movax posted:They have some loving product managers there that are hell bent on driving the reputation into the ground. Apparently all of the good engineers left awhile ago, and they to me more or less appear to have the majority of their developers be mediocre web devs and then a smaller group of people working with MediaTek and Qualcomm on the actual AP software. Ok now that's definitely something to be mad about. God drat that is terrible.
|
|
# ? Mar 30, 2021 19:52 |
|
|
# ? Apr 23, 2024 07:53 |
|
See! That's a much better thing to be mad about.movax posted:Ubiquiti butt-based devices lol
|
# ? Mar 30, 2021 20:01 |
|
Internet Explorer posted:See! That's a much better thing to be mad about. Goddammit, every time I just end up Cloud-to-Butting myself. I didn't realize that extension affects the contents of the post box but I hope it never gets fixed, on either end.
|
# ? Mar 30, 2021 20:09 |
|
Agreed. I'm much less pissy about a first party ad in the controller versus what appears to be a gigantic bungling of a security breach.
|
# ? Mar 30, 2021 20:32 |
|
Oof, that is a big ugly yikes. Trusting the data on your network to a company that messes up that badly on security probably has a fair few CIOs suitably annoyed right now. I mean, the advertising annoys the hell out of me, but the security breach is a real reputation-killer.
|
# ? Mar 30, 2021 20:47 |
|
At least hard-wiring all my APs / trying to do standard single-junction box mounting where possible should make it trivial to swap in some other APs should I decide to ditch all my Ubiquiti stuff. I keep losing lock / link to the most up-to-date non-Reddit reference guide on how to tighten up / make up for poor Ubiquiti decisions on each subsequent release. At least with an EdgeRouter at my place, I can trump my Butt Key; UDM/UDM-Pro users may not be so lucky. Also, uh incidentally, I still have a Cloud Key G2 and a nanoHD looking to get rid of.
|
# ? Mar 30, 2021 21:31 |
|
I just bought into the protect stuff, which forces SSO. My APs were always gonna be replaced of reconfigured with openwrt, but goddamn Ubiquiti is awful
|
# ? Mar 30, 2021 22:24 |
|
Rooted Vegetable posted:Yeah I do that all the time with my Unraid server running VMs. I use Chrome Remote Desktop mostly for typical desktop and Steam Link for gaming. I've got RDP and vnc by browser as options. rufius posted:Parsec is the best Remote Desktop option for gaming. It’s designed specifically for gaming so low latency is a big focus. Which also means it’s very effective as a general purpose Remote Desktop tool as well. Thanks y'all, that's exactly what I was looking for, will implement and report back.
|
# ? Mar 30, 2021 22:30 |
|
welp, maybe it's better after all that this EdgeRouter I'd ordered turned out to be backordered. I suppose I'll just resurrect my trusty old Linux gateway. Is it even possible to use their stuff without using the cloud services? It seems to vary by device--I do have a nanoHD access point I haven't unboxed yet...
|
# ? Mar 30, 2021 23:06 |
|
Jan posted:welp, maybe it's better after all that this EdgeRouter I'd ordered turned out to be backordered. I suppose I'll just resurrect my trusty old Linux gateway. The EdgeMAX line is still entirely independent. As long as that’s true, I’ll happily buy EdgeRouters and EdgeSwitches.
|
# ? Mar 30, 2021 23:21 |
|
Never been more glad to use and sell Mikrotik and Opnsense boxes.
|
# ? Mar 30, 2021 23:51 |
|
Yes, I haven't had to log into Unifi's wacky cloud management system ever with my EdgeRouter X, i've been able to manage it just fine with ssh and occasionally using their UNMS app for iOS to do firmware upgrades until I figured out how to clean out certain directories left as space-hogging crud left over from earlier firmware revisions. It's doing a good job managing a mix of 18 devices, a lot better than when I was relying on the combo router/access point.. and VPN feels a lot smoother, no doubt due to the IPSec hardware offloading..
|
# ? Mar 31, 2021 00:11 |
|
text editor posted:I just bought into the protect stuff, which forces SSO. My understanding is that only the initial cloudkey setup requires SSO, but local users can still be made and remote access disabled once setup. I've only scratched the surface of the latest setup after factory resetting a gen2+ running protect though.
|
# ? Mar 31, 2021 01:22 |
|
Hello Networking Thread! My new job gives me a monthly internet stipend, so I'm bringing my family out of the "cheapest CenturyLink plan available" darkness. I read through the OP, but still have a few questions. 1. Is a three person family of filthy casuals going to notice a meaningful difference between 600 down/30 up and 940 down/50 up? My wife and I both telecommute for work calls. Our child will stream cartoons. I occasionally torrent linux isos but that isn't a huge priority. Nobody is doing any high-twich low-ping gaming. Our house is a relatively compact single story and I currently can stream from anywhere in the house from my centrally located old Belkin. Right now we stagger calls so if someone's on call, everyone else stops streaming. The highest likely use case would need for us both to be on calls while our neglected child stares at Blue's Clues. 2. What modem is right for me? Depending on the answer to question 1, I've got to pick a modem. I'm using Sparklight, and they have a huge list of supported modems, but here are the Arris Surfboards for the respective classes: 940 Arris | Motorola SURFboard SBG8300 lol Arris | Motorola SURFboard CM8200 lol Arris | Motorola SURFboard SB8200 $149 Arris | Motorola SURFboard* SBG7600AC2 $176.97 Arris | Motorola SURFboard SB6190 $100 Arris | Motorola SURFboard* SBG7580-AC $176.97 600 Arris | Motorola SURFboard SBG7400AC2 $149 3. Is there a good reason to separate router/modem if we don't plan on moving for a while?
|
# ? Mar 31, 2021 02:42 |
|
Chef Boyardeez Nuts posted:
Nope. I'm on 100mbps and never notice. That's basically 4x 4k streams at the bitrates Netflix uses. I upgraded from 50mbps because I felt like frontier could get me more for less. They could. It only took literally 6hours on the phone and around 4 hours hard down. If you have adequate coverage I wouldn't worry about it. It's the only way to fly if you have coverage issues.
|
# ? Mar 31, 2021 02:46 |
|
H2SO4 posted:The type of gateway they install will dictate whether you're going to be able to sidestep their gateway or not. I took the lazy way out and just bought a set of certificates off of ebay that I can use with eap-proxy to completely bypass the AT&T gateway and it's served me well for a while now. That said, as others mentioned they are transitioning to another type of auth that will supposedly break this workaround so depending on their schedule that tactic is on borrowed time. Thanks. The gear arrives tomorrow so I'm looking at it as a modem and will turn off the routing and WiFi AP so I can use my own network stack. Hopefully this doesn't bork everything.
|
# ? Mar 31, 2021 03:13 |
|
Mirconium posted:Thanks y'all, that's exactly what I was looking for, will implement and report back. There's good information in the NAS Thread (which is almost a home server thread) too As for Ubiquiti, I'm glad I changed my password fast. I'll do it again and assess more.
|
# ? Mar 31, 2021 03:27 |
|
Chef Boyardeez Nuts posted:Hello Networking Thread! 1: Not at all. I had symmetrical gigabit for years at my old house, and moved to 500 down 250 up fiber at my current house and the only time it ever makes a difference is when I download games on xbox live. Not a meaningful difference, it's just the only time you notice. It might take 18 minutes instead of 12 minutes. It's not worth the 50 bucks a month extra it would be to move to 1gig down. Save the money and go with the 600 plan. 30 up should be fine even if both of you are using webcams. 2: Get the SURFboard 8200, that's my pick. Avoid the SB6190, SBG7580-AC and SBG7400AC2, those have the intel chips in them. I'm biased as I used to work for ARRIS and think highly of their modems. I will say the Netgear CM1000 and Motorola MB8600 are very good modems as well. They're basically all the same Broadcom chip inside so it doesn't really matter much anymore. Buy whatever is least expensive. 3: I like having separate devices, but as long as you're not using more than 10 wifi devices you're probably going to be OK. I've had terrible luck with built in wifi devices when using more than 8 to 10 wifi devices.
|
# ? Mar 31, 2021 03:38 |
|
really the big difference is moving from cable to fibre completely, where you get no additional latency and symmetrical upload.
|
# ? Mar 31, 2021 03:39 |
|
The only thing that you have to use Unifi SSO for (as far as I can tell) - is remote management through the web portal, and Protect if you want things viewable in the app vs logging into the controller. You absolutely need it for initial controller setup since the new controller overhaul, but it can be turned off immediately after setup.
|
# ? Mar 31, 2021 03:46 |
|
Chef Boyardeez Nuts posted:3. Is there a good reason to separate router/modem if we don't plan on moving for a while? Always. With separate devices, you can actually get timely firmware updates. Combo units often have a lot of missing features or are heavily locked down by your ISP. Plus, if one aspect of the combo unit fails, you're likely out the whole unit. Friends don't let friends get combo units.
|
# ? Mar 31, 2021 03:47 |
|
I messaged my networking buddy wanted to check with you guys on something. I had to wire up my own keystones and terminate the other end tonight in my new house because apparently asking for this means they only run the wire... anyways. I used tool less keystones (I regret it now) and eventually got things working well. However, I didn't have a flush edge cutter so theres a little bit of wire sticking out the side, I cut as close as I could. Will this gently caress things up? Should I go buy one and cut it flush? I was thinking that if these go bust I am going to buy a proper keystone and my buddy will loan me his punch tool. I showed him a picture and he said it should be ok though. Just worried when I get my internet installed and suddenly it's all poo poo. This one we had some issues with closing in this picture but went back after we made sure to run each wire through both posts inside. It closed with a click thankfully.
|
# ? Mar 31, 2021 05:28 |
|
Vintersorg posted:I messaged my networking buddy wanted to check with you guys on something. I had to wire up my own keystones and terminate the other end tonight in my new house because apparently asking for this means they only run the wire... anyways. I used tool less keystones (I regret it now) and eventually got things working well. However, I didn't have a flush edge cutter so theres a little bit of wire sticking out the side, I cut as close as I could. Will this gently caress things up? Should I go buy one and cut it flush? I was thinking that if these go bust I am going to buy a proper keystone and my buddy will loan me his punch tool. I showed him a picture and he said it should be ok though. It probably won't matter on runs that aren't super long or something (the limit is about 100 meters, and I'm assuming the untwisted twisted pair could introduce interference so you want as little as possible, but that isn't very much there so probably nothing to worry about). If you have issues or just want to clean them up later these hakko flush cutters are good for the price: https://smile.amazon.com/gp/product/B00FZPDG1K/
|
# ? Mar 31, 2021 06:14 |
|
Vintersorg posted:I messaged my networking buddy wanted to check with you guys on something. I had to wire up my own keystones and terminate the other end tonight in my new house because apparently asking for this means they only run the wire... anyways. I used tool less keystones (I regret it now) and eventually got things working well. However, I didn't have a flush edge cutter so theres a little bit of wire sticking out the side, I cut as close as I could. Will this gently caress things up? Should I go buy one and cut it flush? I was thinking that if these go bust I am going to buy a proper keystone and my buddy will loan me his punch tool. I showed him a picture and he said it should be ok though. take a boxcutter blade knife and chop off those ends. it does matter if at the least level of the ends potentially shorting in the future but also electricity at high speeds likes to have clean bends and that might introduce some oddities to leave anything perpendicular inline with the jack like that
|
# ? Mar 31, 2021 07:11 |
|
rufius posted:The EdgeMAX line is still entirely independent. As long as that’s true, I’ll happily buy EdgeRouters and EdgeSwitches. You should be safe from the cloud fuckery, but this breach and the reports of engineers abandoning the company over the last couple of years is worrisome in regards to the whole product lineup. The attackers could potentially have used the pilfered credentials to plant backdoors and other fun stuff in firmware updates and sign them to make them seem official. Getting your own malware and backdoors into widely-used networking equipment is potentially extremely lucrative. E: this quote:They were able to get cryptographic secrets for single sign-on cookies and remote access, full source code control contents, and signing keys exfiltration In this case, it seems they just tried to do some bitcoin mining idiocy, but they had the opportunity to do much worse damage. KozmoNaut fucked around with this message at 09:25 on Mar 31, 2021 |
# ? Mar 31, 2021 09:04 |
|
Can someone who's a smarter person than me (should be doable) tell me if I should be worried with my little EdgeRouter X SFP and dual nanoHD setup? As far as I remember, there's no cloud involved. I did, however, upgrade firmware around the beginning of February.
|
# ? Mar 31, 2021 10:18 |
|
As far as I can tell, the attackers did get access to the source code, but I don't see any indications that they managed to put any compromised firmware builds back in. I'm fairly certain the whistleblower would have included that detail, if it had happened. Compromising credentials, setting up backdoored VMs and grabbing source code is one thing. Building exploits and backdoors into firmware, signing it and getting it installed on customers' devices through online updates is a few steps beyond that. Considering the timeline and that Ubiquiti knew about this since December (while choosing not to inform customers yet), a firmware released in February or March should be safe from any tampering.
|
# ? Mar 31, 2021 10:38 |
|
Or they're taking a page from SolarWinds playbook.
|
# ? Mar 31, 2021 12:53 |
|
It really is a shame. UB had a great thing going with the previous generation of products. Those little managed POE/USBC Flex Minis were so nice. It's always a shame when the transparency isn't there.
|
# ? Mar 31, 2021 15:05 |
|
Rexxed posted:It probably won't matter on runs that aren't super long or something (the limit is about 100 meters, and I'm assuming the untwisted twisted pair could introduce interference so you want as little as possible, but that isn't very much there so probably nothing to worry about). If you have issues or just want to clean them up later these hakko flush cutters are good for the price: Awesome, glad to know this! It's way less than 100 meters - house is only 1400sqft.
|
# ? Mar 31, 2021 15:11 |
|
Since I was getting ready to rebuild my unifi controller docker container, and I only have two access points, I might as well ask has anyone either: a) Replaced the unifi software on one of the AC access points with openwrt? b) Generally have experience running openwrt as access point only and disabling all the router features. (Notably setting up things like vlan tagging per ssid or client isolation, etc...)
|
# ? Mar 31, 2021 16:02 |
|
I wish to stress this point:KozmoNaut posted:As far as I can tell, the attackers did get access to the source code, but I don't see any indications that they managed to put any compromised firmware builds back in. I'm fairly certain the whistleblower would have included that detail, if it had happened. So far there's no indication that this attack actually has been used in the wild and we don't have reason to believe that poisoned firmware or widespread remote access has occured. I agree that a thorough audit of Ubiquiti's current firmware and certificates is wise now (ideally done by an independent third party). That said and as a reminder, you are not running a nation-state's primary internet backbone or guarding chemical weapons. I wouldn't be so quick to jump off Ubiquiti hardware/firmware right this second. Unfortunately, Ubiquiti deserve the lambasting they are receiving for some things but there's still such a thing as overreacting.
|
# ? Mar 31, 2021 17:25 |
|
The only thing it really reinforced to me is I have no intention of investing any more in the unifi ecosystem. So given that, rather than go through the trouble of setting up the unifi controller again on my raspberry pi just to run two access points, maybe I should look into openwrt as an alternative. Not so much 'Oh my god get everything off unifi NOW'. I haven't updated the firmware on my actual AP's since before the breach anyway.
|
# ? Mar 31, 2021 17:29 |
|
Rescue Toaster posted:Since I was getting ready to rebuild my unifi controller docker container, and I only have two access points, I might as well ask has anyone either: Yes and yes, there were tutorials for both on the wiki, but step 2 is actually harder just for the stuff you have to hunt down
|
# ? Apr 1, 2021 04:18 |
|
Thanks! When looking through the documentation things did seem spread around a bit so I know it'll take some investigation. Just didn't want to find out it was a total nightmare after the fact.
|
# ? Apr 1, 2021 15:05 |
|
skipdogg posted:Come back and let us know! Replaced the old cable modem with the new one and immediately saw a difference. Latency went from 30ms to about 21ms. Speed tests quickly spike to almost 700mbps before throttling to about 550. The old one would hit and maintain 520-530, but never go beyond that. In use, I'm still seeing a weird Plex buffering issue in the evening, but only on one server. New question: Just got a Qnap 4 disk server from auction. 451+ with 8GB RAM and two 4TB WD Red NAS drives. All that was listed was "QNAP cloud backup storage device with cord," but I took a guess from the dust around the drive bays that there would be drives in it. Got lucky, especially with the upgraded RAM that I don't have to deal with now. But man, that's a pretty serious ecosystem they have there, with what looks like a steep learning curve. I've got it set up and on my network, but kinda lost where to start. Does anyone have any resource suggestions?
|
# ? Apr 1, 2021 18:25 |
|
KozmoNaut posted:You should be safe from the cloud fuckery, but this breach and the reports of engineers abandoning the company over the last couple of years is worrisome in regards to the whole product lineup. The attackers could potentially have used the pilfered credentials to plant backdoors and other fun stuff in firmware updates and sign them to make them seem official. Getting your own malware and backdoors into widely-used networking equipment is potentially extremely lucrative. Yeah, so I should clarify my original question: Can I operate the nanoHD with no cloud access whatsoever (beyond, if necessary, initial setup), if need be blocking the device from accessing external network at my gateway level? (Which is a plain old NAT sharing gateway.) Or does it still need to phone home because of handwavey I can just crack it open and give it a go, I suppose, it's just generally easier to return unopened merchandise.
|
# ? Apr 1, 2021 18:45 |
|
My ISP-provided Zyxel VMG8825-B60C kept dropping the 5GHz WiFi, seemingly, but a quick check with Wifi Explorer showed that it was auto-switching to an UNII-2C channel. Presumably this should work, because all my devices support DFS and TPC, but my MacBook Pro kept dropping the connection whenever it moved to a UNII-2C channel (channel 100-140). I resorted to locking the 5 GHz Wifi to a manual UNII-1 channel, and it has worked fine since then.
|
# ? Apr 1, 2021 19:52 |
|
I've been reading up a bit on modems and routers lately but it's probably best that I ask here before trying anything out. Here's my current situation. I have a 150mbps plan through Cox which is cable broadband. My current modem/router combo is a Netgear N450 Wifi Modem. I also have a Linksys AC1200 Dual-band Router. I know the Netgear is a modem/router combo but when I got a security system installed the hub box couldn't talk to the Netgear. I believe it was because the Netgear just does 2.4Ghz and the Linksys does both bands. Wireless internet in our house is pretty inconsistent whether we're connected to the Linksys or the Netgear. Wifi on either results in speeds of around 25-50 mbps on a cellphone, but the Playstation can only muster around 10-15 mbps. I believe the Netgear is the bottleneck, with 8/4 dl/ul channels, but I'm not sure. Seems like the Linksys should be able to provide better speeds because it's got a wired connection directly to the modem but it's about the same speed. What should I look for here? I can try to provide any other info that might help out. I couldn't find the dl/ul for the Linksys to compare. Thanks in advance for your help. edit: Option available from Cox directly is to pay $12 a month for a modem/router combo. Uh, nope. Jolo fucked around with this message at 21:58 on Apr 1, 2021 |
# ? Apr 1, 2021 21:42 |
|
|
# ? Apr 23, 2024 07:53 |
|
Since I've finally gotten over the hurdle of convincing myself to pull cat6 in our apartment, rather than relying on wifi, I can use the TP-Link AP I've been using in client mode for my desktop PC, as an actual access point instead. Perhaps get perfect 5GHz coverage in both ends of the apartment. So which channels does the AP support? 36, 40, 44, 48, in your choice of 20, 40 or 80MHz. That is literally it. TP-Link you absolute cheapskates Jan posted:Yeah, so I should clarify my original question: Can I operate the nanoHD with no cloud access whatsoever (beyond, if necessary, initial setup), if need be blocking the device from accessing external network at my gateway level? (Which is a plain old NAT sharing gateway.) Or does it still need to phone home because of handwavey As far as I know, the local controller software can run on anything with a JVM, and it only needs to run while you're actively setting things up. The cloud login appears to be mandatory for initial setup, but can be disabled afterwards. KozmoNaut fucked around with this message at 22:14 on Apr 1, 2021 |
# ? Apr 1, 2021 22:01 |