Ubiquiti adventures

I’ve recently upgraded my home network, primarily to get more secure access to it when I’m out and about, so I can use and control its resources on the move and at work. Virgin Media are my ISP, and while their latest Superhub 2ac is nice enough, its not a great front for allowing access to your LAN from the Internet.

So I picked up an Ubiquiti EdgeRouter X and an Ubiquiti UniFi AC-Lite access point, to use behind the Superhub 2ac just working as a modem. The setup hasn’t been without issues and wrinkles, so I thought I’d write some of it down to refer back to in the future and maybe help others working on a similar setup.

To start with, Superhub 2acs (and I think other older Superhub models) won’t deliver a WAN IP to a connected router in modem mode without being switched off for a few minutes first. I’m not sure why, but just using the web UI to switch to modem mode and reboot isn’t enough. Do that, then pull the power from the Superhub for a couple of minutes before connecting it back up. Your router should then get a WAN IP from the Superhub.

UniFi APs also get their configuration from a controller you place somewhere on your network. Ubiquiti sell hardware that has it preinstalled, but they nicely provide the bare software to let you host on your own hardware. I’d planned to host it on a Pandaboard (a little OMAP4430-powered ARM SBC), but given DNS and DHCP for my network already happens on my NAS and the UniFi controller is a similar class of network infrastructure, I setup a dedicated jail for it on my NAS instead.

Installing the controller software is painless. It’s Java-based, so it just needs a Java runtime, along with a database to write its config to. One that’s done, you configure a Wi-Fi network for it to manage and then power on your APs. The controller finds them automatically and sets them up.

That all went fine, until I pressed an innocuous little button marked Upgrade next to the AP in the interface. That upgraded the firmware to the latest (the AP was setup out of the factory with the prior firmware, so I was just one release away from being up-to-date), and then the AP stopped registering correctly with the controller and refused to be managed. It had a working config, so it continued to work, but I couldn’t manage it from the controller.

The trick was to downgrade it manually by getting the prior release of the controller software, SCPing it to the AP, and manually running an upgrade from the AP over SSH. A short time later and the AP had restarted and was happy to talk to the controller again. I’ve unticked the box that automatically upgrades connected APs, until Ubiquiti release new firmware to fix it.

So what could have taken less than half an hour, from powering on the EdgeRouter X to plugging in the UniFi AP, took the best part of 5 hours to troubleshoot and figure out.

Now to break it all again by configuring VPN access and some firewall rules.