Guest asrequested Posted July 19, 2017 Share Posted July 19, 2017 There were other options I considered, but I liked what Syncback could do and with a 30 day trial, I gave it a try. So far so good Link to comment Share on other sites More sharing options...
Guest asrequested Posted July 22, 2017 Share Posted July 22, 2017 (edited) @@Swynol and @@mastrmind11 I can't get the router adopted. I keep getting 'adoption failed'. It doesn't seem to be connecting to my modem. In the controller dashboard, nothing is green. I've reset, reconfigured etc (all manner of jiggery pokery)....and it just won't do it. What process did you guys do to get it adopted? UPDATE: All good. I found this page, and it hadn't crossed my mind that I still had something connected to the old router, which meant that the IP was being retained. Now on to configuration Edited July 22, 2017 by Doofus 1 Link to comment Share on other sites More sharing options...
Swynol 375 Posted July 22, 2017 Share Posted July 22, 2017 Is the controller on your local lan? Has the router been given an internal IP? Setup dhcp range in the controller software. Then have your router and pc with the controller on connected to the same switch. Try adoption again. If it fails again download putty and ssh onto the router. You can set the inform URL manually. Login is ubnt/ubnt Set-inform http://IP-address-of-controller:8080/inform Try adoption again. When it says adopting. Run the above again. Should be ok then. Other option, if it's getting an internal ip, open a web browser to the ip of the router. You can set it up first then adopt Link to comment Share on other sites More sharing options...
Guest asrequested Posted July 22, 2017 Share Posted July 22, 2017 Is the controller on your local lan? Has the router been given an internal IP? Setup dhcp range in the controller software. Then have your router and pc with the controller on connected to the same switch. Try adoption again. If it fails again download putty and ssh onto the router. You can set the inform URL manually. Login is ubnt/ubnt Set-inform http://IP-address-of-controller:8080/inform Try adoption again. When it says adopting. Run the above again. Should be ok then. Other option, if it's getting an internal ip, open a web browser to the ip of the router. You can set it up first then adopt Thanks, but I figured it out. Take a look at my last post. I just set up my AP, and I'm starting to look at the security 1 Link to comment Share on other sites More sharing options...
Swynol 375 Posted July 23, 2017 Share Posted July 23, 2017 Awesome Link to comment Share on other sites More sharing options...
Guest asrequested Posted July 23, 2017 Share Posted July 23, 2017 One thing that concerns me is that the site where you look at the stats isn't secure. And I can't enable cloud access. Any suggestions? Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted July 23, 2017 Share Posted July 23, 2017 Anyone have gigabit WAN on one of the unifi's? Just curious if it could pass gigabit.. Lots of router/firewalls say YES or say they have gigabit ports but fail when you try to run a good speed test. Looks like the price of these came way down. Link to comment Share on other sites More sharing options...
Guest asrequested Posted July 23, 2017 Share Posted July 23, 2017 Anyone have gigabit WAN on one of the unifi's? Just curious if it could pass gigabit.. Lots of router/firewalls say YES or say they have gigabit ports but fail when you try to run a good speed test. Looks like the price of these came way down. How I wish I could say yes Link to comment Share on other sites More sharing options...
mediacowboy 438 Posted July 23, 2017 Share Posted July 23, 2017 (edited) This YouTube channel has pretty good info on unifi products https://www.youtube.com/channel/UCVS6ejD9NLZvjsvhcbiDzjw Edited July 23, 2017 by mediacowboy 1 Link to comment Share on other sites More sharing options...
mediacowboy 438 Posted September 7, 2017 Share Posted September 7, 2017 Here's a cool unifi idea https://youtu.be/XIn-39o0g2M 1 Link to comment Share on other sites More sharing options...
Guest asrequested Posted September 8, 2017 Share Posted September 8, 2017 I have mine running on my back up server. It's always on. But that's cool for those who want something to run quietly in the background. Link to comment Share on other sites More sharing options...
dcrdev 251 Posted September 8, 2017 Share Posted September 8, 2017 Anyone got any experience with ip over infiniband ?- it looks like a cheaper option than 10gbe. Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted September 8, 2017 Share Posted September 8, 2017 One thing that concerns me is that the site where you look at the stats isn't secure. And I can't enable cloud access. Any suggestions? Did you get this sorted out? Link to comment Share on other sites More sharing options...
Swynol 375 Posted September 8, 2017 Share Posted September 8, 2017 One thing that concerns me is that the site where you look at the stats isn't secure. And I can't enable cloud access. Any suggestions? why do you think its not secure? Link to comment Share on other sites More sharing options...
Guest asrequested Posted September 8, 2017 Share Posted September 8, 2017 I got the cloud access taken care of. The site isn't secure, chrome warns you. It's HTTP not HTTPS. I talked to the guys at Ubiquiti. They told me I need to get my own cert, for it. I haven't gotten one, yet. Link to comment Share on other sites More sharing options...
Swynol 375 Posted September 8, 2017 Share Posted September 8, 2017 (edited) ah ok fair enough. you can make it HTTPS quite easily. a free lets encrypt cert and a program called keystore explorer - https://blog.awelswynol.co.uk/2017/07/unifi-controller-install-and-ssl-https Edited September 8, 2017 by Happy2Play fixed link Link to comment Share on other sites More sharing options...
Guest asrequested Posted September 8, 2017 Share Posted September 8, 2017 ah ok fair enough. you can make it HTTPS quite easily. a free lets encrypt cert and a program called keystore explorer - https://blog.awelswynol.co.uk/2017/07/unifi-controller-install-and-ssl-https Thanks. I'll have to check that out Link to comment Share on other sites More sharing options...
Tur0k 143 Posted September 8, 2017 Share Posted September 8, 2017 Here's a cool unifi idea https://youtu.be/XIn-39o0g2M Yep, I have unifi 5.0.7 running on an RPI 1B. I do need to update, there are some pretty cool new features available now. The RPI works perfectly. Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted September 8, 2017 Share Posted September 8, 2017 Yep, I have unifi 5.0.7 running on an RPI 1B. I do need to update, there are some pretty cool new features available now. The RPI works perfectly. Sent from my iPhone using Tapatalk Yeah they're really ramping up their dev efforts. Best change thus far is the in-built RADIUS server for VPN authentication. 1 Link to comment Share on other sites More sharing options...
Guest asrequested Posted September 8, 2017 Share Posted September 8, 2017 I really need to learn more about configuring VPNs. I'd like to encrypted all my traffic. Link to comment Share on other sites More sharing options...
Guest asrequested Posted September 8, 2017 Share Posted September 8, 2017 What do you guys recommend for encrypting, using the unifi controller? I'm running 5.5.20. Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted September 8, 2017 Share Posted September 8, 2017 (edited) What do you guys recommend for encrypting, using the unifi controller? I'm running 5.5.20. I don't thnk they've properly incorporated Client VPN functionality into the controller yet. Or they have but its only PPTP, which isn't secure at all, and most reputable VPN providers don't support it for that reason. It used to be only site-to-site (ie, you're connecting 2 unifi routers via VPN). I haven't looked in about a month so I might be wrong. I was referring to remote VPN in my post, which is ridiculously simple now that they added RADIUS on the router and incorporated it into the controller UI. But yes, your best (and simplest) bet is to handle outbound VPN on the router, so I'd wait for that... Edited September 8, 2017 by mastrmind11 Link to comment Share on other sites More sharing options...
Guest asrequested Posted September 8, 2017 Share Posted September 8, 2017 I don't thnk they've properly incorporated Client VPN functionality into the controller yet. If I remember correctly it's only site-to-site (ie, you're connecting 2 unifi routers via VPN). I haven't looked in about a month so I might be wrong. I was referring to remote VPN in my post, which is ridiculously simple now that they added RADIUS on the router. But yes, your best (and simplest) bet is to handle outbound VPN on the router, so I'd wait for that... Some of the options are still beta. I haven't looked in a bit. I think I'll invest some time, this weekend. Link to comment Share on other sites More sharing options...
Tur0k 143 Posted September 8, 2017 Share Posted September 8, 2017 (edited) Currently, I only have a unifi UAP AP. I am planning on replacing my current firmware hacked switch with a unifi US-24-250W Poe switch that can be managed by the controller. I have 3 wifi networks and the main network is tied to my RADIUS server and allows me to support WPA2-enterprise encryption on my main wifi network. This allows me to use user level authentication and not a pre-shared key for all users. I have a guest wifi network that only allows access to the public Internet no internal access. This network is secured with a WPA2-PSK . I also have an infrastructure network (for devices that do not support WPA1/2 enterprise authentication. This network is heavily filtered and only allows access to specific internal and external resources. I run PFSense as my firewall. And I must say this is the batman utility belt for network engineers. Currently, it is running on a mini pc running on an Intel i5-5200, 8GB RAM, 2 NICs, and 74 GB SSD. Hardware accelerated encryption is enabled because they CPU supports AES-NI code sets. Among many other services, I have 1. DDNS client for my domain 2. Let's encrypt Acme client for my non-local CA publicly trusted certs. 3. Reverse proxy to make internal resources public and then secure them with let's encrypt publicly trusted certs. 4. VPN server for clients. 5. RADIUS server running on the firewall. 6. IPV4 and IPV6 7. DHCP 8. Internal DNS that is secured and the firewall blocks port 53 dns requests to the outside world. 7. PFBlockerNG which allows me to use publicly accessible DNSBL lists to filter and deny bad DNS requests to my DNS server. The lists automatically update and apply on my firewall. With this I block ads, malicious sites etc. I also have PFBlockerNG setup with custom publicly accessible ip block lists that are dynamically updated to block malicious sites, ads, illicit content, hacked networks, and spammers. This makes my firewall's DNS and firewall service function very much like a Pi-Hole. 9. Web filter with A/V network level scanning. 10. An internal CA for my client accounts. For secure connections I host a VPN on the firewall that I can use when in need of LAN access. The vpn service is tied a sub-domain I have, and uses a let's encrypt SSL certificate for the serverside. I also use my internal CA for client accounts that are allowed to acces the service. Alternatively, I also host a reverse proxy on my PFSense firewall, that I use to securely make a few services accessible on the public Internet. Currently I host my Emby server, HA management UI, and my network monitoring tool on it. When I finally get my security cameras installed I will likely add that as well. I have been working to secure my reverse proxy. Currently I am working to get the source IP for failed login attempts exported from all of the services I host publicly into my network monitor. Then after 5 bad attempts in 30 minutes, automatically add them to a custom deny list in PFBlockerNG for a week. I have this working with my HA solution, but need to spend some time with EMBY and my network monitoring tool. The other component I need to finish up is e client certificate authentication, where in clients to the reverse proxy have to authenticate with the reverse proxy using a certificate I assign them. If they don't have a good cert, then they can't access the resource. Sent from my iPhone using Tapatalk Edited September 8, 2017 by Tur0k Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted September 8, 2017 Share Posted September 8, 2017 Currently, I only have a unifi UAP AP. I am planning on replacing my current firmware hacked switch with a unifi US-24-250W Poe switch that can be managed by the controller. I have 3 wifi networks and the main network is tied to my RADIUS server and allows me to support WPA2-enterprise encryption on my main wifi network. This allows me to use user level authentication and not a pre-shared key for all users. I have a guest wifi network that only allows access to the public Internet no internal access. This network is secured with a WPA2-PSK . I also have an infrastructure network (for devices that do not support WPA1/2 enterprise authentication. This network is heavily filtered and only allows access to I run PFSense as my firewall. Currently, it is running on a mini pc running on an Intel i5-5200, 8GB RAM, 2 NICs, and 74 GB SSD. Hardware accelerated encryption is enabled because they CPU supports AES-NI code sets. Among many other services, I have 1. DDNS client for my domain 2. Let's encrypt Acme client for my non-local CA publicly trusted certs. 3. Reverse proxy to make internal resources public and then secure them with let's encrypt publicly trusted certs. 4. VPN server for clients. 5. RADIUS server running on the firewall. 6. IPV4 and IPV6 7. DHCP 8. Internal DNS that is secured and blocks requests to the outside world. 7. PFBlockerNG which allows me to use DNSBL lists For secure connections I host a VPN on the firewall that I can use when in need of LAN access. The vpn service is tied to Alternatively, I also host a reverse proxy on my PFSense firewall, that I use to securely make a few services accessible on the public Internet. Currently I host my Emby server, HA management UI, and my network monitoring tool on it. When I finally get my security cameras installed I will likely add that as well. Sent from my iPhone using Tapatalk Which cameras are you going with? I am thinking of going w/ the Unifi outdoor gear, reviews are good and I love my other Ubiquiti stuff. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now