|
Rakeris posted:So you don't have to use the gateway but it has it's own downsides, I use the dumb switch bypass (easy to find on google) for it, which works really well however if your power goes out you have to connect the gateway back to the ont for a couple seconds and then you can unplug it again. There's a newer authentication method being rolled out where the bypass doesn't work anymore. It may work for now, but if AT&T changes things, it'll stop working. https://www.dslreports.com/forum/r32839785-AT-T-Fiber-Gateway-bypass-with-WPA-supplicant-stopped-working-2-days-ago
|
# ? Mar 24, 2021 19:28 |
|
|
# ? Mar 29, 2024 10:50 |
|
SwissArmyDruid posted:UDM (the Trashcan Mac, non-rackmount one) also demands that you create a Ubiquiti cloud account with no options for local credentials only, before you can access any functions. It won't even function as a dumb switch in the meantime. Netgate has had a few interesting scandals/history of hating open source, including one this month regarding some apparently ludicrously insecure and rushed security code
|
# ? Mar 24, 2021 19:32 |
|
Biowarfare posted:Netgate has had a few interesting scandals/history of hating open source, including one this month regarding some apparently ludicrously insecure and rushed security code worse they were trying to pushed a bloated and buggy version of their code into freebsd upstream and threw a tantrum and a half when the guy who defined the wieeguard protocol stepped in to rewrite it from scratch
|
# ? Mar 24, 2021 20:02 |
|
skipdogg posted:There's a newer authentication method being rolled out where the bypass doesn't work anymore. It may work for now, but if AT&T changes things, it'll stop working. Weeeelll that blows, hopefully the rollout is as painfully slow as most things att does.
|
# ? Mar 24, 2021 20:48 |
|
Biowarfare posted:Netgate has had a few interesting scandals/history of hating open source, including one this month regarding some apparently ludicrously insecure and rushed security code Yeah, I did read about that, but the STH article that I read seemed to pass it off more as "this code needs more time, don't use it for now". Since moving my VPN's configuration over to the router is more headache than I care to put up with, I was intending to just keep using it at the client level, but you make it sound like there's actual fighting going on. SwissArmyDruid fucked around with this message at 02:01 on Mar 25, 2021 |
# ? Mar 25, 2021 01:58 |
|
Hello everybody, I'm moving to a new place and need to setup my own network. I read the router recommendations in OP and "TP-LINK Archer C5 (AC1200) $75-$120" suits my situation. Given that the OP was last edited nearly 3 years ago, does this recommendation still hold up?
|
# ? Mar 27, 2021 16:06 |
|
Well, it's not going to not work, but it's not part of their current range anymore. The C6, C7 and C8 still are, though. It's a 2x2 device that promises 867Mbit/s, with the usual disclaimers, ie. that's the best-case maximum connection speed you can get if you're very close to the router, and actual throughput will be around 60-80% of that. 500Mbit/s is faster than most internet connections, so it's not going to be a bottleneck in that regard. Most client devices are 2x2 aside from high-end laptops and such that are 3x3 or very rarely 4x4, so realistically an AP that claims to be faster on paper will end up at the same speed in real world use. What you'll be missing out in comparison to the newer 4x4 and 8x8 routers is the fancy-pants beamforming, optimization for multiple client devices and other tricks high-end routers can use to increase signal strength for devices that are farther away. You also won't be getting Wifi 6 (802.11ax), but very few devices support that at the moment. Plus Wifi 6E is coming out with a wider frequency spectrum and current Wifi 6 devices will (probably) not be able to support that. So it'll work, but I wouldn't buy it unless it was 50% off or something. KozmoNaut fucked around with this message at 16:56 on Mar 27, 2021 |
# ? Mar 27, 2021 16:33 |
|
At that price range I'd be looking at the A10 (currently $99@ Amazon) or the AX50 (currently $129@ Walmart). Depending on if you have more devices connected to 2.4ghz using 802.11n or if you rather be able to support WiFi6.
|
# ? Mar 27, 2021 20:38 |
|
Is there a recommended USB wifi adapter, and/or PCIe wifi6 adapter? My current USB one is getting flaky, and I'm considering getting a wifi6 router, so if I'm buying something anyway wifi6 support is a plus. PCIe wifi6 are all based on the same intel chip anyway I think.
|
# ? Mar 27, 2021 23:57 |
|
Xaintrailles posted:Is there a recommended USB wifi adapter, and/or PCIe wifi6 adapter? My current USB one is getting flaky, and I'm considering getting a wifi6 router, so if I'm buying something anyway wifi6 support is a plus. I've been using the TP-Link TX3000 PCIe adapter and it's great in that I have had no problems whatsoever.
|
# ? Mar 28, 2021 00:53 |
|
SwissArmyDruid posted:UDM (the Trashcan Mac, non-rackmount one) also demands that you create a Ubiquiti cloud account with no options for local credentials only, before you can access any functions. It won't even function as a dumb switch in the meantime. Anyone who is at the level of using unifi at home and doesnt have 2fa enabled and rolling passwords via something like bitwarden almost deserved to be breached. That being said, while setup requires a cloud account you can actually use local information and cut it off from their cloud services. It's just kind of dumb to do that when the cloud access gives so much ease of use. Unifi's market for SMB, prosumers, IT home labs, and rich people with on call IT. It's really not built for your average consumer. I only recommend it to people with a bit of savvy or deep pockets. As for netgate....the people above have really said it all. They are not exactly a paragon of virtue.
|
# ? Mar 29, 2021 15:47 |
|
And as I've said before: If you can't bootstrap it from ground zero without an internet connection, you don't actually own it. I do not feel like paying $300 to not own the gateway I paid for.
|
# ? Mar 29, 2021 17:59 |
|
SwissArmyDruid posted:And as I've said before: If you can't bootstrap it from ground zero without an internet connection, you don't actually own it. I do not feel like paying $300 to not own the gateway I paid for. I got a UDM-Pro for my parents, ostensibly for simplicity but the remote interface won't even let me issue an update remotely and I'm almost afraid to do so now. I've gotten much more comfortable with the CLI on the EdgeRouter 4 now (since I have one here) and I'm tempted to just replace their UDM-Pro with an ER-4 and then put a Cloud Key there, or run it from my place over a WireGuard tunnel.
|
# ? Mar 29, 2021 19:19 |
|
Thread question, I don't know how viable this really is (or if this is exactly the right place to ask?): I'm going to need to get a personal computer again soon, but I'm working on a budget. The performance envelope for budget desktops is obviously much beefier than for budget laptops, but desktops are... desktops. Has anyone had luck with buying a cheap-to-very-cheap laptop and remoting into a desktop for performance-intensive stuff? Mostly I'm concerned with a bit of computational biology, but if it's viable for gaming that would be a big bonus. I haven't played with remote desktop software in years, but all I remember from back in the day was that it was a laggy nightmare. Is there anything on the market right now that is reasonably fast and not a total pain to set up? Ideally I'd want to do both ethernet and IP, but if it only works well over ethernet that might still be ok.
|
# ? Mar 29, 2021 19:55 |
|
movax posted:I got a UDM-Pro for my parents, ostensibly for simplicity but the remote interface won't even let me issue an update remotely and I'm almost afraid to do so now. I've gotten much more comfortable with the CLI on the EdgeRouter 4 now (since I have one here) and I'm tempted to just replace their UDM-Pro with an ER-4 and then put a Cloud Key there, or run it from my place over a WireGuard tunnel. Update the controller and firmware to the latest beta. Has configurable automatic updates. Also you can remotely update it through ssh.
|
# ? Mar 29, 2021 20:45 |
|
Tuxedo Gin posted:I've been using the TP-Link TX3000 PCIe adapter and it's great in that I have had no problems whatsoever. Danke, bought.
|
# ? Mar 29, 2021 21:31 |
|
Mirconium posted:Thread question, I don't know how viable this really is (or if this is exactly the right place to ask?): Like.. you want a laptop and a desktop in your house so you can remote into the performance desktop from the couch? Also game streaming? You're also on a budget? I suppose the ideal thing would be to get a minimum spec set top box that can do Steam/Nvidia remote streaming, and have that wired to your network, get a 200 dollar chromebook for couch which you remote into your desktop in the other room. The budget build is probably to get a desktop and use that.
|
# ? Mar 29, 2021 21:38 |
|
Mirconium posted:Has anyone had luck with buying a cheap-to-very-cheap laptop and remoting into a desktop for performance-intensive stuff? Yeah I do that all the time with my Unraid server running VMs. I use Chrome Remote Desktop mostly for typical desktop and Steam Link for gaming. I've got RDP and vnc by browser as options. Decent network helps.
|
# ? Mar 29, 2021 21:44 |
|
Rooted Vegetable posted:Yeah I do that all the time with my Unraid server running VMs. I use Chrome Remote Desktop mostly for typical desktop and Steam Link for gaming. I've got RDP and vnc by browser as options. Parsec is the best Remote Desktop option for gaming. It’s designed specifically for gaming so low latency is a big focus. Which also means it’s very effective as a general purpose Remote Desktop tool as well. https://parsec.app
|
# ? Mar 30, 2021 02:10 |
|
Ooo get mad Ubiquiti nerds (including me): https://mobile.twitter.com/superdealloc/status/1376626243865604100
|
# ? Mar 30, 2021 02:40 |
rufius posted:Ooo get mad Ubiquiti nerds (including me): This doesn't seem all that bad to me
|
|
# ? Mar 30, 2021 06:10 |
|
I mean, that screen shot is going thru unifi.ui.com, the cloud management shits. I have all that off anyway, i just use it on a local hostname and i'd be real surprised if it showed up there.
|
# ? Mar 30, 2021 07:32 |
|
fletcher posted:This doesn't seem all that bad to me I don't have a nice way of saying this, and may very well catch a probe for this, but people like you are the reason that (X)aaS exists.
|
# ? Mar 30, 2021 07:50 |
|
Advertising. In your network management.fletcher posted:This doesn't seem all that bad to me It is intensely bad. It's on the level of Samsung sneaking advertising into the channel guide and selection screens on their TVs, just massively making GBS threads on their paying customers. E: Read the thread. They're brazen enough to call it "not an ad, more like a new look", for something that steals 1/3rd of the screen space for advertising. I'm glad I went with Mikrotik instead of Ubiquiti. KozmoNaut fucked around with this message at 08:47 on Mar 30, 2021 |
# ? Mar 30, 2021 08:41 |
|
Sniep posted:I mean, that screen shot is going thru unifi.ui.com, the cloud management shits. I have all that off anyway, i just use it on a local hostname and i'd be real surprised if it showed up there. I don't know if it always looks like this, I just got my UDMP and switch, but the local interface with the new UI has a fat ad at the bottom: Will it still be there when they finally ship my U6-LR? Who knows. I will say, other than an extremely limited UI compared to the theoretically worse Asus router I had before, and a weird IPv6 issue with Comcast, I like the hardware.
|
# ? Mar 30, 2021 09:01 |
|
SwissArmyDruid posted:I don't have a nice way of saying this, and may very well catch a probe for this, but people like you are the reason that (X)aaS exists. You're not going to catch a probe for it, but its a pretty silly thing to say. There are all sorts of reasons IaaS / SaaS / PaaS / *aaS exists, and it's not because someone doesn't mind that an ad for a manufacturers product got injected into one of their interfaces. And it's not like *aaS is bad and if you use it you should be ashamed of yourself or are somehow less of a technical ubermench or something. I'd be more worried about people who straight up refuse to use *aaS.
|
# ? Mar 30, 2021 14:43 |
|
Is there a firewall distribution for x86 systems that’s a bit simpler than opnsense/pfsense. My pfsense install shat the bed when upgrading to 2.5 and got stuck in a boot loop. Now I’m back to working out the minor details to get things working again. All I really need is all outbound WAN connections run through a VPN service at 1gbps. I *had* pfsense doing this with multiple OpenVPN connections and then load balancing gateways. But damned if I can get it to do it again. I also had a couple of separate VLANs setup to isolate some IoT devices, but allow access to one or two services inside the network. But I don’t really need that any more. Complicated things are fine and good, if you can remember how to use it between the 3-yearly failures... which I never can.
|
# ? Mar 30, 2021 14:50 |
|
fletcher posted:This doesn't seem all that bad to me Nah, it's pretty bad
|
# ? Mar 30, 2021 14:55 |
|
Sniep posted:I mean, that screen shot is going thru unifi.ui.com, the cloud management shits. I have all that off anyway, i just use it on a local hostname and i'd be real surprised if it showed up there. It does show up locally if you're using the UDM non-pro. The pro puts a bunch of stats and poo poo in that pane and the UDM in the latest firmware shows a big ad for UDM Pro. Also if your Internet connectivity has issues you get a pop-up for Unifi LTE. It really sucks cause drat, the prosumer (ugh) alternatives are much worse.
|
# ? Mar 30, 2021 14:58 |
|
Horse Clocks posted:Is there a firewall distribution for x86 systems that’s a bit simpler than opnsense/pfsense. Simple is a relative word. What I am about describe is relatively simple but I wouldn’t call it easy. For what you’re describing, OpenBSD + pf is quite easy to setup. It can also be made to do very complex things. I like OpenBSD + pf for a lot of these scenarios because it’s straightforward to work with. To be clear though, there’s no GUI here. You’re remoting into an OpenBSD server to configure it. For example, the following config drops all inbound traffic except HTTP, HTTPS, and port 8738 (used for SSH): code:
Edit: clarifier
|
# ? Mar 30, 2021 15:59 |
|
Mackieman posted:Do any of you guys have recent experience with AT&T fiber? I just bought a house and it has an SFP termination box bringing in fiber from the street. The bottom of that box has an RJ-45 connector but I'm not sure if AT&T will require the use of their gateway or if I can plug in my ER-X and be off to the races. I'd really rather not have their gateway in the middle if I can help it. The type of gateway they install will dictate whether you're going to be able to sidestep their gateway or not. I took the lazy way out and just bought a set of certificates off of ebay that I can use with eap-proxy to completely bypass the AT&T gateway and it's served me well for a while now. That said, as others mentioned they are transitioning to another type of auth that will supposedly break this workaround so depending on their schedule that tactic is on borrowed time. KozmoNaut posted:It is intensely bad. It's on the level of Samsung sneaking advertising into the channel guide and selection screens on their TVs, just massively making GBS threads on their paying customers. It... isn't, though. Samsung wasn't advertising their other related home theater products to you that I recall, they were doing third party ads which is entirely different than the controller going "hey you don't have our wifi, here's an ad for it." It's annoying they made them more obnoxious than the previous "no USG detected, network statistics unavailable" with a link to the USG sales page but the sky isn't falling by any means yet.
|
# ? Mar 30, 2021 16:05 |
|
Staying on controller version 5 forever it seems, no ads for me.
|
# ? Mar 30, 2021 16:34 |
|
No ads for me, but I'm on a USG4-PRO (latest 6.X update though). That would piss the hell out of me. edit: nvm, not on the latest controller firmware, mine is a month old or so. not touching that update button (good Unifi rule in general IMO).
|
# ? Mar 30, 2021 16:53 |
|
From a UI perspective, if they had an X button to close it out, I wouldn't even bat an eyelash. From a security perspective, it seems fine to me at first thought, but I'm not an infosec guru. I feel like this is actually the biggest concern, but I haven't seen anyone weigh in on it. I get that Ubiquiti doesn't really deserve the benefit of the doubt here, but this doesn't seem all that egregious to me. There are so many vendors in the tech space and they all suck in their own way.
|
# ? Mar 30, 2021 17:17 |
|
Horse Clocks posted:Is there a firewall distribution for x86 systems that’s a bit simpler than opnsense/pfsense. There is https://vyos.io/ which is cli only, which can be more complicated up front but once you understand its more manageable to look at 1 screen of text config than a gui with a bunch of submenus that gets shuffled around all the time. Also its 95% the same syntax as ubiquiti edgeos. Perplx fucked around with this message at 17:40 on Mar 30, 2021 |
# ? Mar 30, 2021 17:38 |
KozmoNaut posted:Advertising. In your network management. It's not some random third party ads though, which would certainly be egregious. Yeah it's certainly not ideal but at least it's just ads for other Ubiquity products in the space of the UI where features from that product would normally be
|
|
# ? Mar 30, 2021 17:59 |
|
H2SO4 posted:It... isn't, though. Samsung wasn't advertising their other related home theater products to you that I recall, they were doing third party ads which is entirely different than the controller going "hey you don't have our wifi, here's an ad for it." It's annoying they made them more obnoxious than the previous "no USG detected, network statistics unavailable" with a link to the USG sales page but the sky isn't falling by any means yet. fletcher posted:It's not some random third party ads though, which would certainly be egregious. Yeah it's certainly not ideal but at least it's just ads for other Ubiquity products in the space of the UI where features from that product would normally be If they had put an ad on the login screen or something, sure. But they put it taking up a full 1/3rd of the screen at the top, in absolute prime real estate, in the management software used by people who have presumably already paid Ubiquiti a bunch of money for their hardware. At the very least, they could have put the ad on the bottom of the page, if they absolutely have to have it. Or as some "additional products that work with this function you're looking at" in a place that doesn't wreck the UI. Or they could have put it in their opt-in marketing emails. Doing what they did stinks of marketing-mandated upsell. I'm sick of the greater IT world somehow being fine with annoying their customers for stupid sales tactics.
|
# ? Mar 30, 2021 18:29 |
|
fletcher posted:This doesn't seem all that bad to me Internet Explorer posted:From a UI perspective, if they had an X button to close it out, I wouldn't even bat an eyelash. Still - it's still bad. If they want a tab on the right that is "Check out new products" fine. Basically a link to their store. But a masthead-sized display ad on the product I paid for? gently caress right off.
|
# ? Mar 30, 2021 18:52 |
|
They have some loving product managers there that are hell bent on driving the reputation into the ground. Apparently all of the good engineers left awhile ago, and they to me more or less appear to have the majority of their developers be mediocre web devs and then a smaller group of people working with MediaTek and Qualcomm on the actual AP software. EdgeOS seems OK...for now. e: Oh, loving neat (https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/) quote:Adam says the attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies. For me, it's loving Protect that makes me even tolerate the SSO / cloud aspect of it -- otherwise, I have local accounts setup on my Cloud Key (I think with the most recent update, they 'merged', but I still have a local account I can auth with) and I have NextDNS kill off the DNS queries to trace.svc.ui.com or whatever. movax fucked around with this message at 19:41 on Mar 30, 2021 |
# ? Mar 30, 2021 19:25 |
|
|
# ? Mar 29, 2024 10:50 |
|
Just came here to post that. Glad I haven't committed to the entire UniFi stack yet.
|
# ? Mar 30, 2021 19:46 |