Technical /
\ Technical

UbiquitiUniFi

Getting Going

We have a "Dream Machine" unit now, in place of the cranky Sophos UTM.

Port Forwarding Rule

  1. Navigate to Settings > Advanced Features > Advanced Gateway Settings and click to Create New Port Forwarding.
  2. Fill in the settings:
  • Name: Identifying Name
  • Enable Forward Rule: turn this on when ready to activate this rule
  • From: Anywhere or Limited
  • Port: Port Number
  • Forward IP: 192.168.1.10
  • Forward Port: Port Number
  • Protocol: TCP / UDP / Both
  • Logging: Optional

SSH Access

We generated a key via the Ubuntu shell. Great, but it wants that and a user/pass. The user is not, as the UI insists, 'Admin'. It's 'root'. And it uses the main Ubiquiti account password. Which it does not in any way tell you is the case. Near as I can tell, the keyfile is to get access to being able to login, somehow, which makes no sense at all.

Anyway: ssh root@10.10.20.1 -i .ssh/UDMkey from my Users directory.

SSL Cert

We'll need some things:

  • A hostname, probably chezsnark.frell.co or something silly, pointed at the public IP. I wish Hover had DynDNS capability.
  • A Linux-y environment. Might use the OSMC rig, might use the gethttpsforfree.com site, might use the Ubuntu in Win10. Decisions.
  • This Reddit post is giving us a rough guide: https://www.reddit.com/r/Ubiquiti/comments/fe132v/help_installing_a_ssl_certificate_on_udmp/
    • Generate cert
    • Turn into a p12 file
    • Copy p12, crt, and key files to UDM
    • SSH into UDM and replace crt & key files (/mnt/data/system/ssl/private/cloudkey.key & /mnt/data/system/ssl/private/cloudkey.crt) after making backups
    • While there run this arcane command (note location of p12 file previously uploaded) /overlay/root_ro/usr/lib/jvm/java-8-openjdk-arm64/jre/bin/keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /mnt/data/unifi/data/keystore -srckeystore /root/unifi.p12 -srcstoretype PKCS12 -alias unifi -srcstorepass <passwordforthisarchive>
    • Restart the controller (rm /usr/lib/unifi/data/db/version & /etc/init.d/unifi restart)
Edit | History | Recent Changes (all) | Search
Page last modified on August 27, 2021, at 10:24 PM
Powered by PmWiki