Device Management

Every flexiEdge device can be centrally managed and configured from flexiManage. Follow these steps to sucessfully complete fleiWAN configuration and deployment.

devices management

Device configuration

After registering and approving a new device with flexiManage (covered in Device Setup section), networking configuration is next. From Inventory > Devices click on the device name to enter its settings. As the device has been just added and approved, vRouter will not be in running state.

new device

Next navigate to the Interfaces tab from where the network interfaces can be viewed and configured.

new device

At this point all interfaces are shown grayed out as they are not assigned yet. Only assigned interfaces will be used by flexiWAN. Some interfaces may show IP’s since initial configuration was handled using local flexiEdge UI.

Interfaces overview

Interfaces page shows columns through which networking can be configured. The following columns are shown by default:

Type

Marks interface as WAN, LAN or TRUNK. flexiWAN requires at least one WAN and LAN for operation. Multiple WAN and LAN interfaces are supported. TRUNK is used for VLAN operation.

Assigned

When set to “Yes” interface can be configured. Select “No” to not use the interface with flexiWAN.

IPv4

Shows interface IP

GW

Shows upstream gateway

Metric

Each interface has its own metric. Use metrics to set interface priority (primary, secondary etc.)

Public IP

Automatically detected external IP using STUN. If your flexiWAN device is behind a NAT or a router, the public IP colunm will show the external IP.

Path Labels

Assign Path Lables to logically label or filter traffic. See Path Labels section for more detials.

Routing

LAN interfaces support OSPF and BGP. By default OSPF is enabled on LAN

More columns can be added (or removed) by clicking on Modify columns icon in top left corner of the table. Other available columns:

MAC

Displays interface MAC address

MTU

Shows interface MTU size

DHCP/Static

Used with WAN interfaces, WAN can be configured with static IP or set to receive an IP via DHCP.

QoS

Used for setting ISP throughput / speeds so QoS can properly schedule traffic.

IPv6

Displays IPv6 address. Currently IPv4 is supported only.

Note

  • Wired ethernet, PPPoE and LTE interfaces are supported as WAN interfaces.

  • Wired ethernet or WiFi AP mode are supported on LAN interfaces.

  • VLAN’s are supported on both WAN and LAN.

  • Make sure to assign interfaces by changing “No” to “Yes” in the Assigned column.

  • Multiple LAN and WAN interfaces are supported.

  • Status icons (green, red, gray) in GW column show if the device has internet connectivity.

  • Netplan is used for networking configuration, all flexiManage network configuration is saved to Netplan.

Configuring interfaces

Network interfaces can be configured from the interfaces table or each interface directly through its settings section. Table offers networking information and configuration at a glance while each interface settings offers configuration in greater detail. To configure an interface using table, simply switch the Assigned column item to Yes from No. This will allow interface to be configured and used with flexiWAN.

Assigning an interface

Once the interface is assigned, next important step is set interface as WAN, LAN or TRUNK port. For vRouter to start, WAN and LAN interfaces are required. TRUNK port is relevant for VLAN’s, read more below in separate section on VLAN’s. Multiple WAN and LAN interfaces are supported.

Assigning an interface

When assigning an interface, click on IPv4 column to configure an IP. Remember to use CIDR format.

Assigning an interface

In addition to table view, each interface can be configured in greater detail by simply clicking on settings icon next to interface name.

Assigning an interface

Interface settings offer complete and advanced options, starting with settings for WAN interfaces:

Assigning an interface
Assigned

When set to “Yes” interface can be configured. Select “No” to not use the interface with flexiWAN.

Type

Marks interface as WAN.

IP Address

Displays / sets IP address of WAN interface. If DHCP is set under “DHCP/static” then IP will be received via upstream.

Gateway

Displays upstream gateway which flexiWAN is using.

MAC

Displays MAC address of the interface.

MTU

Shows interface MTU size, default 1500 for all interfaces.

Get DNS via DHCP

When enabled, WAN will use DNS received by upstream. When not selected allow setting DNS servers.

Path Labels

Used for granular tunnel creation and Path Selection policies (application based routing).

QoS Policy

Allows selecting QoS policy for the particular WAN interface. Learn more about QoS in its own documentation section.

Bandwidth Tx / Rx

Set upload / download throughput.

Public IP

Displays detected public IP.

STUN

When enabled, allows detection of public IP and establishing tunnels behind NAT (NAT traversal). Enabled by default.

Internet access

When “Online” is show, device has internet connectivity.

Force 4789 UDP port

When enabled, flexiEdge devices establishing tunnels to this device will use destination port 4789.

Monitor internet

Enables internet monitoring. When disabled, device assumes interface is always online.

VLAN sub-interfaces

Add VLAN sub-interface to the selected parent interface. Can be used with WAN, LAN or in pure TRUNK (untagged) mode.

Note

By default each WAN interface has gateway monitoring enabled. Its purpuse is to monitor and signal to the user if WAN interface is down. Gateway monitoring is part of automatic failover functionality, allowing failover between multiple WAN interfaces. Automatic failover works out-of-the-box and automatically when there are multiple WAN interfaces present. Interface which has lower metric, will have higher priority. Eg. bottom interface from the screenshot has higher priority.

Note

flexiWAN enables NAT Traversal by default, allowing devices to establish tunnels behind NAT, when there is a private IP on flexiEdge WAN. NAT Traversal setting is automatically adjusted if it detects public or private IP on WAN, so there is no need to disable it in most cases.

The following settings are available for LAN interfaces:

Assigning an interface
Assigned

When set to “Yes” interface can be configured. Select “No” to not use the interface with flexiWAN.

Type

Marks interface as LAN.

IP Address

Shows IP address of LAN interface. IP set here is used as gateway for LAN clients.

MTU

Set Maximum transmission unit (MTU). Default 1500 for all interfaces.

Type

Marks interface as WAN or LAN. flexiWAN requires at least one WAN and LAN for operation. Multiple WAN and LAN interfaces are supported.

DHCP/Static

Used with WAN interfaces, WAN can be configured with static IP or set to receive an IP via DHCP.

MAC

Displays MAC address of the interface.

Routing

LAN interfaces support OSPF and BGP. By default OSPF is enabled on LAN so interconnected sites can communicate out-of-the-box.

VLAN sub-interfaces

Add VLAN sub-interface to the selected parent interface. Can be used with WAN, LAN or in pure TRUNK (untagged) mode.

LAN Bridge configuration

Two or more network interfaces can be bridged when assigned the same IP and CIDR. Clients connected to both or more interfaces will assign or receive an IP from the same range.

@startuml skinparam linetype ortho left to right direction skinparam rectangle { borderColor Transparent backgroundColor Transparent fontColor Transparent stereotypeFontColor Transparent shadowing false } node "vRouter" as VPP { rectangle GRP1 { node "Bridge" as BR1 { usecase "LAN 1" as LAN1 usecase "LAN 2" as LAN2 } } usecase "Loop 0\n<size:10>(10.0.5.1/24)</size>" as Loop0 usecase "Other\nFunctions" as ROUTER } node "Computer 1\n<size:10>(10.0.5.20/24)</size>" as C1 node "Computer 2\n<size:10>(10.0.5.21/24)</size>" as C2 C1 -- LAN1 C2 -- LAN2 LAN1 --- Loop0 LAN2 -- Loop0 Loop0 .. ROUTER @enduml

Bridge is automatically created when multiple LAN interfaces are configured with the same IP address and CIDR. Both DHCP server and OSPF continue to work on bridged interfaces.

Once two or more interfaces are configured with the same IP and CIDR, the symbol BRIDGE_ICON will indicate bridge mode is configured. Make sure to update device to apply changes.

LAN bridge

Note

Vhen using virtual machines make sure to attach different virtual switch to each LAN interface, in order to avoid network loops.

VLAN configuration

flexiWAN supports VLAN’s on all wired interface types. VLAN’s can be added as sub-interfaces of assigned interfaces, supporting VLAN’s on the following:

  • WAN and LAN - VLAN’s can be added on both types. Adding VLAN’s on these interface types will mix tagged and untagged traffic which may not be ideal.

  • TRUNK - Use this type when flexiWAN interface is connected to a layer 3 switch. TRUNK interface cannot have an IP or any untagged traffic.

Once added, VLAN’s will be displayed as sub-interface of parent interface. If parent interface is eth0 and VLAN is created with VLAN tag 10, then VLAN sub-interface will eth0.10.

VLAN's

Most common and recommended use case is to add VLAN’s to TRUNK interface. This way only tagged traffic will be present on the interface. In the following example, adding VLAN sub-interfaces to parent TRUNK interface is shown.

VLAN's

Once interface type is set to TRUNK, click on a + sign next to interface name.

VLAN's

Click on Add button to define VLAN’s, starting from VLAN Tag ID. Confirm LAN is the type and static is configured in order to assign an IP. Use an example below to add two VLAN’s with tags 10 and 11, configured as LAN. Click Update to confirm and add new VLAN’s.

VLAN's

That’s it, two new VLAN sub-interfaces are added and configured as LAN. Finalize by clicking on Update device in top left corner. Note, don’t forget to add DHCP server to each of newly created LAN interfaces.

VLAN's

VLAN’s can also be added on WAN or LAN interface types using the same procedure as above. It is fully suported to combine all three interface types with VLAN’s if needed.

VLAN's

Note

Please note that when using WAN or LAN interface type, interface will contain tagged and untagged traffic. This may be a security risk, therefore it is recommended to TRUNK interface type when possible.

LTE configuration

flexiWAN supports LTE network interfaces in addition to wired interfaces. Since LTE functionality is configured through flexiManage, it’s required to have an active wired network interface in addition to the LTE interface. The wired interface does not have to be assigned, but it must be recognized and have internet access through which the device can connect to flexiManage. Currently flexiWAN supports specific M.2 LTE modems from the list below.

Please see the list of devices Certified by flexiWAN on our website. We recommend checking with us or with the hardware vendor that the LTE or WiFi of the device you purchase has been certified for flexiWAN.

Known working and supported LTE cards:

LTE Modules tested by flexiWAN

Vendor

Module Type

Sierra Wireless

EM7455

Quectel

EM06-E

Quectel

EC25

Quectel

EC20

Quectel

RM500Q-AE

Note

  1. Other models by Sierra Wireless and Quectel may work as well. If you use a non-listed card which works flexiWAN, let us know and we’ll add it to the list.

  2. Modems must be set as MBIM and not QMI. Run System Checker to change to MBIM on supported modems.

In order to configure the LTE interface, navigate to device settings and click on Interfaces tab. From there, click on settings (Gear Icon) next to LTE interface name to configure its settings.

LTE 1

After clicking on the LTE settings, LTE configuration options will appear. Configure the following settings:

  • Correctly enter SIM PIN.

  • Set the LTE to enabled.

  • Enter interface metric (must not be same as wired WAN).

  • Confirm APN is detected correctly. In case the APN is not detected, enter your APN manually.

LTE config2

SIM PIN can be changed or disabled by clicking on settings icon next to PIN state.

LTE config3

After entering settings, click Save and then click on Update Device from Interfaces tab.

Note

Important considerations when configuring LTE network interfaces:

  • Always make sure to keep NAT Traversal enabled for LTE interfaces, otherwise tunnels may not connect.

  • When adding tunnels between LTE and other devices, STUN can take up to several minutes until providing port to NAT Traversal. Monitor “Device-modify” and “add tunnel” jobs from Troubleshooting > Jobs section.

  • If interfaces page doesn’t show LTE interface, try to reset and re-add the device to flexiManage.

  • Supported LTE cards are listed above. Using non-supported LTE cards require testing prior to deployment. USB LTE cards were not tested at this point.

WiFi AP configuration

flexiWAN supports WiFi AP for LAN, assuming the WiFi card is recognized and supported by the underlying Ubuntu (see list of pre-tested WiFi cards below). flexiWAN uses hostapd for wireleess access point, supported standards are b/g/n and AC. Both 2.4Ghz and 5Ghz modes are supported, however dual band is not supported currently.

WiFi cards tested by flexiWAN:

WiFi cards tested by flexiWAN

Module

Driver

Notes

QCA6174 802.11ac

ath10k

Out-of-the-box (OOB) support

ALFA AWUS036AC

RTL8812AU

requires drivers via DKMS

ALFA AWUS036NEH

RT3070

OOB support

ALFA AWUS036NH

RT3070

OOB support

ALFA AWUS036NHR v2

RTL8188RU

OOB support

Comfast CF-812AC

RTL8812BU

requires drivers via DKMS

TP-LINK TL-WN722N v1

ath9k_htc

OOB support

Note

Most WiFi cards can work if the correct drivers are installed. Use DKMS and install approperiate WiFi drivers with it.

In order to configure WiFi AP on LAN, navigate to the device settings and click on Interfaces tab. From there set the WiFi recognized interface as assigned and add the local IP. Then click on the settings icon next to WIFI interface name.

Wifi AP 1

On WiFi settings page, configure the following to enable its operation:

  • Select between 2.4Ghz and 5Ghz bands via tabs on top.

  • Enable the wifi interface

  • Add SSID / WiFi network name

  • Choose Operation Mode. Make sure your WiFi card supprots the selected mode.

  • Pick a Region.

  • Set Channel or keep it set as Automatic. In most cases Automatic moode will select the best Channel, however with some cards it is required to manually set the Channel.

  • Pick security Mode and enter WiFi network password.

Enter WiFi AP settings and click save at the bottom of the page. Make sure to also click on “Update Device” while on Interfaces page.

Wifi AP 2

Note

WiFi AP considerations:

  • WiFi functionality is limited to the WiFi card capabilities.

  • When using 5Ghz, the vRouter may fail to start due WiFi ACS not collecting survey data. Try setting the Channel manually instead of configuring it as Automatic.

  • If your WiFi card is not recognized, try to reset and re-add the device to flexiManage.

  • In most cases, if your WiFi card is not recognized, but has support for linux, drivers for it can be added via DKMS and it should work with flexiWAN afterwards.

  • Some WiFi cards have world regulatory domain hardcoded and may not be able to run when configured to some specific Channels.

  • Be sure to enable DHCP on WiFi LAN interface so AP clients can get an IP.

Note

When installing flexiWAN on Ubuntu 20.04 LTS instead of using flexiWAN image, 5Ghz WiFi may not work due diferent kernel.

Completing the configuration

Once network interfaces are configured, click on “Update Device” button to apply your configuration.

Update Device

Note

  1. Changes to the device configuration can be applied dynamically even when the device is running

  2. Changes in the interface assignments will result in router restart

  3. WAN changes may momentary disconnect tunnels.

  4. WAN IP change will trigger automatic tunnel reconstruction.

After the device is approved and interfaces configuration is complete, it will show status as approved, connected and synced after a few seconds.

Connected Device

Starting vRouter / flexiWAN

The device is connected to the management but the router is not running yet. This means flexiWAN is not running yet, to start a device click on the “Start Device” button.

Run Device

After a few seconds the device will start and show that the router is running. During the start or stop process, the device may disconnect from the management for a few moments, as the vRouter takes control of the interfaces.

Running Device

Follow the same steps to create multiple devices in your network:

Multiple Devices

To stop the router click on the “Stop Device” button.

Deleting Devices

To delete a device click on the “Delete Device” button. Make sure to delete all Tunnels connected to that device before attempting to delete it.

Note

Every device change or configuration will schedule a job to apply the changes. This is done for scalability purposes and so the UI will not halt. The job is queued in the system and executed when the device is connected and ready. The operation succeeds only if the job is completed successfully. Jobs can be viewed in the Troubleshooting -> Jobs menu. An error during an operation is reported as a failed job. If the job fails, the system rolls the job back and returns to the previous state.