Ubiquiti

Ubiquiti Networks is an American technology company started in 2005. Based in New York, NY, Ubiquiti manufactures wireless data communication products for enterprise and wireless broadband providers with a primary focus on under-served and emerging markets.

UNMS
Ubiquiti Network Management System

Installation

Community Forum

WEB
Official Guide

TFTP
airMAX - How to Reset Your Device with TFTP Firmware Recovery

root@ubuntu:tftp 192.168.1.20 tftp> bin tftp> trace tftp> put WA.v8.5.0.36727.180118.1314.bin Sent 1965199 bytes in 35.2 seconds tftp> exit

Then, SSH in, rename file, run the update command.

SSH
airMAX - How to Upgrade the Firmware Via CLI SSH

ssh ubnt@deviceip cd /tmp/ wget http://url/firmwarefile.bin mv firmwarefile.bin fwupdate.bin fwupdate.real -m /tmp/fwupdate.bin

OTHERS
Ingredigeek

UBNTMOD Update Linux Shell Script

Downloads
NanoStation locoM2

Returns
Ubiquiti RMA

Unifi Controller in the Cloud
Set up UniFi Controller on Google Cloud Platform

Install a UniFi Cloud Controller on Amazon Web Services

Migrating Sites with Site Export Wizard

Configuring Multiple Sites

IPsec L2TP
Web Search

EdgeRouter - IPsec L2TP Server

EdgeMAX L2TP over IPsec VPN Server with Firewall Exceptions (VIDEO)

EdgeRouter - PPTP VPN with local users / RADIUS

Windows 10 Tips

OpenVPN
EdgeRouter OpenVPN Server

Disable IGMP Snooping
Edit the config.properties file...

config.igmpsnoop_enabled.[ssid]=false

UniFi - Explaining the config.properties File

Using Raspberry Pi as a Monitor for UniFi Video Cameras
https://www.youtube.com/watch?v=oRrgn3DWinE

http://www.stocksy.co.uk/articles/Linux/using_a_raspberry_pi_as_a_monitor_for_ubiquiti_unifi_video_cameras/

Unifi UPGRADE Controller Software
https://community.ubnt.com/t5/UniFi-Updates-Blog/UniFi-Network-Controller-5-10-21-Stable-has-been-released/ba-p/2741854

Unifi UPGRADE Access Point Firmware
ssh ubnt@IP upgrade https://dl.ubnt.com/path/to/upgrade-vX.Y.Z.bin

https://help.ubnt.com/hc/en-us/articles/204910064-UniFi-Changing-the-firmware-of-a-UniFi-device

Unifi Unblock Client
On both the web interface and the smart phone app...

Insights > Client > Unblock

Unifi Video Firmware Upgrade To Fix Sun Shadow Issues
ubnt_system_cfg write test.analytics.bgmodel ubnt4; cfgmtd -w -p /etc; reboot

https://community.ubnt.com/t5/UniFi-Video-Blog/UniFi-Video-3-9-7-Release/ba-p/2393780

Unifi Video Cloud Accound
https://video.ubnt.com

Unifi Video Firewall Ports
7080 7443 7446

https://help.ubnt.com/hc/en-us/articles/217875218-UniFi-Video-Ports-Used

Reboot

 * 1) With a paper clip, depress the Reset button until you feel it click. Hold for 1 second, then let go.

Reset
Normal Method


 * 1) With a paper clip, depress the Reset button until you feel it click. Hold for 10 seconds, then let go.

Hail Mary Method


 * 1) Unplug the power cable.
 * 2) With a paper clip, depress the Reset button until you feel it click. Hold firm.
 * 3) Plug in power, while continuing to hold paper clip firm.
 * 4) Wait until the LED begins flashing in a repeating pattern: Off Blue White.
 * 5) Release paper clip reset.
 * 6) Unplug the power cable. Wait 5 seconds; say Hail Mary, and plug power cable back in.

EdgeMax Dual WAN Failover Load Balancing
https://help.ubnt.com/hc/en-us/articles/205145990-EdgeMAX-Dual-WAN-load-balance-feature

UniFi VoIP - How To Manage Themes
https://help.ubnt.com/hc/en-us/articles/224333808-UniFi-VoIP-Theme-Management-Guide

UniFi VoIP - How to Manually Upgrade UVP App/Platform
SipService.apk

UnifiPhone.apk

https://community.ubnt.com/t5/UniFi-VoIP/UniFi-VoIP-How-to-Manually-Upgrade-UVP-App-Platform/ta-p/1293920

List Active Leases
show dhcp leases pool LAN

List Expired Leases
show dhcp leases expired

Clear Lease For IP Address
clear dhcp lease ip 192.168.0.124

Fix Errors In Syslog
show log | grep 'dhcpd'

If you see similar to this in the syslog...

Mar 1 01:59:34 ubnt dhcpd: uid lease 192.168.0.124 for client fc:ec:da:62:f1:98 is duplicate on LAN

...then run the command...

clear dhcp lease ip 192.168.0.124

...which will clear all mention of that IP and restart the DHCP daemon.

Install NANO Editor
configure set system package repository debian url http://archive.debian.org/debian/ set system package repository debian distribution wheezy set system package repository debian components main commit save exit cat /etc/apt/sources.list deb http://archive.debian.org/debian/ wheezy main # debian # sudo apt-get update sudo apt-get check sudo apt-get install nano

HOWTO: Ping Test
/bin/ping -c5 1.1.1.1

HOWTO: Show PPP Connection Drops
show log | grep 'pppd'

Feb 6 09:25:38 ubnt pppd[1896]: Serial link appears to be disconnected. Feb 6 09:25:44 ubnt pppd[1896]: Connection terminated: no multilink. Feb 6 09:25:44 ubnt pppd[1896]: Modem hangup Feb 6 09:26:49 ubnt pppd[1896]: Timeout waiting for PADO packets Feb 6 09:26:54 ubnt pppd[1896]: Connected to e4:81:84:78:94:64 via interface eth0 Feb 6 09:26:54 ubnt pppd[1896]: Connect: ppp0 <--> eth0 Feb 6 09:26:54 ubnt pppd[1896]: CHAP authentication succeeded Feb 6 09:26:54 ubnt pppd[1896]: peer from calling number E4:81:84:78:94:64 authorized Feb 6 09:26:55 ubnt pppd[1896]: local  IP address xxx.xxx.xx.xx Feb  6 09:26:55 ubnt pppd[1896]: remote IP address xxx.xxx.130.249

HOWTO: Show PPP Log Verbose
Full details...

show interfaces pppoe pppoe0 log | cat

No response to 6 echo-requests Serial link appears to be disconnected. ipcp: down Connect time 103.8 minutes. Sent 88650017 bytes, received 2817987958 bytes. Script /etc/ppp/ip-down started (pid 8751) sent [LCP TermReq id=0x1a "Peer not responding"] sent [LCP TermReq id=0x1b "Peer not responding"] Connection terminated: no multilink. Modem hangup Script /etc/ppp/ip-down finished (pid 8751), status = 0x0

Just connected times...

show interfaces pppoe pppoe0 log | grep 'Connect time'

PPP Disconnects Check Script
LOGFILE=$HOME/ppp_disconnected.log NEW_LOG=$(egrep -i 'pppd.*disconnected' /var/log/messages |tail -n1 |sed 's/ / /') echo "NEW_LOG=$NEW_LOG" if [ ! -f $LOGFILE ]; then echo $NEW_LOG > $LOGFILE else OLD_LOG=$(cat $LOGFILE) echo "OLD_LOG=$OLD_LOG" if [ "$NEW_LOG" == "$OLD_LOG" ] ; then echo No change else echo $NEW_LOG > $LOGFILE echo Change echo "pppd,host=erx result=1" | nc 192.168.0.252 8094 /usr/bin/python /usr/bin/pushover-cli --quiet "${NEW_LOG}" "ERX" fi fi
 * 1) cat /root/ppp_disconnects_to_grafana.sh
 * 2) !/bin/bash

HOWTO: Show DNS Information
show dns forwarding status show dns forwarding statistics

HOWTO: Show Configuration
Config...

show configuration all

Commands...

show configuration commands

HOWTO: Check Firewall Port Forwarding Rules
Check config...

show configuration commands |grep 'port-forward'

Check kernel firewall iptables...

sudo -i iptables -L -v -n

HOWTO: Edit Date and Time On A Firewall Rule
show configuration commands |grep 'firewall.*' configure set firewall name LAN_IN rule 30 time starttime '21:59:59' commit save exit

HOWTO: Enable and Disable Firewall Rule
show configuration commands |grep 'firewall'  (so you can find the correct rule) configure delete firewall name LAN_IN rule 20 disable   (to enable rule) set firewall name LAN_IN rule 20 disable      (to disable rule) commit save exit

https://community.ubnt.com/t5/EdgeRouter/How-enable-firewall-rule-in-CLI/m-p/540854/highlight/true#M13284

HOWTO: Change Default User Password
configure set system login user ubnt authentication plaintext-password MyN3wP4ssw0rd commit save exit

HOWTO: Hardware Offloading
'''UPDATE: Yeah, jury is still out on this... on the ER-X it does not seem to make any difference and if you're using Smart Queue Management QoS then it won't work on that anyway!'''

Offloading is used to execute functions of the router using the hardware directly, rather than a process of software functions to greatly increase performance.

https://help.ubnt.com/hc/en-us/articles/115006567467

HOWTO: Smart Bandwidth Queue
Find your Download and Upload speed on the Internet (http://speedtest.net)

EdgeOS > QoS > Smart Queue > WAN Interface: pppoe0 > Upload:   Mbits/sec > Download:   Mbits/sec > Apply

https://community.ubnt.com/t5/EdgeRouter/ER-X-QoS-Smart-Queue-WAN-Interface-SOLVED/td-p/2315465

HOWTO: Bandwidth Limit Single IP Address
This will limit a single IP address of 192.168.0.17 (the teenager) to 1Mb download and 500Kb upload speed...

EdgeOS > QoS > Basic Queue > Add Queue > Source: 192.168.0.17 > Rate (upload): 500k > Queue Type: SFQ > Reverse Rate (download): 1m > Queue Type: SFQ > Apply

HOWTO: URL Blocking Proxy
configure set service webproxy listen-address 192.168.0.1  (IP Address of your edge router!) set service webproxy url-filtering squidguard local-block twitter.com set service webproxy url-filtering squidguard local-block facebook.com set service webproxy url-filtering squidguard local-block youtube.com commit save exit

https://help.ubnt.com/hc/en-us/articles/205202680-EdgeMAX-Web-proxy-service-for-filtering

https://ahmeddirie.com/technology/networking/url-filtering-and-blocking-crap-with-vyatta/

HOWTO: Add DNS Entries
ssh ubnt@192.168.0.1 ubnt@ubnt:~$ configure [edit] ubnt@ubnt# set system static-host-mapping host-name unifi inet 192.168.0.252 [edit] ubnt@ubnt# commit [edit] ubnt@ubnt# save Saving configuration to '/config/config.boot'... Done [edit] ubnt@ubnt# exit exit ubnt@ubnt:~$ logout Connection to 192.168.0.1 closed. host unifi ping unifi

HOWTO: Keep Custom Scripts After Firmware Upgrade
root@ubnt:~# ll /config/scripts/post-config.d/ total 20 drwxrwsr-x   2 root     vyattacf     536 Apr  5 11:19. drwxrwsr-x   4 root     vyattacf     616 Mar 28 13:04 .. -rwxr-xr-x   1 root     root         168 Mar 22 10:16 check_pppd.sh -rwxr-xr-x    1 root     root         545 Apr  5 11:19 ppp_disconnects_to_grafana.sh -rwxr-xr-x    1 root     root         244 Mar 22 10:11 speedtest.sh -rwxr-xr-x    1 root     root         194 Mar 22 10:12 speedtest_to_influx.sh -rwxr-xr-x    1 root     vyattacf     215 Mar 24 17:43 startup

cat /config/scripts/post-config.d/startup startup='/tmp/startup_check' if [ -e $startup ]; then echo "Startup exists. Exiting." exit 0; fi cp -av /config/scripts/*.sh /root/ crontab -u root /config/scripts/root.crontab touch $startup exit 0
 * 1) !/bin/bash

HOWTO: Upgrade EdgeOS firmware
https://help.ubnt.com/hc/en-us/articles/205146110-EdgeMAX-Upgrading-EdgeOS-firmware

ER-X
https://www.ubnt.com/download/edgemax/

NEW IMAGES WITH BOOTLOADER IMAGE


 * 1) Update firmware using cli (shown below this)
 * 2) Reboot
 * 3) Run commands below to Update Bootloader Image
 * 4) Reboot (this can take up to 10 minutes)

ubnt@erx:~$ show system boot-image The system currently has the following boot image installed: Current boot version: UNKNOWN Current boot md5sum : 7580ebd7ce9303243292f586ab7c6daf New uboot version is available: boot_e51_001_1e49c.tar.gz New boot md5sum : e2a286b6ff09ce6d14f631dafaff6027 Run "add system boot-image" to upgrade boot image. ubnt@erx:~$ add system boot-image Uboot version [UNKNOWN] is about to be replaced Warning: Don't turn off the power or reboot during the upgrade! Are you sure you want to replace old version? (Yes/No) [Yes]: Preparing to upgrade...Done Copying upgrade boot image...Done Checking boot version: Current is UNKNOWN; new is e51_001_1e49c ...Done Checking upgrade image...Done Writing image...Done Upgrade boot completed ubnt@erx:~$ show system boot-image The system currently has the following boot image installed: Current boot version: e51_001_1e49c Current boot md5sum : e2a286b6ff09ce6d14f631dafaff6027 ubnt@erx:~$ reboot now

Instructions


 * Latest Version: 1.10.9

Note: The ER-X/ER-X-SFP/EP-R6 has more limited storage, and in some cases upgrade may fail due to not enough space. If this happens, remove the old backup image first (using "delete system image" command below) before doing upgrade. The system will always have at least 2 images so you are alright to remove the older one.

Command Line

show version show system image delete system image show system image add system image https://dl.ubnt.com/firmwares/edgemax/v1.10.x/ER-e50.v1.10.9.5166958.tar show system image show system image storage sudo reboot show version show system image logout

HOWTO: How to Limit the Download/Upload Rate of LAN
https://help.ubnt.com/hc/en-us/articles/220716608

Useful CLI
https://www.reddit.com/r/Ubiquiti/comments/33zkhu/useful_edgerouter_cli_commands_settings/

https://community.ubnt.com/t5/EdgeRouter/How-enable-firewall-rule-in-CLI/m-p/540836/highlight/true#M13279

Firewall CLI
ssh ubnt@192.168.0.1 ubnt@ubnt:~$ configure ubnt@ubnt# show firewall name LAN_IN ubnt@ubnt# edit firewall name LAN_IN ubnt@ubnt# run show configuration commands ubnt@ubnt# set rule 7 time starttime '21:50:00' ubnt@ubnt# set rule 8 time starttime '21:50:00' ubnt@ubnt# compare ubnt@ubnt# commit ubnt@ubnt# top ubnt@ubnt# show firewall name LAN_IN ubnt@ubnt# save ubnt@ubnt# exit ubnt@ubnt:~$ logout

Check PPP Disconnects CLI
# # SHOW_LOG=$(egrep -i 'pppd.*disconnected' /var/log/messages |tail -n1) /usr/bin/python /usr/bin/pushover-cli --quiet "${SHOW_LOG}" "ERX"
 * 1) !/bin/bash
 * 1) check_pppd.sh

crontab -e @daily ~/check_pppd.sh

ROOT Crontabs After Firmware Upgrade CLI
47 2,14 * * * /root/speedtest.sh @hourly /root/speedtest_to_influx.sh @daily /root/check_pppd.sh

Speedtest CLI
Download python software...

curl -O https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py chmod a+rx speedtest.py sudo mv speedtest.py /usr/local/bin/speedtest-cli

Test python software...

speedtest-cli --simple --no-pre-allocate

Write shell scripts for cron...

vi /root/speedtest.sh /usr/local/bin/speedtest-cli --simple --no-pre-allocate --mini http://www.domain.co.uk/speedtest/mini/ >/tmp/speedtest_result.txt SHOW_LOG=$(cat /tmp/speedtest_result.txt) /usr/bin/python /usr/bin/pushover-cli --quiet "${SHOW_LOG}" "SPEEDTEST" chmod +x /root/speedtest.sh

vi /root/speedtest_to_influx.sh echo "speedtest,host=erx download=`grep 'Download' /tmp/speedtest_result.txt | awk '{ print $2 }'`,upload=`grep 'Upload' /tmp/speedtest_result.txt | awk '{ print $2 }'`" | nc 192.168.0.252 8094 chmod +x /root/speedtest_to_influx.sh

Add shell scripts to cron...

crontab -e 7 11,23 * * * /root/speedtest.sh @hourly /root/speedtest_to_influx.sh

Thanks - https://community.ubnt.com/t5/EdgeMAX/EdgeOS-Command-Line-Speed-Test-via-speedtest-net

Your Own Speedtest Mini Server
https://www.tecmint.com/speedtest-mini-server-to-test-bandwidth-speed/

wget http://c.speedtest.net/mini/mini.zip speedtest-cli --simple --no-pre-allocate --mini http://www.domain.co.uk/speedtest/mini/ >/tmp/speedtest-cli_result.txt

https://gist.github.com/sparanoid-bot/4441239

HOWTO: Time Based MAC Address Blocking
rule 10 { action drop description "Block Gaming PC" source { mac-address 11:11:11:11:11:11 }    time { starttime 22:00:00 stoptime 07:59:59 weekdays Mon,Tue,Wed,Thu }    time { starttime 00:00:00 stoptime 07:59:59 weekdays Fri,Sat } }


 * 1) Login
 * 2) Firewall / NAT
 * 3) Firewall Policies
 * 4) LAN_IN > Action > Edit Ruleset
 * 5) Add New Rule
 * 6) Description = Block Kids PC
 * 7) Tick Enable
 * 8) Action = Drop
 * 9) All Protocols
 * 10) Source = MAC Address
 * 11) Time > Start Time = 22:00:00 > Stop Time = 06:00:00
 * 12) Save
 * 13) Click little (x) next to tick
 * 14) Logout

Quoted here by me - https://community.ubnt.com/t5/EdgeMAX/Set-up-time-limits-for-kids-internet-access/m-p/1826628#M149231

Thanks to Ubiquiti Community Forum

HOWTO: Improve Throughput On PPPoE
configure set system offload ipv4 pppoe enable commit save exit

Thanks - https://blog.linitx.com/howto-significantly-improve-slow-throughput-edgerouter-lite-pppoe/

SSH Keys Access
Copy your SSH public key to the device...

scp /home/user/.ssh/id_rsa.pub ubnt@192.168.0.1:~/id_rsa.pub

Log in to the device...

ssh ubnt@192.168.0.1

Switch to configure mode...

configure

Load SSH key to the user...

loadkey ubnt ~/id_rsa.pub

Commit...

commit

Save ...

save

Exit...

exit

Logout and test...

exit ssh ubnt@192.168.0.1

Thanks - https://community.ubnt.com/t5/EdgeMAX/ssh-authorized-keys/td-p/458361

Thanks - http://www.bciuca.com/2014/02/08/edgemax-ssh-pubkey/

Network Monitoring Data Collection
SNMP

https://github.com/jbehrends/monitoring_scripts/blob/master/graphite/edgerouter_metrics.sh

https://gist.github.com/nbrownus/b6a5b1e16256f5ba035b5c0dcbae7532

Grafana

https://grafana.com/dashboards/1756

NetFlow

configure set system flow-accounting interface set system flow-accounting netflow engine-id <0-255> set system flow-accounting netflow server  port 2055 set system flow-accounting netflow version <1|5|9> commit
 * 1) Optional parameter if flows should be collected for egress traffic.
 * 2) set system flow-accounting netflow enable-egress

https://community.ubnt.com/t5/EdgeMAX/Help-setting-up-NetFlow/td-p/464367

https://community.ubnt.com/t5/EdgeMAX/Netflow/m-p/365221#M3097

https://www.reddit.com/r/Ubiquiti/comments/3kobad/netflow_on_edgerouter_x_on_17/

https://forums.manageengine.com/topic/ubiquiti-edgemax-analyzer-config-issue

nTop

http://www.ntop.org/nprobe/running-nprobe-and-ntopng-on-ubiquity-edgerouter-lite/

Forum
https://help.ubnt.com/hc/en-us/categories/200321064-EdgeMAX

Bootloader Update
curl -O https://dl.ubnt.com/firmwares/edgemax/v1.8.0/update-boot.sh sudo bash update-boot.sh reboot

https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-X-X-SFP-bootloader-update/ba-p/1472216

uPnP
Config Tree > service > upnp > listen-on > interface

SNMP
Official UniFi MIBs can be downloaded from HERE and HERE (those are 2 different files).

https://github.com/jbehrends/monitoring_scripts/blob/master/graphite/edgerouter_metrics.sh

http://leerspace.com/2014/11/08/snmp-and-mrtg-ubiquiti-edgerouter-lite-ubuntu-server/

https://gist.github.com/nbrownus/dfd8ab05728bbf8ff5993ac0d34eaeb6

CLI
https://community.ubnt.com/t5/EdgeMAX/EdgeOS-CLI-Primer-part-1/td-p/285388

Firewall Regions Explanation
WAN_IN is from the internet, through the router, and onward to your LAN. In very general terms, you want to drop 90% of this mess - it's script kiddies, port scans, nigerian princes, and anyone else you don't want able to head through your router. Obviously, you're gonna want to allow ports 80, 443, 25, and others if you're running those types of services. If you haven't got any idea what I'm talking about with those three ports, better to not open them.

WAN_LOCAL is from the internet to your router, with no intention of going farther. Best to just drop everything on this interface -- unless, for example it's a router at a remote site, and you've got a static at your main site, so you allow traffic from 10.10.x.y/28 (note, I'm using private address space as an example, real world would depend on your ISP).

LAN_IN is everything inbound to the router from your LAN (e.g. 192.168.1.0/24) that's destined for somewhere else (WAN, other LAN such as 192.168.2.0/24). In a SMB, or SOHO setup, this is probably explicitly permissive. In an enterprise setting, this may or may not be permissive (e.g. blocking all outgoing traffic except for SFTP on a non-standard port).

LAN_LOCAL is everything inbound to the router from your LAN destined for the router. Again, unless you're doing enterprise routing, this is probably fairly open - although good SMB setups with guest networks may block the guest network range.

Command Auto Completion
You can press the ? key to find the top-level commands, then type that command and ? again to find the options for that top-level command.

? show ? show version show interfaces show interfaces ? show interfaces ethernet

You can also use the keyboard Tab button to complete the options.

Show Configuration
There are 2 ways to show the current configuration - in a tree or in commands:-

show configuration all show configuration commands

If you use the 'commands' option, you can then grep or 'match' the output to limit results.

show configuration commands | match system

Edit Configuration
You have to enter 'edit' mode first, and it will show you after every command that you are in this 'edit' mode with a separate line just above the prompt showing [edit]...

configure

When you have finished your command changes, you can show your changes, to check...

compare

To make the changes active, you have to save them...

commit

Then, come out of configure mode...

exit

Unifi Security Gateway USG
Port Forwarding

Unifi Cloud Key
Troubleshooting Offline Cloud Key and Other Stability Issues

UniFi - Accounts and Passwords for Controller, Cloud Key, and Other Devices

EdgeRouter VDSL
ECI Openreach modem for FTTC B-FOCuS V-2FUb/r Rev.B

Yes it does support BT FTTC Infinity. Use PPoE and connect to white BT modem with Cat 5e cable. Set MTU at 1492.

https://community.ubnt.com/t5/UniFi-Routing-Switching/does-edgerouter-support-vdsl/td-p/1112045

https://community.plus.net/t5/Fibre-Broadband/Config-for-Ubiquiti-ER-X-EdgeRouter-X-on-Plusnet-FTTC/m-p/1293820

https://community.ubnt.com/t5/EdgeMAX/BT-infinity-fibre-optic-setup/m-p/1183648/highlight/true#M57491

http://wiki.indie-it.com/wiki/DSL_Devices#British_Telecom

Purchase


 * http://www.broadbandbuyer.co.uk/products/21797-ubiquiti-er-x-uk/
 * https://linitx.com/product/ubiquiti-edgemax-edgerouter-x-uk-psu/14588

https://mangolassi.it/search?term=er-x&in=titlesposts

Downloads
Firmware

User Guide

Default IP Address
192.168.1.20

https://192.168.1.20

Default Username & Password
Username: ubnt Password: ubnt

Maximum Password Length
Eight characters

IPSec VPN Passthrough
http://community.ubnt.com/t5/EdgeMAX/Newbie-Simple-1-LAN-1-WAN-SOHO-Setup/td-p/1377745

HOWTO: INSTALL: DEPENDANT SOFTWARE:
'''** THIS IS NOW NO LONGER REQUIRED. PLEASE SEE 16.04 INSTRUCTIONS BELOW **'''

ORACLE JAVA 8:
Add the repository:

sudo nano /etc/apt/sources.list deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main
 * 1) Java 8

Save (CTRL+o) and exit (CTRL+x).

Add the keyserver and install the software:

sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com EEA14886 sudo apt-get update sudo apt-get install jsvc oracle-java8-installer oracle-java8-set-default

Check the installed version:

java -version

MongoDB:
Open the sources.list and add the line shown in bold at the end of the file:

sudo nano /etc/apt/sources.list deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen

Save (CTRL+o) and exit (CTRL+x).

Add the keyserver and install the software:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10 sudo apt-get update sudo apt-get install mongodb

HOWTO: INSTALL: UniFi
UniFi can either be installed from a .deb file or via a PPA repository:

Ubuntu Server 16.04 From .deb File:

 * 1) Visit Ubiquiti's download page
 * 2) In the SOFTWARE section, click on "UniFi v4.x.x Controller for Debian/Ubuntu Linux"
 * 3) Locate the file called "unifi_sysvinit_all.deb" and download it

sudo dpkg -i unifi_sysvinit_all.deb sudo apt-get -f install

Ubuntu Server 14.04 From .deb File:

 * Visit Ubiquiti's download page
 * In the SOFTWARE section, click on "UniFi v4.x.x Controller for Debian/Ubuntu Linux"
 * Locate the file called "unifi_sysvinit_all.deb" and download it

sudo dpkg -i --force-depends unifi_sysvinit_all.deb

Ubuntu Server 14.04 From Repository:
The following is an installation on Ubuntu Server 14.04.

Add the repository and keyservers by editing the following file adding the lines shown in bold at the end of the file:

sudo nano /etc/apt/sources.list

deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen
 * 1) Ubiquiti Unifi
 * 1) Mongodb

Add the following key servers, the first for Unifi itself the second for MongoDB: sudo apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50 sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10 sudo apt-get update Finally install the software: sudo apt-get install unifi stable, or sudo apt-get install unifi-rapid better than standard not as bleeding edged as beta sudo apt-get install unifi-beta

HOWTO: Install a valid SSL Certificate in UniFi Controller
https://kx.cloudingenium.com/ubiquiti/unifi/install-valid-ssl-certificate-ubiquiti-networks-unifi-controller/

LetsEncrypt SSL Certificate
https://lg.io/2015/12/13/using-lets-encrypt-to-secure-cloud-hosted-services-like-ubiquitis-mfi-unifi-and-unifi-video.html

Official
http://community.ubnt.com/t5/UniFi-Wireless/Raspberry-Pi-and-Unifi/m-p/1167782#M91180

http://community.ubnt.com/t5/UniFi-Wireless/Finished-Raspberry-PI2-Image/m-p/1187658#M94346

http://community.ubnt.com/t5/UniFi-Controller-Installation/UniFi-Installing-the-Controller-software-on-Raspberry-Pi/ta-p/1127992

https://community.ubnt.com/t5/UniFi-Wireless/Unifi-4-6-3-on-raspberry-pi-2/m-p/1249829

https://community.ubnt.com/t5/UniFi-Wireless/New-upgraded-Raspberry-Pi-2-as-a-unifi-controller/td-p/1164776

Unofficial
Logan Marchione.

Kowen Houston - Instructions here.

Kowen Houston - Download here.

Erik Van Paassen

Lowe Family

Amazon Web Services

 * 1) Install a UniFi Cloud Controller on Amazon Web Services
 * 2) Change the Firmware Using Local Upgrade Via SSH
 * 3) Adopt to Remote UniFi Controller Via SSH

https://www.youtube.com/watch?v=NSMM5dT1vSk

https://www.youtube.com/watch?v=y5tkToD_nds

Cloud Controller
https://miketabor.com/install-ubiquiti-unifi-controller-cloud/

https://www.stevejenkins.com/blog/2016/05/diy-cloud-hosting-ubiquiti-ubnt-unifi-controller/

Define The Java Version:
Edit the following file, adding the path to Java 8 installation: sudo nano /etc/init.d/unifi JAVA_HOME= # Edit this line to match that shown below JAVA_HOME=/usr/lib/jvm/java-8-oracle

Open The Required Firewall Ports:
Open ports on the server's firewall (in this example UFW):

For internal connection: sudo ufw allow from 192.168.0.0/24 to any port 8080 proto tcp sudo ufw allow from 192.168.0.0/24 to any port 8081 proto tcp sudo ufw allow from 192.168.0.0/24 to any port 8443 proto tcp sudo ufw allow from 192.168.0.0/24 to any port 8843 proto tcp sudo ufw allow from 192.168.0.0/24 to any port 8880 proto tcp sudo ufw allow from 192.168.0.0/24 to any port 27117 proto tcp sudo ufw allow from 192.168.0.0/24 to any port 3478 proto udp

Details of the ports required by Unifi can be found here.

Port 3478 UDP relates to STUN server usage so if you are not using VOIP hardware this port is not needed.

If your server already uses any of the ports listed above how to change those used by Unifi can be found here.

The file to alter to use different ports can be found in the following location:

/usr/lib/unifi/data/system.properties

Accessing The Web Interface:
https://your.server.ip:8443/manage

All being well you should see similar to the picture below:



LED Lights
https://help.ubnt.com/hc/en-us/articles/204910134-UniFi-LED-Color-Patterns-in-UniFi-Devices

Wireless Networks + VLAN
Unifi Controller Admin

Wireless Networks


 * "red" --> normal
 * "green" --> advanced options --> VLAN 10

Networks


 * "red" --> Corporate --> Subnet 192.168.x.x/24
 * "green" --> VLAN Only --> VLAN 10

Profiles


 * Switch Ports --> "green" --> Native Network = "green(10)"
 * Switch Ports --> "red" --> Native Network = "red"

Unifi Traffic Bandwidth Limiting
How To Set Traffic Bandwith Limits

Unifi Krack Patch
Fix Krack Vulnerability

Backup File
/var/lib/unifi/backup/autobackup/

https://help.ubnt.com/hc/en-us/articles/205231940

config.properties File

 * https://help.ubnt.com/hc/en-us/articles/205146040
 * https://help.ubnt.com/hc/en-us/articles/205202580

Location, creation & edition:

cd var/lib/unifi/sites/{site_name} '''# This can be found from the address bar in the browser, if it is the first controller you have created it should be called 'default' sudo touch config.properties sudo nano -w config.properties

Log Files
https://help.ubnt.com/hc/en-us/articles/204959834

Zero Handoff
https://help.ubnt.com/hc/en-us/articles/205144590

Start, Stop or Restart
sudo service unifi start|stop|restart

View Log File
cat /var/log/unifi/server.log

Repair MongoDB
mongod --dbpath /usr/lib/unifi/data/db --smallfiles --logpath /usr/lib/unifi/logs/server.log --repair

https://help.ubnt.com/hc/en-us/articles/360006634094#3

Restore Backup
https://help.ubnt.com/hc/en-us/articles/204952144-UniFi-How-can-I-restore-a-backup-configuration-

LG Nexus 5 Not Connecting To UAP AC Lite 5GHz Wi-Fi
Change the 5GHz Channel to less than 52.

Thanks - https://community.ubnt.com/t5/UniFi-Wireless/AP-AC-Lite-5Ghz-no-SSID-shown-Nexus-5-not-connecting-to-5Ghz/td-p/1954343

Error: ace_stat bad offset repair database
Assertion failure: _unindex failed: bad offset:0 accessing file: /usr/lib/unifi/data/db/ace.0 - consider repairing database

https://community.ubnt.com/t5/UniFi-Wireless/HOW-TO-Repair-MongoDB-on-Linux/td-p/2198176 (with handy auto repair script)

https://community.ubnt.com/t5/UniFi-Wireless/Repair-MongoDB-filling-HD-with-tmp-repairDatabase-directories/td-p/1746765

https://community.ubnt.com/t5/UniFi-Wireless/How-to-repair-Mongo-DB-and-Restore-Journaling/td-p/1799965

https://community.ubnt.com/t5/UniFi-Wireless/Repair-Replace-Corrupted-Collections-in-MongoDB/td-p/2131432

My Forum Post

NOTES

Need to add a second virtual disk for the repair.

repairDatabase requires free disk space equal to the size of your current data set plus 2 gigabytes. If the volume that holds dbpath lacks sufficient space, you can mount a separate volume and use that for the repair. When mounting a separate volume for repairDatabase you must run repairDatabase from the command line and use the --repairpath switch to specify the folder in which to store temporary repair files. For example:

--repairpath

Default: A _tmp_repairDatabase_ directory under the dbPath. Specifies a working directory that MongoDB will use during the --repair operation. When --repair completes, the --repairpath directory is empty, and dbPath contains the repaired files. The --repairpath must be within the dbPath. You can specify a symlink to --repairpath to use a path on a different file system.

mongod --repair --repairpath /opt/vol2/data

NEW

sudo -i service unifi stop service unifi-voip stop service unifi-video stop pkill -KILL mongod pidof mongod rm -fv /var/lib/unifi/db/mongod.lock su -c "mongod --dbpath /var/lib/unifi/db --repair" unifi service unifi start

OLD

$ /usr/bin/mongo --port 27117 MongoDB shell version: 2.0.4 connecting to: 127.0.0.1:27117/test > use ace switched to db ace > db.repairDatabase { "ok" : 1 } > exit bye

If that does not work, then you will have to stop unifi, uninstall, clear db folder (/usr/lib/unifi/data/db), install same version, restore from backup.

sudo apt-get remove unifi sudo apt-get autoremove (to nuke mongodb stuff) mv /var/lib/unifi /var/lib/unifi.bak (later to be deleted) sudo apt-get install unifi

Error: MongoDB Journal Files Eating Disc Space.
A. MONGO DB PRUNE OLD DATA FIX

wget "https://help.ubnt.com/hc/article_attachments/115024095828/mongo_prune_js.js" sudo mongo --port 27117 < mongo_prune_js.js

Official Unifi Page

B. SMALL FILES FIX


 * 1) stop system wide mongodb from starting
 * 2) edit system.properties file for smallfiles parameter
 * 3) start unifi

sudo nano /etc/init/mongodb.conf ENABLE_MONGODB="no" sudo nano /usr/lib/unifi/data/system.properties unifi.db.extraargs=--smallfiles sudo update-rc.d -f mongodb remove sudo service unifi start

Thanks - https://community.ubnt.com/t5/UniFi-Wireless/UNIFI-Eating-all-disk-space-Mongodb/td-p/395410

Also - https://help.ubnt.com/hc/en-us/articles/204911424-UniFi-How-to-remove-prune-older-data-and-adjust-mongo-database-size

$ ll /var/lib/mongodb/journal/ total 3.1G drwxr-xr-x 2 mongodb nogroup 4.0K 2015-08-03 15:54. drwxr-xr-x 3 mongodb mongodb 4.0K 2015-08-03 15:22 .. -rw--- 1 mongodb nogroup 1.0G 2015-08-03 15:54 prealloc.0 -rw--- 1 mongodb nogroup 1.0G 2015-08-03 15:43 prealloc.1 -rw--- 1 mongodb nogroup 1.0G 2015-08-03 15:43 prealloc.2

$ rm -rfv /var/lib/mongodb/journal/* removed ‘/var/lib/mongodb/journal/prealloc.0’ removed ‘/var/lib/mongodb/journal/prealloc.1’ removed ‘/var/lib/mongodb/journal/prealloc.2’

$ df Filesystem    Type  Size  Used Avail Use% Mounted on /dev/sda1      ext4   10G  3.5G  6.0G  37% /

$ nano /usr/lib/unifi/data/system.properties unifi.db.nojournal=true      # disable mongodb journaling

Error: Keystore Missing.
If the the following is listed in the error log file:

/usr/lib/unifi/data/keystore (No such file or directory)

FIX

sudo service unifi stop sudo keytool -genkey -keyalg RSA -alias selfsigned -keystore /usr/lib/unifi/data/keystore -storepass aircontrolenterprise -validity 365 -keysize 2048 -destalias unifi

Answer the following questions by pressing enter up until the line starting "Is CN=" when you will need to answer "Y" then press enter:

What is your first and last name? [Unknown]: What is the name of your organizational unit? [Unknown]: What is the name of your organization? [Unknown]: What is the name of your City or Locality? [Unknown]: What is the name of your State or Province? [Unknown]: What is the two-letter country code for this unit? [Unknown]: Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? [no]:

Finally start Unifi:

sudo service unifi start

Thanks to Calvin Bui.

HOME

 * 1) Modem Router Firewall
 * 2) POE Switch
 * 3) Wi-Fi Access Point

Mental Home Network
Mental Home Network

Guest Network
https://www.youtube.com/watch?v=I8D6ju2AvpI

https://help.ubnt.com/hc/en-us/articles/115000166827-UniFi-Wireless-Guest-Network-Setup

Ubiquiti Videos
Various

Review
http://arstechnica.com/gadgets/2015/10/review-ubiquiti-unifi-made-me-realize-how-terrible-consumer-wi-fi-gear-is/

CLI
https://help.ubnt.com/hc/en-us/articles/204976584-EdgeMAX-Connect-to-CLI-With-Telnet

http://community.ubnt.com/t5/tkb/v2/page/blog-id/CLI_Basics%40tkb/page/1

EdgeRouter Pro
http://community.ubnt.com/t5/EdgeMAX/Newbie-Simple-1-LAN-1-WAN-SOHO-Setup/m-p/1377745

http://community.ubnt.com/t5/EdgeMAX/Basic-SOHO-Home-Config/m-p/398057

https://help.ubnt.com/hc/en-us/articles/205197660-EdgeMAX-SOHO-Example

http://sohovercomplicated.com/edgerouter-basic-soho-router-firewall-part-1-the-basics/

UniFi
https://community.ubnt.com/t5/UniFi-Updates-Blog/UniFi-3-2-7-is-released/ba-p/1085473

https://community.ubnt.com/t5/UniFi-Wireless/Unifi-4-2-Controller-Install-Guide-Linux-Ubuntu-Server-14-10/td-p/1158280

https://community.ubnt.com/t5/UniFi-Wireless/UNIFI-controller-for-linux/m-p/962877

https://community.ubnt.com/t5/UniFi-Wireless/UniFi-controller-on-Debian-v7-1-x64-not-working/td-p/523245

http://wiki.ubnt.com/UniFi_FAQ#Operation_and_Deployment

http://sunstatetechnology.com/docs/UniFiControllerInstallation.pdf

https://calvin.me/install-unifi-controller-ubuntu/

https://community.ubnt.com/t5/UniFi-Wireless/Unifi-Controller-Setup-for-Remote-Location-Cloud-NOC/td-p/312142

http://community.ubnt.com/t5/UniFi-Controller-Installation/UniFi-Install-the-controller-software-on-the-UniFi-Video-NVR/ta-p/814754

https://www.youtube.com/watch?v=NSMM5dT1vSk

http://www.msdist.co.uk/Unifi_questions_extract_from_Ubiquiti_Forum.pdf

https://www.youtube.com/watch?v=juE0qH-D6Gs&index=3&list=PLqmQzXAOhOQj8AT31sc1seFJG0v0sSQ0m

https://www.youtube.com/watch?v=uKxgyt1kArw&index=15&list=PLqmQzXAOhOQj8AT31sc1seFJG0v0sSQ0m

Error related:

https://community.ubnt.com/t5/UniFi-Wireless/UniFi-Apache-500-Error/td-p/948953

https://community.ubnt.com/t5/UniFi-Wireless/UniFi-on-Ubuntu-help-needed/td-p/238635

http://community.ubnt.com/t5/UniFi-Wireless/HTTP-Status-400/td-p/621497

http://community.ubnt.com/t5/UniFi-Wireless/Apache-Tomcat-HTTP-Status-400/m-p/654089/highlight/true

http://forum.thecus.com/viewtopic.php?f=36&t=8004