unifi – Systems Lab

May 1, 2023February 12, 2023

Network Layout

Here is a rough guide of how I have my network laid out. I haven’t really documented it before, so hopefully this covers the major points. I use a number of VLANS in my network to keep the IOT devices from being security threats, and prevent security devices from being able to access the internet (like security cameras).

I will write up a longer guide later on when I have some time, for now the short of it. The hardware is mostly Unifi gear with a Unifi controller running on my Proxmox host. This is the same host I run home assistant on (all virtual machines). The Unifi controller lets me configure my whole network in one pane of glass, its a bit of a pain at times, but for me the convenience has outweighed the higher price and limitations so far.

July 25, 2022July 23, 2022

Fixing the Unifi MDNS Repeater

I managed to get MDNS working earlier this year to enable my ESPHome projects to avoid having all static IP addresses and let home assistant auto-detect them. However… after some firewall tweaking recently, it all broke. So it was time again to figure out how to get MDNS to work in the Unifi system.

June 6, 2022April 1, 2022

The VLANs Strike Back

I recently re-did my entire network, changing out switch locations, what ports were plugged into where, and so on. This wasn’t too bad, except I didn’t make note of one thing: which ports were VLAN tagged. This became quite the struggle as I tried to figure out why my WiFi couldn’t access the internet, and why all my servers were inaccessible. I even changed what port the Unifi AP was plugged into to try and kick that VLAN possibility out of the running. Little did I know that BOTH ports I tried to plug the AP into were tagged, so neither could reach the internet. I ended up plugging my RT-N16 back into the modem to see that I had internet, and then moved the switch port the access point was into one more time to find a port that wasn’t tagged. Once I had that, I swapped what port my servers were plugged into to find a non-tagged port, that would get my Unifi controller back up so I could go and clean up the rest and get things back into an operational state.

TLDR: Label or remove VLANs before re-architecting things

February 14, 2022July 23, 2022

MDNS Across Unifi VLANs

I started working on some hardware projects related to home assistant using the ESP8266. in working on these I learned that the ESP devices use mDNS to advertise their hostnames for communicating with them. My devices however are on a separate VLAN that’s unable to communicate with the internet, and that VLAN was also blocking the mDNS updates from making it through to home assistant, keeping it from being able to know the hostnames. I could use static IPs for this, however I want to avoid locking all my little smart devices to static IPs.

January 24, 2022October 17, 2021

Network Rack Upgrade

I recently needed to build out a new network. The new network had a box in place that I could use for gear, however that box wasn’t big enough for any rack mount gear. I decided to mount a rack over the top of the box to handle all of the gear and keep it organized. With the new network, also came with a need to expand the number of switch ports I have available. I set it up to drive POE to all the end points so that I could have better centralized power.

December 20, 2021November 21, 2021

Upgrading Ubuntu Host for Unifi Controller

My unifi controller was installed on an Ubuntu server back on 16.04 LTS. This server finally reached end of life and I needed to run an upgrade to Ubuntu 20.04 LTS. I decided to first try to just release upgrade it two steps. I’d tried this in the past and failed which is why it stayed out of date for so long, but maybe the upgrade process was fixed for things to work automagically. I was a bit wrong on that, however I also found out that rebuilding from scratch is pretty easy.

March 28, 2021February 25, 2021

Apt Key Expired in Ubuntu

I was updating my boxes as usual when I encountered an error when trying to run updates on my unifi controller. This lives on a slightly older box (I tried upgrading it at one point and not all the dependencies were supported yet on the newer version), and I ran into an error when running the apt commands. One of the keys was expired for a component needed by the controller. So lets figure out how to update that key so we can update the box once more.

October 8, 2020December 8, 2020

WireGuard on Unifi USG

I have been looking around for a good VPN solution to use while traveling recently. I have a few services running at home, that I really don’t want on the internet (OctoPrint, general ssh access etc), but I want to use remotely. I also want a way to secure my connection when I don’t trust the network I’m connecting through.

I had previously set up a L2TP Remote user VPN in the UniFi controller, but it had a few issues.

Instability on android (the VPN wouldn’t even show as ‘disconnected’, it would simply stop)
Issues when connecting to it from ipv6 cell carriers

I had heard of Wireguard a while ago and have been keeping track of development and their status on integrating with the Linux kernel. It turns out some kind soul has created a deb package to install WireGuard on Vyatta (which is what the USG is based on).