# Ubiquiti EdgeRouter Static **Extensive testing with different routers and cloud provider IPsec offerings has shown that these IPsec clients will significantly underperform an instance or server running IPsec. Running IPsec on a router should only be done when it is not possible to configure a pritunl-link client with port forwarding. Additionally many failover features will be unsupported when not using pritunl-link clients for IPsec.** **This documentation will configure IPsec running on an EdgeRouter connecting to Pritunl Link. Refer to the** [**Ubiquiti EdgeRouter**](/kb/vpn/tutorials/ubiquiti-edgerouter-tutorial.md) **documentation for running a Pritunl Link client on an EdgeRouter network.** Pritunl Link has support for the Ubiquiti EdgeRouters using IPsec links with a static host. A static host in Pritunl Link is a IPsec client that is not running the pritunl-link application. This allows connecting on-site routers that have support for IPsec. Using a static host will have some limitations such as not being able to automatically update changes to the link configuration. Most limitations such as failover support have been fixed or improved in recent Pritunl releases. For high bandwidth links it is recommended to run pritunl-link on a server using the [**Ubiquiti EdgeRouter**](/kb/vpn/tutorials/ubiquiti-edgerouter-tutorial.md) guide. The EdgeRouter will have limited IPsec performance. ### Enable Hardware Offloading It is important to first enable IPsec hardware offloading on the EdgeRouter. Without hardware offloading the IPsec connection will consume significant CPU power and will have very limited bandwidth. Refer to [**EdgeRouter Hardware Offloading Explained**](https://help.ubnt.com/hc/en-us/articles/115006567467-EdgeRouter-Hardware-Offloading-Explained) for information on configuring hardware offloading. The command `show ubnt offload` should show IPsec offloading enabled. ### EdgeRouter Performance The EdgeRouters have relatively limited CPU power, high bandwidth configurations should use a dedicated server running behind the EdgeRouter. During testing with an EdgeRouter ERPoe-5 bandwidth averaged around 75 megabits/sec. ### Configure EdgeRouter Static hosts are not able to automatically pull changes to the link configuration from the Pritunl server. Because of this the link configuration must be fully completed and all non-static hosts must be deployed first. The non-static hosts will push the public address of the host to the Pritunl server, this must be done before configuring the static host. If it's necessary to deploy a static host before non-static hosts the public address must be manually configured on the non-static hosts. To configure a EdgeRouter static host first create a location for the EdgeRouter network then click *Add Host* in the location. Then click *Advanced* at the top right and enable *Static Host*. Set the *Public Address* to the public IP address of the EdgeRouter. If an IPv6 link is being configured also set the *IPv6 Address*. ![](/files/Rgybou3pn6AOm2bkaBLO) Once done a *Get EdgeRouter Conf* button will be displayed on the right side of the host. Click this to get the configuration for the EdgeRouter. Connect to the EdgeRouter with SSH then run the command `configure` and paste these commands into the configuration mode. Then run `commit` and `save`. This will configure all the needed options and the router will then connect and route the traffic to the networks. ![](/files/7WNQXcAhR4U90kDbbKjU) The commands `show vpn ipsec status`, `show vpn ipsec state` and `sudo ipsec statusall` will show the status of the IPsec connection on the EdgeRouter. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.pritunl.com/kb/vpn/link/ubiquiti-edgerouter-static.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.