Results 1 to 9 of 9
  1. #1
    Newbie
    Join Date
    Jan 2021
    Posts
    4

    Default Replacing USG with Untangle

    Hello,

    I'm trying to replace the USG in my home network with a custom Untangle server.

    Behind the USG, its all unifi switches with a selfhosted controller in the cloud.

    I have a few vlans setup with USG as dhcp. I've tried mirroring existing vlans, with dhcp, on the Untangle and then replacing the USG, but without luck. Clients don't get IPs.

    Does anyone have experience with unifi and can give any pointers to what needs to be done on the unifi side?

    - Kim

  2. #2
    Untangler
    Join Date
    Jan 2019
    Posts
    90

    Default

    You shouldn't have anything to do on the Unifi side (except updating the DHCP guarding options if you have those turned on).

    Running an old USG install on the controller is a bit weird, because a lot of the configuration is unused, but you don't know which portion (the controller doesn't clearly indicate which fields/options are used by the USG or the switches or the APs).

    A lot of the "network" config in the controller is now unused. If you have a bunch of VLANs marked as "corporate" or "guest", I suggest you eventually migrate them to "VLAN", which has very little config, as it should be. But I this is not required to make your install work.

    If you use static IP addresses in your VLAN devices, are you able to connect through the VLAN? Can you ping the UT box on the VLAN? In other words, is it a general networking issue or specifically a DHCP issue?

  3. #3
    Newbie
    Join Date
    Jan 2021
    Posts
    4

    Default

    Thanks,

    I didn't have the chance to explore much, before connecting the USG back, with two teenagers and the wifey getting grumpy...

    Untangle sees and assigns IPs to the switches and APs, but computers are stuck with no connectivity. (no IP assigned)

    My unifi vlans are all the corporate kind, I guess I will have to go through all settings and turn of any dhcp action on that side.

    On Untangle I have 192.x.1.1 set up on internal, same as LAN on unifi, the rest are vlans.

  4. #4
    Master Untangler
    Join Date
    Oct 2017
    Posts
    162

    Default

    I have the same set up as you with unifi AP’s, switches, cloud key plus and a protectli i5 appliance. I got tired of the lack of features and issues with that USG pro. It now stays on the rack as a back up. Did you remember to set up the VLAN’s on untangled as well as the unifi network? You need to attach each VLAN to the interface you want to use in on with untangle.

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,414

    Default

    Untangle needs to be attached to a Unifi switch on a port that's in the all port group.

    Then you make VLAN interfaces on Untangle as children to internal for all your VLANs. This includes an IP configuration, dhcp services, etc.

    It sounds like you got the internal interface configured to work with the untagged stuff, you just didn't put in the tagged interfaces as static with the IP configurations needed for them to get online.

    Internal traffic will flow automatically as Untangle blocks nothing by default.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Newbie
    Join Date
    Jan 2021
    Posts
    4

    Default

    Thank you all, got it up and running as planned eventually.

    In theory it was as easy as turning off all dhcp on unifi and recreating the vlans with dhcp on Untangle before dropping it in place of the USG.

    In practice, my interfaces kept changing on reboot, so I wrote a .link file as per directions from sky-night in another post. That worked until I wrote a second .link file for the other network card. That killed the vlans, so I deleted the file again and got connectivity back. Hopefully it will stay persistent. Not sure how to write this .link file to handle vlans also.

    So, after some trial and error, all is well. Now to go and look at some slow tv; Sessions Minute by Minute
    CMcNaughton likes this.

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,414

    Default

    You don't need to .link VLAN interfaces only physical ones, and you use a single .link file for all interfaces when you make them.

    But yeah, that's how you force Debian to stop moving your stuff around, annoying that we have to do it... but there it is.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Newbie
    Join Date
    Jan 2021
    Posts
    4

    Default

    Yeah, thought I would be clever to make two linkfiles, one for each card. They were just for the physical ones, mapping mac adress for each card to eth0 and eth1.

    After adding the second file mapping one physical card to eth1, the vlans died on reboot. The two physical interfaces worked just fine, with Wan connectivity on External and Internal handing out dhcp to the switches.

    Looking at the internal interfaces, the virtual ones are seemingly trying to rename as well, stuck named as rename.xxx.

    I played around with some settings first, i.e. insisting that all network interfaces are named purely by MAC address etc. Debian might be trying to rename the virtuals by mac adress as eth1 too, I dunno.

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,414

    Default

    As far as I'm aware Untangle configures VLAN interfaces with a defined parent, that defined parent is mapped to a name.

    So... if you have 3 VLAN interfaces as children of Internal, and Internal's ETH interface changed... you're going to have to reconfigure those VLAN interfaces to bind to the new parent. But now that the parent is appropriately static, it shouldn't bug you anymore.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2