Adding Unifi to untangle

[RainCaster]

I have read through all the threads here about integrating NGFW and Unifi. They are all about adding NGFW to Unifi. I fall into the other category- I want to add Unifi to NGFW. I love their WiFi- most solid devices I have ever experienced. So I am using Unifi to manage the WAPs, and I want to isolate guest devices and IoT widgets from the rest of our home network. I intend to keep untangle as the firewall, that will NOT change.

Could someone provide me with a few basics to get started? Which must provide DHCP? What addresses must be used? (currently 192.168.0.x)
TIA,
RC

[sky-knight]

You're thinking about this too hard...

Untangle will never be in Unifi's controller, just as Unifi devices will never be in Untangle's controller.

ALL you need to know... is how Unifi devices find their controller!

There are two primary means, L2 discovery, and DNS. The latter is FAR more reliable.

So... you attach a controller to your network somewhere, give it a static address if you want, or tell Untangle to reserve it. Then hit up your dns tab and make a unifi.whatever.com record that aims at the IP the controller uses.

So magic bit to know. Untangle uses the domain that's in config -> network -> hostname, as the DNS Suffix when it passes out DHCP. So, whatever that domain is, you put the unifi. in front of it! If it's example.com in the domain box, your DNS record is unifi.example.com.

Once that's done, and the controller is responding. (test with your browser, https://unifi.example.com:8443) When unifi devices come online, they get IP addresses via DHCP like anything else. They get that DNS suffix as a part of that, and they go looking for a controller on the above name and appear for adoption.

It works all day, every day, FOREVER. You can easily make the unifi. record point at an IP in the cloud somewhere too if you want to use an offsite controller. In fact, this is SO EASY it's actually EASIER to support Unifi switches and WAPs behind an Untangle than it is behind a Dream Machine or USG!

[RainCaster]

So far, it's working. I had the key running already, and the WAPs found their master over L2 I guess. Had momentary disconnects every DHCP renew, though. This should solve that. Thank you for your quick response.

I have a small (8 port) Unifi switch connecting the WAPs and a few other devices in the house. All the servers & NGFW are in my office using a switch from another vendor.
I can't get any statistics or traffic analysis from Unifi except when using the Android app. Nothing from the key's web pages.

[sammy_cda]

That works slick Rob. Thanks!

[DWomack]

What am I missing here?

I have a u25w running 16.0.1 with my Home Pro license. It needs to be upgraded, I know. It is 32 bit Linux booting via BIOS. Upgrading moves to 64 bit Linux booting via UEFI. That involves taking the system and hooking up a monitor and keyboard, etc.

The issue I am having now is with UniFi. Things had been working well for several years. Then Ubiquity had an issue and said you should update your password. I did that.

I have a 1st Gen Cloud Key and a couple of AC-Lite access points. The Cloud Key has a reserved ipaddr in Untangle. The same is true of the access points.

That’s the only thing done in Untangle.

The problem I am having is with some wireless devices failing to acquire an ipaddr when their lease expires. Some devices also show high TCP Latency on the UniFi Dashboard.

Thinking the problem might be the Cloud Key, I loaded the controller software on a Raspberry Pi. Yes, there is a version for the Pi. It is a Java app. You have to install OpenJDK to run it.

That still didn’t fix the problem.

So what else specifically do I need to set in Untangle?

I see references here to setting a unifi. prefix in DNS. I don’t understand. Can you explain?

Thanks,


Dennis

[sky-knight]

That's a completely different problem, and you need to start your own thread.

However, I am aware of those symptoms... they've been plaguing Unifi owners all year!

If you're using anything older than Unifi Controller v6.1.71, with firmware v4.3.28.11361 you're going to have these problems. Because the Unifi switching and WAP firmware often breaks DHCP from other vendors.

I'm finding that Unifi Controller v6.2.25 with firmware v5.43.36.12724 is working more reliably, but I'm not quite ready to put my stamp of stable on it yet...

Bottom line all of the Unifi firmware that was released to fix DNSPook, dated late Jan 2021 onward are BROKEN with the notable exception of the most current two releases specifically where 3rd party DHCP is concerned.

As for the rest of the DNS stuff, I've said my piece. Forgive me but I was quite clear the first time, and I have kids to feed. If you want more hand holding than I've already provided here you'll have to pay for it.

Further on this topic, it seems several vendors have decided to use DHCP Option 43 to locate their controller. This is even easier to implement on Untangle because you just need to configure the DHCP service on the appropriate NIC to pass out that option, with an IP of the controller. No mucking about with hostnames required.

All of the above will hopefully wind up in an updated write up on my website someday. But for now, these comments will have to suffice.

[DWomack]

Rob I appreciate your comments. I am running the latest UniFi software versions you mentioned above. The problems still exist. Not stable at all.

To me this really soils what had been a stellar reputation for Ubiquiti and it is their fault.

Thanks for confirming there is a problem.


Dennis

[sky-knight]

Well, since you can't get Unifi gear at the moment I'm not sure their reputation is worth anything. They've been hit particularly hard in the pandemic, and I'm just praying the clients I have keep working because if they don't... I'm out of stock with no hope of replenishing it.

But yes, it's been a BAD YEAR for Ubiquiti.

[oj88]

Instead of reserved IP addresses, put static IP addresses on the Controller and UAPs.

IMO, network infrastructure stuff like switches, routers, and yes, access points, etc., shouldn't rely on higher-level protocols like DHCP to work.

[RonV42]

I've been running my Unifi behind my Untangle box for 3 years now with no issues. I have the 4 port Protectli as my Untangle appliance and have 5 switches and 4 ap running with no issues. I use static DHCP addresses handed out from the Untangle to all my unifi devices including the cloudkey Gen 2 (non-pro). I do agree in the post about using hard coded addresses in switching and other networking devices but I need to test out many configurations on the home lab VLAN that it was easier to just use DHCP.

In most networks the unifi management infrastructure is agnostic the router and other network services.