Ubiquiti

From Indie IT Wiki
Jump to: navigation, search

Ubiquiti Networks is an American technology company started in 2005. Based in New York, NY, Ubiquiti manufactures wireless data communication products for enterprise and wireless broadband providers with a primary focus on under-served and emerging markets.

Contents

UNMS

Ubiquiti Network Management System

Installation

Community Forum

AirMAX AirOS

Update

WEB

Official Guide

TFTP

airMAX - How to Reset Your Device with TFTP Firmware Recovery

root@ubuntu:tftp 192.168.1.20
tftp> bin
tftp> trace
tftp> put WA.v8.5.0.36727.180118.1314.bin
Sent 1965199 bytes in 35.2 seconds 
tftp> exit

Then, SSH in, rename file, run the update command.

SSH

airMAX - How to Upgrade the Firmware Via CLI SSH

ssh ubnt@deviceip
cd /tmp/
wget http://url/firmwarefile.bin
mv firmwarefile.bin fwupdate.bin
fwupdate.real -m /tmp/fwupdate.bin

OTHERS

Ingredigeek

UBNTMOD Update Linux Shell Script

Downloads

NanoStation locoM2

Returns

Ubiquiti RMA

Unifi Controller in the Cloud

Set up UniFi Controller on Google Cloud Platform

Install a UniFi Cloud Controller on Amazon Web Services

Migrating Sites with Site Export Wizard

Configuring Multiple Sites

VPN

IPsec L2TP

Web Search

EdgeRouter - IPsec L2TP Server

EdgeMAX L2TP over IPsec VPN Server with Firewall Exceptions (VIDEO)

EdgeRouter - PPTP VPN with local users / RADIUS

Windows 10 Tips

OpenVPN

EdgeRouter OpenVPN Server

Disable IGMP Snooping

Edit the config.properties file...

config.igmpsnoop_enabled.[ssid]=false

UniFi - Explaining the config.properties File

Using Raspberry Pi as a Monitor for UniFi Video Cameras

https://www.youtube.com/watch?v=oRrgn3DWinE

http://www.stocksy.co.uk/articles/Linux/using_a_raspberry_pi_as_a_monitor_for_ubiquiti_unifi_video_cameras/

Unifi UPGRADE Controller Software

Easy Upgrade Scripts for Ubuntu Linux

Blog Release Notes

Unifi Controller Versions

Unifi UPGRADE Access Point Firmware

ssh ubnt@IP
upgrade https://dl.ubnt.com/path/to/upgrade-vX.Y.Z.bin

https://help.ubnt.com/hc/en-us/articles/204910064-UniFi-Changing-the-firmware-of-a-UniFi-device

Unifi Unblock Client

On both the web interface and the smart phone app...

Insights > Client > Unblock

Unifi Video Firmware Upgrade To Fix Sun Shadow Issues

ubnt_system_cfg write test.analytics.bgmodel ubnt4; cfgmtd -w -p /etc; reboot

https://community.ubnt.com/t5/UniFi-Video-Blog/UniFi-Video-3-9-7-Release/ba-p/2393780

Unifi Video Cloud Accound

https://video.ubnt.com

Unifi Video Firewall Ports

7080
7443
7446

https://help.ubnt.com/hc/en-us/articles/217875218-UniFi-Video-Ports-Used

Unifi Switch 24

Reboot

  1. With a paper clip, depress the Reset button until you feel it click. Hold for 1 second, then let go.

Reset

Normal Method

  1. With a paper clip, depress the Reset button until you feel it click. Hold for 10 seconds, then let go.

Hail Mary Method

  1. Unplug the power cable.
  2. With a paper clip, depress the Reset button until you feel it click. Hold firm.
  3. Plug in power, while continuing to hold paper clip firm.
  4. Wait until the LED begins flashing in a repeating pattern: Off Blue White.
  5. Release paper clip reset.
  6. Unplug the power cable. Wait 5 seconds; say Hail Mary, and plug power cable back in.

EdgeMax Dual WAN Failover Load Balancing

https://help.ubnt.com/hc/en-us/articles/205145990-EdgeMAX-Dual-WAN-load-balance-feature

UniFi VoIP - How To Manage Themes

https://help.ubnt.com/hc/en-us/articles/224333808-UniFi-VoIP-Theme-Management-Guide

UniFi VoIP - How to Manually Upgrade UVP App/Platform

SipService.apk

UnifiPhone.apk

https://community.ubnt.com/t5/UniFi-VoIP/UniFi-VoIP-How-to-Manually-Upgrade-UVP-App-Platform/ta-p/1293920

EdgeMAX

DHCP

List Active Leases

show dhcp leases pool LAN

List Expired Leases

show dhcp leases expired

Clear Lease For IP Address

clear dhcp lease ip 192.168.0.124

Fix Errors In Syslog

show log | grep 'dhcpd'

If you see similar to this in the syslog...

Mar  1 01:59:34 ubnt dhcpd: uid lease 192.168.0.124 for client fc:ec:da:62:f1:98 is duplicate on LAN

...then run the command...

clear dhcp lease ip 192.168.0.124

...which will clear all mention of that IP and restart the DHCP daemon.

EdgeRouterX with DrayTek Vigor 130

The Vigor 130 is a pre-configured VDSL2 / ADSL2+ modem that takes a VDSL2 or ADSL2+ connection and performs full pass-through / bridge to Ethernet presentation, which can then be used by a device such as a router to connect directly to the internet. For the official specification of the Vigor130, refer to this link.

The Vigor 130 does not store any Internet usernames or passwords itself - those go into your router, or whatever you are connecting to the Vigor 130.

The settings on the Vigor 130 are correct for most UK lines out of the box, so in most cases it should only be necessary to configure the router that it is connected to.

The DrayTek Vigor 130 modem has a web interface available on http://192.168.2.1 (username of "admin" and password of "admin" by default).

This can be used to check ADSL / VDSL diagnostic information or re-configure the modem to bridge a DHCP / Static IP connection if required.

Some routers such as the Vigor 2860 and Vigor 2925 can display the Vigor 130's VDSL statistics automatically in the router's web interface, which can be found in the [Online Status] > [Physical Connection] page of the router's web interface.

Default Vigor 130 settings:

  • Configured to pass through a PPPoE connection
  • VDSL2 VLAN Tag is set to 101
  • ADSL VPI/VCI is set to 0/38 for PPPoA connections, 0/101 for MPoA connections

The above are the correct settings for the majority of UK ISPs so you do not need to change any settings on your Vigor 130 or access its web interface. Go straight to your router setup. Some exceptions are Kingston/Karoo, O2 and Vodafone Ireland - each of those has their own settings, so check with them for their latest, specifically for your DSL type (ADSL or VDSL).

Setup Procedure:

  1. Connect the RJ-11 port (marked 'DSL') on the Vigor 130 to the VDSL or ADSL line.
  2. Connect the RJ-45 Ethernet port on the Vigor 130 to the WAN ethernet port of your router (or PC).
  3. Configure the WAN interface on your router to use PPPoE and enter the username and password details for the internet connection.

DrayTek Vigor 130 (Official Web Page)

Ubiquiti Forum Post #1

Maintaining Access to the DrayTek Vigor 130 Web GUI Interface

Install NANO Editor

configure
set system package repository debian url http://archive.debian.org/debian/
set system package repository debian distribution wheezy
set system package repository debian components main
commit
save
exit

cat /etc/apt/sources.list
deb http://archive.debian.org/debian/ wheezy main # debian #

sudo apt-get update
sudo apt-get check
sudo apt-get install nano

HOWTO: Ping Test

/bin/ping -c5 1.1.1.1

HOWTO: Show PPP Connection Drops

show log | grep 'pppd'
Feb  6 09:25:38 ubnt pppd[1896]: Serial link appears to be disconnected.
Feb  6 09:25:44 ubnt pppd[1896]: Connection terminated: no multilink.
Feb  6 09:25:44 ubnt pppd[1896]: Modem hangup
Feb  6 09:26:49 ubnt pppd[1896]: Timeout waiting for PADO packets
Feb  6 09:26:54 ubnt pppd[1896]: Connected to e4:81:84:78:94:64 via interface eth0
Feb  6 09:26:54 ubnt pppd[1896]: Connect: ppp0 <--> eth0
Feb  6 09:26:54 ubnt pppd[1896]: CHAP authentication succeeded
Feb  6 09:26:54 ubnt pppd[1896]: peer from calling number E4:81:84:78:94:64 authorized
Feb  6 09:26:55 ubnt pppd[1896]: local  IP address xxx.xxx.xx.xx
Feb  6 09:26:55 ubnt pppd[1896]: remote IP address xxx.xxx.130.249

HOWTO: Show PPP Log Verbose

Full details...

show interfaces pppoe pppoe0 log | cat
No response to 6 echo-requests
Serial link appears to be disconnected.
ipcp: down
Connect time 103.8 minutes.
Sent 88650017 bytes, received 2817987958 bytes.
Script /etc/ppp/ip-down started (pid 8751)
sent [LCP TermReq id=0x1a "Peer not responding"]
sent [LCP TermReq id=0x1b "Peer not responding"]
Connection terminated: no multilink.
Modem hangup
Script /etc/ppp/ip-down finished (pid 8751), status = 0x0

Just connected times...

show interfaces pppoe pppoe0 log | grep 'Connect time'

PPP Templates

/opt/vyatta/etc/pppoe-provider-template

PPP Disconnects Check Script

# cat /root/ppp_disconnects_to_grafana.sh
#!/bin/bash
LOGFILE=$HOME/ppp_disconnected.log
NEW_LOG=$(egrep -i 'pppd.*disconnected' /var/log/messages |tail -n1 |sed 's/  / /')
echo "NEW_LOG=$NEW_LOG"
if [ ! -f $LOGFILE ]; then
    echo $NEW_LOG > $LOGFILE
else
    OLD_LOG=$(cat $LOGFILE)
    echo "OLD_LOG=$OLD_LOG"
    if [ "$NEW_LOG" == "$OLD_LOG" ] ; then
        echo No change
        echo "pppd,host=erx result=0" | nc 192.168.0.252 8094
    else
        echo $NEW_LOG > $LOGFILE
        echo Change
        echo "pppd,host=erx result=1" | nc 192.168.0.252 8094
        /usr/bin/python /usr/bin/pushover-cli --quiet "${NEW_LOG}" "ERX"
    fi
fi

HOWTO: Show DNS Information

show dns forwarding status
show dns forwarding statistics

HOWTO: Show Configuration

Config...

show configuration all

Commands...

show configuration commands

HOWTO: Check Firewall Port Forwarding Rules

Check config...

show configuration commands |grep 'port-forward'

Check kernel firewall iptables...

sudo -i
iptables -L -v -n

HOWTO: Edit Date and Time On A Firewall Rule

show configuration commands |grep 'firewall.*'
configure
set firewall name LAN_IN rule 30 time starttime '21:59:59'
commit
save
exit

HOWTO: Enable and Disable Firewall Rule

show configuration commands |grep 'firewall'   (so you can find the correct rule)
configure
delete firewall name LAN_IN rule 20 disable    (to enable rule)
set firewall name LAN_IN rule 20 disable       (to disable rule)
commit
save
exit

https://community.ubnt.com/t5/EdgeRouter/How-enable-firewall-rule-in-CLI/m-p/540854/highlight/true#M13284

HOWTO: Change Default User Password

configure
set system login user ubnt authentication plaintext-password MyN3wP4ssw0rd
commit
save
exit

HOWTO: Hardware Offloading

UPDATE: Yeah, jury is still out on this... on the ER-X it does not seem to make any difference and if you're using Smart Queue Management QoS then it won't work on that anyway!

Offloading is used to execute functions of the router using the hardware directly, rather than a process of software functions to greatly increase performance.

https://help.ubnt.com/hc/en-us/articles/115006567467

HOWTO: Smart Bandwidth Queue

Find your Download and Upload speed on the Internet (http://speedtest.net)

EdgeOS > QoS > Smart Queue > WAN Interface: pppoe0 > Upload: <upload speed> Mbits/sec > Download: <download speed> Mbits/sec > Apply

https://community.ubnt.com/t5/EdgeRouter/ER-X-QoS-Smart-Queue-WAN-Interface-SOLVED/td-p/2315465

HOWTO: Bandwidth Limit Single IP Address

This will limit a single IP address of 192.168.0.17 (the teenager) to 1Mb download and 500Kb upload speed...

EdgeOS > QoS > Basic Queue > Add Queue > Source: 192.168.0.17 > Rate (upload): 500k > Queue Type: SFQ > Reverse Rate (download): 1m > Queue Type: SFQ > Apply

HOWTO: URL Blocking Proxy

configure
set service webproxy listen-address 192.168.0.1   (IP Address of your edge router!)
set service webproxy url-filtering squidguard local-block twitter.com
set service webproxy url-filtering squidguard local-block facebook.com
set service webproxy url-filtering squidguard local-block youtube.com
commit
save
exit

https://help.ubnt.com/hc/en-us/articles/205202680-EdgeMAX-Web-proxy-service-for-filtering

https://ahmeddirie.com/technology/networking/url-filtering-and-blocking-crap-with-vyatta/

HOWTO: Add DNS Entries

ssh ubnt@192.168.0.1

ubnt@ubnt:~$ configure
[edit]
ubnt@ubnt# set system static-host-mapping host-name unifi inet 192.168.0.252
[edit]
ubnt@ubnt# commit
[edit]
ubnt@ubnt# save
Saving configuration to '/config/config.boot'...
Done
[edit]
ubnt@ubnt# exit
exit
ubnt@ubnt:~$ logout
Connection to 192.168.0.1 closed.

host unifi
ping unifi

HOWTO: Keep Custom Scripts After Firmware Upgrade

root@ubnt:~# ll /config/scripts/
total 20
-rwxr-xr-x    1 root     root         168 Mar 22 10:16 check_pppd.sh
-rwxr-xr-x    1 root     root         545 Apr  5 11:19 ppp_disconnects_to_grafana.sh
-rwxr-xr-x    1 root     root         244 Mar 22 10:11 speedtest.sh
-rwxr-xr-x    1 root     root         194 Mar 22 10:12 speedtest_to_influx.sh
root@ubnt:~# ll /config/scripts/post-config.d/
total 20
-rwxr-xr-x    1 root     vyattacf     215 Mar 24 17:43 startup
cat /config/scripts/post-config.d/startup
#!/bin/bash
startup='/tmp/startup_check'
if [ -e $startup ]; then
  echo "Startup exists. Exiting."
  exit 0;
fi
cp -av /config/scripts/*.sh /root/
crontab -u root /config/scripts/root.crontab
touch $startup
exit 0

HOWTO: Upgrade EdgeOS firmware

https://help.ubnt.com/hc/en-us/articles/205146110-EdgeMAX-Upgrading-EdgeOS-firmware

ER-X

https://www.ubnt.com/download/edgemax/

NEW IMAGES WITH BOOTLOADER IMAGE

  1. Update firmware using cli (shown below this)
  2. Reboot
  3. Run commands below to Update Bootloader Image
  4. Reboot (this can take up to 10 minutes)
ubnt@erx:~$ show system boot-image
The system currently has the following boot image installed:
Current boot version: UNKNOWN
Current boot md5sum : 7580ebd7ce9303243292f586ab7c6daf
New uboot version is available: boot_e51_001_1e49c.tar.gz
New boot md5sum : e2a286b6ff09ce6d14f631dafaff6027
Run "add system boot-image" to upgrade boot image.

ubnt@erx:~$ add system boot-image
Uboot version [UNKNOWN] is about to be replaced
Warning: Don't turn off the power or reboot during the upgrade!
Are you sure you want to replace old version? (Yes/No) [Yes]:
Preparing to upgrade...Done
Copying upgrade boot image...Done
Checking boot version: Current is UNKNOWN; new is e51_001_1e49c ...Done
Checking upgrade image...Done
Writing image...Done
Upgrade boot completed

ubnt@erx:~$ show system boot-image
The system currently has the following boot image installed:
Current boot version: e51_001_1e49c
Current boot md5sum : e2a286b6ff09ce6d14f631dafaff6027 

ubnt@erx:~$ reboot now

Instructions

Note: The ER-X/ER-X-SFP/EP-R6 has more limited storage, and in some cases upgrade may fail due to not enough space. If this happens, remove the old backup image first (using "delete system image" command below) before doing upgrade. The system will always have at least 2 images so you are alright to remove the older one.

Command Line

show version
show system image
delete system image
show system image
add system image https://dl.ubnt.com/firmwares/edgemax/v1.10.x/ER-e50.v1.10.9.5166958.tar
show system image
show system image storage
sudo reboot

show version
show system image
logout

HOWTO: How to Limit the Download/Upload Rate of LAN

https://help.ubnt.com/hc/en-us/articles/220716608

Useful CLI

https://www.reddit.com/r/Ubiquiti/comments/33zkhu/useful_edgerouter_cli_commands_settings/

https://community.ubnt.com/t5/EdgeRouter/How-enable-firewall-rule-in-CLI/m-p/540836/highlight/true#M13279

Firewall CLI

ssh ubnt@192.168.0.1
ubnt@ubnt:~$ configure
ubnt@ubnt# show firewall name LAN_IN
ubnt@ubnt# edit firewall name LAN_IN
ubnt@ubnt# run show configuration commands
ubnt@ubnt# set rule 7 time starttime '21:50:00'
ubnt@ubnt# set rule 8 time starttime '21:50:00'
ubnt@ubnt# compare
ubnt@ubnt# commit
ubnt@ubnt# top
ubnt@ubnt# show firewall name LAN_IN
ubnt@ubnt# save
ubnt@ubnt# exit
ubnt@ubnt:~$ logout

Install Pushover Command Line Client

sudo -i
curl -o /usr/bin/pushover-cli https://raw.githubusercontent.com/markus-perl/pushover-cli/master/pushover-cli
chmod +x /usr/bin/pushover-cli
nano /etc/pushover-cli.conf
user=uJzixzfTJNOTTHISONExxxxVJHGaZF4V
token=ak5x2hzNOTHISONEon8vpea9
priority=normal
verbose=0
quiet=0
/usr/bin/python /usr/bin/pushover-cli --quiet "Message :-)" "TEST"

Check PPP Disconnects CLI

#!/bin/bash
#
# check_pppd.sh
#
SHOW_LOG=$(egrep -i 'pppd.*disconnected' /var/log/messages |tail -n1)
/usr/bin/python /usr/bin/pushover-cli --quiet "${SHOW_LOG}" "ERX"
crontab -e
@daily ~/check_pppd.sh

ROOT Crontabs After Firmware Upgrade CLI

47 2,14 * * * /root/speedtest.sh
@hourly /root/speedtest_to_influx.sh
@daily /root/check_pppd.sh
* * * * * /root/ppp_disconnects_to_grafana.sh

Speedtest CLI

Download python software...

curl -O https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py
chmod a+rx speedtest.py
sudo mv speedtest.py /usr/local/bin/speedtest-cli

Test python software...

speedtest-cli --simple --no-pre-allocate

Write shell scripts for cron...

vi /root/speedtest.sh

/usr/local/bin/speedtest-cli --simple --no-pre-allocate --mini http://www.domain.co.uk/speedtest/mini/ >/tmp/speedtest_result.txt
SHOW_LOG=$(cat /tmp/speedtest_result.txt)
/usr/bin/python /usr/bin/pushover-cli --quiet "${SHOW_LOG}" "SPEEDTEST"
chmod +x /root/speedtest.sh
vi /root/speedtest_to_influx.sh

echo "speedtest,host=erx download=`grep 'Download' /tmp/speedtest_result.txt | awk '{ print $2 }'`,upload=`grep 'Upload' /tmp/speedtest_result.txt | awk '{ print $2 }'`" | nc 192.168.0.252 8094
chmod +x /root/speedtest_to_influx.sh

Add shell scripts to cron...

crontab -e
7 11,23 * * * /root/speedtest.sh
@hourly /root/speedtest_to_influx.sh

Thanks - https://community.ubnt.com/t5/EdgeMAX/EdgeOS-Command-Line-Speed-Test-via-speedtest-net

Your Own Speedtest Mini Server

https://www.tecmint.com/speedtest-mini-server-to-test-bandwidth-speed/

wget http://c.speedtest.net/mini/mini.zip

speedtest-cli --simple --no-pre-allocate --mini http://www.domain.co.uk/speedtest/mini/ >/tmp/speedtest-cli_result.txt

https://gist.github.com/sparanoid-bot/4441239

HOWTO: Time Based MAC Address Blocking

rule 10 {
    action drop
    description "Block Gaming PC"
    source {
        mac-address 11:11:11:11:11:11
    }
    time {
        starttime 22:00:00
        stoptime 07:59:59
        weekdays Mon,Tue,Wed,Thu
    }
    time {
        starttime 00:00:00
        stoptime 07:59:59
        weekdays Fri,Sat
    }
}
  1. Login
  2. Firewall / NAT
  3. Firewall Policies
  4. LAN_IN > Action > Edit Ruleset
  5. Add New Rule
  6. Description = Block Kids PC
  7. Tick Enable
  8. Action = Drop
  9. All Protocols
  10. Source = MAC Address
  11. Time > Start Time = 22:00:00 > Stop Time = 06:00:00
  12. Save
  13. Click little (x) next to tick
  14. Logout

Quoted here by me - https://community.ubnt.com/t5/EdgeMAX/Set-up-time-limits-for-kids-internet-access/m-p/1826628#M149231

Thanks to Ubiquiti Community Forum

HOWTO: Improve Throughput On PPPoE

configure
set system offload ipv4 pppoe enable
commit
save
exit

Thanks - https://blog.linitx.com/howto-significantly-improve-slow-throughput-edgerouter-lite-pppoe/

SSH Keys Access

Copy your SSH public key to the device...

scp /home/user/.ssh/id_rsa.pub ubnt@192.168.0.1:~/id_rsa.pub

Log in to the device...

ssh ubnt@192.168.0.1

Switch to configure mode...

configure

Load SSH key to the user...

loadkey ubnt ~/id_rsa.pub

Commit...

commit

Save ...

save

Exit...

exit

Logout and test...

exit
ssh ubnt@192.168.0.1

Thanks - https://community.ubnt.com/t5/EdgeMAX/ssh-authorized-keys/td-p/458361

Thanks - http://www.bciuca.com/2014/02/08/edgemax-ssh-pubkey/

Network Monitoring Data Collection

SNMP

https://github.com/jbehrends/monitoring_scripts/blob/master/graphite/edgerouter_metrics.sh

https://gist.github.com/nbrownus/b6a5b1e16256f5ba035b5c0dcbae7532

Grafana

https://grafana.com/dashboards/1756

NetFlow

configure
set system flow-accounting interface <interface>
# Optional parameter if flows should be collected for egress traffic.
# set system flow-accounting netflow enable-egress
set system flow-accounting netflow engine-id <0-255>
set system flow-accounting netflow server <IP of remote netflow monitoring tool> port 2055
set system flow-accounting netflow version <1|5|9>
commit

https://community.ubnt.com/t5/EdgeMAX/Help-setting-up-NetFlow/td-p/464367

https://community.ubnt.com/t5/EdgeMAX/Netflow/m-p/365221#M3097

https://www.reddit.com/r/Ubiquiti/comments/3kobad/netflow_on_edgerouter_x_on_17/

https://forums.manageengine.com/topic/ubiquiti-edgemax-analyzer-config-issue

nTop

http://www.ntop.org/nprobe/running-nprobe-and-ntopng-on-ubiquity-edgerouter-lite/

Forum

https://help.ubnt.com/hc/en-us/categories/200321064-EdgeMAX

Bootloader Update

curl -O https://dl.ubnt.com/firmwares/edgemax/v1.8.0/update-boot.sh
sudo bash update-boot.sh
reboot

https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-X-X-SFP-bootloader-update/ba-p/1472216

uPnP

Config Tree > service > upnp > listen-on > interface

SNMP

Official UniFi MIBs can be downloaded from HERE and HERE (those are 2 different files).

https://github.com/jbehrends/monitoring_scripts/blob/master/graphite/edgerouter_metrics.sh

http://leerspace.com/2014/11/08/snmp-and-mrtg-ubiquiti-edgerouter-lite-ubuntu-server/

https://gist.github.com/nbrownus/dfd8ab05728bbf8ff5993ac0d34eaeb6

CLI

https://community.ubnt.com/t5/EdgeMAX/EdgeOS-CLI-Primer-part-1/td-p/285388

Firewall Regions Explanation

WAN_IN is from the internet, through the router, and onward to your LAN. In very general terms, you want to drop 90% of this mess - it's script kiddies, port scans, nigerian princes, and anyone else you don't want able to head through your router. Obviously, you're gonna want to allow ports 80, 443, 25, and others if you're running those types of services. If you haven't got any idea what I'm talking about with those three ports, better to not open them.

WAN_LOCAL is from the internet to your router, with no intention of going farther. Best to just drop everything on this interface -- unless, for example it's a router at a remote site, and you've got a static at your main site, so you allow traffic from 10.10.x.y/28 (note, I'm using private address space as an example, real world would depend on your ISP).

LAN_IN is everything inbound to the router from your LAN (e.g. 192.168.1.0/24) that's destined for somewhere else (WAN, other LAN such as 192.168.2.0/24). In a SMB, or SOHO setup, this is probably explicitly permissive. In an enterprise setting, this may or may not be permissive (e.g. blocking all outgoing traffic except for SFTP on a non-standard port).

LAN_LOCAL is everything inbound to the router from your LAN destined for the router. Again, unless you're doing enterprise routing, this is probably fairly open - although good SMB setups with guest networks may block the guest network range.

Command Auto Completion

You can press the ? key to find the top-level commands, then type that command and ? again to find the options for that top-level command.

?
show ?
show version
show interfaces
show interfaces ?
show interfaces ethernet

You can also use the keyboard Tab button to complete the options.

Show Configuration

There are 2 ways to show the current configuration - in a tree or in commands:-

show configuration all
show configuration commands

If you use the 'commands' option, you can then grep or 'match' the output to limit results.

show configuration commands | match system

Edit Configuration

You have to enter 'edit' mode first, and it will show you after every command that you are in this 'edit' mode with a separate line just above the prompt showing [edit]...

configure

When you have finished your command changes, you can show your changes, to check...

compare

To make the changes active, you have to save them...

commit

Then, come out of configure mode...

exit

Unifi Security Gateway USG

Port Forwarding

Unifi Cloud Key

Troubleshooting Offline Cloud Key and Other Stability Issues

UniFi - Accounts and Passwords for Controller, Cloud Key, and Other Devices

EdgeRouter VDSL

ECI Openreach modem for FTTC
B-FOCuS V-2FUb/r Rev.B

Yes it does support BT FTTC Infinity. Use PPoE and connect to white BT modem with Cat 5e cable. Set MTU at 1492.

https://community.ubnt.com/t5/UniFi-Routing-Switching/does-edgerouter-support-vdsl/td-p/1112045

https://community.plus.net/t5/Fibre-Broadband/Config-for-Ubiquiti-ER-X-EdgeRouter-X-on-Plusnet-FTTC/m-p/1293820

https://community.ubnt.com/t5/EdgeMAX/BT-infinity-fibre-optic-setup/m-p/1183648/highlight/true#M57491

http://wiki.indie-it.com/wiki/DSL_Devices#British_Telecom

Purchase

https://mangolassi.it/search?term=er-x&in=titlesposts

TOUGHSwitch PoE

Downloads

Firmware

User Guide

Default IP Address

192.168.1.20

https://192.168.1.20

Default Username & Password

Username: ubnt
Password: ubnt

Maximum Password Length

Eight characters

IPSec VPN Passthrough

http://community.ubnt.com/t5/EdgeMAX/Newbie-Simple-1-LAN-1-WAN-SOHO-Setup/td-p/1377745

HOWTO: INSTALL: DEPENDANT SOFTWARE:

** THIS IS NOW NO LONGER REQUIRED. PLEASE SEE 16.04 INSTRUCTIONS BELOW **

ORACLE JAVA 8:

Add the repository:

sudo nano /etc/apt/sources.list

# Java 8
deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main 
deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main

Save (CTRL+o) and exit (CTRL+x).

Add the keyserver and install the software:

sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com EEA14886
sudo apt-get update
sudo apt-get install jsvc oracle-java8-installer oracle-java8-set-default

Check the installed version:

java -version

MongoDB:

Open the sources.list and add the line shown in bold at the end of the file:

sudo nano /etc/apt/sources.list

deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen

Save (CTRL+o) and exit (CTRL+x).

Add the keyserver and install the software:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10
sudo apt-get update
sudo apt-get install mongodb

HOWTO: INSTALL: UniFi

NEW METHOD

Easy Update Scripts

Latest script for Ubuntu 16.04 = 5.10.25 (June 2019)

UniFi Controller Versions



OLD METHOD

UniFi can either be installed from a .deb file or via a PPA repository:

Ubuntu Server 16.04 From .deb File:

  1. Visit Ubiquiti's download page
  2. In the SOFTWARE section, click on "UniFi v4.x.x Controller for Debian/Ubuntu Linux"
  3. Locate the file called "unifi_sysvinit_all.deb" and download it
sudo dpkg -i unifi_sysvinit_all.deb
sudo apt-get -f install

Ubuntu Server 14.04 From .deb File:

  • Visit Ubiquiti's download page
  • In the SOFTWARE section, click on "UniFi v4.x.x Controller for Debian/Ubuntu Linux"
  • Locate the file called "unifi_sysvinit_all.deb" and download it
sudo dpkg -i --force-depends unifi_sysvinit_all.deb

Ubuntu Server 14.04 From Repository:

The following is an installation on Ubuntu Server 14.04.

Add the repository and keyservers by editing the following file adding the lines shown in bold at the end of the file:

sudo nano /etc/apt/sources.list
# Ubiquiti Unifi
deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti
 
# Mongodb
deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen

Add the following key servers, the first for Unifi itself the second for MongoDB:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10
sudo apt-get update

Finally install the software:

sudo apt-get install unifi stable, or
sudo apt-get install unifi-rapid better than standard not as bleeding edged as beta
sudo apt-get install unifi-beta

HOWTO: Install a valid SSL Certificate in UniFi Controller

https://kx.cloudingenium.com/ubiquiti/unifi/install-valid-ssl-certificate-ubiquiti-networks-unifi-controller/

LetsEncrypt SSL Certificate

https://lg.io/2015/12/13/using-lets-encrypt-to-secure-cloud-hosted-services-like-ubiquitis-mfi-unifi-and-unifi-video.html

RaspberryPi:

Official

http://community.ubnt.com/t5/UniFi-Wireless/Raspberry-Pi-and-Unifi/m-p/1167782#M91180

http://community.ubnt.com/t5/UniFi-Wireless/Finished-Raspberry-PI2-Image/m-p/1187658#M94346

http://community.ubnt.com/t5/UniFi-Controller-Installation/UniFi-Installing-the-Controller-software-on-Raspberry-Pi/ta-p/1127992

https://community.ubnt.com/t5/UniFi-Wireless/Unifi-4-6-3-on-raspberry-pi-2/m-p/1249829

https://community.ubnt.com/t5/UniFi-Wireless/New-upgraded-Raspberry-Pi-2-as-a-unifi-controller/td-p/1164776

Unofficial

Logan Marchione.

Kowen Houston - Instructions here.

Kowen Houston - Download here.

Erik Van Paassen

Lowe Family

Amazon Web Services

  1. Install a UniFi Cloud Controller on Amazon Web Services
  2. Change the Firmware Using Local Upgrade Via SSH
  3. Adopt to Remote UniFi Controller Via SSH

https://www.youtube.com/watch?v=NSMM5dT1vSk

https://www.youtube.com/watch?v=y5tkToD_nds

Cloud Controller

https://miketabor.com/install-ubiquiti-unifi-controller-cloud/

https://www.stevejenkins.com/blog/2016/05/diy-cloud-hosting-ubiquiti-ubnt-unifi-controller/

HOWTO: POST INSTALLATION ACTIONS:

Define The Java Version:

Edit the following file, adding the path to Java 8 installation:

sudo nano /etc/init.d/unifi

JAVA_HOME= # Edit this line to match that shown below

JAVA_HOME=/usr/lib/jvm/java-8-oracle

Open The Required Firewall Ports:

Open ports on the server's firewall (in this example UFW):

For internal connection:

sudo ufw allow from 192.168.0.0/24 to any port 8080 proto tcp
sudo ufw allow from 192.168.0.0/24 to any port 8081 proto tcp
sudo ufw allow from 192.168.0.0/24 to any port 8443 proto tcp
sudo ufw allow from 192.168.0.0/24 to any port 8843 proto tcp
sudo ufw allow from 192.168.0.0/24 to any port 8880 proto tcp
sudo ufw allow from 192.168.0.0/24 to any port 27117 proto tcp
sudo ufw allow from 192.168.0.0/24 to any port 3478 proto udp

Details of the ports required by Unifi can be found here.

Port 3478 UDP relates to STUN server usage so if you are not using VOIP hardware this port is not needed.

If your server already uses any of the ports listed above how to change those used by Unifi can be found here.

The file to alter to use different ports can be found in the following location:

/usr/lib/unifi/data/system.properties

Accessing The Web Interface:

https://your.server.ip:8443/manage

All being well you should see similar to the picture below:

Unifi Controller Home Screen.jpg

INFO:

LED Lights

https://help.ubnt.com/hc/en-us/articles/204910134-UniFi-LED-Color-Patterns-in-UniFi-Devices

Wireless Networks + VLAN

Unifi Controller Admin

Wireless Networks

  • "red" --> normal
  • "green" --> advanced options --> VLAN 10

Networks

  • "red" --> Corporate --> Subnet 192.168.x.x/24
  • "green" --> VLAN Only --> VLAN 10

Profiles

  • Switch Ports --> "green" --> Native Network = "green(10)"
  • Switch Ports --> "red" --> Native Network = "red"

Unifi Traffic Bandwidth Limiting

How To Set Traffic Bandwith Limits

Unifi Krack Patch

Fix Krack Vulnerability

Backup File

/var/lib/unifi/backup/autobackup/

https://help.ubnt.com/hc/en-us/articles/205231940

config.properties File

Location, creation & edition:

cd var/lib/unifi/sites/{site_name} # This can be found from the address bar in the browser, if it is the first controller you have created it should be called 'default'
sudo touch config.properties
sudo nano -w config.properties

Log Files

https://help.ubnt.com/hc/en-us/articles/204959834

Zero Handoff

https://help.ubnt.com/hc/en-us/articles/205144590

HOWTO: VARIOUS

Start, Stop or Restart

sudo service unifi start|stop|restart

View Log File

cat /var/log/unifi/server.log

HOWTO: FIX:

Repair MongoDB

mongod --dbpath /usr/lib/unifi/data/db --smallfiles --logpath /usr/lib/unifi/logs/server.log --repair

https://help.ubnt.com/hc/en-us/articles/360006634094#3

Restore Backup

https://help.ubnt.com/hc/en-us/articles/204952144-UniFi-How-can-I-restore-a-backup-configuration-

LG Nexus 5 Not Connecting To UAP AC Lite 5GHz Wi-Fi

Change the 5GHz Channel to less than 52.

Thanks - https://community.ubnt.com/t5/UniFi-Wireless/AP-AC-Lite-5Ghz-no-SSID-shown-Nexus-5-not-connecting-to-5Ghz/td-p/1954343

Error: ace_stat bad offset repair database

Assertion failure: _unindex failed: bad offset:0 accessing file: /usr/lib/unifi/data/db/ace.0 - consider repairing database

https://community.ubnt.com/t5/UniFi-Wireless/HOW-TO-Repair-MongoDB-on-Linux/td-p/2198176 (with handy auto repair script)

https://community.ubnt.com/t5/UniFi-Wireless/Repair-MongoDB-filling-HD-with-tmp-repairDatabase-directories/td-p/1746765

https://community.ubnt.com/t5/UniFi-Wireless/How-to-repair-Mongo-DB-and-Restore-Journaling/td-p/1799965

https://community.ubnt.com/t5/UniFi-Wireless/Repair-Replace-Corrupted-Collections-in-MongoDB/td-p/2131432

My Forum Post

NOTES

Need to add a second virtual disk for the repair.

repairDatabase requires free disk space equal to the size of your current data set plus 2 gigabytes. If the volume that holds dbpath lacks sufficient space, you can mount a separate volume and use that for the repair. When mounting a separate volume for repairDatabase you must run repairDatabase from the command line and use the --repairpath switch to specify the folder in which to store temporary repair files. For example:

--repairpath <path>

Default: A _tmp_repairDatabase_<num> directory under the dbPath. Specifies a working directory that MongoDB will use during the --repair operation. When --repair completes, the --repairpath directory is empty, and dbPath contains the repaired files. The --repairpath must be within the dbPath. You can specify a symlink to --repairpath to use a path on a different file system.

mongod --repair --repairpath /opt/vol2/data


NEW

sudo -i
service unifi stop
service unifi-voip stop
service unifi-video stop
pkill -KILL mongod
pidof mongod
rm -fv /var/lib/unifi/db/mongod.lock
su -c "mongod --dbpath /var/lib/unifi/db --repair" unifi
service unifi start

OLD

$ /usr/bin/mongo --port 27117
MongoDB shell version: 2.0.4
connecting to: 127.0.0.1:27117/test
> use ace
switched to db ace
> db.repairDatabase()
{ "ok" : 1 }
> exit
bye

If that does not work, then you will have to stop unifi, uninstall, clear db folder (/usr/lib/unifi/data/db), install same version, restore from backup.

sudo apt-get remove unifi
sudo apt-get autoremove (to nuke mongodb stuff)
mv /var/lib/unifi /var/lib/unifi.bak (later to be deleted)
sudo apt-get install unifi

Error: MongoDB Journal Files Eating Disc Space.

A. MONGO DB PRUNE OLD DATA FIX

wget "https://help.ubnt.com/hc/article_attachments/115024095828/mongo_prune_js.js"
sudo mongo --port 27117 < mongo_prune_js.js

Official Unifi Page

B. SMALL FILES FIX

  1. stop system wide mongodb from starting
  2. edit system.properties file for smallfiles parameter
  3. start unifi
sudo nano /etc/init/mongodb.conf
     ENABLE_MONGODB="no"
sudo nano /usr/lib/unifi/data/system.properties
     unifi.db.extraargs=--smallfiles
sudo update-rc.d -f mongodb remove
sudo service unifi start

Thanks - https://community.ubnt.com/t5/UniFi-Wireless/UNIFI-Eating-all-disk-space-Mongodb/td-p/395410

Also - https://help.ubnt.com/hc/en-us/articles/204911424-UniFi-How-to-remove-prune-older-data-and-adjust-mongo-database-size

$ ll /var/lib/mongodb/journal/
total 3.1G
drwxr-xr-x 2 mongodb nogroup 4.0K 2015-08-03 15:54 .
drwxr-xr-x 3 mongodb mongodb 4.0K 2015-08-03 15:22 ..
-rw------- 1 mongodb nogroup 1.0G 2015-08-03 15:54 prealloc.0
-rw------- 1 mongodb nogroup 1.0G 2015-08-03 15:43 prealloc.1
-rw------- 1 mongodb nogroup 1.0G 2015-08-03 15:43 prealloc.2
$ rm -rfv /var/lib/mongodb/journal/*
removed ‘/var/lib/mongodb/journal/prealloc.0’
removed ‘/var/lib/mongodb/journal/prealloc.1’
removed ‘/var/lib/mongodb/journal/prealloc.2’
$ df
Filesystem     Type  Size  Used Avail Use% Mounted on
/dev/sda1      ext4   10G  3.5G  6.0G  37% /
$ nano /usr/lib/unifi/data/system.properties 
unifi.db.nojournal=true       # disable mongodb journaling

Error: Keystore Missing.

If the the following is listed in the error log file:

/usr/lib/unifi/data/keystore (No such file or directory)

FIX

sudo service unifi stop
sudo keytool -genkey -keyalg RSA -alias selfsigned -keystore /usr/lib/unifi/data/keystore -storepass aircontrolenterprise -validity 365 -keysize 2048 -destalias unifi

Answer the following questions by pressing enter up until the line starting "Is CN=" when you will need to answer "Y" then press enter:

What is your first and last name?
 [Unknown]:  
What is the name of your organizational unit?
 [Unknown]:  
What is the name of your organization?
 [Unknown]:  
What is the name of your City or Locality?
 [Unknown]:  
What is the name of your State or Province?
 [Unknown]:  
What is the two-letter country code for this unit?
 [Unknown]:  
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
 [no]:

Finally start Unifi:

sudo service unifi start

Thanks to Calvin Bui.

HOME

  1. Modem Router Firewall
  2. POE Switch
  3. Wi-Fi Access Point

LINKS

Mental Home Network

Mental Home Network

Guest Network

https://www.youtube.com/watch?v=I8D6ju2AvpI

https://help.ubnt.com/hc/en-us/articles/115000166827-UniFi-Wireless-Guest-Network-Setup

Ubiquiti Videos

Various

Review

http://arstechnica.com/gadgets/2015/10/review-ubiquiti-unifi-made-me-realize-how-terrible-consumer-wi-fi-gear-is/

CLI

https://help.ubnt.com/hc/en-us/articles/204976584-EdgeMAX-Connect-to-CLI-With-Telnet

http://community.ubnt.com/t5/tkb/v2/page/blog-id/CLI_Basics%40tkb/page/1

EdgeRouter Pro

http://community.ubnt.com/t5/EdgeMAX/Newbie-Simple-1-LAN-1-WAN-SOHO-Setup/m-p/1377745

http://community.ubnt.com/t5/EdgeMAX/Basic-SOHO-Home-Config/m-p/398057

https://help.ubnt.com/hc/en-us/articles/205197660-EdgeMAX-SOHO-Example

http://sohovercomplicated.com/edgerouter-basic-soho-router-firewall-part-1-the-basics/

UniFi

https://community.ubnt.com/t5/UniFi-Updates-Blog/UniFi-3-2-7-is-released/ba-p/1085473

https://community.ubnt.com/t5/UniFi-Wireless/Unifi-4-2-Controller-Install-Guide-Linux-Ubuntu-Server-14-10/td-p/1158280

https://community.ubnt.com/t5/UniFi-Wireless/UNIFI-controller-for-linux/m-p/962877

https://community.ubnt.com/t5/UniFi-Wireless/UniFi-controller-on-Debian-v7-1-x64-not-working/td-p/523245

http://wiki.ubnt.com/UniFi_FAQ#Operation_and_Deployment

http://sunstatetechnology.com/docs/UniFiControllerInstallation.pdf

https://calvin.me/install-unifi-controller-ubuntu/

https://community.ubnt.com/t5/UniFi-Wireless/Unifi-Controller-Setup-for-Remote-Location-Cloud-NOC/td-p/312142

http://community.ubnt.com/t5/UniFi-Controller-Installation/UniFi-Install-the-controller-software-on-the-UniFi-Video-NVR/ta-p/814754

https://www.youtube.com/watch?v=NSMM5dT1vSk

http://www.msdist.co.uk/Unifi_questions_extract_from_Ubiquiti_Forum.pdf

https://www.youtube.com/watch?v=juE0qH-D6Gs&index=3&list=PLqmQzXAOhOQj8AT31sc1seFJG0v0sSQ0m

https://www.youtube.com/watch?v=uKxgyt1kArw&index=15&list=PLqmQzXAOhOQj8AT31sc1seFJG0v0sSQ0m

Error related:

https://community.ubnt.com/t5/UniFi-Wireless/UniFi-Apache-500-Error/td-p/948953

https://community.ubnt.com/t5/UniFi-Wireless/UniFi-on-Ubuntu-help-needed/td-p/238635

http://community.ubnt.com/t5/UniFi-Wireless/HTTP-Status-400/td-p/621497

http://community.ubnt.com/t5/UniFi-Wireless/Apache-Tomcat-HTTP-Status-400/m-p/654089/highlight/true

http://forum.thecus.com/viewtopic.php?f=36&t=8004