Unable to run UniFi Controller on FWG

Comments

22 comments

  • Avatar
    Jan Baniewicz

    Btw i did once sudo reboot somewhere between commands... FWG has rebooted propelry with no loss - yes i know i should rebot thru app - that was my mistake

    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

    Unless you are an expert, stick with the tutorial exactly. It will work.

     

    you can also use this script to install for you. Url: github.com/mbierman/unifi-installer-for-Firewalla

    0
    Comment actions Permalink
  • Avatar
    David Rothenberger

    Please confirm did i understand that correctly:

    1. A network as your docker network, we will use 172.16.1.0/24 in this tutorial.
    2. A static IP for your unifi controller instance, we will use 172.16.1.2 in this tutorial.

    Point 1 is network where i will put my Unifi APs - it is named as LAN and under Network Menager (in APP) it exists as 192.168.88.1/24 - as i understand nevertheless it has 1 on the end i should use 192.168.88.0/24 as docker network

    Point 2 is static ip of ... ? FireWalla Gold box ? same as this where i am going thru ssh ? so it will be 192.168.88.1

    The "Docker Network" is not a network will you see in the Firewalla app. It is the network containing all your docker container's static IP addresses. Those docker containers will also not be visible as clients in the Firewalla app.

    You should use the addresses mentioned in the tutorial, not the 192.168.88.0/24 addresses you mentioned.

    Your Unifi APs can go into any other network. You can use your main LAN, or if you are segmenting your networks, any other network.

    To adopt your APs, you'll need to do a manual L3 adoption with the IP address 172.16.1.2. Alternatively, you can add a custom DNS entry for "unifi" (no domain) that maps to 172.16.1.2, so your APs will auto-discover your controller. If you're using the latest EA version of the Firewalla software, you can now customize DNS in the app. Otherwise, see https://help.firewalla.com/hc/en-us/articles/360056024294-Guide-How-to-customize-Firewalla-DNS-service.

    0
    Comment actions Permalink
  • Avatar
    Jan Baniewicz

    Alternatively, you can add a custom DNS entry for "unifi" (no domain) that maps to 172.16.1.2, so your APs will auto-discover your controller.
    May i ask to elaborate? In case i would use specified in guild IPs. What should I add as dns entry 172.16.1.2 ? Can you provide me customized command ?

    0
    Comment actions Permalink
  • Avatar
    David Rothenberger

    Yes, create an entry for "unifi" with address 172.16.1.2.

    The easiest way to do this is to switch to the Early Access program for your box and your phone app. You can find out how to join EA here: https://help.firewalla.com/hc/en-us/community/posts/360046872134-Early-Access-Onboarding. You can find out more about adding the new DNS entry with the 1.52 EA app version here: https://help.firewalla.com/hc/en-us/articles/10221985597331-Firewalla-Box-Release-1-975-App-Release-1-52

    Otherwise, you'll have to SSH in to your box and follow the directions here: https://help.firewalla.com/hc/en-us/articles/360056024294-Guide-How-to-customize-Firewalla-DNS-service. You'd want to create a file with one line:

    address=/unifi/172.16.1.2
    0
    Comment actions Permalink
  • Avatar
    Jan Baniewicz

    after adding this as posted in guide i still get

    DNS_PROBE_FINISHED_NXDOMAIN

    *stopped and started firerouter_dns as i should but didnt get effect ? what am i missing ?

    0
    Comment actions Permalink
  • Avatar
    David Rothenberger

    From which device are you getting that error? Is the DNS Booster enabled for that device?

    If it's on, I have no idea why this isn't working for you.

    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

    @David, in the app you can't add "unifi" you can only add "unifi.lan". I hope that Firewalla will fix this. Seems like just an app thing because you can, as you said, do this over SSH. 

    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

    @Jan I'm confused where you are stuck. Is the controller not running or are you having trouble adopting the unifi devices? 

    0
    Comment actions Permalink
  • Avatar
    David Rothenberger

    @Michael, the EA version allows you to add custom DNS entries, similar to what you can do over SSH. This setting is under DNS Services, though, not under the devices themselves.

    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

    I have the EA version. But you cannot enter a hostname. it requires a FQDN. 

     

    0
    Comment actions Permalink
  • Avatar
    David Rothenberger

    The Android version allows it.

    1
    Comment actions Permalink
  • Avatar
    Jan Baniewicz

    @Michael I'm not in ea.so i try to do this thru ssh i already added files and address=/unifi/172.16.1.2 in it but still enters only thru ip address not unify:8443

    0
    Comment actions Permalink
  • Avatar
    David Rothenberger

    The file you added will make unifi:8443 work, not unify:8443.

    1
    Comment actions Permalink
  • Avatar
    Jan Baniewicz

    You're right.
    Under unifi:8443 i got
    Bad Request
    This combination of host and port requires TLS.

    0
    Comment actions Permalink
  • Avatar
    David Rothenberger

    Sounds like it's working. Try https://unifi:8443

     

    1
    Comment actions Permalink
  • Avatar
    Michael Bierman

    @David, oy! Hope the iOS app gets fixed. 

    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

    If https://unifi:8443 doesn't work, try the IP address. Always good to start with the basics to see if it is really accessible vs some DNS issue. 

    0
    Comment actions Permalink
  • Avatar
    Jan Baniewicz

    Your right with https added it works... Is there any workaround not to get red crossed https beocuse of not confirmed certification ? When it's red it doesn't autofill or even show password and login

    0
    Comment actions Permalink
  • Avatar
    Jan Baniewicz

    @Michael i got 404 when try to enter this post

    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

    @jan You need a Unifi community account. 

    0
    Comment actions Permalink

Please sign in to leave a comment.