I added the blue LED and a soft "press-n-hold" shutdown switch to the Pi case and wrote a python systemd daemon that polls the controller API to enable/disable the status LED according to the Site settings in the Unifi controller.
The case is from Amazon
Decided to take the plunge and go all in.
-UDM Pro connected with 10gb SFP+ to
-USW 24 PRO (Gen 2)
-Synology RS820+ connected with 10GB SFP+ to the USW24
- APC SmartUPS SMT1500RM2U UPS powering everything including cable modem.
- 2 UniFi AC HD Access points
- 2 Unifi In-Wall HD Access Points
- 1 Unifi AC Pro Access Point outside
- 8 Poe Camera runs but no cameras installed yet
The rack is located in a guest/jacket closet off the main foyer. I drilled a hole in the ceiling and am venting out the heat through the attic to luckily an unused vent in the roof. I am using a very quiet, low flow inline fan I bought here:
Wanted to give something back to the Reddit community as I learned a ton from everyone here.
Are you referring to the wire spade adapters or the (unlabeled) capacitor that attaches in the chime box? It actually sounds like your transformer isn’t powerful enough. I had the buzzing and weak ring issue with my original transformer. I replaced it with a more powerful one and have had no issue since. Ubiquiti specifies minimum of 20VA on the transformer. I went with a 30VA.
It was pretty simple. I used painters tape + an exacto knife to mask the underside, and used two coats of my go-to spray paint.
Blue ring is just as bright as before. I took great care to not directly spray into the crevice, and I think it worked well!
After two weeks, I’ve measure a mean signal loss of 1.2db. In the same timeframe I’ve pushed 6TB of data through it and haven’t noticed a difference.
I’ll most likely be doing this to a few more in the near future and can post a more detailed process with pics, if anyone is interested.
I’m also curious about, and me being me, will likely experiment with aerosol rubber, and vinyl.
I love it. I've had it for almost a year and never had a single downtime event, and I'm even on beta releases with auto-update. It supports my 1.5 Gbps WAN connection and allows me to run my local network at 10 Gbps. Have a U6-LR connected to it and I'm able to get 800-900 Mbps on WiFi too.
It's great for a homelab because it also allows many custom things, like running pihole directly on it, or routing VLANs through VPN providers like NordVPN, or running a web server. Basically, you can tweak the hell out of it if you know what you're doing.
It does have some features missing I would have liked, like IGMP proxy (multicast routing for e.g. IPTV services), WireGuard, dual WAN load balancing. Though you can now install custom kernels with multicast routing support or install the custom WireGuard kernel module, if you like to dabble in custom solutions.
Amazon - Wall Control
I just got a few of these for the tool bench a few weeks ago and are decent quality. Pair of them for $40. They're steel though when it comes to mounting APs on them.
Wall mount it and call it a day
Either one but the way it's sitting now is not only horrible for the radiation of the wifi but also as the other person said proper cooling.
Monoprice SlimRun cat 6A. Very thin and flexible, easy to bundle. Will break if you pull it too hard, but great for patch cables.
See Monoprice SlimRun .
If things are selling out too fast for email notification there is an app you can get on your phone called Web Alert that's even better. If you give it a website, it will check it every 60 seconds, and an alarm goes off when the page changes. I've used it to score Festool tools off their webpage where they sell reconditioned stuff, and that stuff sells out typically in 2-3 minutes.
I wanted enough juice to be able to keep the internet running for a couple hours after a power outage so I used some online calculators and made some educated guesses and determined I needed 1500VA. I was originally looking at a 1U form factor, but I found that 2U form factors use "standard" size replaceable batteries. Having a true sinewave as opposed to simulated sinewave output was nice, but not a dealbreaker. I narrowed down my search to this and this Cyberpower: https://www.amazon.com/CyberPower-OR1500PFCRT2U-Sinewave-System-Outlets/dp/B003OJAHVQ/ref=sr_1_3?keywords=cyberpower+1500va+2u&qid=1573238125&s=electronics&sr=1-3
The CyberPower was just a little cheaper but I like how this connects to the internet and lets you know the battery condition and when to replace them. And I bought into the APC reputation a bit. So far so good.
This sounds like a super fun project. I think there's a few questions I still have before I expect the most quality answer:
What's your upgrade budget?
What's the topography and vegetation like? Is maintaining line of sight an issue?
Is there any preprocessing that can be done on the drone to downsize the data throughput requirements? Compression? Etc. You aren't running every pixel of a 4k image into a classification NN are you?
Can you estimate the actual bits per second required for upload/download? I don't know howbig a 4k image is off the top of my head.
So here's my 2 cents as a HAM and general nerd:
Pull all the stuff off the wall, and mount a board, then mount everything to the board. A 2'x4' (1/4 sheet) of 3/4" plywood should be perfect. For the UPS you can get brackets that will allow you to mount the normally rackmount device flat against the wall (like this). For something dense like a UPS, and in a home setting, that will work better than a wall mount rack.
For cable management, get the sticky 4 way zip tie tiedown things (like this). And put a short screw through the middle of it. The adhesive will never hold. Plan out all the cable paths beforehand.
It's tempting to use velcro on the power bricks. Don't. The heat will make the adhesive fail, and you're left with a sticky mess.
In lieu of using a full blown Windows Server Domain Controller (DNS, DHCP, AD), I'm finding Pi-hole with Unbound to be a rather robust, yet simple all around solution for home/lab type networks. Toss a VPN Server on top and you've got quite the little utilitarian system with very low resource requirements.
All you need is the DACs
I've used these cheap ones from Amazon with out issues.
If that's the IP address of your NAS, then that would be the first place I'd look. Make sure there's no DHCP server enabled on your NAS. If that turns out to be a dead end, you could try installing LanDroid from Google Play. Then, open the app and tap LocalNet. It will show you your current IP settings, including the IP address of the server that assigned your DHCP address.
Edgerouter 4, EdgeSwitch 16 150w powering x2 UniFi AC Pro’s, x4 Hikvision (1xPTZ) cameras @ 48v, ubiquiti SPF’s from ER4 to ES16 MM fibre 0.5m, CAT6 to ES24Lite (not pictured) in lounge running skyTV etc etc
CAT6 Patch cables to requirement.
Cabinet from cablemonkey.co.uk
Hex blanking panels from amazon.co.uk StarTech.com Blanking Panel, 1U, Vented, 19 Inch, Tool-less, Steel, Black, TAA Compliant, Blank Rack Panel, Filler Panel https://www.amazon.co.uk/dp/B010USOQKQ/ref=cm_sw_r_cp_api_i_aZa7CbHM8Y44S
Shelf from cable monkey @ 300mm
There is no official way to do this on the UDM, but you can do it in command line using a custom script called split-vpn. The script allows you to route specific clients by IP, MAC, or VLAN through an OpenVPN or WireGuard tunnel, like NordVPN. It also supports kill switches.
having some of the same issue here... am intrigued (but gun shy) about this device: https://www.amazon.com/TalentCell-Uninterrupted-27000mAh-Wireless-Smartphone/dp/B07WLD32RP ... might be just the right solution... maybe?
(Lose the individual transformer wallworts... )
I have my UDMP connected via an SFP+ to Ethernet transceiver to the 2.5Gbps port on my Comcast router. That has worked well for months for me. I wasn’t able to use the Ubiquiti DAC cable for LAN connection to my switch until a later software update (One of the 1.8.x versions fixed that) I’m running 1.9.3 today with no issues. I’ll also note that in the UniFi controller it shows as connected at 10Gbps even though the link is 2.5
Here is the transceiver I use:
QSFPTEK 10G SFP+ Copper RJ45 Module 10GBASE-T Transceiver for Ubiquiti UF-RJ45-10G, Netgear AXM765, Mini-GBIC SFP to rj45 Module, up to 30m https://www.amazon.com/dp/B07VRQB2JW/ref=cm_sw_r_cp_api_glt_fabc_0D2WQV4NKEQCQ2VRJ6AX?_encoding=UTF8&psc=1
Another possibility is that there's damage to the cable somewhere along the line. I use a Klein ethernet tester to verify cables when I install/terminate: https://www.amazon.com/gp/product/B004CI9NRM
This is just a simple tester that will verify if the cable is terminated correctly at both ends, but it can't evaluate how good the signal quality is (the testers that have that capability are very expensive.)
Yes - Can confirm that this from Amazon does 2.5G on my UDMP's SFP+ port.
I use it to connect to the 2.5G RJ45 port on my cable modem, and it all works out well for me.
On the flipside of USG, try using a non-biased third party tester as a control test: https://fast.com
fast.com is owned and operated from the same servers Netflix uses to host their streaming service. They have a vested interest in identifying the sources of network issues in order to resolve or offload the blame for a customer outage as their payed for and provided service is 24/7 streaming HD videos.
Verizon (and other ISPs) has been known to white-list the normal speed testing sites and downgrade traffic to multicast. So I have issues trusting most speed testing sites due to the ISP fiddling with preferred protocols and paths.
Pi-Hole. So much better than anything you can roll yourself. You'll also be surprised at the amount of stuff talking out that really shouldn't.!!!
So easy to get up and running.
Not this script, but you can already officially do policy based routing with the Edgerouter as shown here that uses ExpressVPN.
Even easier. Get one of those on-off things you can plug into a socket.
You just gave me an idea to use an RTSP app on my phone.
Onvif IP Camera Monitor (Onvifer) - for Android seems to work well and you get the RTSP stream. I can't believe I never thought of doing this.
Like ElectroSpore said, if you want it just per-port, enable snmp and graph it with your favorite util. Netflow will have a performance cost.
I use LibreNMS to monitor my ERX. And the Edgeswitch. And every computer I have. And my UPS with a raspberrypi. And ...
No speedtest sites are accurate to measure gigabit speeds. Fast.com is the worst even speedtest.net is inaccurate.. many times I get 1+ gbps when my port itself is gigabit.
Nice work, good insights. I haven’t heard of coil whine on the UDMP, is it really bad for you? Depending on the voltage output and power consumption (and the fact you don’t care about your warranty) it would be pretty easy to swap, say like, a Mean Well power supply in there. Something high quality. Secure it down with double sided 3M tape or a single screw into an existing screw hole.
If you have a cheap multimeter and wire strippers, armed with the output voltage of the black and blue wires coming off the PSU and the max power consumption of the UDMP listed on UI’s website (it’s 33W), you could find a pretty decent replacement PSU that should solve your whine.
FYI not recommending you purchase the linked one, because I’m assuming the stock PSU output is 12V but this should be verified.
I have it set up exactly like that, purely to accommodate OpenVPN for AirVPN which doesn't work with USG. If/when Unifi updates USG with current OpenVPN version, I'll switch back as I prefer a single controller for all devices.
On my Pi console, I ran:
curl -sSL https://install.pi-hole.net | bash
Then I just followed the installation wizard, accepted all the defaults.
Their official page has more details, but it really was that easy.
Add APC Lithium Ion 1U UPS, connect the top 2 to the 1st and the RPS to the 2nd :-)
Mostly Amazon but they are still available on the UBNT store. Some are hesitant because of speed issues, Others because they have had problems connecting phones to their gen 1 gear.
I personally use option 2. I don't know what the max throughout of the USG is with OpenVPN but I can only assume it's significantly lower than dedicated hardware.
Option 3 is not like option 1 or 2. How would you use NordVPN (or any other 3rd party vpn service) to connect back to your home network?
It's PADD, a information display script to display stats for Pi-Hole. I had some Raspberry Pis laying around and thought that this would be an interesting application for one of them, although it does not make use of the 'touch' part of the touch-screen.
Small tweak: I set the refresh rate in the script to once every 5 minutes instead of every 5 seconds (default) because otherwise you see the screen flicker all the time which annoyed me and I don't have use for super real time stats anyways. The need for this tweak never occurred to me because I only saw this on images and hence I discovered that annoying flicker once I ran it on my Pi.
I wanted to see how practical it would be to mount my Ubiquiti USG-3P to the DIN rail in my small rack. It actually works pretty well- the mounts are long so you need a ton of clearance *below* the rail to snap these in, and if your DIN rail isn't super sturdy (mine isn't), then it may wobble the rail a tiny bit. I'm not sure if I'll keep using these, but I thought folks might find them useful. The Tinkercad link is here, and you can ungroup the shapes to see how I made it or modify it yourself. It's based on this original design here on Thingiverse.
Use whatever router you want but set up your DNS servers to be either OpenDNS FamilyShield or Norton ConnectSafe. I use OpenDNS at the router (ERL) and it works great. At some point your kids will get sophisticated enough to get around it but by then they'll probably be drinking and smoking anyway lol.
I'm guessing you have a 16vac transformer that's hardwired to power (usually they are in the basement mounted to a junction box). Find that, grab a 16vac plug in transformer like this https://www.amazon.com/Transformer-transformer-Compatible-Including-Honeywell/dp/B088PN111N/ref=mp_s_a_1_28?crid=9V1QMXOW0LS&dchild=1&keywords=16vac+transformer&qid=1631999144&sprefix=16vac+transformer&sr=8-28
And wire it to that, you can then plug into a ups.
I kinda admire the creativity of this one.
Honestly though a cheap plastic plate stand would probably work ok as an analogue to wall mounting, without wrecking the signal like this metal thing is liable to.
Amazon has a package that includes POE injectors:
Theoretically yes, but I find a purpose-built travel router is easier. I take one of these with me when I go places: https://www.amazon.com/dp/B07GBXMBQF
Advantages are that it only needs USB for power, can use someone else's WiFi as its Internet connection, and with the same SSID/PSK as our home WiFi set needs zero configuration on our devices.
I mostly carry it because it makes connecting a Chromecast easy/possible where it might not otherwise be.
call me ignorant but not sure what a PSU is, but it sounds like a UPS to me. If that's the case then this is what i use for all my gear. I have a small 9u tripplite cab that's mounted high up in my garage. A couple times it kicked in and ran for the duration of our silly brown/black outs (they lasted maybe < 30 minutes).
I ran one of those powering a USW 8 PoE 150, a few APs, a USG and some fans. Worked great. I’ve since moved to a rack in the garage but still use it for the USW 8 and an injector powering a USW Flex
Tripp Lite 550VA Audio/Video Backup Power Block UPS - Exclusive UPS Protection for Structured Wiring Enclosure (AV550SC) https://www.amazon.com/dp/B000WS0CRQ/ref=cm_sw_r_cp_api_i_HSWcFb3FJASS6
I'd recommend downloading Ubiquiti's WiFi analyzer app (Wifiman) and running a small site survey of your property. Only you are going to be able to determine if you're getting adequate coverage.
DO NOT just take the AT&T rep's word for it. I'd start by using your phone to adopt and update firmware on one of your UAP-AC-Lite's as aforementioned.
This may help: https://play.google.com/store/apps/details?id=com.ubnt.easyunifi&hl=en_US
You could spin up a UniFi Controller on almost anything, although it sounds as if you just want this to work with as little effort as possible and hopefully won't have to touch the access points again for a while... if ever. You could have introduced new devices in the past 2+ years which are potentially causing interference. So many variables it'd be difficult to wager a guess, but i'd start with the access points and not touch the Edgerouter if all the ethernet connected devices continue to function without issue. Best of luck with your situation. Keep us posted!
EDIT: The newer versions of the Edgerouter firmware have continued to get better and better. Running 1.10.5 right now and everything beyond v1.9 have been pretty darn stable from my experience. Only had my ER-X about ~18 months, however. VERY few issues.
You are in a very congested area. Your AP is receiving a lot of packets, probably beacons from other APs. Do a WiFi scan (e.g. using USurvey on your phone) or look at the neighboring access point insight page to see how many other APs are on channel 11.
If you want to learn more, this page explains in detail what is going on: http://www.revolutionwifi.net/revolutionwifi/p/ssid-overhead-calculator.html
How are you testing? What are the machines on each side? What firmware are you running? What Unifi console build are you running? Do you have VLAN's and are you crossing them?
Try fast.com - it's Netflix. If you're testing externally are you doing IDS/IPS? What is your upstream provider?
Can you do an iperf3 between 2 machines locally?
Stable (previous GA): Feature frozen, only bugfixes/security fixes, and we are pretty confident that this works well. Great for production systems that need to work. Current stable is 5.0.7
Stable Candidate (SC): Feature frozen, candidate for next stable but needs some more testing. Current SC is 5.2.6.
Testing (previous beta): This is feature frozen. We only apply bugfixes/security fixes but need more feedback to make sure they work. Current testing is 5.3.3
Unstable (previous alpha): This is the active development branch. Expect things to not always work, but you get a look at what's coming. Community feedback on these is key for our development. Current unstable is 5.4.0 (not released).
And as reference, here is Debian's explanation: https://www.debian.org/releases/
Sadly not woth an Alexa skill, you need to go through something loke Home Assistant. It isn’t for the faint of heart, and involves other hardware and some beginner to mid level coding. I have it working like that.
And yes, basically what is happening is that you have Apache set up to send HTTP responses on the standard HTTPS (443) port, which is non-standard. Since the browser receives an HTTP protocol response from what should be an HTTPS request, it will fail to load the page.
You could always install a self-signed certificate. It's less than ideal, as you'll get a security warning when attempting to browse to it, but at the very least, it'll give you an HTTPS response ( Here's a tutorial on how to do that: https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04 )
Alternatively, you could always use https://letsencrypt.org/ for a free certificate.
Highly recommended. Great post. Check out the WG Edgerouter releases for updates and a quick 'n dirty tutorial, along with wireguard.com for details.
To add on to the excellent advice in this reply. It would be pretty sweet if you used the money you saved to pickup a raspberrypi and install the unifi controller on it. A dedicated controller isn’t required but it’s fun to have. If you install it on a raspberrypi you could run pihole simultaneously with the unfi controller and really start to take control of your network. Pihole info: https://pi-hole.net/2017/05/12/seven-things-you-may-not-know-about-pi-hole/
Just did some digging, thanks for the heads up! The brochure sure made it sound like a UPS!!
I've decided to get this instead: Schneider 1U UPS -- hopefully that's closer to what I need for my mini-rack!
and these on each end. 10GBase-SR SFP+ Transceiver, 10G 850nm MMF, up to 300 Meters, Compatible with Cisco SFP-10G-SR, Meraki MA-SFP-10GB-SR, Ubiquiti UF-MM-10G, Mikrotik, N https://www.amazon.com/dp/B00U8Q7946/ref=cm_sw_r_cp_apip_mKkHCcru3hofG
I used THESE Ceiling mount plates when I had my AC Pro access points.
When I upgraded to the WiFi 6 Lite Access point (which are smaller), I used THESE retrofit mounts.
I don't remember the process, but you basically put the Lite AP in the retrofit mount, and then the Lite AP + retrofit mount plugs into the ceiling mounts.
It ends up being a very clean look, and completely covers everything in the ceiling.
I use this this one with UDMP: https://www.amazon.com/gp/product/B07P39G4XJ/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1
The modem is Arris S33, everything works perfectly fine. Getting 1.4G.
This one works great for me. https://www.amazon.com/gp/product/B078SNK1MY/ref=ppx_yo_dt_b_asin_image_o01_s00?ie=UTF8&psc=1
Works at all speeds 1/2.5/5/10 Gb/s
Have been using for 2 weeks now no issues. The only thing is the UDM Pro displays it as 10Gig when using any speed higher than gigabit, but its just a display issue. Still works just fine and speeds are correct when looking at link speed through windows.
Swap out the adhesive with some high tension Gorilla Glue mounting tape. I use the 15lb. stuff for usb hubs and the like and its a major pain to remove them after. If you use the 30lb. stuff it would be nigh impossible to remove without tools. As for the retention pin that's something I'm afraid I don't know how to prevent removal of.
Something like this?
Tripp Lite 550VA Audio/Video Backup Power Block UPS - Exclusive UPS Protection for Structured Wiring Enclosure (AV550SC) https://www.amazon.com/dp/B000WS0CRQ/ref=cm_sw_r_cp_api_i_tBWcFbPVDPJTM
Upgrading a client's sites, does Airbnb.
At the house each suite gets an IW AP. On the other end is a cloud key (not pictured), and a pfsense SG-2440 with guest traffic going out on a VPN. They had someone totrenting and got a notice.
Other SSID will be for their home office, no VPN.
Second site is an apartment building, rooms are fully furnished. Dual WAN there, also VPN for guest traffic. They also provide Netflix via Roku in all apartments, those get own SSID and vlan that's not capped or on VPN. Using the mesh AP there, best bang for the buck on AC spec w/ 802.3af
Probably the most advanced WiFi at an Airbnb or apartment.
VPN is using VPN unlimited, and AnonVPN, for redundancy. One set of three VPN servers per a WAN.
I've been using pfsense since m0n0wall days, this is pushing my limits. Fun though.
My Cloud Key is at 192.168.1.4
My server is at 192.168.1.8
ssh into UCK: ssh
apt-get install rsync
This link is helpful in setting up ssh keys and sending them to the UCK (although there might be a GUI option now) https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
My crontab entry (on my server @ 192.168.1.8) is this:
30 22 * * * rsync -rtalvp --ignore-errors --delete :/data/autobackup/ /run/media/emelbard/Data/UCK
OK, I figured it out.
smbutil statshares -m /Volumes/MyShare/
revealed that the Mac's connection to the SMB share was negotiated using SMB1.
I then looked at ~/Library/Preferences/nsmb.conf and noticed that it contained the following:
After deleting this and running smbutil again, I can see the share is negotiating using SMB3.02, and the performance seems to have increased to where it should be.
This seems to still be the current version (1.3.4), and APKMirror is a well-trusted source in the Android community.
Still not great it isn't available, but as far as unofficial downloads go that's as good as you're going to get.
Go into your UniFi devices in the UniFi interface, click your USG, click on settings, drop down services. Enable Hardware offload if not enabled already, Enable Offload Scheduler, and Enable Offload layer 2 blocking. Apply the changes if they weren't enabled. (sounds like these are already on but doesn't hurt to double check).
Afterwards, go into settings, select internet, select your WAN, drop down advanced, and disable Smart Queues if they are enabled.
Try fast.com as well, try google speed test. Try an actual download of a game for instance on steam if you have that
Cloud is not needed but is nice to have.
Why not setup the APs using a PC, leave it on for a few hours then turn off the PC and see if you miss the added features?
Could always host the controller for your friend.
Another option would be https://aws.amazon.com/free/ and host on aws
It is currently on sale on Newegg.
B and H photo and Microcenter also sell some of their devices.
I have bought many Ubnt devices from amazon, never had an issue with them.
First IP doesn't resolve. More than likely something spooled up in a VM.
The second is a site hosted through GoDaddy, an Akami name server.
Those may be legitimate, but you'll have to drill down your apps using a firewall to see which ones tried to communicate with those IPs to know more.
I use Steve Gibson's DNS Benchmark for that: https://www.grc.com/dns/benchmark.htm
Depending on time of day, Google is actually faster for me, but the privacy issues and with 188.8.131.52 in the top few for me, it was an easy decision to switch. I was actually using Quad9 so will be missing the threat filtering, but we'll see how Cloudflare does over time.
Like everyone said, the built-in Terminal app is adequate for SSH and other basic/intermediate tasks.
iTerm2 is awesome for a lot of customization and for more color rendering support.
And Homebrew makes the Mac experience that much better
This is actually edited to remove a lot of superfluous details.
I got this from the engineer who supplied plans for our construction (new home, approaching completion just now).
If you happen to be on a Mac though, I deisgned our floor plan in this software: http://www.sweethome3d.com
There is actually a great tool for this that is very popular among developers. https://www.charlesproxy.com
Charles proxy lets you intercept and decrypt ssl communication between your device and the internet. There are plenty of example of people using this app to inspect Instagram traffic.
No this is for the EdgeRouter, you cannot do these instructions on the UDMP. However, there is another project to run WireGuard on the UDMP called wireguard-kmod on the UDMP, which works with either openvpn or wireguard.
Interestingly, this update also seems to increase my WireGuard throughput on the UDMP. I have a WireGuard client on the UDMP to route UDMP-clients through Mullvad VPN, and my routing throughput with the VPN went from 500 Mbps to 900 Mbps for single streams. So this update seems to increase performance for single-streams that are limited by CPU in general, not just for PPPoE.
Thank you Ubiquiti!!
would this not be the more correct part https://www.amazon.com/FILSHU-IEC320-Adapter-Module-Connector/dp/B085BQ3NWD/ref=pd_sbs_8/136-3988880-1634307?pd_rd_w=5xoOn&pf_rd_p=3676f086-9496-4fd7-8490-77cf7f43f846&pf_rd_r=AKAVT544Y3FCNQGNW1R3&pd_rd_r=80f3e9b7-2189-42bc-b772-3e92ec3103e8&pd_rd_wg=8tzzA&pd_rd_i=B085BQ3NWD&psc=1
There is no support for this officially, but you can do it with a custom script in SSH. See the tutorial here.
Basically you create a VLAN, and use the script to force that VLAN through NordVPN, or whatever provider, as long as they support OpenVPN or WireGuard. NordVPN uses OpenVPN.
I bought this on Amazon a few months back - it’s made of metal and required no tools or brackets to Mount my AC-PRO:
Metal Desktop Stand Plate Holder... Metal Desktop Stand Plate Holder... https://www.amazon.com/dp/B089GFHZYG
I have a 2.5ghz cable modem connected using one of those inexpensive Amazon rj45 SFP+modules https://www.amazon.com/dp/B08KW4WTW9/. There's also another one mentioned in the thread that I've also used in the past and it worked well too. The big problem is with PON fiber modules that the carriers hand out.
I just bought this device and have installed opnsense on it. It seems like a nice replacement so far. For the AP's and switching I'm evaluating the Aruba Instant-on gear and it seems nice.
Sorry I don't quite understand. This script also uses policy based routing and not the radius server. Are you saying you can't route through ExpressVPN for select clients on the USG? I don't have a USG but I thought you could based on that guide and others.
I have this: Homedex 12U Network Rack Open Frame Server Rack Shelf Adjustable Depth 19.7"-32.5" Floor Standing Date Rock 4-Post Data Rack with Casters https://www.amazon.com/dp/B082XVLG91/ref=cm_sw_r_cp_api_glt_fabc_G031AH8W67G6V7GSGXKC?_encoding=UTF8&psc=1
How weather proof do you want to go? I would normally just use a weather proof electrical junction box or, if you want to go big, go with a weather proof surface mount box. Something like this.
If you haven’t ordered the Noctua fans yet , I’d recommend this one instead, it’s speed adjustable and really easy replace the stock ones. https://www.amazon.com/dp/B07FQLHCXL?ref=ppx_pop_mob_ap_share
Get a bag of these, then a handful of tapcons from the hardware store. You need a stucco bit. Predrill the hole with the masonry bit, replace the screw that comes with the cable clip with the tapcons and it'll hold the cable securely to the stucco.
This one? Says it runs on 12V if that helps.
CMVision-IR200 - 198 ( 850nm ) IR LED Night Indoor/Outdoor Long Range 300ft IR Illuminator w/ Free 12V Power Adapter ( Up & Down Position Adjustment only) 45 Degree Spot IR Light https://smile.amazon.com/dp/B004V9Z7ZY/ref=cm_sw_r_cp_api_glt_fabc_A6KCV82FB7REVG87R03M
I am settup the same way. This is the exact transceiver I am using.
By VPN client do you mean connecting to a VPN network like PIA or NordVPN, and routing clients on your network through that VPN connection? If yes, there's no official way to do it, but you can do this on a UDMP with a custom script called split-vpn. It supports any custom openvpn config and can force clients to the VPN by VLAN, MAC, or, IP.
Yeah, this one: https://play.google.com/store/apps/details?id=com.ubnt.unifi.protect
I can't remember off the top of my head (it's been several months since I set up the Cloud Key), but you might need to create a Ubiquiti account if you haven't already, and link the Cloud Key to the Ubiquiti account. As far as I know, the Unifi Protect mobile apps don't accept local accounts to sign in so you'll have to sign into the Protect app with your Ubiquiti account as well.
Also, I would sign into your Ubiquiti account and adjust the timeout setting under two factor authentication (once it's configured) to 30 days so that the Android app doesn't make you sign back in too often.
The WAN port is 1 gig, but I'm doing exactly what you're describing with an Arris S33 and its 2.5g port using the SFP+ WAN2 and an RJ45 converter. Works great and lets me use my over provisioned 1gig downstream. So I can pull about 1.5gbps down without being limited by 1gb modem connection,.
I have never looked at that list, I just use whatever Amazon says is compatible with Ubiquiti.
These are the modules I am currently running.
They work flawlessly with all of my devices.
A question from ignorance here. My electrical skills aren't where my technology ones are :)
Would you be able to use this transformer to run the G4 device.
Then put this transformer, across the wires to the 8V bell?
Could be nice, if my confused thinking is right?
> I need a router-AP set up that is able to handle up to 100 devices (users) at the same time simultaneously watching non-hd quality videos 24/7
Are all the 100 clients wireless or is it a mix?
No matter what, you are gonna need more than one wireless access point to handle 100 clients. Generally the best practice is having around 30 clients per access points. Long story short, you will need multiple access points to allow your end users to have a decent experience.
>I understand there is something called a gigabit switch and AP and the combination of those 2 produce what I am looking for. If you are looking for access points for the most bandwidth then you will want to look at the Pros models
Ubiquiti doesn't have any kind of product that is a switch with access points or a router/wireless combo
You can get a 5 pack for $610 on amazon
If the pro models are too much for your blood, you can get the LITE 5 pack for around $300
The other thing you need to take into consideration is that if 100 clients are streaming non HD video, they might be taxing your internet connection in general (your download speed is fine, its the upload that could potentially giving you issues too)
What is your budget?
The LocoM5 is getting a bit long in the tooth, isn't it?
A Nanobeam AC shouldn't cost much more - Gen1 16dBi is $77 on Amazon, and there's a handy suction cup window mount if you can't/don't want to drill holes in anything.
Not sure what you mean, but Amazon has them in stock slightly below MSRP: https://www.amazon.com/Ubiquiti-UVC-G3-UniFi-Video-Camera/dp/B01EZYTYLC
They are also in stock at the Ubnt store: https://store.ubnt.com/collections/surveillance/products/unifi-video-camera-g3
Eh the Unifi stuff is pretty damn poor at showing what websites people go to. It’s just lumped into a pile of data that gets put into the charts that someone can look at. It’s not that good at all at showing exact details. Either use something like ExpressVPN or change the DNS is your devices and try to avoid it if you think the are tracking you.
Generally, it's easiest if you put VPN client on one VLAN/SSID and non-VPN clients on the other. This how-to covers most of the setup necessary on a USG, but the general idea should cover the ER line as well:
That article assumes you want the untagged eth1 interface to go over the vpn. If you want say VLAN100 to go over the VPN, you'd specify the VIF for the modify "src_route" rule in the interfaces section.
Ugh, i really should write a blog post or something on exactly how I did it.
ENERLITES 0.625" Diameter Hole Phone Cable Metal Wall Plate, Corrosive Resistant, Size 1-Gang 4.50" x 2.76", 7761, 430 Stainless Steel, UL Listed, Silver https://www.amazon.com/dp/B07PPPV4KX/ref=cm_sw_r_cp_api_i_JWeoFb6VQC19Y
Drill two holes to mount. Super easy and sturdy.
SFP+ DAC Twinax Cable, Passive, Compatible with Ubiquiti ES-48/ES-16-XG/USW-Pro-24-POE/USW-Pro-48-POE/US‑16‑XG/US‑48, 0.5 Meter(1.6ft) https://www.amazon.com/dp/B06XHF7JSG/ref=cm_sw_r_cp_api_i_6RLgFbFM478EK
Set the ports to 1G instead of auto.
>I would consider myself technically inclined but a complete total noob in networking.
If you can handle setting things up in the Edgerouter, you should be able to handle the UDM. That said, if you don't plan on ceiling mounting the UAP-nanoHD's, you might look at this instead. At the FlexHD and nanoHD's normal prices, it's a tad cheaper, though I noticed the nanoHD is currently on sale on Amazon. When you do purchase, might not be -- who knows... ;)
As to question #2, yes, so long as the switches you select understand VLAN tags.
For #4, you have one single UI for creating wireless network SSID's / etc, and those settings are pushed out to all APs on the network at once (assuming they're all UniFi APs).
I don't have the experience needed to answer your other questions. :)
I just finished setting this up today mostly following the instructions on this page:
There's a few changes that I made for my setup though. I wanted to make it so that any device with an IP in the range 192.168.0.100-110 would automatically be routed through the VPN, so on the lines that referenced creating a nat rule and a firewall rule, I changed the IPs from 192.168.1.0/24 to 192.168.0.100-192.168.0.110 instead. I also did not have a switch0 in my setup so on that line I changed "switch switch0" to "ethernet eth1" which is my LAN facing port.
I actually just created groups under "Firewall/NAT Groups" for the ranges vpns_ips (192.168.0.100-192.168.0.110) and non_vpn_ips (which includes two ranges from 192.168.0.2-192.168.0.99 and 192.168.0.111-192.168.0.254) and then modified the NAT rule for the vpn clients to use the vpn_ips group and my main NAT rule (which the setup wizard called "masquerade for WAN") to use the non_vpn_ips group. This change effectively created a kill switch for the clients that I want to route through the VPN. Any client with an IP in the vpns_ips range can only get out through the VPN, and if the VPN goes down, those clients can't get anywhere.