Got network?

[Guest asrequested]

There were other options I considered, but I liked what Syncback could do and with a 30 day trial, I gave it a try. So far so good

[Guest asrequested]

@@Swynol and @@mastrmind11 I can't get the router adopted. I keep getting 'adoption failed'. It doesn't seem to be connecting to my modem. In the controller dashboard, nothing is green. I've reset, reconfigured etc (all manner of jiggery pokery)....and it just won't do it. What process did you guys do to get it adopted?

 

UPDATE:

 

All good. I found this page, and it hadn't crossed my mind that I still had something connected to the old router, which meant that the IP was being retained. Now on to configuration

Edited July 22, 2017 by Doofus

[Swynol 375]

Is the controller on your local lan? Has the router been given an internal IP? Setup dhcp range in the controller software. Then have your router and pc with the controller on connected to the same switch. Try adoption again.

 

If it fails again download putty and ssh onto the router. You can set the inform URL manually.

 

Login is ubnt/ubnt

 

Set-inform http://IP-address-of-controller:8080/inform

 

Try adoption again. When it says adopting. Run the above again.

 

Should be ok then.

 

Other option, if it's getting an internal ip, open a web browser to the ip of the router. You can set it up first then adopt

[Guest asrequested]

Is the controller on your local lan? Has the router been given an internal IP? Setup dhcp range in the controller software. Then have your router and pc with the controller on connected to the same switch. Try adoption again.

 

If it fails again download putty and ssh onto the router. You can set the inform URL manually.

 

Login is ubnt/ubnt

 

Set-inform http://IP-address-of-controller:8080/inform

 

Try adoption again. When it says adopting. Run the above again.

 

Should be ok then.

 

Other option, if it's getting an internal ip, open a web browser to the ip of the router. You can set it up first then adopt

Thanks, but I figured it out. Take a look at my last post.

 

I just set up my AP, and I'm starting to look at the security

[Swynol 375]

Awesome

[Guest asrequested]

One thing that concerns me is that the site where you look at the stats isn't secure. And I can't enable cloud access. Any suggestions?

[pir8radio 1292]

Anyone have gigabit WAN on one of the unifi's?   Just curious if it could pass gigabit..  Lots of router/firewalls say YES or say they have gigabit ports but fail when you try to run a good speed test.      Looks like the price of these came way down.  

[Guest asrequested]

Anyone have gigabit WAN on one of the unifi's? Just curious if it could pass gigabit.. Lots of router/firewalls say YES or say they have gigabit ports but fail when you try to run a good speed test. Looks like the price of these came way down.

How I wish I could say yes

[mediacowboy 438]

This YouTube channel has pretty good info on unifi products

https://www.youtube.com/channel/UCVS6ejD9NLZvjsvhcbiDzjw

Edited July 23, 2017 by mediacowboy

[mediacowboy 438]

Here's a cool unifi idea

 

https://youtu.be/XIn-39o0g2M

[Guest asrequested]

I have mine running on my back up  server. It's always on. But that's cool for those who want something to run quietly in the background.

[dcrdev 251]

Anyone got any experience with ip over infiniband ?- it looks like a cheaper option than 10gbe.

[mastrmind11 717]

One thing that concerns me is that the site where you look at the stats isn't secure. And I can't enable cloud access. Any suggestions?

Did you get this sorted out?

[Swynol 375]

One thing that concerns me is that the site where you look at the stats isn't secure. And I can't enable cloud access. Any suggestions?

why do you think its not secure?

[Guest asrequested]

I got the cloud access taken care of. The site isn't secure, chrome warns you. It's HTTP not HTTPS. I talked to the guys at Ubiquiti. They told me I need to get my own cert, for it. I haven't gotten one, yet.

[Swynol 375]

ah ok fair enough. you can make it HTTPS quite easily. a free lets encrypt cert and a program called keystore explorer - https://blog.awelswynol.co.uk/2017/07/unifi-controller-install-and-ssl-https 

Edited September 8, 2017 by Happy2Play
fixed link

[Guest asrequested]

ah ok fair enough. you can make it HTTPS quite easily. a free lets encrypt cert and a program called keystore explorer - https://blog.awelswynol.co.uk/2017/07/unifi-controller-install-and-ssl-https

Thanks. I'll have to check that out

[Tur0k 143]

Here's a cool unifi idea

 

https://youtu.be/XIn-39o0g2M

Yep, I have unifi 5.0.7 running on an RPI 1B. I do need to update, there are some pretty cool new features available now. The RPI works perfectly.

 

 

Sent from my iPhone using Tapatalk

[mastrmind11 717]

Yep, I have unifi 5.0.7 running on an RPI 1B. I do need to update, there are some pretty cool new features available now. The RPI works perfectly.

 

 

Sent from my iPhone using Tapatalk

Yeah they're really ramping up their dev efforts.  Best change thus far is the in-built RADIUS server for VPN authentication.

[Guest asrequested]

I really need to learn more about configuring VPNs. I'd like to encrypted all my traffic.

[Guest asrequested]

What do you guys recommend for encrypting, using the unifi controller? I'm running 5.5.20.

[mastrmind11 717]

What do you guys recommend for encrypting, using the unifi controller? I'm running 5.5.20.

I don't thnk they've properly incorporated Client VPN functionality into the controller yet. Or they have but its only PPTP, which isn't secure at all, and most reputable VPN providers don't support it for that reason. It used to be only site-to-site  (ie, you're connecting 2 unifi routers via VPN).  I haven't looked in about a month so I might be wrong.  I was referring to remote VPN in my post, which is ridiculously simple now that they added RADIUS on the router and incorporated it into the controller UI.  

 

But yes, your best (and simplest) bet is to handle outbound VPN on the router, so I'd wait for that...

Edited September 8, 2017 by mastrmind11

[Guest asrequested]

I don't thnk they've properly incorporated Client VPN functionality into the controller yet. If I remember correctly it's only site-to-site (ie, you're connecting 2 unifi routers via VPN). I haven't looked in about a month so I might be wrong. I was referring to remote VPN in my post, which is ridiculously simple now that they added RADIUS on the router.

 

But yes, your best (and simplest) bet is to handle outbound VPN on the router, so I'd wait for that...

Some of the options are still beta. I haven't looked in a bit. I think I'll invest some time, this weekend.

[Tur0k 143]

Currently, I only have a unifi UAP AP. I am planning on replacing my current firmware hacked switch with a unifi US-24-250W Poe switch that can be managed by the controller.

 

I have 3 wifi networks and the main network is tied to my RADIUS server and allows me to support WPA2-enterprise encryption on my main wifi network. This allows me to use user level authentication and not a pre-shared key for all users. I have a guest wifi network that only allows access to the public Internet no internal access. This network is secured with a WPA2-PSK . I also have an infrastructure network (for devices that do not support WPA1/2 enterprise authentication. This network is heavily filtered and only allows access to specific internal and external resources.

 

 

I run PFSense as my firewall. And I must say this is the batman utility belt for network engineers. Currently, it is running on a mini pc running on an Intel i5-5200, 8GB RAM, 2 NICs, and 74 GB SSD. Hardware accelerated encryption is enabled because they CPU supports AES-NI code sets. Among many other services, I have

1. DDNS client for my domain

2. Let's encrypt Acme client for my non-local CA publicly trusted certs.

3. Reverse proxy to make internal resources public and then secure them with let's encrypt publicly trusted certs.

4. VPN server for clients.

5. RADIUS server running on the firewall.

6. IPV4 and IPV6

7. DHCP

8. Internal DNS that is secured and the firewall blocks port 53 dns requests to the outside world.

7. PFBlockerNG which allows me to use publicly accessible DNSBL lists to filter and deny bad DNS requests to my DNS server. The lists automatically update and apply on my firewall. With this I block ads, malicious sites etc. I also have PFBlockerNG setup with custom publicly accessible ip block lists that are dynamically updated to block malicious sites, ads, illicit content, hacked networks, and spammers. This makes my firewall's DNS and firewall service function very much like a Pi-Hole.

9. Web filter with A/V network level scanning.

10. An internal CA for my client accounts.

 

For secure connections I host a VPN on the firewall that I can use when in need of LAN access. The vpn service is tied a sub-domain I have, and uses a let's encrypt SSL certificate for the serverside. I also use my internal CA for client accounts that are allowed to acces the service.

 

Alternatively, I also host a reverse proxy on my PFSense firewall, that I use to securely make a few services accessible on the public Internet. Currently I host my Emby server, HA management UI, and my network monitoring tool on it. When I finally get my security cameras installed I will likely add that as well.

 

I have been working to secure my reverse proxy. Currently I am working to get the source IP for failed login attempts exported from all of the services I host publicly into my network monitor. Then after 5 bad attempts in 30 minutes, automatically add them to a custom deny list in PFBlockerNG for a week. I have this working with my HA solution, but need to spend some time with EMBY and my network monitoring tool.

 

The other component I need to finish up is e client certificate authentication, where in clients to the reverse proxy have to authenticate with the reverse proxy using a certificate I assign them. If they don't have a good cert, then they can't access the resource.

 

 

Sent from my iPhone using Tapatalk

Edited September 8, 2017 by Tur0k

[mastrmind11 717]

Currently, I only have a unifi UAP AP. I am planning on replacing my current firmware hacked switch with a unifi US-24-250W Poe switch that can be managed by the controller.

 

I have 3 wifi networks and the main network is tied to my RADIUS server and allows me to support WPA2-enterprise encryption on my main wifi network. This allows me to use user level authentication and not a pre-shared key for all users. I have a guest wifi network that only allows access to the public Internet no internal access. This network is secured with a WPA2-PSK . I also have an infrastructure network (for devices that do not support WPA1/2 enterprise authentication. This network is heavily filtered and only allows access to

 

 

I run PFSense as my firewall. Currently, it is running on a mini pc running on an Intel i5-5200, 8GB RAM, 2 NICs, and 74 GB SSD. Hardware accelerated encryption is enabled because they CPU supports AES-NI code sets. Among many other services, I have

1. DDNS client for my domain

2. Let's encrypt Acme client for my non-local CA publicly trusted certs.

3. Reverse proxy to make internal resources public and then secure them with let's encrypt publicly trusted certs.

4. VPN server for clients.

5. RADIUS server running on the firewall.

6. IPV4 and IPV6

7. DHCP

8. Internal DNS that is secured and blocks requests to the outside world.

7. PFBlockerNG which allows me to use DNSBL lists

 

For secure connections I host a VPN on the firewall that I can use when in need of LAN access. The vpn service is tied to

 

Alternatively, I also host a reverse proxy on my PFSense firewall, that I use to securely make a few services accessible on the public Internet. Currently I host my Emby server, HA management UI, and my network monitoring tool on it. When I finally get my security cameras installed I will likely add that as well.

 

 

 

Sent from my iPhone using Tapatalk

Which cameras are you going with?  I am thinking of going w/ the Unifi outdoor gear, reviews are good and I love my other Ubiquiti stuff.