|
So, I'm torn on whether to buy the regular UniFi Dream Machine or the Pro. Specifically, they seem to have the exact same processor. But the UDM is rated for 850 Mbps for "IDS/IPS Throughput", while the UDM-PRO is rated for IDS/IPS Throughput: 3.5 Gbps * (measured with iPerf3, whatever that is) Why the large difference? Is it due to the extra 2GB of memory (4GB) it has versus the UDM (2GB)? Also, do they use the exact same software? And am I correct that the only feature set that the UDM-PRO lacks compared to the UDM is Wifi? Like, can I buy the UDM-PRO and add a Unifi AC AP and have all the same feature set as the UDM +some? Thanks for the help. I'm sure it'll be overkill... but I want to make sure I get what I want.
|
#
¿
Jan 29, 2020 03:24
|
|
|
|
| # ¿ Apr 26, 2024 07:08 |
|
|
Thanks for the great answers everyone. I’m gonna go with the UDM-PRO. There always seem to be some used AC Pro access points on Craigslist here so I’ll just grab one of those and have a great solution for the next 5+ years. I plan to set up a VPN tunnel so my development box can talk to some test azure infra as well as allow VPN’s from devices and such. Segmented networks for iOT devices so they have no internet access is another use case. I’m sure I’ll have questions when the time comes. Thx thread!
|
|
#
¿
Jan 29, 2020 15:31
|
|
|
Actuarial Fables posted:Does the UDM not support site-to-site IPSec VPNs yet? I'd assume if someone was connecting to azure infra they wouldn't use a client VPN. Yeah, site to site tunnel was what I envisioned between my house and Azure. Way back in the day I had a Cisco vpn concentrator with some infrastructure collocated and a linksys router at home that was able to do that. It would be kinda surprising if that wasn’t supported considering it’s supposed to have a security gateway inside it
|
|
#
¿
Jan 29, 2020 19:28
|
|
|
I want to see the options for million dollar combo/wireless AP’s!
|
|
#
¿
Feb 8, 2020 15:20
|
|
|
I’m biting the bullet on the UDM PRO... any discounts I should know about? I plan to pair it with a craigslist AC PRO and get rid of my crap xfinity router. I’m sure I’ll have a bunch more questions once I start to set it up For now, if I only have a 250mb down plan, a docsis 1.0 cable modem should suffice, right? astral posted:You mean 3.0, right? Yeah, oops... thx namlosh fucked around with this message at 22:51 on Mar 8, 2020 |
|
#
¿
Mar 8, 2020 19:48
|
|
|
Heners_UK posted:Has anyone had experience of the Wife Acceptance Factor when it comes to UDM (lets assume normal as opposed to pro) vs seperate ER-X/USG and UniFi AP? Ha! I just convinced my wife of this. I told her that the $500 I’ll be spending on the UDM-Pro, APs and cable modem (used) should be considered to last at least 5 years... the cost savings from returning the ~$10/month xfinity router thing alone would almost cover that. Plus features like better connectivity, more features, ad suppression, etc was enough to push her over the line 
|
|
#
¿
Mar 13, 2020 19:44
|
|
|
And yet so much stuff is done on ports 80 and 443... I finally pulled the trigger on a UDM PRO and an AP lite and thought the thread would like to know that the UDM Pro is $20 off right now May be other discounts too, but that was what I saw
|
|
#
¿
Mar 23, 2020 00:17
|
|
|
Hey guys I should get my UDM-Pro and AP AC Lite on Thursday according to the tracking number I was sent. I'm very excited to set it all up, but I was a little worried about some posts on the Unifi community boards specifically about the UDM-PRO having issues: https://community.ui.com/questions/Dream-Machine-not-ready-for-prime-time/938124ca-df43-4b34-8cbd-2462edf8a845?page=4 https://community.ui.com/questions/UDM-Pro-the-Dream-Machine-Pro-a-machine-nightmares-are-made-of/2dfc11c8-d696-42d2-8c51-566c923b81bf https://community.ui.com/questions/UDM-PRO-release-is-a-disaster/bf98e20e-1290-40a2-9e30-517561fdb705 I'm a software developer, not a network guy. But I do have some experience supporting some network equipment (layer-3, vpn concentrator... all cisco) for a startup I had years ago. I thought I was spending more money and taking the high road with this equipment because it was awesome and highly recommended and would last me a while (have good ROI). Now I'm worried, it's the worst to feel like you took the safe route and find out it wasn't safe at all. Here's what I want to do with it when it gets here: VPN - both site-to-site with azure and Point-to-site to access my home network from anywhere VLANS - want to segregate iOT stuff so it can't see my network and can't access the internet unless it has to PieHole - not really something that has to do with UDM-pro, but it is on the list Some kind of Content-blocking for the kids Should I send this stuff back? Are the people that are complaining doing anything significantly different from what I want to do? Also, any tips on having a trouble-free setup? should I upgrade firmware first thing? re-install the o/s? I figure I'm starting from scratch so that's good, a lot of people are having issues with importing existing configs. I'm a home network, so I can deal with some issues/teething. I can restart the thing once a week if I have to for a few months or whatever. But now I'm worried that this thing will never be right. Is it possible that the product will be abandoned? I trust your opinions and really appreciate any feedback you can give.
|
|
#
¿
Mar 24, 2020 16:12
|
|
|
Thanks Ants posted:I'd return the UDM Pro and get a Netgate SG3100 if you want to do anything with VPNs - Ubiquiti's VPN support is appalling. If you have a really fast home internet service then you might want to consider the SG5100. Internet Explorer posted:Or stand up a VPN behind the UDM. Seriously? How is Ubiquiti recommended by anyone? I'm bought in so I'm going to give it a go this weekend when it comes in. I'd still like to increase my chances of successfully setting this thing up, so if anyone has had any positive experiences and can provide guidance, please do so. It's very appreciated.
|
|
#
¿
Mar 25, 2020 02:18
|
|
|
Evis posted:Their wifi and switching is pretty good. Their routers not so much. Fair enough... I should have known not to trust the OP that has 3 of their routers listed under the power user section, lol Well, wish me luck everybody! I'mma try to make this work this weekend!
|
|
#
¿
Mar 25, 2020 02:35
|
|
|
H2SO4 posted:The four Ubiquiti power user routers listed in the OP were Edgemax routers, not UniFi. You walked into the "recommend me a car" thread, saw the word Toyota, bought a Prius and are mad because you're not able to fit a pallet of plywood in the back. This has to be the worst  that I have ever seen.You do have a point though, I put a pallet of plywood on this UDM-Pro and it won't VPN it for poo poo! I didn't mean to come off as mad, just disappointed in Ubiquiti. If they list something as a feature on their product it should work, full stop. It was jarring finding those posts on their forums right after buying, but I'm over it now. I'll set it up and try out the VPN stuff, and if it doesn't work well then I'll pivot. It is odd though, I was doing a site-to-site VPN with some co-located equipment back in like 2004 using a stock (not dd-wrt or tomato) WRT54G v1.1. I figured this was a solved problem in 2020. Thanks very much for the input guys, I plan to set it up tonight after work.
|
|
#
¿
Mar 27, 2020 13:54
|
|
|
Warbird posted:Ha ha oh man, I swung by that tutorial a while ago. I'll bookmark it and take another swing at it at a later date. I've just tossed the thing on an extra Pi and we'll hope for the best. Damnedest thing is that I couldn't get it to play nice in a docker container on the Pi while it worked fine (mostly) on the Ubuntu box. Just one of those nights I guess. Hey, I was just able to get this working after about a day of messing with it. Great timing. I had to cobble correct and complete instructions from a couple of different articles. It was a pain to figure out how to get it working but in the end the number of steps is really small. I used that article to gain some understanding but mainly this one: https://geekvisit.com/pi-hole-and-macvlan/ And this one to install docker-compose correctly as the above article leaves out a bunch of steps I had to do: https://dev.to/rohansawant/installing-docker-and-docker-compose-on-the-raspberry-pi-in-5-simple-steps-3mgl I also did a “sudo rpi-update” because my pi model 3 B+ had been sitting around a while. Not sure if it mattered but I wanted to include it in case it did. It was worth it... docker-compose makes the whole thing really self-contained since I was worried about recreating the pihole in case it failed. Plus I can put other crap on it and not worry about ports conflicting and whatnot or if I need to take it down and leave my network DNS-less. Good luck!
|
|
#
¿
Apr 25, 2020 08:13
|
|
|
Wacky Delly posted:What does this do that pihole doesn't? Seconding this... I’m using pihole right now and I still get a ton of ads. Would really like to block more.
|
|
#
¿
May 20, 2020 16:59
|
|
|
A YouTuber called ETAPrime just did a video on what was better for $100 for desktop use: Pi4 8gb Vs $100 old business dell slab from eBay The dell won pretty handily, and pulled ~25watts The pi did ok, but it pulled like 4watts I was surprised at both being that low, tbh
|
|
#
¿
Oct 5, 2020 22:27
|
|
|
That’s pretty cool. I can also vouch for my UDM-Pro being rock solid and easy to configure. I run a bunch of VLANs and containers and multiple SSIDs from the AP AC lite I bought with it fwiw. We have 4 people in the house streaming stuff regularly for work, school and entertainment and I’ve never had a complaint. I was worried when I first bought it, but I guess my use case is pretty simple or I’ve just not run into the issues some have. I did turn off automatic firmware updates on everything. There’s a new firmware version 1.8. Might upgrade soon since I’m on 1.7.2
|
|
#
¿
Oct 9, 2020 02:23
|
|
|
Also checking in with a UDM pro... I had the same misgivings in this thread about ubiquiti right after ordering. I’m glad I got it... it’s been rock solid and I’m very happy with it. I’ve been setting up tons of vlans for our IoT and containers and such. I also have an ap ac lite and recently got another UniFi managed switch. It’s all worked flawlessly... But I will say that it’s the only technological device I have set to NOT auto update firmware. While I’m now running the latest, I’m holding back on the controller software and am still on 5.14 or whatever. And I’m one of those people who actually clicks the “check for updates” button in windows
|
|
#
¿
Oct 18, 2020 06:23
|
|
|
Rick posted:Your phone should still connect to WiFi even if the WiFi does not have internet. At least mine does. And I can control my lights still, either in the Hue App or HomeKit. Yeah, I use my iphone 11 to set up custom IoT devices all the time and they don’t have internet and it works just fine. I also have connected to a raspberry pi camera AP that has no internet. You must have a setting set or something if it really doesn’t work. Or maybe the time capsule is weird, idk
|
|
#
¿
Nov 9, 2020 19:41
|
|
|
H110Hawk posted:I think browsers stopped doing that for untrusted certs. Aka self signed ones. This is correct... I added the cert that’s in my UDM Pro to trusted certain on my computer and my browser will save the password now. Wish there was an easier way to add a custom cert to the UDM pro, I have one ready to go but all the current solutions to add your own look kinda sketchy e: export from the browser and import using cert manager if you’re on Windows
|
|
#
¿
Nov 20, 2020 17:14
|
|
|
Hey thread, I have a question about Unifi APs We live in an apartment with lot's of AP's around. I have a UDM-PRO and an AP/AC lite currently. Everything is sort of fine, but we get some drops of IoT devices at the periphery. My girlfriend came to me today and wanted to get me/us this for christmas: https://store.ui.com/collections/unifi-network-access-points/products/unifi-6-long-range-access-point Is that appropriate? The only thing that gives me pause is the "long-range" in the product name... How would a long-range product differ from a non-"long-range" product? Our apartment is two levels but I wouldn't describe it as huge... is LR going to hinder anything? Thanks!
|
|
#
¿
Dec 6, 2020 17:58
|
|
|
So, I have a couple of questions I hope you guys can help me with regarding adding a VPN to my home network: I have a UDM-PRO and am using tons of vlans to separate everything. Like I have an: ADMIN vlan for servers/switches and such Privileged network that's distinct but also has access to everything Normal network that can talk to everything but privileged iOT network that can get to the internet, but nothing else nOT network that can't get to anything but an internal NTP server/port Everything is controlled via Firewall rules in the UDM-PRO I'd like to add a wireguard vpn. I have a bunch of Pi's so I figure I'll use one of those and "PiVPN". I even grabbed a USB3.0 ethernet card in case I need to have 2 NICs in the pi. I guess my question has to do with how best to set this up in the UDM-PRO. Should I create a VPN vlan and put the pi on both the "admin" vlan and it's other interface on the new VPN vlan? Does the VPN hand out dhcp addresses to the clients or should the UDM? Should I then be able to control access to and from the VPN vlan using firewall rules if I need to? Do I need to add a route for just the port (tcp/51820) that wireguard uses to the DHCP reservation I'll set up on the PiVPN's Admin vlan interface? As far as public IP address goes, I've noticed that mine doesn't change often. I don't need to use dynamic DNS as long as I'm ok with suddenly being unable to connect if my IP changes right? Also, as it relates to SSL and such, I'm another person who's created a wildcard cert from Let's Encrypt using their certbot acme-challenge DNS TXT file and it works great. Not sure how I could automate it though. If someone has any idea let me know. I'm using this statement interactively right now: code:namlosh fucked around with this message at 04:44 on Jan 23, 2021 |
|
#
¿
Jan 23, 2021 04:40
|
|
|
Sniep posted:It sucks that the pivot of management/change of opinion happened AFTER i bought in several large worth of their stuff lol True that... However, for the most part my equipment from them has been great. I have a UDM-Pro, UniFi 8port switch, UniFi AP/AC lite and a wifi 6 lite AP. Except for the controller restarting randomly sometimes, it’s all been pretty flawless. Plus it let me do a VLAN topology where certain things are on there own vlan for privacy/security... which I probably wouldn’t have done if there was no UI. I’m not a network engineer. Overall I’m happy with the UniFi stuff
|
|
#
¿
Apr 21, 2021 14:47
|
|
|
Happy Pizza Guy posted:After not touching my Unifi Dream Machine for a few weeks, I tried connecting (through web and local interfaces) to the control panel and it wouldn't load. Everything on my network was still functioning (access to the internet, routing, wifi, etc.). I tried letting it sit to see if it'd work itself out, but I soon heard the fan spinning up. I pulled the plug to restart and everything went back to normal. I’ve had this happen with my UDM PRO… fans spin up, UI inaccessible. Sometimes it’s when I plug a new device in, sometimes at random. I think that it’s the controller software container crashing, hence why the network keeps running but you can’t access the UI. Sometimes I just leave it and it fixes itself, sometimes I’m impatient and reboot it from the oled touchscreen on the front. I’m running 1.84 firmware currently and have been for a while. Controller software is version: 6.0.43.0 Other than the aforementioned weirdness, I’m one of the rare proponents of the UDMP. It suits our needs just fine and I like the control and it’s stable enough IMO
|
|
#
¿
Jun 17, 2021 16:55
|
|
|
Trim the trees maybe?
|
|
#
¿
Jul 12, 2021 14:30
|
|
|
Agrikk posted:I think I have a blog post about it somewhere. Let me see if I can dig it up. I would appreciate this if you do find it Also quick question: does anyone have an opinion on what the best, ie: the most stable release of firmware for the UDM-PRO is? I haven’t upgraded in a year or two since the fan stopped working. I plan to put in the new fan and upgrade this weekend I’m currently running 1.8.4 firmware and UniFi software version 6.0.43
|
|
#
¿
May 11, 2023 00:23
|
|
|
e.pilot posted:I pulled 1000ft of cat6 in a split level last year, absolutely awful. Ouch, not saying it’s bad or anything, but do you now have conduit crawling up the side of your house? Or did I misunderstand
|
|
#
¿
May 13, 2023 20:13
|
|
|
So I posted earlier about a good firmware for my UDM-PRO. I didn't have time then to explain why I was so behind. The fan on my UDM-PRO quit working like a year ago. It showed up as an exclamation point on the little OLED on the front of it. It's evidently a fairly common fault. https://old.reddit.com/r/Ubiquiti/comments/tsjz47/udm_pro_cpu_fan_died_replacement_difficult_to_find/ I was worried that if I tried to upgrade it would get too hot. I don't run a very demanding network (UDM-PRO, switches, 2 APs, but lots of VLANS) but upgrading is a different story. Normally, the cpu would hover around 51C. From poking around I found a number of possible replacements. They seem hard to confirm they're correct. Ali Express Fan from the link reddit link above: https://a.aliexpress.com/_mKbKQHY Here's the ebay one that I got. It had the wrong connector but other than that it was a perfect match. https://www.ebay.com/itm/314101298790 Last night, I finally had time to take the network down and fix it all. I spliced the old connector onto the new fan and it worked perfectly. Pretty anticlimactic thank god. Once it was up, I logged into the portal and started the upgrade process. I'm going to get the version numbers wrong here, but the upgrade path was something like this: 1.8.4 -> 1.13.2 (20 minutes) -> 2.0.4 (20minutes) -> 2.50.4 (5 minutes) -> 3.0.20 (5 minutes) A lot of reboots, upgrades, etc. I was actually surprised to find the network only went down a couple of times and for not very long. I was watching youtube at the time on my xbox. All in all it was an easy process to upgrade. no issues that I can see. My UDM-PRO is one of the original run of them and I was really excited about it. That turned to frustration as all of the crap with Ubiquiti went down. But it always worked pretty well. I can't recommend it because it's 3 years old and the fan died, but aside from that it's been pretty awesome.
|
|
#
¿
May 14, 2023 17:26
|
|
|
BlankSystemDaemon posted:It probably also needs to be said that if you set things up properly with pf, pfsync, and carp, a firewall isn't the single point of failure that a lot of people think it is. That’s interesting… what would be the cheapest/simplest setup that could do this? Like I know I can set my UDMPro up with redundant WAN connections from say, 2 ISPs but that’s still my UDM as single point of failure. What (two) consumer device(s) will do BGP? Also can it be done with only one WAN connection?
|
|
#
¿
May 25, 2023 13:25
|
|
|
SamDabbers posted:If you want to do BGP then you're definitely outside of the consumer devices and residential Internet connections space. It should be possible to set up something like that with a colocated router in a datacenter with providers willing to set up BGP with you connecting back to your home network via tunnels. There will be some non-negligible costs for this with regards to obtaining an ASN and provider-independent IP space, as well as hardware and colo costs though. Some VPS providers will run BGP with you if you want to use your own number resources, so that could be a less-expensive way in if you don't need huge bandwidth. Yeah see I am woefully dumb about this stuff past a certain point. If not BGP, then how do you have a redundant internet connection. Really, I was just intrigued by BSD saying you could set up a network with consumer stuff that had no single point of failure. I had assumed BGP would be involved, but if not that’s cool, how then?
|
|
#
¿
May 25, 2023 14:21
|
|
|
Thanks for the good answers and info guys and dolls, but I must have misspoke: I didn’t mean to ever suggest BGP was the solution to OPs problem nor do I really care about BGP in a home setting. The original question I had was: How can you set up a home network such that your router isn’t a single point of failure. From BSDs comments it seemed like it was possible, so i was intrigued to lean more
|
|
#
¿
May 25, 2023 17:07
|
|
|
Cold spare seems like a great idea actually. Thx all for the ideas/discussion
|
|
#
¿
May 26, 2023 02:40
|
|
|
BlankSystemDaemon posted:UDMPro (and everything Ubiquiti) is Linux, not FreeBSD - so no pf, pfsync and carp. Very cool, thanks for the explanation. Above my head at the moment but I like just knowing it can be done.
|
|
#
¿
May 26, 2023 20:37
|
|
|
So what’s the current best approach to having a VPN into my network so I can access local resources from anywhere? I have: UDMPRO running 6.2 unifios and the latest firmware Lots of vlans set up to segregate everything and put crappy iot stuff in jail with no internet Pi’s sitting around that I can use if it makes sense. I even have a usb3 network adapter to give a pi another network interface I’m not really trying to stream anything too much, just want to be able to hit my local home assistant server and mess around with my homelab stuff. Clients would be iOS or windows mostly
|
|
#
¿
Jun 15, 2023 13:45
|
|
|
Thx for the quick replies… I took a look at it and it said that I had to enable remote login to my UDM to enable it? It just didn’t seem like a good idea. I don’t like exposing my UDMs admin interface to the internet
|
|
#
¿
Jun 15, 2023 15:00
|
|
|
Three Olives posted:https://www.amazon.com/dp/B0BPSGJN7T Interesting, thx for the suggestion!
|
|
#
¿
Jun 16, 2023 13:34
|
|
|
Does anyone have experience with wireless home internet? I live in a large city in Texas so signal shouldn’t be a problem. My apartment is ancient though so dsl isn’t an option. The three of us stream Hulu and YouTube all the time. I’m just sick of paying $150 to xfinity every month and I’m not sure how to go about getting some of the new subscriber deals that seem way cheaper than what I have. So I figured I’d get wireless as a backup and cancel xfinity for the time being at least. We can’t be without internet at all even for a short time. Just wondering if it’s a viable option at this point. If I buy the modem do I have to sign a contract? AT&T, Verizon, T-mobile? I’m sure I’m in a 5g area if that matters. Sorry if this is ramble-y, I’m just dreading going out and deciphering all of the plans/deals/options out there… any advice is appreciated.
|
|
#
¿
Oct 6, 2023 17:52
|
|
|
wolrah posted:All else being equal, assuming providers that are actually trying to provide good service, a cable provider should always be able to do better than a wireless provider. It's just a matter of how much RF bandwidth is available and what SNR can be achieved, and wired always beats wireless on those points unless the wire really sucks. nerox posted:T-Mobile home internet is like $30/month and has like a 15 trial period. Why not just try it out for a week and if it sucks return it. Shugojin posted:Yeah it's still a shared bandwidth thing so it's YMMV on how many people are in your area. I think they deprioritize the home internet traffic in favor of some other traffic as well, but that may be dependent on carrier. This is all really good advice and I appreciate it. I'll come back with a trip report if I can get off my butt and do something. T-Mobile trial in particular looks really good right now. thanks!
|
|
#
¿
Oct 6, 2023 20:05
|
|
|
Gawwwd drat (That’s pretty fast, congrats and where approximately do you live)
|
|
#
¿
Oct 17, 2023 18:29
|
|
|
Tail scale is built on top of WireGuard right? I just set up WireGuard on an azure Ubuntu vm with a public IP and using this shell script (at https://www.pivpn.io) it literally took a couple of minutes to get my phone (on my home WiFi) set up to surf thru the azure infra. Realized it didn’t have pihole ad blocking and so I ran the script at pi-hole.net and it set that up. It literally took 10 minutes. Pivpn add Pivpn -qr Bing bang boom All that said, I am having an issue maybe the thread can help me figure out. For some reason my iPhone WireGuard works great on my home WiFi but fails miserably on AT&T cellular (in Texas). Im using the same client profile, default listen port. Endpoint and port to the azure vm is the same. I’ve even tried changing the listen port to a lower port number from 52182(?) or whatever to something below 10000. Client says it’s connected but Logs show that it can’t handshake correctly and I see no packets received from any that my phone sends. It’s really weird… I hope it doesn’t have to do with routing because I suck at that.
|
|
#
¿
Apr 7, 2024 01:16
|
|
|
|
| # ¿ Apr 26, 2024 07:08 |
|
|
H110Hawk posted:Att mobile blocks port 22 for me. Switching to 443 on a VPN or whatever solves it. It's turbo dumb. They appear to be doing carrier nat on ip6 as well based on the what is my ip6 sites. ryanrs posted:Try changing the port to 443, maybe AT&T will leave it alone. ryanrs posted:Try changing the port to 443, maybe AT&T will leave it alone. Thanks all for the replies... I tried switching my listen port to 443 and it still doesn't work. do I need to create a new client profile on my cloud server (and then qr-code it to the phone) when I update that setting? I wouldn't think so but thought I'd ask. I'd think as long as the endpoint address and port stays the same it would be fine. I had thought maybe IPv6 could be part of the problem as well... cloud doesn't do any IPv6, and if I go to whatsmyip.org on my phone with wifi off, it'll show me a regular IPv4 ip: 107.33.x.x It IS the weirdest thing and I'm sad it doesn't work. Any other things I can try, please do share.
|
|
#
¿
Apr 7, 2024 03:00
|
|