I treated myself to an Ubiquiti UniFi Security Gateway (USG) this week, bought off Netxl but Via Amazon (as it was cheaper). The setup was not quite as straightforward as the AP I installed a couple of months ago. In doing that I had played with installing the Controller software on a DietPi VM (what a surprise) and hit a couple of issues around Java.
Although that setup worked, I was never comfortable with it and I have subsequently discovered this amazing script to install the UniFi Controller – thanks Glenn. Being on a VM, I just rolled it back to the base snapshot and started afresh having first exported the configuration and then just loaded the backup in to the new instance – easy. He also has an update script which will also update the client firmware if you like – awesome. They both just work! The Controller software was asking to be updated so I did that first.
I didn’t write up anything about setting up the AP; it just worked. I created WLANs with an SSID/Password combo to match the existing networks so there was no need to go round reconnecting everything. The AP is so much better – I used to have major issues with my work VPN as it kept dropping out when on WiFi (fine on a wired connection). It is now rock solid.
I’d hoped that the USG, like the AP, would just plug into the network and off it would go – but it didn’t. This was partly a lack of understanding on my part and a little more info required in the Quick Start. To cut a long story short, this is what you need to understand:
- The factory firmware is probably way behind and the UI is much improved and expanded so you need to log in by SSH locally to do that.
- The USG wants the WAN network and LAN network to be on different subnets (assuming you are behind a home router). You therefore end up with 2 DHCP servers one on the Home Router for the WAN port on the USG, and the other on the USG for the rest of your network.
- The USG takes a while to boot – be patient.
- This also assumes you have disabled all the WiFi connections to the Home Router.
I have got quite a lot of hard-coded IPs on my network and they often expect a specific default gateway so I needed it to slot in where the Home Router left off.
To get it up and running:
- Make sure only one thing is plugged in directly to the Home Router so you can insert the USG between your network and the Home Router (your WAN).
- Connect the LAN1 port on the USG to a standalone computer (need a cable and turn off the wireless so forcing it onto the wired connection), and the WAN port of the USG to your normal network (or the Home Router).
- The USG will boot with the WAN connected to a DHCP IP from your network, and the LAN1 IP (and the computer) on a different subnet.
- Get the IP of the USG from the computer (it will be the gateway) and SSH into it using the default credentials ubnt:ubnt.
- Upgrade the firmware as per these instructions (just type ‘upgrade and the URL of the firmware).
- Once it has rebooted, go to https://setup.ubunt.com and use the UI to do some initial configuration.
- For me this consisted of
- Setting the USG LAN IP to the current IP address of the Home Router and configure the DHCP range again to match the Home Router setup (don’t save yet).
- Changing the IP address of my Home Router to a different subnet (e.g. from 192.168.1.1 to 192.168.10.1) and the DHCP range appropriately (don’t save yet).
- Changing the USG WAN settings to work with the new subnet of the Home Router (you could just leave it to get a DHCP address).
- First then, save the configuration on the USG – it will reboot. You will need to unplug the network cable from the computer to force the computer to pick up a new IP – be patient at this point. You will not have any internet on the computer (as the WAN cannot connect – yet).
- Save the Home Router configuration – you might need to force a reboot. Unplug your network from the Home Router and plug it into LAN1 port of the USG. Now the Home Router is connected to the USG WAN port, and the rest of your network to the LAN1 port.
- You should now be able to adopt the USG in your UniFi Controller and everything still works. The one fly for me was that the Network had not been configured correctly and it moved from my specified IP to a X.X.X.1 IP. Manually changing that in the controller was easy enough.
I just now need to work out how to harness the power! My next task is use it for DDNS and a VPN connection.
- Follow the steps on this KB to update the USG offline or SSH if have the internet access on USG https://help.ubnt.com/hc/en-
us/articles/204910064-UniFi- Changing-the-Firmware-of-a- UniFi-Device#USG2
- Then follow this steps to change the LAN IP of the USG https://help.ubnt.com/hc/en-
us/articles/236281367-UniFi- How-to-Adopt-a-USG-into-an- Existing-Network