I have been using a virtual machine for a while to act as router (pfsense) and provide ipsec VPN capabilities for my on premise environment in order to connect to my azure environment.

I have decided for convenience to switch to a physical device. My choice went for the ubiquity EdgeMax 5 ports. For some reason I did receive the PoE version but I did order the non PoE. I won’t complain since it’s a free upgrade. This device is really great and allow you to do everything you need in your homelab. It is also really cheap! This device can be found in 3 ports version for less than 100 euros..

here is a link for the “baby” version : http://www.amazon.fr/Ubiquiti-ERLITE-3-Routeur-ports-Noir/dp/B00EWYPA6Y/ref=sr_1_sc_1?ie=UTF8&qid=1447635656&sr=8-1-spell&keywords=ubiquity+edgemax

There are no differences in capabilities between the 3 and 5 ports versions.

I’ll describe all the configuration steps in order to configure this new toy and set it in bridge mode with isp’s box so it will get a public ip directly assigned to one of it’s port.

First of all once you did plug your edgemax to your isp box, connect your machines with a wire directly to the device and set your local ip address as below. The reason is that by default the device will use the ip 192.168.1.1.

Connect to the device using http://192.168.1.1

default credentials are ubnt / ubnt

First thing to do is to go straight to the users tab and create your own user then change ubnt user password.

Now we need to flash the device with it’s most recent firmware. Go to System tab on the bottom of your screen

Click on the link provided near the update system image in order to go online get your new firmware. Once on the site, look for the edgemax device and download the last applicable firmware.

Before applying the new firmware, make a backup of your configuration by clicking on downloackup backup config file.

Once you have your backup, click on upgrade system image, provide the file that you have downloaded and restart the router once the image has been applied.

Log back to the device after the reboot and go to config tree. It is time to configure your ports and define how you want to set up the router. In my case since I have 5 ports I will use 1 WAN + 2 LAN. This means that the router will create 2 switchs and dedicate a port for public adress.

My lans will be on 192.168.1.0/24 and another on 192.168.2.0/24, for both I’ll enable the DHCP service and the router to X.X.X.1

After applying the configuration you will get a warning about internet connectivity, you can ignore it. The reason is simple, we didn’t configure yet the ISP box in bridge mode so it still provide only NAT Address. Reboot the router after this warning and configure your DHCP if you want it to provide this service.

At this point your router is fully configured to provide connectivity to your local machines. Now we need to provide a public IP to the device.

To do so we need to first identify the MAC Address of port 1 from the device (Port 1 is always the port used to connect to the box/modem)

In my case I’m checking the mac address using the CLI from the interface on top right corner.

Once you have the mac adress, shutdown the device

Now you need to connect to your modem/box and provide the ubiquity’s mac address to set it as bridge. Look into your modem/box manual if you don’t know where to find the bridge configuration from your modem.

Once applied, restart your ISP box/modem, once the box is started , power on the ubiquity. After few seconds if you connect to the ubiquity you should see that it has now a public address and can server the local clients.

Lastly, do not forget to create the new default route (0.0.0.0) if you are using like me a manageable switch as gateway for your device. In my case I’m using a 24 ports cisco switch.

At this stage you are done!

In the next post I’ll explain how to create multiple ipsec VPN to different azure subscription and a remote site, then create all necessary routes in order to get connectivity from my on premise network to all my remote networks.