I currently have a Unifi network setup in my home consisting of:
- USG Pro
- Unifi 24-port gigabit switch
- Unifi Cloud Key Gen 1
- 4x Unifi AP-AC wireless access points
I am concerned about the whole “reporting back to the mothership” thing and am contemplating replacing the whole thing with something comparable. Ubiquiti has not been clear as their future support for WireGuard. Remote management is a must as I am going to use the same basic setup scaled-down in a vacation home my family is building. Is there a solution by Mikrotik that would do the job? I was hoping @kernellinux would chime in on this but I understand that he is a busy guy.
For the record, I live in Miami. FL and my house is essentially made of poured concrete outer walls and gables with drywall interior walls. The second floor in the addition is on a 6-inch ferroconcrete slab separating the two floors. You have to love the South Florida Building Code. Their motto: “Wireless is a cancer that must be stopped at all costs!”
Ideally, the setup should be:
- 24-port gigabit switch, minimum (48-port for growth) POE if possible to power AP’s
- Wireless AP’s that would allow seamless networking across my house.
- Ability to manage remotely and provide secure connection via WireGuard
- Rack-mountable for my house.
The Mikrotik website is a tad confusing.
I agree Mikrotik is a little confusing but I am intrigued by what they offer and the seemingly overwhelming positive response (if reviews can be trusted). I don’t have anything to offer other than to say I am very curious to see what you come up with.
You can check the OpenWRT site to see if you can flash those Ubiquiti pieces with the OpenWRT OS
You miss the point: I need something that I can remotely manage that doesn’t phone home or restart phoning home with an update.The Unifi interface lets me manage the firewall, switch and wireless access points all from a single application. Updates are all handled the same way as well. Is there nothing else that does that with a reasonable (ie: low) price?
[UPDATE] I looked at the OpenWRT site and only my access points are supported. Switches and the USG-Pro are not supported.
Looking at the Mikrotik site there is this device:
CRS328-24P-4S+RM 24 port Gigabit Ethernet router/switch with four 10Gbps SFP+ ports in 1U rackmount case, Dual Boot and PoE output, 500W
for $379. What confuses me is that it can run RouterOS or SwitchOS. If I run RouterOS does this mean it is my firewall as well or is that a separate thing?
Looking at the webfig interface for Mikrotik. Very muddled. I can’t even find the part about setting up a VPN server let alone WireGuard. I may have to look at an OpnSense firewall device. @kernellinux mentioned some on one of his past shows.
OpenWRT can just be set up to act like a simple switch but i’m not sure if it’d have more computing overhead. You’d need to test it but it’d be slim if it’s there. Where I think OpenWRT doesn’t work for you is they don’t recommend or even declare their software as working on any hardware with a lot of ports excluding a few brands that I can’t source easily. This has been my major pain point.
As for remote access over the public ip you can install SSH into any Linux based router and set up port forwarding accordingly. For browser based GUI access you can’t expose it’s port 80 because that’s ridiculous insecure but you could VPN into your network and access it as you would locally. There’s probably a more elegant solution like tunneling only that specific http connection over SSH though.
They mentioned a way to disable the whole ET Phone Home thingy on the Ubiquiti Unifi line on the Packet Pushers a few episodes back. They don’t mention Ubiquity a whole lot, but they did mention someone in their Slack had a software fix for the reporting issue. It’s not a default, but I was able to come across this. Maybe it will in help not having to gut your infrastructure?
Best of luck!
Cool beans. Step-by-step instructions would be nice for those of us who do not tinker in the bowels of Ubiquti gear every day.