Yeri Tiete

#Ubiquiti

9 posts tagged Ubiquiti

Unifi u6+ failing to upgrade

· errors, hardware, linux, networking

I have quite a few sites where some Unifi U6+ Access Points fail to upgrade with a generic update failed message.

Marquis WiFi Vergaderruimte 4 update failed.

I've tried everything, from ssh'ing, factory resetting with set-default, to manually upgrading with upgrade, etc.

Nothing worked. I thought I had a bunch of bad APs (and many had their warranty expire by a few weeks or months).

As a last resort, I decide to reach out to Ubiquiti's support. First line wasn't very helpful, but as the case was escalated, I've managed to recover and properly update the APs.

Allow ping from USG

· linux, networking, software

Because I keep forgetting and it takes me far too much time to go through one of my million sites where I set this up and find the right config...

To allow a USG (Unifi Security Gateway) to reply to external (WAN) ping requests, do the following:

  • Head to the Unifi dashboard -> Settings -> Firewall & Security
  • Create a new rule
  • Type: Internet Local
  • Description: Allow Ping (Echo Request)
  • Rule Applied: Before Predefined Rules
  • Action: Accept
  • IPv4 Protocol: ICMP
  • IPv4 IMP Type Name: Echo Request
  • Apply Changes -> wait ~2 minutes

That's it...

NextDNS, EdgeOS and device names

· linux, networking, software

Noticed that NextDNS was reporting old hostnames in the logs. For example old device names (devices that changed hostnames), devices that were definitely no longer on the network, or IPs that were matched to the wrong hostnames.

The culprit is how EdgeOS deals with its hosts file. Basically it just keeps all the old hosts added and just adds a new line at the end of the file.

NextDNS + EdgeRouter + Redirecting DNS requests

· google, linux, networking

Realised I haven't updated this in a long while (life happened).

Couple of weeks ago I started to play with NextDNS -- and I really recommend anyone that's something privacy minded and cares about the stuff happening on their network.

I've set up several configs (home, parents, FlatTurtle TurtleBox (the NUCs controlling the screens)) and Servers. Once it's out of beta and better supported on Unifi and Ubiquiti hardware I might deploy it to our public WiFi (well, most access points don't look like that -- but you get the point) networks too.

Edgerouter IPsec tunnel to Fritzbox

· hardware, linux, networking

So, I have an EdgeRouter Lite in Singapore (Starhub) and a FritzBox in Belgium (EDPnet).

This is mostly stuff that I have found from several articles, mostly from here.

ERL: eth0 is WAN, eth1 (10.60.111.0/24) and eth2 (unused, not VPN’ed) are LAN FritzBoz: 192.168.1.0/24

This is the FritzBox config (go to VPN and them Import a config) fritzvpn.cfg:

vpncfg {
        connections {
                enabled = yes;
                conn_type = conntype_lan;
                name = "VPN Yeri";
                always_renew = yes;
                reject_not_encrypted = no;
                dont_filter_netbios = yes;
                localip = 0.0.0.0;
                local_virtualip = 0.0.0.0;
                remoteip = 0.0.0.0;
                remote_virtualip = 0.0.0.0;
                remotehostname = "erl.yeri.be";
                localid {
                        fqdn = "fritz.yeri.be";
                }
                remoteid {
                        fqdn = "erl.yeri.be";
                }
                mode = phase1_mode_idp;
                phase1ss = "all/all/all";
                keytype = connkeytype_pre_shared;
                key = "SOMEPASSWORD";
                cert_do_server_auth = no;
                use_nat_t = yes;
                use_xauth = no;
                use_cfgmode = no;
                phase2localid {
                        ipnet {
                                ipaddr = 192.168.1.0;
                                mask = 255.255.255.0;
                        }
                }
                phase2remoteid {
                        ipnet {
                                ipaddr = 10.60.111.0;
                                mask = 255.255.255.0;
                        }
                }
                phase2ss = "esp-all-all/ah-none/comp-all/pfs";
                accesslist = "permit ip any 10.60.111.0 255.255.255.0";
        }
        ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500", 
                            "udp 0.0.0.0:4500 0.0.0.0:4500";
}

Be sure to modify the password, local (Fritz) and remote (ERL) LAN and edit the local and remote fqdn.

FlatTurtle in elevators: making of

· hardware

First tests at Glaverbel (circle or “O” shaped building) in Watermael-Boisfort with 12 lifts (about a year ago). Internet wiring makes a whole circle from the internet connection at the technical room (near entrance hall). In this design from the 1960s the lift machine rooms had one shared/common room where we installed switches (to avoid having to pull too much cable and to overcome cable length issues). High quality shielded cable was used to avoid signal loss over the distances we did.