是针对一些安全漏洞

因为v2.0.4`β周期之后披露了SACK漏洞。下周我们将在beta论坛上发布紧急的“ v2.0.5 ”和“ v1.10.10”版本,其中包括多个安全修复程序:内核中Netflix的SACK,openssl中的CVE-2019-1559和strongswan中的多个CVE。

真的吗?我这里也是分配100的局域网(⊙﹏⊙)

我是原来一直公网IP,所以直接找客服,改了回来

我的也是华为光猫,桥接IPV4/IPV6模式,ER-X V1.10.9, 手机、电脑IPv6一直不能获取地址,是不是V2.0.4就可以哇

参考这篇教程修改https://bbs.ui.com.cn/t/er-x-ipv6/47314

Known issues:
Performance - Throughput degradation by 5-10% when comparing with v1.10.9 firmware with older kernel

看到官方提及这个性能要低于 1.10.9 大概5-10%的性能,就感觉不太像换。但是一直不知道2.x版本究竟比1.X好在什么地方。官方在哪里有给明确的2个版本的功能对比吗?

如果没有对IPv6有强烈的需求,可以暂时等等看,版本已经出到2.0.6了,所以再等等吧。

由于2.0.6版本里也仅仅是对IPv6做了初步的分类配置,是不是能适应国内这几家运营商大佬还难说。

1赞

早就是这样设置的,就是终端都不能分配IPV6地址

2.0.0开始升级了Linux Kernel

你首先确认是不是运营商是不是提供了。如果提供了。ER-X 支持IPv6的。主要是一些设置。可以参考https://bbs.ui.com.cn/t/er-x-sfp-ipv6/48469

目前我已经用上了IPv6 固件 1.10.9 我最开始的配置错误是 前缀长度错了。前缀是60
这个大兄弟。前面给了全命令的配置方法。他后来还给了一个简单的办法,先界面配置的办法,然后手工加,2句话就好了。。但是你要完全弄懂所有的命令需要有一些IPv6的基础概念知识,例如什么是DHCP-PD RA 等如果没有一些基础知识看命令完全不懂,如果环境和你有点点差异,到最后也估计成功不了。

好的,谢谢,我先去看看

还是一样测试通不过,提示没有IPV6,可网络属性里明明就分配了的,搞不懂了

从你电脑段看IPv6应该下发了。看截图理论上不应该有问题,先不管 testipv6的结果。
先假设test-ipv6.com的测试结果是错误的。况且这个站点上也说了“ 在你所处的地区,本站测试结果不可靠”

但是我有点点怀疑你的ER-X路由器上没加一个路由导致。
set protocols static interface-route6 ::/0 next-hop-interface pppoe0
也就是虽然已经给你PD了前缀,同时ER-X也分配了地址。但是你可能遗漏了 这个路由。导致你电脑
虽然有IPv6地址,也就是说 电脑上有IPv6地址也有网关,那么IPv6数据可以到ER-X路由器,但是ER-X路由器上没有 IPv6 的 default 路由,ER-X 不知道这个IPv6包如何处理。他转发不出去,就会导致你现在的这个现象。这种问题通过 tracert 可以跟踪看出来。只是我的初步怀疑。请仔细检查。

那么我建议你可以在电脑上尝试ping 240c::6666 这个是下一代互联网国家工程中心正式宣布推出IPv6公共DNS地址。

1: 如果能通240c::6666 ,那么可以肯定 IPv6的网络通信是没有问题的,如果还不放心,那么直接把你的电脑的IPv4地址给弄没。看你电脑是DHCP分配的V4,你可以手工设置一个乱七八糟的V4地址,然后直接访问一些纯的IPv6的网站,一般都是一些教育网的网站,应该是可以访问的。如果能访问就不要在意test-ipv6.com的结果了。
2: 如果不通 可以再试试 tracert 240c::6666。可以跟踪一下路由过程。

谢谢!好的,我试一试:slightly_smiling_face: