*** Official Ubiquiti Discussion Thread ***

Yes. Sort of.

You a swap your ISP combined router/WiFi device by just changing the SSID and password to the exact same as the old one and all your devices will connect as they did before.

The advantage of having separate WiFi access points is that you can place them in the most efficient place to get the best coverage (E.g. in the middle of the house) instead of where bt decided to install your master socket (probably in one corner). You can also deploy multiple access points and have seamless roaming between them.

You don’t need to use the controller software, you can use use their phone app to configure the access points. If you did deploy the access point, you’d want to disable the WiFi on your isp router.

That said, if you are just placing the single Ubiquiti access point right next to your isp one, there is probably no point in the stand alone access point.

How often are you changing ISP? In reality changing the user name and password on the WiFi every 18-24 months is probably not so much of a hardship.
 
I setup an L2TP VPN on my USGP a while back and it's been working great connecting from iOS and Windows computers.

I've just tried to setup a connection on an old macbook air running macOS 10.13.6, High Sierra.

I've tried adding all the credentials and connecting as per numerous tutorials online in the MacOS Network settings, but I keep getting a 'The L2TP-VPN server did not respond. Try reconnecting.' error.

Can anyone advise if there's maybe a 3rd party VPN client that may work or what the issue might be?

Tried it on a different broadband connection at the property and using a wifi hotspot from my phone, but neither works.
 
Last edited:
Well I've been happily running Firewalla with Unifi networking gear for a while now and, after initial VLan issues, its all up and running and well, just works; and I have significantly finer/more granular control over my network and devices than I could achieve with Unifi. Mostly happy with it - the only thing I don't like about it is that its mobile phone based, and the web UI is very limited.

Can't remember who it was on here who said they went back to Unifi (via a UDM Pro/SE/whatever) but I sort of understand that - I do find myself missing a lot about the Unifi OS. Coupled with the Unifi mobile apps which are really quite smart perhaps I will go back eventually.
 
Morning knowledgable folk! I have a question for you, which hopefully is an easy one, and just something I've overlooked. Yesterday I upgraded my USG and CKG2+ to a UDM-Pro. In doing so I have created a few little problems. It's this one which is making me scratch my head though...

I have various programs (Adguard Home, Bitwarden etc) running on a Pi on my network. This has a static IP of 192.168.1.200. I also have a static IP from my ISP. I set up Nginx Proxy Manager (NPM) to add Proxy Hosts for each program, to allow me to use https://PROGRAM.MYDOMAIN.co.uk to access them (along with Let's Encrypt SSL certs). The subdomains were set up on my domain. Up until the UDM-Pro install these have been working faultlessly. However, since then, I can't access them, as I get a 'NET::ERR_CERT_AUTHORITY_INVALID' error, which tells me that the SSL certs for the connections are invalid as they've been issued to 'unifi.local'. I have no issue in accessing each program via it's actual IP address (e.g. 192.168.1.200:81 for NPM)

What am I missing? It's surely a setting in the Network app on the UDM-Pro, though I set this up using a backup from the Network app on the CKG2+ (ensuring that the version numbers were the same). As I said, it's likely something really obvious, but I just can't see it myself :confused:
 
kosymodo said:
Yeah, the port forwards came across with the restored backup
Click to expand...
I think it's because the UDM also listens on the same port (443) for the UniFi Network Application, I remember reading about this and I can't remember if there's a workaround apart from having the DNAT rule on another port than 443, such as 8443 and forward to 443. I have a /29 so I just used another WAN IP for my own reverse proxy.
 
ChrisD. said:
I think it's because the UDM also listens on the same port (443) for the UniFi Network Application, I remember reading about this and I can't remember if there's a workaround apart from having the DNAT rule on another port than 443, such as 8443 and forward to 443. I have a /29 so I just used another WAN IP for my own reverse proxy.
Click to expand...
Ah, so that explains why it works on the old setup, and not on the UDM-Pro...I see now

I'll have a google to see whether I can achieve what you've suggested
 
You'll have to add the port you use to the end of the url, ie, my.domain.com:8443 if accessing externally, as otherwise it'll just redirect to the UDM port listening on 443. It's really, really annoying that you can't change the port that the Network Application uses, especially as most ISPs only supply a single static IP address.
 
Last edited:
ChrisD. said:
You'll have to add the port you use to the end of the url, ie, my.domain.com:8443 if accessing externally, as otherwise it'll just redirect to the UDM port listening on 443. It's really, really annoying that you can't change the port that the Network Application uses, especially as most ISPs only supply a single static IP address.
Click to expand...
Should that work if I test it from within my network? I've just tried to access NPM by specifying nginx.MYDOMAIN.co.uk:81 (was previously accessible through just nginx.MYDOMAIN.co.uk) and it didn't work (ERR_CONNECTION_REFUSED)

NPM settings are Source = nginx.MYDOMAIN.co.uk, Destination = http://192.168.1.200:81

Tried on my mobile too (with WiFi off) and it timed out
 
I’d just use a static DNS entry within your own network which resolves to the external URL, that’s what I do and it works with certs too. Although I’ve never tried it on another ports than 443.
 
ChrisD. said:
I’d just use a static DNS entry within your own network which resolves to the external URL, that’s what I do and it works with certs too. Although I’ve never tried it on another ports than 443.
Click to expand...
If I change the published ports for NPM in the docker-compose.yml file, will this work? Currently 80:80 81:81 and 443:443...so I'd change the last one to 8443:443. Or am I completely mistaken?
 
I think the issue with reverse proxies is that they listen to 443 and redirect to the external docker port based on URL mapping, ie, site1.domain.com to port 8443, site2.domain.com to port 8444 etc. If you land on 8443 then it will give a cert error and it will route you to the docker host URL. Can you change which port the RP listens on? That's why I mentioned about redirecting 8443 externally to 443 internally. I just haven't tested it.
 
Last edited:
@ChrisD. as an update - I've raised a support ticket with Ubiquiti, as I believe I've got a corrupt setting on my UDMP. Even though it's set up as new, I used the Network backup from my USG/CKG2+. I think something has corrupted, as I'm getting error messages saying gateway config changes aren't being saved, and, as far as I can see, I have no open ports, even though there are port forwarding and firewall rules in place (carried over from the backup). I suspect that as I don't have any UDMP backup to speak of, I'll actually end up setting up the Network app from scratch over the weekend, which I suppose has every chance of resolving the problems, and may resolve the NPM issue as well
 
Ah fair. That’s one of the reasons I set mine up as a new device and manually set it all up how it used to be with my old USG and Controller application.
 
Further update @ChrisD. - found some time this morning to take down my network and reconfigure the UDMP from scratch. All now working, thanks in part to someone on Discord sharing their docker-compose file with me, amending a couple of the published ports, and adding a couple of port forwards onto my fresh UDMP install
 
You must log in or register to reply here.
Back
Top Bottom