I’ve been a Google Fiber user (and fan) since the service first hit Provo, Utah. I have a vacation home there, so while I don’t get to benefit from the Gigabit speeds on a daily basis, I certainly take advantage of it while I’m there.
Because it’s a vacation home, I rely on a number of home-automation technologies to monitor and control the place when I’m gone. I use an ecobee remote thermostat to pre-heat or pre-cool the house before I arrive. I can send a text to turn the gas water heaters on and off via a water heater timer. I can watch exterior security cameras from my phone. And I can remotely monitor and arm/disarm the alarm system.
Why the Google Fiber Network Box is No Longer Cutting It
Some of the the home automation technologies I use rely on port-forwarding, which is how you “crack open” the network’s firewall just enough to access specific devices on the other side. In addition to remote control of smart devices, I also use port-forwarding to remotely access the desktop systems, servers, and network devices that stay online in the house while I’m away. Port forwarding worked great for the first couple years of Google Fiber’s service, until they recently “upgraded” the user interface of their Google Fiber Network Box (GFNB)…. and I hope the quotes around “upgraded” are enough for you to hear the sarcastic tone in my voice.
In what appears to be an effort to simplify the Google Fiber Network Box interface, they removed a number of features that advanced users rely on. The worst victim was port-forwarding. While it’s still technically allowed, Google Fiber restricts forwarding only to network devices with reserved DHCP address (meaning you can’t forward to any device with a static IP address), and they also opened a huge security hole by forcing you to forward FROM and TO the same port number. Not only does that limit you to accessing only one Windows Remote Desktop on port 3389, or only one device’s embedded web server on port 80, but those commonly-known port numbers are accessible from the WAN side of the network, meaning they’re much easier to scan and attack. This “upgrade” was unacceptable to me, and when Google Fiber’s support staff told me they couldn’t “downgrade” me back to the original interface, I decided to take matters into my own hands. Update: I’ve been told this has now been fixed, but I still like my EdgeRouter better than the Google Router.
Enter the Ubiquiti EdgeRouter Lite.
I was already a fan of Ubiquiti (UBNT) products. At our Eastern Washington cabin, I use their EdgeRouter-POE as a router, a UAP-PRO access point for indoor WiFi, and a NanoStation to blast WiFi into the back yard, out onto the beach, and half way across the lake. At our main house in Seattle, I use two UAP-AC-PRO access point to fill the house with a very strong WiFi signal (read about that here) as well as a secure guest network, with a UniFi Security Gateway (USG) as the house’s primary router. It’s fair to say I’m a UBNT fanboy.
So when I read in some Google Fiber Support threads (like this one) that it might be possible to replace the GFNB with a Ubiquiti EdgeRouter, I got excited. I picked up an EdgeRouter Lite on Amazon for less than $100, and looked forward to my next trip to Utah to set it up.
Before I go further, I need to repeat the warning I made in my article on installing the UAP-PRO access point: this is not a task for the casual geek. Configuring and tweaking a UBNT EdgeRouter to replace a Google Fiber Network Box requires a certain comfort level with networking, routers, and the Linux command line. This hack is unsupported by Google Fiber, so they won’t help you, and if you call them, they will tell you just to plug your GFNB back in. You can get some help in the UBNT EdgeMAX Forum, and possibly from non-Google employees in the Google Fiber Support Forum, but for the most part… you’re on your own. I chime in on those forums’ conversations from time to time, but I don’t answer support questions here on my blog or via email.
Before You Start
This guide assumes the following:
- You’re comfortable with networks, routing, and the Linux command line.
- You already have a functioning Google Fiber setup at your home.
- You have a terminal application (like PuTTY) on your computer (OSX and Linux clients already have a built-in terminal client).
- You have an EdgeRouter X, EdgeRouter Lite, or EdgeRouter POE.
- You’ve upgraded the EdgeOS firmware on your EdgeRouter to at least version 1.9.
- Your EdgeRouter is set to factory defaults.
- You have a wireless access point to replace the WiFi antenna(s) you’ll lose when you disconnect the GFNB. I used a Linksys E4200 v1 running DD-WRT configured in AP mode when I first did this, but now I run a UBNT UAP-AC-PRO.
It’s also important to note that I do not use Google Fiber TV at my Provo House (I prefer DirecTV). From what I understand, it’s totally possible to use an EdgeRouter in place of the GFNB if you also have Google Fiber TV. I had previously included the necessary settings to support Google TV in my example config.boot files, but Google changed some of their settings and a few of us are still trying to figure out how to adjust for those new settings. Please stay tuned (I’ll announce on my Twitter feed when we get this figured out).
Upgrade the EdgeOS Firmware and Reset the Router
Before you disconnect your old Google Fiber Network Box and temporarily lose Internet service, download the latest firmware (I recommend 1.9 or higher) and install it on your new EdgeRouter. Make sure you also reset the router to factory defaults (either before or after the firmware upgrade).
Download a Default Google Fiber config.boot File
The fastest way to get my baseline Google Fiber configuration on your EdgeRouter is to simply copy one of my example config.boot files onto your router.
Unfortunately, you can’t simply upload a config.boot file by itself via the EdgeMAX UI (the UI actually expects a larger tar.gz file with config.boot and a bunch of other files compressed inside), but if you’re semi-comfortable with the vi editor and/or the EdgeRouter CLI, you can quickly copy my config.boot file onto the EdgeRouter directly, reboot the router, and be up and running within minutes.
I have three versions of my config.boot available:
config.boot.erlfor an EdgeRouter Lite
config.boot.erxfor an EdgeRouter X
config.boot.poefor an EdgeRouter POE
This is a good time to thank Bryan Klinger for initially converting one of my early v1.7 Google Fiber ER-Lite configs to his ER-POE. My v1.9+ configs have evolved a lot since then, but he still gets credit for starting the ball rolling.
All of the above files will give you the same basic setup, with a few minor differences:
- All configurations use
eth0as the WAN port, but the POE version also powers the
eth0port with 48 volts. This allows you to power the Google Fiber Jack directly, so you won’t need to connect any external power supply to the jack.
- The POE and ERL versions have a “Local Config” port, which is always on
- The POE version and ERX versions take advantage of on-board hardware switching via ports. The POE version combines
eth4combined in a single LAN switch while the ERX combines
eth4. The switch is referred to as switch0 in the configuration.
xxx in the examples below refers to the appropriate version of the
config.boot file for your particular EdgeRouter. For example, on an EdgeRouter POE you’d use
Before you disconnect your Google Fiber box and temporarily lose your Internet connection, open up the appropriate example
config.boot.xxx file for your EdgeRouter in a new browser tab on your system. Make sure to press the Raw button near the top right of the page, so when it comes time to copy and paste the contents you won’t copy any of the extra info (like line numbers). You can optionally copy and paste the
config.boot.xxx into a text file on your local system, or just leave it in your browser tab to copy in a few moments.
What the Example config.boot Does
If you’re familiar with the EdgeRouter CLI and settings, you can read through any of the
config.boot.xxx example files to see exactly what’s happening on the router. But in general terms, here’s what happens:
- The WAN interface is configured on
eth0to connect to the Google Fiber Jack. On the POE, it’s powered with 48 volts to power the jack.
- A LAN interface is configured to connect to LAN devices on the 192.168.1.1/24 network. If you prefer a different subnet (like 192.168.0.1 or 192.168.2.1), you can edit your new
config.bootfile before rebooting with it. I kept 192.168.1.1/24 network because it’s already the factory default.
- A VLAN for the WAN port is configured as
eth0.2. The settings for this interface make the true “secret sauce” as to why this works on the Google Fiber network. This VLAN applies the proper QoS settings and masquerading to the WAN to keep Google happy.
- Multiple settings to enable both IPv4 and IPv6 are configured.
- A local configuration port is enabled on
eth1on the ER-Lite and ER-POE. If anything goes wrong with your configuration, this port allows you to connect a laptop directly to the EdgeRouter via Ethernet without disconnecting anything, then access the EdgeRouter’s GUI or CLI via 192.168.99.1 to fix problems. Because the ER-L’s ports aren’t hardware switched like the ER-X’s and some of the ER-POE’s, I don’t recommend configuring
eth1as an additional LAN port on your ER-L’s primary subnet, which is why I decided to at give
eth1at least some useful function in this setup. You may never need to use it, but I figured why waste a perfectly good Ethernet port?
- A basic firewall is configured that supports IPv4 and IPv6.
- Basic settings for an isolated guest WiFi network VLAN and DHCP server are configured.
- MSS clamping is enabled at 1460 (this number works great for me on the Google Fiber network, but you can play with different settings yourself).
- Port forwarding is enabled and configured for the correct LAN and WAN ports for remote access to your router.
- A DHCP server is enabled for the local network.
- A local caching DNS forwarder is enabled.
- UPnP is enabled in secure mode (using
- Timezone, system name servers, and the local hostname are set for Mountain Time (easy enough to change after you’re up and running)
- Hardware offloading is enabled, which is required to reach speeds over the half-Gigabit(ish) level on the Google Fiber network.
- Additional firewall and IGMP settings are configured to support Google TV service.
Temporarily Connect eth0 on the EdgeRouter to your Computer or LAN
After you’ve got the appropriate
config.boot.xxx file available on your local computer, temporarily disconnect your PC from any WiFi networks then connect an Ethernet cable from your computer (or from a LAN switch connected to your computer) to the EdgeRouter’s
eth0 port, which is the only port that works on a factory-reset EdgeRouter.
eth0 on the EdgeRouter is configured for the
192.168.1.1/24 network. Because the router doesn’t have an active DHCP server (yet), you’ll need to manually configure your computer with something like:
- IP Address:
Once you can ping
192.168.1.1 from your computer, you’re good to go.
Connect to the EdgeRouter via Terminal
Using a terminal application, ssh to
[email protected] if on Linux or Mac). Both the default admin username and password are
Configure your EdgeRouter Using the example config.boot File
Now we need to copy the
config.boot.xxx file onto the EdgeRouter. There are a number of ways to do this. Linux users can simply use scp to copy the example
config.boot.xxx file via ssh directly from another local Linux system. But for most users, the easiest way will be to use vi to create a new file on the EdgeRouter then paste the contents of your new
First, copy the raw contents of the appropriate
config.boot.xxx file from your browser into your local clipboard. Then create a blank
config.boot.xxx file in /home/ubnt with:
sudo vi /home/ubnt/config.boot.xxx
vi, turn off the auto-indenting feature before you paste by typing the following (including the colon):
ENTER. If you’re not familiar with
vi, make sure you type the “:” whenever they’re shown in this guide.
vi‘s insert mode by pressing lowercase i (you don’t need
ENTER after the “i” command).
Paste the copied raw
config.boot.xxx file from your local system’s clipboard using your terminal client’s Paste menu item or keyboard shortcut (usually
CTRL-V on PC,
Command-V on Mac, etc.).
Exit insert mode by pressing your keyboard’s
Now write and quit the file by typing:
Now you’re ready to copy your new
config.boot.xxx file over the EdgeRouter’s default
config.boot file with:
sudo cp /home/ubnt/config.boot.xxx /config/config.boot
Reboot to Apply Changes
Now you’re ready to reboot the router to apply your changes with:
Your EdgeRouter will ask you to confirm.
IMPORTANT: If you’re using the
config.boot.poe version of this configuration on an EdgeRouter PoE, make sure you disconnect the Ethernet cable connected to the
eth0 port immediately after you confirm the reboot. Once the reboot is finished, the
eth0 port will powered with 48v for the Google Fiber Jack and you shouldn’t have any non-PoE clients attached to that port when it’s powered.
You’re now ready to physically connect your EdgeRouter to your Google Fiber Jack and your LAN.
Connect your EdgeRouter to your Google Fiber Jack and LAN
While your EdgeRouter reboots (it should only take a couple minutes), you can change your computer’s TCP/IP settings back to DHCP and make the final physical connections between your EdgeRouter and your network.
eth0 port (which is now configured as the WAN port) to the Google Fiber Jack. If you’re using an ER-POE, you can unplug any external power injector from the fiber jack.
Connect your LAN clients (or any switch on your LAN) to any of your EdgeRouter’s LAN ports (such as
eth2). Using my example configs, the port settings are:
eth0= WAN (Google Fiber Jack)
eth1= Local Config Port
eth0= WAN (Google Fiber Jack)
eth4= LAN (combined as
eth0= WAN (Google Fiber Jack) + 48v PoE
eth1= Local Config Port
eth4= LAN (combined as
Test Your Connection
Within a few minutes, your EdgeRouter should reboot and your computer should receive a DHCP address from the router and (fingers crossed!) be able to access the Internet. Perform a speed test to make sure you’re still seeing fast speeds.
This was my first test result after the changeover:
Congratulations! You’re up and running on the Google Fiber network with a Ubiquiti EdgeRouter!
Replacing the Google Fiber Network Box’s WiFi
One thing you lost when you unplugged your Google Fiber Network Box is a set of WiFi antennas to allow wireless clients to access your network. But that’s no big loss.. the GFNB WiFi antennas are notoriously lame. The cheapest way to replace them is to install DD-WRT on a wireless router you might already have, and configure it as a stand-alone access point.
For Google TV Users
If you also have Google TV service, you’ll still need to connect your DVR box to your local LAN, even if you have the 2nd generation box that combines the Google Fiber box and DVR. All the required settings to make Google TV work with an EdgeRouter are in the
config.boot file. You do not need to run any additional script.
config.boot files have DPI (deep packet inspection) turned off, as enabling it is reported to cause TV pictures to stutter.
Your Google TV Storage Box should be physically connected to your LAN switch. I’ve seen one setup with three TVs: two TVs are connected to the Storage Box via coax and the third TV is connected to the LAN switch.
I’ve heard some reports that Google TV “suddenly” stopped working for some users. The example setup that I know is still working is using a “smart” LAN switch, with IGMP snooping and MLD snooping both turned ON.
A Word about Google Fiber IPv6 Addresses
Google might not allocate your IPv6 addresses immediately. You’ll likely have to wait until overnight until you see the IPv6 addresses for the WAN and LAN interfaces in the GUI. I’ve tried everything I can think of to kickstart the process, to no avail. You just have to wait.
Now that you’re online with an EdgeRouter instead of a Google Fiber Network Box, there are a few final steps you should take.
First, access the GUI via a web browser to
ubnt as the username and password to gain access.
Go to the Users tab, then fill in the info to add a new administrative user. Use something other than the obvious “admin” or “root.” Once that user is created, go to the top left corner of the GUI (where it says Welcome ubnt) and log out. Log back in as the newly created user, go back to the Users tab, and delete the ubnt user. Now you’re protected from default user and password access.
You can poke around inside the web interface a bit more, and see how all the command line changes you made look in the GUI. In the Wizards tab, you can tinker with the MSS clamping settings, and adjust them to your liking. In the Services / DNS tab, you can tweak the size of your DNS forwarding cache size (I’ve been using out 500 lately).
You can go to the Firewall/NAT tab and set up some port forwards, choosing any FROM and TO ports you want for any IP address on the LAN (which is what started me on this path in the first place).
Or you can just watch the Dashboard and monitor the Tx and Rx rates of each interface. Mine looks like this (my IPv4 and IPv6 WAN IP addresses are blacked out for security). Don’t be concerned that I’m using
192.168.0.1/24 and that my LAN is connected to
eth0. Pretend it reads
eth1 to match the config in this article:
But one thing you must do is wave “goodbye” to your sad little Google Fiber Network Box.
Congratulations! You’ve replaced your Google Fiber Network Box with a much more useful and flexible business-class router: the affordable, powerful, and downright lovable Ubiquiti EdgeRouter!
As always, I welcome your questions, comments, and feedback below!
- The “original” Google Fiber Network Box Support Thread
- Atlantisman’s original GFNB blog post and script
- Google Fiber + ERL thread on UBNT Forums
- Google Fiber TV Thread at UBNT Forums
- Flyover County Google Fiber blog posts #1 and #2