*** Official Ubiquiti Discussion Thread ***

[platypus]

Still trying to decide on whether to get a USG or an EdgeRouter Lite for my new house.

I really like the look of being able to integrate the USG into my infiniti stack, but given that the Edge is cheaper and apparently has a much better interface that draws me to Edge. I don't really need to do any particularly complex networking, I just want to be able to use an external vpn, and create two or three completely separated lans internally.

Can anyone with the most recent firmware/interface throw any pros/cons into the mix? Has the feature set/interface on the USG caught up with what could be expected now?

 

[Rainmaker]

I didn't know about this thread. We have a fairly basic network at home these days, VM 200Mbps with their rubbish SH3. The wifi signal (3x3 AC) is decentish, but the whole box is flawed as I'm sure many here know. Regular page drops, timeouts, very laggy wifi despite good signal etc.

I bit the bullet and ordered an AC PRO the other day, and a nice little APU2C4 box (6x6", 6 watts) for ONSense/IPFire/pfSense. Now we can have the SH3 in modem only mode > OPNsense box > gigabit switch | AC PRO.

Our house is fairly small (three bedrooms) but old, and the signal is absolutely fantastic from the AP PRO. Devices on the same floor are connecting over gigabit speeds, and even on the far opposite upstairs (i.e. as far away as possible) I'm getting 400Mbps+ and easily pulling my max line speed from VM (25MB/sec). Awesome bit of kit! Now I just need to stop being lazy and work out the best place to site it, as it's currently propped up by the router/firewall/switch and just sort of sitting there. I think I'm going to get some flat cat6 and mount it in the hallway on the ceiling for best coverage.

I'm already planning a second AP in the loft for upstairs, and wondering if I shouldn't have gotten their security gateway for more features in the controller software. For the money I don't see the point in consumer routers, when you can get enterprise kit (and good open source firewalls etc) for the same or less cost. I'm a convert.

 

[Caged]

The security gateway is a bit pants in terms of features when compared to pfSense / Mikrotik / Ubiquiti EdgeRouter / Cisco / Juniper gear.

Good luck with the SuperHub in modem only mode, I hope they have fixed the issues where it flapped the LAN interface constantly.

 

[Rainmaker]

The security gateway is a bit pants in terms of features when compared to pfSense / Mikrotik / Ubiquiti EdgeRouter / Cisco / Juniper gear.

Good luck with the SuperHub in modem only mode, I hope they have fixed the issues where it flapped the LAN interface constantly.

Firmware fix released yesterday, just in time...

 

[bremen1874]

Anyone spotted a way of limiting the 5GHz channels used?

I'm normally happy to leave wireless channel selection on auto. It generally works well enough and you don't need to keep track of what your neighbours are up to.

I have several 5GHz devices that can't see the AP if it picks one of the higher channels (usually 100+). I've set the channel manually for now, but I'd prefer leave it on auto with the higher channels excluded.

 

[bledd]

So... I crumbled and bought a USG to replace my ERL, just to get the pretty graphs

So far the only thing I haven't got working (not looked into it yet) is hairpin NAT.

ie, testing a remote desktop connection to the external IP from within the network.

Statically reserving local IPs has to be done after already seeing a device, which is a bit of a pain, but not the end of the world. Usually I would reserve them all before connecting up to the network.


Ditched my cloud based controller and I am now using a RPi3 as my local Unifi controller, it also does the Pi-Hole DNS. I VPN directly to my Synology, so I'm not missing VPN options.


Yes, the ERL is a superior product due to the flexibility and vast range of options, but for your average home user, the USG is enough imo.

 

[the-evaluator]

So far the only thing I haven't got working (not looked into it yet) is hairpin NAT.

I didn't have to do anything to get it working on mine, it worked out of the box.

If you SSH into the USG and do 'show configuration' then look for the port-forward section then you'll see if hairpin NAT is enabled. On mine I get:

port-forward {
    auto-firewall disable
    hairpin-nat enable
    lan-interface eth1

I believe it only works though if you've manually setup the port foewarding and not used uPNP.

 

[neodude]

Had my AC-LR running for a couple of weeks now, has been faultless. I've mounted it on the ceiling above my stairs and it covers the whole house no problem and out to the detached garage.

 

[the-evaluator]

My latest Ubnt purchases:

 

[HEADRAT]

So why did you go for 3 x 8 ports rather than a 24 port, there is obviously a good reason

 

[DIABLO]

So why did you go for 3 x 8 ports rather than a 24 port, there is obviously a good reason

He said in another thread that he wanted to avoid fan noise, the 8 ports are fanless.

 

[bledd]

The 16 port goes into silent mode unless you've got it in a very hot environment (fans turn off). This was added during a firmware update.

 

[RSR]

My UniFi upgrade arrived well some of it, as I am upgrading from a EdgeRouter PoE 5Port, UniFi AC (Square one) and a HP ProCurve switch.

I had the following arrive this week:

Ubiquiti UniFi Security Gateway
Ubiquiti Unifi UAP AC Pro
Ubiquiti UniFi 8 Port 150W PoE Switch - US-8-150W
Ubiquiti Unifi Cloud Key

Pending Arrival:

Ubiquiti UniFi Switch 48 (NON-PoE)
Ubiquiti Unifi UAP AC Pro
Ubiquiti Multi-Mode FiberModule 1G - UF-MM-1G
Ubiquiti Multi-Mode FiberModule 10G - UF-MM-10G

I've spend most of yesterday setting it all up and it seems to be working with too many problems. I did have to write a custom JSON "config.gateway.json" for the USG, as I've noticed when you make changes to the CLI they are not saved even though you have committed and saved them. So now I have ported my configuration over from the EdgeRouter it working flawlessly. My customer JSON setup has a Open VPN, Change to the MSS Clamp size (1452) and number of custom firewall rules including port forwards

Here is a useful one if anyone wants uPNP on the USG.

{
  "service": {
    "upnp2": {
      "listen-on": [
        "eth1"
      ],
      "nat-pmp": "enable",
      "secure-mode": "enable",
      "wan": "pppoe0"
    }
  }
}

However, this is assuming you are using a PPPOE connection like FTTC.

This needs to be saved as "config.gateway.json" and placed under the sites setting on the UniFi controller as a example if you are running a cloud key its located under "/srv/unifi/data/sites/<site name>"

This could be a helpful link for people: https://help.ubnt.com/hc/en-us/arti...ze-USG-configuration-with-config-gateway-json

Also, Ubiquiti have released a few updates in the past week:

UniFi 5.3.8

UniFi Cloud Key firmware 0.5.9

 

[DIABLO]

I'm a networking noob but what extra does your config file do over just putting

config.igd.enabled=true

in the config file to turn on uPnP?

 

[the-evaluator]

He said in another thread that he wanted to avoid fan noise, the 8 ports are fanless.

Mostly this, but the switches are being installed in 2 locations so I'd have needed 1 x 16 port and 1 x 8 port.

The 16 port goes into silent mode unless you've got it in a very hot environment (fans turn off). This was added during a firmware update.

Ah bummer, if I had known that I would have got the 16 port for the study.

Oh well, no matter.

 

[the-evaluator]

I did have to write a custom JSON "config.gateway.json" for the USG, as I've noticed when you make changes to the CLI they are not saved even though you have committed and saved them.

That's my single biggest grip with Ubnt kit. The CLI implementation is complete rubbish. I like CLI, I'm a Cisco guy but *HATE* the way the CLI works on this stuff.

 

[RSR]

I'm a networking noob but what extra does your config file do over just putting

config.igd.enabled=true

in the config file to turn on uPnP?

Technically there isn't any difference. However, if its a feature that's not supported via "config.properties" you'll need to use the "config.gateway.json" to ensure the command set is provisioned to the USG to ensure the configuration survives a re-boot or re-provision.

So in a nut shell its a simple vs complex configuration which is persistent.

As i've migrated from a EdgeRouter to the USG as ported a lot of my custom configuration over, like the OpenVPN for example. As if you use the GUI you can only provisioned a remote VPN using a radius server.

 

[RSR]

That's my single biggest grip with Ubnt kit. The CLI implementation is complete rubbish. I like CLI, I'm a Cisco guy but *HATE* the way the CLI works on this stuff.

I know what you are saying coming from using Cisco equipment, I've not found it too bad to be honest. However, I am quiet used to using Juniper JUNOS so the command set is very similar to what Ubiquiti as it based on Vyatta.

What I would say is the EdgeRouter is better than the USG at present in terms of ease of use and feature set. However, what I do find amusing though is they are the same hardware and software to a point.

 

[the-evaluator]

It's not so much the command syntax and set that I object to, it's the way you have to put the commands into a file on the controller for the changes to persist.

Also if you make a **** up in the config.gateway.json as I did a while ago the USG just gets into an endless boot sequence. Not difficult to deal with but it shows that the USG is a faily immature product.

 

[DIABLO]

They recently hired the lead dev of Pfsense to get Unifi up to speed with the other lines so hopefully he can do a good job.