Unifi: Doubling Down

After our EdgeRouter Pro blew up and I had to restore it to stock firmware (a shame, really, as I was quite fond of it otherwise) I started to think about what to replace it with.

The shine had well and truly worn off Unifi in my eyes in the last couple of years, but honestly… people who buy it and use it and leave it the fuck alone seem quite happy with it for the most part.

Looking at other things I could replace it with, all of them were either significantly more expensive, just as dodgy, or something homebrew that I’d likely have to mess with more than the OpenWRT setup. My objective is to spend less time doing silly network stuff.

So fuck it, in for a penny, in for a pound, and last week we’d saved up enough to drop the roughly A$1,000 on the UDM-SE. It arrived yesterday, and I got it most of the way configured just before bed time, but I didn’t feel like breaking a bunch of shit and then staying up late to fix it on a work night, so today I decided to break the internet over my lunch break and then immediately after work I could fix all the other stuff up.

This was mostly eased by the fact that I set static IP addresses for all the IoT bullshit, and copied all the other configuration over prior to decommissioning the old network stuff, so getting us back online amounted to powering off the ERP, “kicking” the connection on AussieBroadband via my phone, unplugging everything, plugging the modem back in, and then plugging each switch and WAP in one at a time, resetting them, and adopting them.

That left me with two issues to solve: BGP, and local DNS for that. Luckily, others have figured out the solution to this already. First I installed the on-boot scripts stuff (after checking the sanity of it carefully, I didn’t drop all this money to run some rando’s root script on it).

Next, I installed FRR following roughly these instructions: https://www.map59.com/ubiquiti-udm-running-bgp/

Finally, a boot script to add arbitrary local DNS and kick dnsmasq over similar this: https://www.reddit.com/r/Ubiquiti/comments/i9ft5u/so_heres_how_i_got_local_dns_records_working_on/?context=3

That leaves me with just a couple of things to fix up:

• I have not done network isolation yet. This should be doable (I definitely had it on the USG-3), but not as nicely as in OpenWRT.
• The alias interface on the WAN port for polling the modem.
• IPv6 - probably just needs turning on.

All of these can wait until the weekend I think.

The final issue is the LXD containers refusing to start, because once again MetalLB’s speaker is hogging the BGP port on all interfaces. I’m starting to realize that maybe this “held together with band-aids and duct tape” thing of having LXD and K8s containers on the same host is unmaintainable, so it’s probably better to just spend the time on making those few containers work under K8s anyway.

Author:

fwaggle

Published:

2023-05-10T18:05:00+1000

Modified:

2024-02-13T07:54:14+1100

Filed under:

• homelab
• networking
• unifi

Location:

Horsham, VIC, Australia

Navigation: Older Entry Newer Entry