Ubiquity questions

F

farscapesg1

2[H]4U
Joined
Aug 4, 2004
Messages
2,648
So, for the last couple years at home I've been running Untangle in a VM for my router needs, with a couple consumer wireless routers serving my wireless needs. One is a Netgear WNDR3700v2 providing wireless coverage downstairs and the other is an older DLINK DIR-655 providing upstairs coverage (approximately 2500 sq ft house) with some crossover. Overall it has been working okay, occasionally having to restart one of the wireless routers... and I had to configure them with separate SSIDs because occasionally one will lock up and I just have the wife switch to the other if I'm not home.

With hurricane season upon us and having experienced a "short" power outage lately, it's got me thinking about trying to simplify my home network a little. Currently, if something happens to the power, trying to walk the family through restarting my ESXi host isn't too difficult, but I'm thinking things could be easier if I went with a standalone router. Plus.. something low power could be connected to it's own UPS (I have a spare 900 VA/435 Watt UPS) that would keep it, the cable modem, and an AP going for probably about an hour providing Internet access to phones and tablets.

I'm looking at the Ubiquity equipment because my luck with commercial wireless routers is pretty poor (hence the reason I've been running Untangle). With torrents/usenet/video streaming/etc. both the DLINK and Netgear required almost weekly reboots, while after switching to Untangle the only thing that goes down occasionally is the wireless on one of those routers. It has provided me a stable OpenVPN connection as well as some limited web filtering and other features (only use the free options for it).

There's a couple things I'm not sure about though...

1) Do the AP's have to be connected to a separate port on the EdgeRouter Lite, or could they be connected to the same switch as the rest of my devices? I have a Cisco 3750 48 port in my office that my hosts and office equipment is connected to (desktop, Netgear wireless, cable modem, printer, etc.) with one connection going to a small 8 port switch upstairs in the communications closet that has the DLINK router and several other devices connected (Roku's, XBOX, SageTV extenders).

2) If the APs need to be connected to a separate port on the router.. should one Ubiquity AP handle a 2-story 2500 sq ft house? I'm assuming the signal strength is much greater than your run-of-the-mill consumer wireless routers. I'm also assuming I would need two (with a small 5 port switch) if I want separate wireless and guest wireless?

3) Anyone have any information on the differences between the Edgerouter Lite and the new Edgerouter X? It looks like it is about half the cost, 2 extra ports with one being POE. Not sure what all you are losing though.

4) It looks like the Edgerouter Lite (not sure about the X) can take over my Untangle boxes duty of providing an OpenVPN server connection for my laptop while I'm on the road. Is this correct? I don't need a site to site, but I install the OpenVPN client on my laptop (and a VM at work connected to guest network) and tunnel into my network at home remotely when needed.

I'm sure there is something else I'll think of to ask ;)
 
1) I don't think you'll have to put APs on a separate interface, but I remember something about documentation recommending it for one reason or another.

2) I'll let someone else speak to the range of the APs

3) Go Edgerouter Lite. The X doesn't have hardware acceleration and is a slower device. If you fancy the built in POE, check out the ERPOE-5

4) Haven't set up a VPN on my ERL, but I'm 99% sure it's supported.
 
1) Do the AP's have to be connected to a separate port on the EdgeRouter Lite, or could they be connected to the same switch as the rest of my devices?

they can be connected to any switch with the included power injectors.

2) If the APs need to be connected to a separate port on the router.. should one Ubiquity AP handle a 2-story 2500 sq ft house? I'm assuming the signal strength is much greater than your run-of-the-mill consumer wireless routers. I'm also assuming I would need two (with a small 5 port switch) if I want separate wireless and guest wireless?

you can configure multiple ssids on your AP. you may need more than one to provide wifi coverage around your house and the type of structure. I have 1 per floor.

3) Anyone have any information on the differences between the Edgerouter Lite and the new Edgerouter X? It looks like it is about half the cost, 2 extra ports with one being POE. Not sure what all you are losing though.

Edgerouter lite does not have a built in switch so you will need to connect it to a switch. I have the edgerouter POE-5 that does power over ethernet and it has a built in switch so you can setup a WAN+2LAN setup if you want.

4) It looks like the Edgerouter Lite (not sure about the X) can take over my Untangle boxes duty of providing an OpenVPN server connection for my laptop while I'm on the road. Is this correct? I don't need a site to site, but I install the OpenVPN client on my laptop (and a VM at work connected to guest network) and tunnel into my network at home remotely when needed.

I have not tried any vpn on my edgerouter yet but I'm pretty sure it can setup a openvpn server.
 
I have two waps in my home, it is 2600sq ft. When I go on walks I can hit my wifi from 80-ish yards out.

The long range units I was able to pick up blocks away from my old job. Granted, the usability in either of these situations is going to be as good as the device connecting to it. For example, is it realistic for the client device to send a signal strong enough to reach the wap?
 
Thanks for the info.

Sounds like the Edgerouter Lite is the better option since I don't need POE. Where I would be putting the APs is easy to just plug in the power injector (downstairs office and upstairs master bedroom).

I'll probably just order the ERL and get that set up first, using my current wireless routers until I decide to pick up an AP or two. Gotta figure out a plan for a low power non-VM to run the unifi controller software if I want to keep wifi up for a short period of time during a power outage. I've got a Raspberry Pi B Model lying around that I was thinking of setting up as a Nut server for my UPS.. may try running the controller software on that also.
 
Last edited:
Unless you're using certain advanced features, the unifi controller doesn't need to be running for wifi to work... Putting it on a VM is a-ok
 
BTW, don't expect more than a few Mbps(8-12, IIRC) over OpenVPN on the ERL.
 
Dew said:
BTW, don't expect more than a few Mbps(8-12, IIRC) over OpenVPN on the ERL.
Click to expand...

Considering I only have a Comcast connection with 6 Mbps up... that shouldn't be a problem. Just as long as I can do a RDP session or grab a "smallish" (100 MB) file or two occasionally while on the road, that's all I really need.

goodcooper said:
Unless you're using certain advanced features, the unifi controller doesn't need to be running for wifi to work... Putting it on a VM is a-ok
Click to expand...
Thanks, I'll have to dig around and see what all "advanced features" there are that would require a separate box.
 
I would not invest so heavily into UBNT as a whole and steer clear of their 11ac APs; they are still not mature. I and my coworkers have battled their garbage controller software for their APs over a dozen times, it is never smooth especially when untagged VLAN ports are in the mix. From being based in Java (blessing and a curse, I have run it better in Linux but work at a Windows-only office) to default local profile install (so I have to remember to copy it somewhere so others can run it) to the Windows service causing disconnects/reprovisioning while restarting and so forth. I cannot imagine how much of a PITA their routers are unless they are CLI based. Their hardware is truly excellent but they do not have software engineers of the same caliber. Their support, particularly on their AirVision cameras and NVRs, is piss poor.

To answer question 2 though: that coverage may be stretching it but I have been impressed by the little suckers when they work right. The beauty of the system is that you can (almost) effortlessly add more to wherever there is needed signal. You can actually run guest networks right alongside the normal access WLAN on a single AP. We choose not to because of the guest portal requiring the controller to be running and based on how unreliable the software is, that would be a nightmare for call volume. What you can do, since it sounds like you are fairly savvy, is set up a RADIUS server with 802.1X on one VLAN and have a normal WPA2 Personal network as the "guest" on another VLAN. It works pretty well especially if you have AD and ASAs in the scheme.
 
PliotronX said:
I would not invest so heavily into UBNT as a whole and steer clear of their 11ac APs; they are still not mature. I and my coworkers have battled their garbage controller software for their APs over a dozen times, it is never smooth especially when untagged VLAN ports are in the mix. From being based in Java (blessing and a curse, I have run it better in Linux but work at a Windows-only office) to default local profile install (so I have to remember to copy it somewhere so others can run it) to the Windows service causing disconnects/reprovisioning while restarting and so forth. I cannot imagine how much of a PITA their routers are unless they are CLI based. Their hardware is truly excellent but they do not have software engineers of the same caliber. Their support, particularly on their AirVision cameras and NVRs, is piss poor.

To answer question 2 though: that coverage may be stretching it but I have been impressed by the little suckers when they work right. The beauty of the system is that you can (almost) effortlessly add more to wherever there is needed signal. You can actually run guest networks right alongside the normal access WLAN on a single AP. We choose not to because of the guest portal requiring the controller to be running and based on how unreliable the software is, that would be a nightmare for call volume. What you can do, since it sounds like you are fairly savvy, is set up a RADIUS server with 802.1X on one VLAN and have a normal WPA2 Personal network as the "guest" on another VLAN. It works pretty well especially if you have AD and ASAs in the scheme.
Click to expand...

Being as civil as possible....

I agree the Unifi AC units are not all that great. Ubiquiti has never completely gotten them to perform the way they should.
The Unifi controller version 3.2.11 is decent at this point, and it should be noted that Ubiquiti plans on forcing everyone into the 4.x fork at some point and there's a major rewrite tied to it as well. (no flash required)

The Edgerouter software is quite good and is on track to becoming great (unlike the unifi controller).

Edgerouter firmware version 1.5 is nice and stable, a final build of version of 1.7 should be available within the next 45 days. (currently at 1.7RC2)
 
If I might make a suggestion?

If you want to keep untangle as your router software, you could pick up an old laptop with USB3 and a couple USB 3 NICs. Would the throughput be as high as if you had a PCI-E card? Probably not, but it should still be high enough to avoid throttling WAN -> LAN. I'm more familiar with PFSense, and I know Untangle is more resource intensive, but I can't imagine even a 3-4 generation old laptop would be stressed with running it.

Regardless, if you spin Untangle onto a laptop and pick up a POE switch, you could get a small-ish UPS, put the switch onto the battery side and the laptop on the surge suppression side. The laptop's battery will keep it running while the UPS keeps the switch (and by connection the APs) going.

I'd think that even with a basic UPS you should be good for an hour, maybe two or more.
 
Thanks for the details. It's always good to get at least one "it's not perfect" view... since nothing ever is ;)

Since this is my home.. one router and an AP isn't too heavy of an investment (< $200) and I don't see a need for the 11ac models in my home since i primarily use the 2.4 GHz bands due to the very limited range of the 5 Ghz range on my Netgear router.

My primary goal is to break out my router to make is easier for the family, in the case I'm not there when something breaks.. improving my home wifi would be icing on the cake. Providing some extended coverage time would be nice also, even if it is just wireless and my office PC. It's not like I don't have UPS's all over the house ;) 2x 1500VA units for my vmware hosts, 750VA connected to my desktop, 750VA connected to my cable modem/HP54L/Netgear router, and a 350VA connected to my DLINK router and small 8-port switch. Of course the issue is I only have about 20 minutes runtime on my vmware hosts.. which then takes down my virtual router so the wireless being up for another 30 minutes doesn't do me any good.
 
Last edited:
Dew said:
BTW, don't expect more than a few Mbps(8-12, IIRC) over OpenVPN on the ERL.
Click to expand...

They support PPTP built in with local authentication. Granted PPTP is not the most secure VPN, it's still sufficient for grabbing files that are not ultra confidential. It also doesn't require a special client - big plus in my book. If I wanted to access a collection of MP3s on the road I wouldn't think twice about using PPTP.
 
Another option to consider is EnGenius for the WAP. I have one, with about 2700 sq ft on 3 levels. The WAP is on the top floor, and I have service on the lowest level with no issues. It cost about $100, and has all the features you'd want in a WAP. It easily handles VLANs, will run on POE, etc. I did have a few stability issues, but set it up to periodically reboot itself and I've had no issues since. I rarely even think about it.

Something just to keep in mind with the ERL, they are a Linux desktop in tiny form. They don't *always* take well to being unplugged, just like a desktop. They've also had some early failures with the USB storage, but I think most of that has been sorted. I haven't followed it lately. They can run really hot, sometimes to their own detriment.
 
Unifi is really solid stuff. Nothing touches it at the price point.

Only thing that requires the controller to be up is the guest portal.
 
I have a unifi controller running on Ubuntu server running APs for 25 sites and the software is absolutely rock solid

Never had a single problem with it...

The new unifi video seems to be a lot better than the old air vision software as well... At least so far.../ I've had a few hiccups but nothing too serious
 
A buddy of mine is totally sold on Ubiquiti - he has 2 security gateway routers, a couple 48 port switches, APs and cameras for 2 buildings. I have not messed with them much, I just do the cabling.
 
I am running solid Ubiquiti hardware at work and at home and absolutely love it.

ER Lite and a couple of the unifi AP's and you should be golden for home use. Coupling the setup with their PoE switches are nice, but not necessary.
 
Got the router and just started tinkering with it. Will probably regret not getting the POE version for the extra ports. Currently have it set up with eth0 to the WAN, and seperate interfaces for eth1 and eth2. Still tinkering so I haven't connected it the cable modem yet.

I'm trying to decide if I need to keep my Untangle system in the mix. Currently, the only thing I really use from it is going to be the web filter.

My original idea was to set this router up with an AP and the cable modem on a UPS. Thinking it through now, if I connect an AP to eth2 with the rest of my network connected to eth1 via a switch, then wireless internet traffic wouldn't go through the Untangle VM anyways (which is the bulk of the kids activity). I'm looking into OpenDNS as an option and while the "whitelist" options would work in some aspects, I prefer the Untangle option of just passing clients by IP address to bypass the filter.

It appears that the router is capable of running squidguard (with more configuration required of course). Would this provide the web filtering that I need? Basically, I just want to block the majority of porn/adult content from their devices. I already configure Untangle to use "static" DHCP addresses based on the MAC address to keep things organized.

My next question is if I can use the "1Wan/2Lan" setup and have both LAN ports (eth1 and eth2) configured to use the same 192.168.1.x range.. or do I need to use a bridge setup instead? Apparently there is some significant performance decrease in bridge mode. The issue is that until I pick up an AP, I'm restricted to using my two current wireless routers in AP mode, which require both to be used to cover my house and of course they don't support VLAN tagging.
 
just route your traffic on your edgemax to your untangle webfilter for now until you decide on what to do.
 
You must log in or register to reply here.
Back
Top