Here is a rough guide of how I have my network laid out. I haven’t really documented it before, so hopefully this covers the major points. I use a number of VLANS in my network to keep the IOT devices from being security threats, and prevent security devices from being able to access the internet (like security cameras).
I will write up a longer guide later on when I have some time, for now the short of it. The hardware is mostly Unifi gear with a Unifi controller running on my Proxmox host. This is the same host I run home assistant on (all virtual machines). The Unifi controller lets me configure my whole network in one pane of glass, its a bit of a pain at times, but for me the convenience has outweighed the higher price and limitations so far.
Continue reading “Network Layout”
I managed to get MDNS working earlier this year to enable my ESPHome projects to avoid having all static IP addresses and let home assistant auto-detect them. However… after some firewall tweaking recently, it all broke. So it was time again to figure out how to get MDNS to work in the Unifi system.
Continue reading “Fixing the Unifi MDNS Repeater”
I recently re-did my entire network, changing out switch locations, what ports were plugged into where, and so on. This wasn’t too bad, except I didn’t make note of one thing: which ports were VLAN tagged. This became quite the struggle as I tried to figure out why my WiFi couldn’t access the internet, and why all my servers were inaccessible. I even changed what port the Unifi AP was plugged into to try and kick that VLAN possibility out of the running. Little did I know that BOTH ports I tried to plug the AP into were tagged, so neither could reach the internet. I ended up plugging my RT-N16 back into the modem to see that I had internet, and then moved the switch port the access point was into one more time to find a port that wasn’t tagged. Once I had that, I swapped what port my servers were plugged into to find a non-tagged port, that would get my Unifi controller back up so I could go and clean up the rest and get things back into an operational state.
TLDR: Label or remove VLANs before re-architecting things
I started working on some hardware projects related to home assistant using the ESP8266. in working on these I learned that the ESP devices use mDNS to advertise their hostnames for communicating with them. My devices however are on a separate VLAN that’s unable to communicate with the internet, and that VLAN was also blocking the mDNS updates from making it through to home assistant, keeping it from being able to know the hostnames. I could use static IPs for this, however I want to avoid locking all my little smart devices to static IPs.
Continue reading “MDNS Across Unifi VLANs”
I recently needed to build out a new network. The new network had a box in place that I could use for gear, however that box wasn’t big enough for any rack mount gear. I decided to mount a rack over the top of the box to handle all of the gear and keep it organized. With the new network, also came with a need to expand the number of switch ports I have available. I set it up to drive POE to all the end points so that I could have better centralized power.
Continue reading “Network Rack Upgrade”
My unifi controller was installed on an Ubuntu server back on 16.04 LTS. This server finally reached end of life and I needed to run an upgrade to Ubuntu 20.04 LTS. I decided to first try to just release upgrade it two steps. I’d tried this in the past and failed which is why it stayed out of date for so long, but maybe the upgrade process was fixed for things to work automagically. I was a bit wrong on that, however I also found out that rebuilding from scratch is pretty easy.
Continue reading “Upgrading Ubuntu Host for Unifi Controller”
I was updating my boxes as usual when I encountered an error when trying to run updates on my unifi controller. This lives on a slightly older box (I tried upgrading it at one point and not all the dependencies were supported yet on the newer version), and I ran into an error when running the apt commands. One of the keys was expired for a component needed by the controller. So lets figure out how to update that key so we can update the box once more.
Continue reading “Apt Key Expired in Ubuntu”
I have been looking around for a good VPN solution to use while traveling recently. I have a few services running at home, that I really don’t want on the internet (OctoPrint, general ssh access etc), but I want to use remotely. I also want a way to secure my connection when I don’t trust the network I’m connecting through.
I had previously set up a L2TP Remote user VPN in the UniFi controller, but it had a few issues.
- Instability on android (the VPN wouldn’t even show as ‘disconnected’, it would simply stop)
- Issues when connecting to it from ipv6 cell carriers
I had heard of Wireguard a while ago and have been keeping track of development and their status on integrating with the Linux kernel. It turns out some kind soul has created a deb package to install WireGuard on Vyatta (which is what the USG is based on).
Continue reading “WireGuard on Unifi USG”