UniFi Dream Machine 2.4.X firmware - major support

[OpenSource Ghost]

For those wondering if they should get UniFi Dream Machine (UDM), the newest firmware makes a major difference in showing that Ubiquiti continues to support UDM owners and not leave them behind to only prioritize newer UniFi Dream Router (UDR) series. Going from UDM 1.X firmware to 2.X firmware is not just an update, but an upgrade of the OS. It doesn't add new features, but it improves performance and makes a ton of under-the-hood changes to gain the same level of support and new features as Ubiquiti's newer UDR series. UDM OS 2.X still uses Linux kernel 4.19, but within a few months, UDM firmware is going to jump to verison 3.0, Linux kernel 5.X, and receive same feature updates as UDR (like official WireGuard client support).

Many features of UDM 2.X are not mentioned in release notes due to technical details, but those details include new WiFi drivers, support for ED25519 encryption curves for local SSH access (not AP access, at least not yet), and removal of UDM's Podman root shell encapsulation. Container Network Interface (CNI) plugins are still supported through UDM on-boot script and as such you can still run local DNS (Pi-Hole, AdGuard Home, NextDNS) and other types of servers on your UDM. I fully migrated my my local DNS server from Raspberry Pi to UDM.

It took Ubiquiti about 8 months to finally release 2.X firmwre, but it was worth the wait.

 

[BlueLineSwinger]

And meanwhile the EdgeMax series appears to be largely abandoned. Other than sporadic hotfixes, the EdgeRouters haven't been a real firmware release in ~2.5 years. The switches are slightly better at ~1.5 years or ~9 months.

I'll probably be retiring my EdgeRouter Lite soon.

 

[Vengance_01]

Just did this big upgrade on my UDM pro. Took several upgrades as I run RC train. But all is well. Things seem solid. My OG wifi 5 in wall APs and ac lite are still chugging along without issues.

 

[ND40oz]

3.0.19 is out in Early Access for the UDM Pro if you want to keep going to the latest and greatest.

 

[Vengance_01]

3.0.19 is out in Early Access for the UDM Pro if you want to keep going to the latest and greatest.

I will stick to RC builds only

 

[trick0502]

And meanwhile the EdgeMax series appears to be largely abandoned. Other than sporadic hotfixes, the EdgeRouters haven't been a real firmware release in ~2.5 years. The switches are slightly better at ~1.5 years or ~9 months.

I'll probably be retiring my EdgeRouter Lite soon.

Er4 and es16 setup. I feel you on updates. But it works fine and never has to be rebooted.

 

[OpenSource Ghost]

UDM 3.X rocks. It comes with DNSCrypt-Proxy service pre-installed and running. There are no GUI options for it, but it can be configured through CLI via SSH. That means encrypting DNS traffic natively without any 3rd party on-boot scripts or custom scripts. DNSCrypt-Proxy can use DNSCrypt, DoH, DoT, and DoH/3 in the latest release,but it does not support DoQ. It isn't a replacement for Pi-Hole and AdGuard Home, but for those seeking to simply encrypt DNS queries, DNSCrypt-Proxy gets the job done.

 

[Vengance_01]

UDM 3.X rocks. It comes with DNSCrypt-Proxy service pre-installed and running. There are no GUI options for it, but it can be configured through CLI via SSH. That means encrypting DNS traffic natively without any 3rd party on-boot scripts or custom scripts. DNSCrypt-Proxy can use DNSCrypt, DoH, DoT, and DoH/3 in the latest release,but it does not support DoQ. It isn't a replacement for Pi-Hole and AdGuard Home, but for those seeking to simply encrypt DNS queries, DNSCrypt-Proxy gets the job done.

Link to info and configuration?

 

[OpenSource Ghost]

Link to info and configuration?

If you log into UDM 3.X via SSH and use "systemctl list-unit-files --type=service --state=enabled" command, then you can see that the following 3 services/processes (along with many others) are enabled and are running by default:
- dnscrypt-proxy
- dnscrypt-proxy.socket
- dnscrypt-proxy-resolvconf

There is no mention of DNSCrypt-Proxy in UDM GUI (in any firmware version). I assume UDM GUI will eventually support DNSCrypt-Proxy in future firmware and/or Network Application releases.

To configure DNSCrypt-Proxy now, you need to know your way around Debian, DNSMasq, and SystemD-Resolved, Here's a guide on how to make it work (in general, not specifically on UDM) - https://wiki.archlinux.org/title/Dnscrypt-proxy . I am too lazy to experiment with it.