I’ve been a Google Fiber user (and fan) since the service first hit Provo, Utah. I have a vacation home there, so while I don’t get to benefit from the Gigabit speeds on a daily basis, I certainly take advantage of it while I’m there.
Because it’s a vacation home, I rely on a number of home-automation technologies to monitor and control the place when I’m gone. I use an ecobee remote thermostat to pre-heat or pre-cool the house before I arrive. I can send a text to turn the gas water heaters on and off via a water heater timer. I can watch exterior security cameras from my phone. And I can remotely monitor and arm/disarm the alarm system.
Why the Google Fiber Network Box is No Longer Cutting It
Some of the the home automation technologies I use rely on port-forwarding, which is how you “crack open” the network’s firewall just enough to access specific devices on the other side. In addition to remote control of smart devices, I also use port-forwarding to remotely access the desktop systems, servers, and network devices that stay online in the house while I’m away. Port forwarding worked great for the first couple years of Google Fiber’s service, until they recently “upgraded” the user interface of their Google Fiber Network Box (GFNB)…. and I hope the quotes around “upgraded” are enough for you to hear the sarcastic tone in my voice.
In what appears to be an effort to simplify the Google Fiber Network Box interface, they removed a number of features that advanced users rely on. The worst victim was port-forwarding. While it’s still technically allowed, Google Fiber restricts forwarding only to network devices with reserved DHCP address (meaning you can’t forward to any device with a static IP address), and they also opened a huge security hole by forcing you to forward FROM and TO the same port number. Not only does that limit you to accessing only one Windows Remote Desktop on port 3389, or only one device’s embedded web server on port 80, but those commonly-known port numbers are accessible from the WAN side of the network, meaning they’re much easier to scan and attack. This “upgrade” was unacceptable to me, and when Google Fiber’s support staff told me they couldn’t “downgrade” me back to the original interface, I decided to take matters into my own hands. Update: I’ve been told this has now been fixed, but I still like my EdgeRouter better than the Google Router.
Enter the Ubiquiti EdgeRouter Lite.
I was already a fan of Ubiquiti (UBNT) products. At our Eastern Washington cabin, I use their EdgeRouter-POE as a router, a UAP-PRO access point for indoor WiFi, and a NanoStation to blast WiFi into the back yard, out onto the beach, and half way across the lake. At our main house in Seattle, I use two UAP-AC-PRO access point to fill the house with a very strong WiFi signal (read about that here) as well as a secure guest network, with a UniFi Security Gateway (USG) as the house’s primary router. It’s fair to say I’m a UBNT fanboy.
So when I read in some Google Fiber Support threads (like this one) that it might be possible to replace the GFNB with a Ubiquiti EdgeRouter, I got excited. I picked up an EdgeRouter Lite on Amazon for less than $100, and looked forward to my next trip to Utah to set it up.
Before I go further, I need to repeat the warning I made in my article on installing the UAP-PRO access point: this is not a task for the casual geek. Configuring and tweaking a UBNT EdgeRouter to replace a Google Fiber Network Box requires a certain comfort level with networking, routers, and the Linux command line. This hack is unsupported by Google Fiber, so they won’t help you, and if you call them, they will tell you just to plug your GFNB back in. You can get some help in the UBNT EdgeMAX Forum, and possibly from non-Google employees in the Google Fiber Support Forum, but for the most part… you’re on your own. I chime in on those forums’ conversations from time to time, but I don’t answer support questions here on my blog or via email.
Before You Start
This guide assumes the following:
- You’re comfortable with networks, routing, and the Linux command line.
- You already have a functioning Google Fiber setup at your home.
- You have a terminal application (like PuTTY) on your computer (OSX and Linux clients already have a built-in terminal client).
- You have an EdgeRouter X, EdgeRouter Lite, or EdgeRouter POE.
- You’ve upgraded the EdgeOS firmware on your EdgeRouter to at least version 1.9.
- Your EdgeRouter is set to factory defaults.
- You have a wireless access point to replace the WiFi antenna(s) you’ll lose when you disconnect the GFNB. I used a Linksys E4200 v1 running DD-WRT configured in AP mode when I first did this, but now I run a UBNT UAP-AC-PRO.
It’s also important to note that I do not use Google Fiber TV at my Provo House (I prefer DirecTV). From what I understand, it’s totally possible to use an EdgeRouter in place of the GFNB if you also have Google Fiber TV. I had previously included the necessary settings to support Google TV in my example config.boot files, but Google changed some of their settings and a few of us are still trying to figure out how to adjust for those new settings. Please stay tuned (I’ll announce on my Twitter feed when we get this figured out).
Upgrade the EdgeOS Firmware and Reset the Router
Before you disconnect your old Google Fiber Network Box and temporarily lose Internet service, download the latest firmware (I recommend 1.9 or higher) and install it on your new EdgeRouter. Make sure you also reset the router to factory defaults (either before or after the firmware upgrade).
Download a Default Google Fiber config.boot File
The fastest way to get my baseline Google Fiber configuration on your EdgeRouter is to simply copy one of my example config.boot files onto your router.
Unfortunately, you can’t simply upload a config.boot file by itself via the EdgeMAX UI (the UI actually expects a larger tar.gz file with config.boot and a bunch of other files compressed inside), but if you’re semi-comfortable with the vi editor and/or the EdgeRouter CLI, you can quickly copy my config.boot file onto the EdgeRouter directly, reboot the router, and be up and running within minutes.
I have three versions of my config.boot available:
config.boot.erl
for an EdgeRouter Liteconfig.boot.erx
for an EdgeRouter Xconfig.boot.poe
for an EdgeRouter POE
This is a good time to thank Bryan Klinger for initially converting one of my early v1.7 Google Fiber ER-Lite configs to his ER-POE. My v1.9+ configs have evolved a lot since then, but he still gets credit for starting the ball rolling.
All of the above files will give you the same basic setup, with a few minor differences:
- All configurations use
eth0
as the WAN port, but the POE version also powers theeth0
port with 48 volts. This allows you to power the Google Fiber Jack directly, so you won’t need to connect any external power supply to the jack. - The POE and ERL versions have a “Local Config” port, which is always on
eth1
. - The POE version and ERX versions take advantage of on-board hardware switching via ports. The POE version combines
eth2
,eth3
, andeth4
combined in a single LAN switch while the ERX combineseth1
,eth2
,eth3
, andeth4
. The switch is referred to as switch0 in the configuration.
Assume the xxx
in the examples below refers to the appropriate version of the config.boot
file for your particular EdgeRouter. For example, on an EdgeRouter POE you’d use config.boot.poe
.
Before you disconnect your Google Fiber box and temporarily lose your Internet connection, open up the appropriate example config.boot.xxx
file for your EdgeRouter in a new browser tab on your system. Make sure to press the Raw button near the top right of the page, so when it comes time to copy and paste the contents you won’t copy any of the extra info (like line numbers). You can optionally copy and paste the config.boot.xxx
into a text file on your local system, or just leave it in your browser tab to copy in a few moments.
What the Example config.boot Does
If you’re familiar with the EdgeRouter CLI and settings, you can read through any of the config.boot.xxx
example files to see exactly what’s happening on the router. But in general terms, here’s what happens:
- The WAN interface is configured on
eth0
to connect to the Google Fiber Jack. On the POE, it’s powered with 48 volts to power the jack. - A LAN interface is configured to connect to LAN devices on the 192.168.1.1/24 network. If you prefer a different subnet (like 192.168.0.1 or 192.168.2.1), you can edit your new
config.boot
file before rebooting with it. I kept 192.168.1.1/24 network because it’s already the factory default. - A VLAN for the WAN port is configured as
eth0.2
. The settings for this interface make the true “secret sauce” as to why this works on the Google Fiber network. This VLAN applies the proper QoS settings and masquerading to the WAN to keep Google happy. - Multiple settings to enable both IPv4 and IPv6 are configured.
- A local configuration port is enabled on
eth1
on the ER-Lite and ER-POE. If anything goes wrong with your configuration, this port allows you to connect a laptop directly to the EdgeRouter via Ethernet without disconnecting anything, then access the EdgeRouter’s GUI or CLI via 192.168.99.1 to fix problems. Because the ER-L’s ports aren’t hardware switched like the ER-X’s and some of the ER-POE’s, I don’t recommend configuringeth1
as an additional LAN port on your ER-L’s primary subnet, which is why I decided to at giveeth1
at least some useful function in this setup. You may never need to use it, but I figured why waste a perfectly good Ethernet port? - A basic firewall is configured that supports IPv4 and IPv6.
- Basic settings for an isolated guest WiFi network VLAN and DHCP server are configured.
- MSS clamping is enabled at 1460 (this number works great for me on the Google Fiber network, but you can play with different settings yourself).
- Port forwarding is enabled and configured for the correct LAN and WAN ports for remote access to your router.
- A DHCP server is enabled for the local network.
- A local caching DNS forwarder is enabled.
- UPnP is enabled in secure mode (using
upnp2)
- Timezone, system name servers, and the local hostname are set for Mountain Time (easy enough to change after you’re up and running)
- Hardware offloading is enabled, which is required to reach speeds over the half-Gigabit(ish) level on the Google Fiber network.
Additional firewall and IGMP settings are configured to support Google TV service.I no longer recommend configuring Google TV options on the EdgeRouter. Instead, see below for simple instructions regarding splitting the Google TV and EdgeRouter traffic using a Gigabit switch.
Temporarily Connect eth0 on the EdgeRouter to your Computer or LAN
After you’ve got the appropriate config.boot.xxx
file available on your local computer, temporarily disconnect your PC from any WiFi networks then connect an Ethernet cable from your computer (or from a LAN switch connected to your computer) to the EdgeRouter’s eth0
port, which is the only port that works on a factory-reset EdgeRouter.
By default, eth0
on the EdgeRouter is configured for the 192.168.1.1/24
network. Because the router doesn’t have an active DHCP server (yet), you’ll need to manually configure your computer with something like:
- IP Address:
192.168.1.4
- Netmask:
255.255.255.0
- Gateway:
192.168.1.1
Once you can ping 192.168.1.1
from your computer, you’re good to go.
Connect to the EdgeRouter via Terminal
Using a terminal application, ssh to 192.168.1.1
(or [email protected]
if on Linux or Mac). Both the default admin username and password are ubnt.
Configure your EdgeRouter Using the example config.boot File
Now we need to copy the config.boot.xxx
file onto the EdgeRouter. There are a number of ways to do this. Linux users can simply use scp to copy the example config.boot.xxx
file via ssh directly from another local Linux system. But for most users, the easiest way will be to use vi to create a new file on the EdgeRouter then paste the contents of your new config.boot.xxx
.
First, copy the raw contents of the appropriate config.boot.xxx
file from your browser into your local clipboard. Then create a blank config.boot.xxx
file in /home/ubnt with:
sudo vi /home/ubnt/config.boot.xxx
Once inside vi,
turn off the auto-indenting feature before you paste by typing the following (including the colon):
:set noai
and pressing ENTER.
If you’re not familiar with vi,
make sure you type the “:” whenever they’re shown in this guide.
Now enter vi
‘s insert mode by pressing lowercase i (you don’t need ENTER
after the “i” command).
Paste the copied raw config.boot.xxx
file from your local system’s clipboard using your terminal client’s Paste menu item or keyboard shortcut (usually CTRL-V
on PC, Command-V
on Mac, etc.).
Exit insert mode by pressing your keyboard’s ESC
key.
Now write and quit the file by typing:
:wq
and then ENTER.
Now you’re ready to copy your new config.boot.xxx
file over the EdgeRouter’s default config.boot
file with:
sudo cp /home/ubnt/config.boot.xxx /config/config.boot
Reboot to Apply Changes
Now you’re ready to reboot the router to apply your changes with:
reboot
Your EdgeRouter will ask you to confirm.
IMPORTANT: If you’re using the config.boot.poe
version of this configuration on an EdgeRouter PoE, make sure you disconnect the Ethernet cable connected to the eth0
port immediately after you confirm the reboot. Once the reboot is finished, the eth0
port will powered with 48v for the Google Fiber Jack and you shouldn’t have any non-PoE clients attached to that port when it’s powered.
You’re now ready to physically connect your EdgeRouter to your Google Fiber Jack and your LAN.
Connect your EdgeRouter to your Google Fiber Jack and LAN
While your EdgeRouter reboots (it should only take a couple minutes), you can change your computer’s TCP/IP settings back to DHCP and make the final physical connections between your EdgeRouter and your network.
Connect the eth0
port (which is now configured as the WAN port) to the Google Fiber Jack. If you’re using an ER-POE, you can unplug any external power injector from the fiber jack.
Connect your LAN clients (or any switch on your LAN) to any of your EdgeRouter’s LAN ports (such as eth2
). Using my example configs, the port settings are:
EdgeRouter Lite:
eth0
= WAN (Google Fiber Jack)eth1
= Local Config Porteth2
= LAN
EdgeRouter X:
eth0
= WAN (Google Fiber Jack)eth1
,eth2
,eth3
, ð4
= LAN (combined asswitch0
)
EdgeRouter POE:
eth0
= WAN (Google Fiber Jack) + 48v PoEeth1
= Local Config Porteth2
,eth3
, ð4
= LAN (combined asswitch0
)
Test Your Connection
Within a few minutes, your EdgeRouter should reboot and your computer should receive a DHCP address from the router and (fingers crossed!) be able to access the Internet. Perform a speed test to make sure you’re still seeing fast speeds.
This was my first test result after the changeover:
Congratulations! You’re up and running on the Google Fiber network with a Ubiquiti EdgeRouter!
Replacing the Google Fiber Network Box’s WiFi
One thing you lost when you unplugged your Google Fiber Network Box is a set of WiFi antennas to allow wireless clients to access your network. But that’s no big loss.. the GFNB WiFi antennas are notoriously lame. The cheapest way to replace them is to install DD-WRT on a wireless router you might already have, and configure it as a stand-alone access point.
Or, just purchase the best standalone WiFi access point on the market… which also happens to be a Ubiquiti device: the UAP-PRO (which does both 2.4Ghz and 5Ghz WiFi) or the UAP (2.4Ghz only).
For Google TV Users
If you also have Google TV service, you’ll still need to connect your DVR box to your local LAN, even if you have the 2nd generation box that combines the Google Fiber box and DVR. All the required settings to make Google TV work with an EdgeRouter are in the config.boot
file. You do not need to run any additional script.
My config.boot
files used to include elements (inclduing igmp-proxy and multicast firewall settings) to enable Google TV on an EdgeRouter. However, Google had a terrible habit of changing the multicast addresses and settings without warning, thereby breaking Google TV service on the EdgeRouter. The Google TV settings are no longer part of my suggested configurations.
For Google TV users only, I now recommend installing a simple Gigabit switch, such as the NETGEAR GS105NA, “downstream” of the Google Fiber jack, then connecting both the Google Fiber TV box and the EdgeRouter’s WAN port to separate ports on the Gigabit switch. This separates the Google TV service from the EdgeRouter and will allow everything to function normally without having to chase down changing settings at Google’s whim.
You can then connect any set-top Google TV boxes in your house directly to your primary Google TV box.
A Word about Google Fiber IPv6 Addresses
Google might not allocate your IPv6 addresses immediately. You’ll likely have to wait until overnight until you see the IPv6 addresses for the WAN and LAN interfaces in the GUI. I’ve tried everything I can think of to kickstart the process, to no avail. You just have to wait.
Final Steps
Now that you’re online with an EdgeRouter instead of a Google Fiber Network Box, there are a few final steps you should take.
First, access the GUI via a web browser to https://192.168.1.1/
. Use ubnt
as the username and password to gain access.
Go to the Users tab, then fill in the info to add a new administrative user. Use something other than the obvious “admin” or “root.” Once that user is created, go to the top left corner of the GUI (where it says Welcome ubnt) and log out. Log back in as the newly created user, go back to the Users tab, and delete the ubnt user. Now you’re protected from default user and password access.
You can poke around inside the web interface a bit more, and see how all the command line changes you made look in the GUI. In the Wizards tab, you can tinker with the MSS clamping settings, and adjust them to your liking. In the Services / DNS tab, you can tweak the size of your DNS forwarding cache size (I’ve been using out 500 lately).
You can go to the Firewall/NAT tab and set up some port forwards, choosing any FROM and TO ports you want for any IP address on the LAN (which is what started me on this path in the first place).
Or you can just watch the Dashboard and monitor the Tx and Rx rates of each interface. Mine looks like this (my IPv4 and IPv6 WAN IP addresses are blacked out for security). Don’t be concerned that I’m using 192.168.0.1/24
and that my LAN is connected to eth0.
Pretend it reads 192.168.1.1/24
on eth1
to match the config in this article:
But one thing you must do is wave “goodbye” to your sad little Google Fiber Network Box.
Congratulations! You’ve replaced your Google Fiber Network Box with a much more useful and flexible business-class router: the affordable, powerful, and downright lovable Ubiquiti EdgeRouter!
As always, I welcome your questions, comments, and feedback below!
Further Reading:
- The “original” Google Fiber Network Box Support Thread
- Atlantisman’s original GFNB blog post and script
- Google Fiber + ERL thread on UBNT Forums
- Google Fiber TV Thread at UBNT Forums
- Flyover County Google Fiber blog posts #1 and #2