I’ve been a Google Fiber user (and fan) since the service first hit Provo, Utah. I have a vacation home there, so while I don’t get to benefit from the Gigabit speeds on a daily basis, I certainly take advantage of it while I’m there.
Because it’s a vacation home, I rely on a number of home-automation technologies to monitor and control the place when I’m gone. I use an ecobee remote thermostat to pre-heat or pre-cool the house before I arrive. I can send a text to turn the gas water heaters on and off via a water heater timer. I can watch exterior security cameras from my phone. And I can remotely monitor and arm/disarm the alarm system.
Why the Google Fiber Network Box is No Longer Cutting It
Some of the the home automation technologies I use rely on port-forwarding, which is how you “crack open” the network’s firewall just enough to access specific devices on the other side. In addition to remote control of smart devices, I also use port-forwarding to remotely access the desktop systems, servers, and network devices that stay online in the house while I’m away. Port forwarding worked great for the first couple years of Google Fiber’s service, until they recently “upgraded” the user interface of their Google Fiber Network Box (GFNB)…. and I hope the quotes around “upgraded” are enough for you to hear the sarcastic tone in my voice.
In what appears to be an effort to simplify the Google Fiber Network Box interface, they removed a number of features that advanced users rely on. The worst victim was port-forwarding. While it’s still technically allowed, Google Fiber restricts forwarding only to network devices with reserved DHCP address (meaning you can’t forward to any device with a static IP address), and they also opened a huge security hole by forcing you to forward FROM and TO the same port number. Not only does that limit you to accessing only one Windows Remote Desktop on port 3389, or only one device’s embedded web server on port 80, but those commonly-known port numbers are accessible from the WAN side of the network, meaning they’re much easier to scan and attack. This “upgrade” was unacceptable to me, and when Google Fiber’s support staff told me they couldn’t “downgrade” me back to the original interface, I decided to take matters into my own hands. Update: I’ve been told this has now been fixed, but I still like my EdgeRouter better than the Google Router.
Enter the Ubiquiti EdgeRouter Lite.
I was already a fan of Ubiquiti (UBNT) products. At our Eastern Washington cabin, I use their EdgeRouter-POE as a router, a UAP-PRO access point for indoor WiFi, and a NanoStation to blast WiFi into the back yard, out onto the beach, and half way across the lake. At our main house in Seattle, I use two UAP-AC-PRO access point to fill the house with a very strong WiFi signal (read about that here) as well as a secure guest network, with a UniFi Security Gateway (USG) as the house’s primary router. It’s fair to say I’m a UBNT fanboy.
So when I read in some Google Fiber Support threads (like this one) that it might be possible to replace the GFNB with a Ubiquiti EdgeRouter, I got excited. I picked up an EdgeRouter Lite on Amazon for less than $100, and looked forward to my next trip to Utah to set it up.
Before I go further, I need to repeat the warning I made in my article on installing the UAP-PRO access point: this is not a task for the casual geek. Configuring and tweaking a UBNT EdgeRouter to replace a Google Fiber Network Box requires a certain comfort level with networking, routers, and the Linux command line. This hack is unsupported by Google Fiber, so they won’t help you, and if you call them, they will tell you just to plug your GFNB back in. You can get some help in the UBNT EdgeMAX Forum, and possibly from non-Google employees in the Google Fiber Support Forum, but for the most part… you’re on your own. I chime in on those forums’ conversations from time to time, but I don’t answer support questions here on my blog or via email.
Before You Start
This guide assumes the following:
- You’re comfortable with networks, routing, and the Linux command line.
- You already have a functioning Google Fiber setup at your home.
- You have a terminal application (like PuTTY) on your computer (OSX and Linux clients already have a built-in terminal client).
- You have an EdgeRouter X, EdgeRouter Lite, or EdgeRouter POE.
- You’ve upgraded the EdgeOS firmware on your EdgeRouter to at least version 1.9.
- Your EdgeRouter is set to factory defaults.
- You have a wireless access point to replace the WiFi antenna(s) you’ll lose when you disconnect the GFNB. I used a Linksys E4200 v1 running DD-WRT configured in AP mode when I first did this, but now I run a UBNT UAP-AC-PRO.
It’s also important to note that I do not use Google Fiber TV at my Provo House (I prefer DirecTV). From what I understand, it’s totally possible to use an EdgeRouter in place of the GFNB if you also have Google Fiber TV, but it requires some additional steps (which I’ll discuss further below). For now, start with the network portion of the guide, then add the TV service steps next.
Upgrade the EdgeOS Firmware and Reset Router
Before you disconnect your old Google Fiber Network Box and temporarily lose Internet service, download the latest firmware (I recommend 1.9 or higher) and install it on your new EdgeRouter. Make sure you also reset the router to factory defaults (either before or after the firmware upgrade).
My Default Google Fiber config.boot File
The fastest way to get my baseline Google Fiber configuration on your EdgeRouter is to simply copy one of my example config.boot files onto your router.
Unfortunately, you can’t simply upload a config.boot file by itself via the EdgeMAX UI (the UI actually expects a larger tar.gz file with config.boot and a bunch of other files compressed inside), but if you’re semi-comfortable with the vi editor and/or the EdgeRouter CLI, you can quickly copy my config.boot file onto the EdgeRouter directly, reboot the router, and be up and running within minutes.
I have two versions of my config.boot available:
This is a good time to thank Bryan Klinger for initially converting one of my early v1.7 Google Fiber ER-Lite configs to his ER-POE. My v1.9+ configs have evolved a bit, but he gets credit for starting the ball rolling.
Both of the above files will give you the same basic setup, with a few minor differences:
- In the POE version, the eth1 port is powered with 48v. This allows you to power the Google Fiber Jack directly, so you won’t need to connect any external power supply to the jack.
- In the Lite version, the Local Config port is eth2. In the POE version, it’s eth0. This is because the ER-POE allows you to combine the eth2, eth3, and eth4 ports as a hardware-based switch (which is what my config.boot file does)
- In the Lite version, eth0 is the LAN port that you connect to a switch to allow LAN devices to access the Internet, so eth0 is referred to throughout the config file as the LAN interface. In the POE version, eth2, eth3, and eth4 are connected as a hardware switch called switch0, so any of those ports can connect LAN devices or other LAN switches to the Internet, and switch0 is referred to throughout the config file as the LAN interface.
Before you disconnect your Google Fiber box and temporarily lose your Internet connection, open up the appropriate example config.boot file for your EdgeRouter in a new browser tab on your system. Make sure to press the Raw button near the top right of the page, so when it comes time to copy and paste the contents you won’t copy any of the extra info (like line numbers). You can optionally copy and paste the config.boot into a text file on your local system, or just leave it in your browser tab to copy in a few moments.
What the Example config.boot Does
If you’re familiar with the EdgeRouter CLI and settings, you can read through either config.boot file to see exactly what’s happening on the router. But in general terms, here’s what happens:
- A LAN interface (eth0 on ERL, switch0 on ER-POE) is configured to connect to LAN devices on the 192.168.1.1/24 network. If you prefer a different subnet (like 192.168.0.1 or 192.168.2.1), edit your config.boot file before rebooting with it. I went with the 192.168.1.1/24 network because that’s already the factory default.
- The eth1 port is configured as the WAN interface to connect to your Google Fiber network jack. On the ER-POE, this port is configured to power the jack with 48v.
- A VLAN for the WAN port is configured as eth1.2. The settings for this interface make the true “secret sauce” as to why this works on the Google Fiber network. This VLAN applies the proper QoS settings and masquerading to the WAN to keep Google happy.
- Multiple settings to enable both IPv4 and IPv6 are configured.
- A local configuration port is enabled (eth2 on the ER-Lite, eth0 on the ER-POE). If anything goes wrong with your configuration, this port allows you to connect a laptop directly to the EdgeRouter via Ethernet without disconnecting anything, then access the EdgeRouter’s GUI or CLI via 192.168.3.1 to fix problems. Because the ERL’s ports aren’t hardware switched like some of of the ER-POE’s are, I don’t recommend configuring eth2 as an additional LAN port on your primary subnet, which is why I decided to at give eth2 at least some useful function in this setup. You may never need to use it, but I figured why waste a perfectly good Ethernet port?
- A basic firewall is configured.
- Basic settings for an isolated guest WiFi network VLAN and DHCP server are configured.
- MSS clamping is enabled at 1460 (this number works for me, but you can play with different settings yourself).
- Port forwarding is enabled and configured for the correct LAN and WAN ports.
- A DHCP server is enabled for the local network (you can edit the IP range in the GUI later).
- A local caching DNS forwarder is enabled.
- UPnP is enabled.
- Timezone, system name servers, and the local hostname are set for Mountain Time (easy to change after you’re up and running)
- Hardware offloading is enabled, which is required to reach speeds over the half-Gigabit(ish) level on the Google Fiber network.
Physically Connecting the EdgeRouter to your Network
After you’ve got the config.boot file available on your local system, unplug and disconnect your Google Fiber Network Box and replace it with your EdgeRouter. If you have an ER-POE, unplug the power supply feeding the Google Fiber network jack. The ER-POE will be supplying power to the jack.
Make the physical network connections to the EdgeRouter like this:
- CONSOLE: Don’t connect anything.
- eth0: Connect via Ethernet cable to a switch on your LAN (black cable in photo below).
- eth1: Connect via Ethernet cable to the Google Fiber network jack (blue cable in photo below).
Then plug in the EdgeRouter’s power cord and let it boot.
Don’t connect anything to any other ports for now. Both the ER-Lite and the ER-POE should be connected this same way for their initial setup, but after the reboot you’ll move one of the cables on the ER-POE (don’t worry, we’ll get to that in a minute).
Alternatively, you could connect your laptop or desktop system via Ethernet directly to the EdgeRouter’s eth0 port, then connect the port to your LAN switch after you’re done setting it up. But it’s just as easy to configure the router from a system that’s already connected through any switch on your LAN.
By default, eth0 on the EdgeRouter is configured for the 192.168.1.1/24 network. Because the router doesn’t have an active DHCP server (yet), you’ll need to manually configure your computer with something like:
- IP Address: 192.168.1.4
- Netmask: 255.255.255.0
- Gateway: 192.168.1.1
Once you can ping 192.168.1.1 from your computer, you’re good to go.
Connect to the EdgeRouter via Terminal
Using a terminal application, ssh to 192.168.1.1 (or [email protected] if on Linux or Mac). Both the default admin username and password are ubnt.
Become the root user with:
% sudo su
Now you’re ready for the magic!
Configure your EdgeRouter Using the example config.boot File
Now we need to copy the config.boot file onto the EdgeRouter. There are a number of ways to do this, including using scp to copy it directly from another local Linux system. But the easiest is to use vi to create a new file and paste the contents of your new config.boot.
First, copy the raw contents of my config.boot file into your local clipboard. Now create a blank config.boot file in /home/ubnt with:
# vi /home/ubnt/config.boot
Once inside vi, turn off the auto-indenting feature before you paste by typing
and pressing ENTER. If you’re not familiar with vi, make sure you type the “:” whenever they’re shown in this guide.
Now enter “insert” mode by pressing lower case i (you don’t need ENTER after the “i” command).
Paste the copied raw config.boot file from your local system’s clipboard using your terminal client’s Paste menu item or keyboard shortcut (usually CTRL-V on PC, Command-V on Mac, etc.). Now write and quit the file by typing
and then ENTER.
Now you’re ready to copy your new config.boot file over the EdgeRouter’s default config.boot file with:
# cp /home/ubnt/config.boot /config/config.boot
Reboot and Test
Now you’re ready to reboot the router and load the new config.boot file with:
Your EdgeRouter will ask you to confirm, and then it will reboot. It should only take a couple minutes, but while you’re waiting, you can change your computer’s TCP/IP settings back to DHCP.
If you have an EdgeRouter POE, this is also the point where you need to unplug the Ethernet cable connected from your laptop or LAN switch to the eth0 port and connect it to any of the newly configured switched LAN ports: you can use eth2, eth3, or eth4 — it doesn’t matter which one.
Advanced users might note that it wasn’t technically necessary to reboot the router and that you could have used the “load” and “commit” commands to apply the new configuration. But I still recommend rebooting just to prove to yourself that your router boots properly into your new config.
Within a few minutes, your computer should receive a DHCP address from the router and (fingers crossed!) be able to access the Internet. Perform a speed test to make sure you’re still seeing fast speeds.
This was my first test result after the changeover:
Congratulations! You’re up and running on the Google Fiber network with a Ubiquiti EdgeRouter!
Replacing the Google Fiber Network Box’s WiFi
One thing you lost when you unplugged your Google Fiber Network Box is a set of WiFi antennas to allow wireless clients to access your network. But that’s no big loss.. the GFNB WiFi antennas are notoriously lame. The cheapest way to replace them is to install DD-WRT on a wireless router you might already have, and configure it as a stand-alone access point.
For Google TV Users
If you also have Google TV service, you’ll need to apply a script to add some additional features to your configuration. Atlantisman also wrote the original script for this, but he uses slightly different IP addressing and firewall rules names in his original script, so I did some very minor tweaking to his Google Fiber TV Service script so that it matches up with my config.boot file. My version of the script is stored as a GitHub Gist here.
A Word about Google Fiber IPv6 Addresses
Google won’t allocate your IPv6 addresses immediately. You’ll likely have to wait until overnight until you see the IPv6 addresses for the WAN and LAN interfaces in the GUI. I’ve tried everything I can think of to kickstart the process, to no avail. You just have to wait.
Now that you’re online with an EdgeRouter instead of a Google Fiber Network Box, there are a few final steps you should take.
First, access the GUI via a web browser to https://192.168.1.1/. Use ubnt as the username and password to gain access.
Go to the Users tab, then fill in the info to add a new administrative user. Use something other than the obvious “admin” or “root.” Once that user is created, go to the top left corner of the GUI (where it says Welcome ubnt) and log out. Log back in as the newly created user, go back to the Users tab, and delete the ubnt user. Now you’re protected from default user and password access.
You can poke around inside the web interface a bit more, and see how all the command line changes you made look in the GUI. In the Wizards tab, you can tinker with the MSS clamping settings, and adjust them to your liking. In the Services / DNS tab, you can tweak the size of your DNS forwarding cache size (I’ve been testing out 500 lately).
You can go to the Firewall/NAT tab and set up some port forwards, choosing any FROM and TO ports you want for any IP address on the LAN (which is what started me on this path in the first place).
Or you can just watch the Dashboard and monitor the Tx and Rx rates of each interface. Mine looks like this (my IPv4 and IPv6 WAN IP addresses are blacked out for security). Don’t be concerned that I’m using 192.168.0.1/24 for my private LAN address range on eth0. Pretend it reads 192.168.1.1/24 to match the config in this article:
But one thing you must do is wave goodbye to your sad little Google Fiber Network Box.
Congratulations! You’ve replaced your Google Fiber Network Box with a much more useful and flexible business-class router: the affordable, powerful, and downright lovable Ubiquiti EdgeRouter!
As always, I welcome your questions, comments, and feedback below!
- The “original” Google Fiber Network Box Support Thread
- Atlantisman’s original GFNB blog post and script
- Google Fiber + ERL thread on UBNT Forums
- Google Fiber TV Thread at UBNT Forums
- Flyover County Google Fiber blog posts #1 and #2