Hackviking He killed Chuck Norris, he ruled dancing so he took up a new hobby…

30Oct/170

Raspberry Pi: Ubiquiti UniFi Controller

You can use Unifi Controller from your computer to configure and monitor your Ubiquiti access points but a cloud key is much nicer. The Unifi Cloud Key is basically just an ARM computer running of an SD-card. Sound familiar? So what's the difference between that and a Raspberry Pi? Not much besides memory and price. It more or less costs three times as much and the extra memory is not necessary for a small office or home installation. The Unifi Controller doesn't only take care of your access points but also firewall and switches if you use Unifi gear. In my case I have a Ubiquiti Edge Router X as a firewall and that doesn't play with the Unifi Controller. At the same time it has a very nice UI as is and have 5 separate ports for different LAN's while the entry firewall for Unify has 3 where one is WAN and one is for voip. In this article I describe how to setup Unifi Controller on a Raspberry Pi, provision the AP and then keep the Unifi Controller in a different subnet from the WLAN. I also show how to setup a guest wifi on a separate subnet.

Installing the UniFi Controller

Start with a fresh install of the latest Raspian Lite on your Pi. When you image the SD-card don't forget to put an empty file names ssh on the boot partition to enable SSH. This whole guide was done over SSH but can be done locally as well. However I do recommend to use the lite version to conserve system resources. First run sudo raspi-config and set hostname, memory split to 16Mb and all other settings you want on your Pi.

Then make sure everything is up to date:

sudo apt-get update && sudo apt-get upgrade -y

Make sure we have the latest firmware etc:

sudo apt-get install rpi-update && echo Y | sudo rpi-update

Add the Ubiquiti repository:

echo 'deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti' | sudo tee -a /etc/apt/sources.list.d/ubnt.list > /dev/null
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50
sudo apt-get update

Install Java8 and the Unifi software:

sudo apt-get install unifi oracle-java8-jdk -y

Start the service:

sudo service unifi start

Test that everything works by navigating to http://{rpi-ip}:8080. You should be greeted by the setup wizard. When everything works we can disable the default instance of mongodb since unifi sets up it's own instance.

sudo systemctl disable mongodb
sudo systemctl stop mongodb

Setting up guest wifi

Once the Unifi Controller is up and running it should detect the access point and provision it as long as they are on the same subnet. Without going into to much detail, there are very good documentation from Ubiquiti on all this, add a vlan tag to your guest network. In my case I went with 666 as vlan id. On my EgeRouter X I add a new interface for the vlan id 666, setup a DHCP. Since this is a new interface not included in any of the firewall rules between the interfaces it will have access to the internet and nothing else, all interfaces have internet access by default.

Running the UniFi Controller in a different subnet

Then I want to put my Unifi Controller in my server network instead of keeping it on the WLAN network. First I gave the Unifi Controller a fixed IP on the server network (192.168.6.11). Then I specified that in the field Unifi Controller on the DHCP settings for the WLAN network. This will tell all devices on this network the IP of the Unifi Controller. For it all to work I need to open some ports as well. First we need to make sure that the WLAN network and whatever network you will manage from can access 8080 and 8443 this is both for the UI and the communication from the access point to the Unifi Controller. For the guest wifi capture portal we also need the redirect port 8880 to capture unauthorized clients.

Comments (0) Trackbacks (0)

No comments yet.


Leave a Reply

No trackbacks yet.