bmartino1 Posted July 14 Share Posted July 14 (edited) 3 hours ago, PeteAsking said: You should test zenarmor. Works great as layer 7 filtering. I may have to revisit it. Its not quite on my to do list. I skimmed past it when following a youtube video for a custom ips/ids lists. They had a previous video that setup zenarmor. I didn't want to duplcate protect wan/lan https://docs.opnsense.org/vendor/sunnyvalley/zenarmor.html its more learning the opensene web ui xyz option is where. zenarmor: (older setup video....) So I took a stab at it... For my needs, trying the free edition only. It doesn't hit them... Edited July 14 by bmartino1 1 Quote Link to comment
bmartino1 Posted July 14 Share Posted July 14 (edited) a bit off topic. FYI you talked me into trying it... will give it a few days to see... ATM Zenarmor is not worthwhile for me... It does have great metrics, logs, and nice dashboard, I didn't want to use api, cloud control or remote app. Had to disable some currently enable that I believe have had better protection with ids/ips that zenarmor can supposedly do if I pay for it...(15 day free trial...) I can manually add to ids/ips and block what I need for free. I'm not paying a sub for services that are available for free and already implemented... Similar to adguard/pihole one can get similar forever list that work with ids/ips... Ok, Zen Armor (Paid Version) Trial is a nice adaption and a great IDS/IPS. After the 15 days. I will go back to the free version. Zenarmor home $10 amount sub is not bad. unifi needs better ids/ips but otherwise unifi still has me for the ecosystem. Edited July 15 by bmartino1 zenarmor opnsense is great 1 Quote Link to comment
mbc0 Posted July 23 Share Posted July 23 Hi! I have just moved to this docker from the old version and although I had some adoption problems, all is working great now, thank you! I just have a question that I thought I would ask here if that's ok as my setup is using unraid. I have 4 Unifi AP's that I manage with this docker, my in-laws have bought the house next door and seeing as I have full fibre I thought it would make sense to let them share our internet. I will be adding a 5th AP for them that will be meshed from one of mine but my question is can I just provide them with internet? I do not want them to have access to my network. I am running OPNsense on unraid as well if that helps? Many thanks! 1 Quote Link to comment
PeteAsking Posted July 23 Author Share Posted July 23 8 minutes ago, mbc0 said: Hi! I have just moved to this docker from the old version and although I had some adoption problems, all is working great now, thank you! I just have a question that I thought I would ask here if that's ok as my setup is using unraid. I have 4 Unifi AP's that I manage with this docker, my in-laws have bought the house next door and seeing as I have full fibre I thought it would make sense to let them share our internet. I will be adding a 5th AP for them that will be meshed from one of mine but my question is can I just provide them with internet? I do not want them to have access to my network. I am running OPNsense on unraid as well if that helps? Many thanks! If you create a vlan then you can segregate their network from your network. You need to have a unifi switch if you want to be able to do it via the unifi controller. 1 Quote Link to comment
mbc0 Posted July 23 Share Posted July 23 Hi, thanks for your reply, I do not want to add hardware, I can create a vlan with OPNsense I just cannot work out if it would be possible with my existing hardware as the Unifi AP would be meshed as I cannot get a physical wire to my in-laws AP Quote Link to comment
PeteAsking Posted July 23 Author Share Posted July 23 (edited) 1 hour ago, mbc0 said: Hi, thanks for your reply, I do not want to add hardware, I can create a vlan with OPNsense I just cannot work out if it would be possible with my existing hardware as the Unifi AP would be meshed as I cannot get a physical wire to my in-laws AP If you are plugging every AP into Opnsense it is possible. If you have other equipment in between its not possible. Meshed is fine also. What is impossible is having an ap plugged into a non vlan aware switch or port somewhere in the chain. Every device along the way to the client must be vlan aware for vlans to work and be configured correctly. When the client communicates with another device or out onto the internet via its gateway, the traffic is tagged by the first upstream vlan aware device (ie an AP in your case). From then on every hop must be via a device that is vlan aware, ie next hop is another AP where the tagged traffic is passed then to Opnsense. Then Opnsense reads the tagged traffic and decides what to do based on firewall rules and so on. If a packet passed a device that was not vlan aware it would be dropped at that point. Edited July 23 by PeteAsking 1 Quote Link to comment
mbc0 Posted July 23 Share Posted July 23 OK, thank you very much for the detailed reply! I need to have a think about the best & easiest way to do this as it is not my strong point! Quote Link to comment
wgstarks Posted July 23 Share Posted July 23 20 minutes ago, mbc0 said: OK, thank you very much for the detailed reply! I need to have a think about the best & easiest way to do this as it is not my strong point! You can use any brand of switch that support VLAN’s though. Doesn’t have to be Unifi. I know Microtik makes some fairly reasonably priced switches. 1 Quote Link to comment
mbc0 Posted July 23 Share Posted July 23 Thank you, I do have a GS1900-24 managed switch but I am using it as a "dumb" switch currently, everytime I have tried to configure a vlan on it, I end up factory resetting (almost certainly due to my lack of understanding) but it looks like I am going to have to try again! :--) Quote Link to comment
mbc0 Posted July 23 Share Posted July 23 If I were to configure a "guest" Wifi within the unifi controller for my in-laws, would that still allow access to the rest of my network? Quote Link to comment
PeteAsking Posted July 23 Author Share Posted July 23 10 minutes ago, mbc0 said: If I were to configure a "guest" Wifi within the unifi controller for my in-laws, would that still allow access to the rest of my network? Vlan is the most configurable option. Other options will prevent things like their being able to print to a wifi printer or use airplay and things like that. Best to do it properly with a segregated network. 1 Quote Link to comment
PeteAsking Posted July 23 Author Share Posted July 23 Tag 8.3.32-unraid is now available for testing 1 Quote Link to comment
bmartino1 Posted July 23 Share Posted July 23 (edited) 8 hours ago, mbc0 said: Hi! I have just moved to this docker from the old version and although I had some adoption problems, all is working great now, thank you! I just have a question that I thought I would ask here if that's ok as my setup is using unraid. I have 4 Unifi AP's that I manage with this docker, my in-laws have bought the house next door and seeing as I have full fibre I thought it would make sense to let them share our internet. I will be adding a 5th AP for them that will be meshed from one of mine but my question is can I just provide them with internet? I do not want them to have access to my network. I am running OPNsense on unraid as well if that helps? Many thanks! Unless your trying to remove the lan with the same ssid/wifi in a true mesh.... I don't see why you wouldn't run a cable and setup the AP for the house next door in guest mode. ? https://help.ui.com/hc/en-us/articles/115000166827-UniFi-Hotspot-Portal-and-Guest-WiFi you can target the one ap and set it up to do that, no vlans required. to clarify the ap next door would be connected to the mesh you would add a second guest ssid out of the same ap in this setup. just poe lan(for power only_) and ap is required in this case... Edited July 23 by bmartino1 youtube link to help(old interface may be need for some settings) 1 Quote Link to comment
mbc0 Posted July 23 Share Posted July 23 4 minutes ago, bmartino1 said: Unless your trying to keep the same ssid/wifi in a true mesh. I don't see why you wouldn't run a cable and setup the AP for the house next door in guest mode. ? https://help.ui.com/hc/en-us/articles/115000166827-UniFi-Hotspot-Portal-and-Guest-WiFi you can target the one ap and set it up to do that, no vlans required. to clarify the ap next door would be connected to the mesh you would add a second guest ssid out of the same ap in this setup. just poe lan and ap is required in this case... This sounds interesting! I have 4 AP's connected directly to my switch on POE, the 5th one would be in my in-laws house but connected wirelessly as we are detached, there is no realistic way of running a cable. I just want to provide internet to them, nothing else! I will have a read of that link, it sounds perfect if compatible with my setup! Quote Link to comment
bmartino1 Posted July 23 Share Posted July 23 (edited) sorry Trying to explain... I know it possible I have set that up before. I think the guest does use a built in vlan to accomplish it. The ap would broadcast both the mesh network and guest. Client devices next door would connect to guest only... guest would use the mesh for connection. you can even set a differnt subnet such as next door is 192.168.2.x while your lan and mesh is 192.168.1.x ... I will glady assist where I can as i have set this up before. A min of 3 AP is required to setup a mesh. you have 4 which is great, and the 5th setup next door. Side note, with a unifi pro you could get a lan cable as well. over there added to the guest network... https://store.ui.com/us/en/collections/unifi-wifi-flagship-high-capacity/products/uap-ac-pro the AC pro comes with 2 nics, i was setting wifi bridges for VOLO(volo.net) work back in 2010 and recently a few months ago between friends/neighbors.... Your mileage may vary. As we had a udm pro and USG using site magic and other to help set certain settings that may not be available with just the docker... (example the docker iwht out a unifi switch may not have access to certain network settings...) Proof of concept though this is feasible. With just the APs only... the mesh acts as a wifi bridge to the ap next door. the ap next door is alos added to the guest network and the geust network is accessible through the mesh. the guest network is isolated form your lan and is internet only. the guest can be its own home group/lan group on that guest wifi... Edited July 26 by bmartino1 devie info Quote Link to comment
mbc0 Posted July 23 Share Posted July 23 1 hour ago, bmartino1 said: Hey! I really appreciate your time in answering! I will glady assist where I can as i have set this up before. A min of 3 AP is required to setup a mesh. you have 4 which is great, and the 5th setup next door. - Very Kind!! Side note, with a unifi pro you could get a lan cable as well. over there added to the guest network... https://store.ui.com/us/en/collections/unifi-wifi-flagship-high-capacity/products/uap-ac-pro Not sure what you mean by this? I have a mixture of 2X U6 Pro, 2X Lite, 1X LR. I was going to connect the AP in the in-laws house to POE for their network, which only consists of 5 IP Cameras, 1 Laptop, 2 phones, 1 Tablet and a TV. Can only a Pro device manage this? the pro comes with 2 nics, - I have U6 Pro and they only have one NIC? Quote Link to comment
bmartino1 Posted July 23 Share Posted July 23 2 hours ago, mbc0 said: PM U6 pro will be fine just informing you of older generation ac-pro that has a second nic that could be used for a wifi bridge. it is better to stay on the same wifi extension and group, ie Unifi 6 with unifi 6 for best compatibility ac pro uses Wifi5 802.11ac while unfi 6 uses wifi 6 ?802.11ax? with unifi next gen supporting wifi 7 1 Quote Link to comment
mailmonster Posted July 24 Share Posted July 24 How can i update the unifi Software within the docker? Kind regards Chris Quote Link to comment
PeteAsking Posted July 24 Author Share Posted July 24 57 minutes ago, mailmonster said: How can i update the unifi Software within the docker? Kind regards Chris Its on page 1 but essentially you change the tag to a tag of your choosing. Quote Link to comment
bmartino1 Posted July 24 Share Posted July 24 (edited) 9 hours ago, mailmonster said: How can i update the unifi Software within the docker? Kind regards Chris @PeteAsking front page doesn't have the latest tag updated there yet. atm: 8.3.32-unraid Current recommended Home User tag: 11notes/unifi:8.2.93-unraid so go to the docker tab in the Web UI Stop the docker. Edit the unifi reborn docker Select the advance switch at the top right of the page Look for repository option change the repository to 11notes/unifi:8.3.32-unraid scroll down and click save/apply Edited July 24 by bmartino1 Quote Link to comment
PeteAsking Posted July 24 Author Share Posted July 24 8.3.32 is still being tested 2 Quote Link to comment
PeteAsking Posted July 26 Author Share Posted July 26 8.3.32-unraid tag is tested and available for home users in production. 2 2 Quote Link to comment
bmartino1 Posted July 31 Share Posted July 31 Not sure if you want to share to 11 notes: https://community.ui.com/questions/UniFi-Installation-Scripts-or-UniFi-Easy-Update-Script-or-UniFi-Lets-Encrypt-or-UniFi-Easy-Encrypt-/ccbc7530-dd61-40a7-82ec-22b17f027776 ^ looks promising for self hosting... Finished a crude setup instance for this as a lxc: https://github.com/bmartino1/Unraid-LXC-Unifi No issues with tag 8.3.32-unraid tag Thank you for keeping this docker up to date and maintaining it for the community! Quote Link to comment
bmartino1 Posted July 31 Share Posted July 31 (edited) also want to throw the warning out there that mongodb 4.4 is EOL. This is not necessary a bad thing. I'm not sure if/when unifi plans to upgrade into the next gen or current release of mongdb.. https://community.ui.com/questions/Supported-Mongodb-version-is-EOL/6a97712b-2a58-4d96-8733-14b18c3ca063 something to ask 11notes on how we will proceed on this? https://www.mongodb.com/legal/support-policy/lifecycles Edited July 31 by bmartino1 Quote Link to comment
bmartino1 Posted August 1 Share Posted August 1 This docker is still great! Here is another option for user wanting more terminal and other control. With issue coming up with unraid ipvlan/ macvlan and with unifi response, or lack of one regarding EOL mondb4 With Much Help form ICH777 and others. We now have a stable working easy to implement lxc container: 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.