Tag Archive: Ubiquiti

I recently configured my Ubiquiti/Ubnt Unifi wireless access point to use WPA Enterprise (wpaeap) and pointed Radius at my domain controller running Network Policy Server (NPS).

I could connect fine using my Android mobile but could not connect from my laptop. Logs in the event viewer indicated an authentication issue, but this was definitely not the case.

After lots of fiddling and googling I discovered that PEAP does not work with wildcard SSL certificates. I replaced the certificate with a server specific cert and voila.

Here’s an article which shows you where to change the certificate; https://cantechit.com/2015/07/10/windows-nap-as-radius-in-a-windows-7-server-2012-wireless-world/


After moving from my home office to a real office I decided to downgrade my premium 80/20 business fttc connection (from claranet) to a residential 40/10 service from sky.

Yesterday, the connection was changed over and I found myself with no internet. I initially thought it was because the pppoe username and password needed updating (tail /var/log/messages was showing a CHAP authentication error message) but I don’t recall ever being sent a username/password. It was then I had a flashback to many years ago having to extract the details from a router/modem in order to use them in another device. A bit of googling backed this up, but also suggested the connection doesn’t use pppoe but MPoA and was going to be even more challenging to setup; http://www.skyuser.co.uk/forum/sky-broadband-fibre-help/51550-ubiquiti-edgerouter-lite.html

But this article was written in 2013, surely someone has documented the process more recently? Fortunately, before starting the long-winded process I stumbled across another aritcle; https://community.ubnt.com/t5/EdgeMAX/Sky-Fibre-DHCP-client-option-61/td-p/1172347. However, this seemed to point to needing a different modem (such as the Draytek Vigor 13) to achieve the MPoA connection.

Before I went and bought a new modem, I thought i’d try the BT Openreach/Huawei Echolife HG12. I deleted the pppoe interface from the Edgerouter and set the address on eth0 (connected to the modem) to DHCP. Still nothing… welll both of the previous articles did state the need to add the DHCP option; send dhcp-client-identifier "user|pass"; so I guess it’s time to unbox the Sky router and do some packet sniffing?

I must be in luck… 2 weeks ago, a post suggested you no longer need to use logon credentials, passing anything in the dhcp-client-identifier will do the trick. The example given was;

 client-option "send dhcp-client-identifier "bacons";"

So I gave it a try, but still no dice. Worth a reboot I guess? Power cycled the modem and voila, we have internet! Well, that was simpler than anticipated.


I hope to be installing some equipment in a local datacenter to offer some hosting services. First item, the hardware;

  • Ubiquiti Edgerouter Lite
  • Dell 8024 (24x 10GbE Switch)
  • Synology RS3614RPXS NAS (6x WD RED 3TB + 2x Samsung EVO 840 1TB + Intel X540-T2 10GbE NIC)
  • 2x Supermicro AS-2022TG-HIBQRF (each w/ four nodes w/ 64GB RAM & 2x Opteron 6176 + Intel X540-T2 10GbE NIC)

Initially I went for a combination of the Netgear Prosafe XS708E (8x 10GbE Switch) paired with a Dell (24x 1GbE Switch) but quickly found myself running out of 10GbE ports and concerned about the lack of redundant power supplies.

Likewise, I had chosen the RS3614XS but felt the additional cost of the RP (model with redundant power supplies) was justified.

And finally the servers themselves, initially Supermicro AS1042G-LTF (single node with four sockets and single power supply) but then switching to the AS-2022TG-HIBQRF (four node, each with two sockets and shared redundant power supplies).

I’ve tried to avoid single points of failure at a component level (redundant power supplies etc) but without overkill couldn’t avoid it at device level (redundant switches, NAS etc).

Supplier wise… I got the switch from http://www.etb-tech.com/ and the NAS from http://elow.co.uk/ (both of which admittedly i had my doubts about when first placing the orders, as the prices seemed a little cheap, but the service was incredible, both dispatched same day using next day couriers). The rest from eBuyer and local suppliers.

Each device is connected to the switch using 2x10GbE LAG/LACP ports (I may go more into the configuration of this later).

I was recently tasked with overhauling the “network” for a local, small, not for profit. The company currently have 2 sites, with roughly a dozen desktops at each and half dozen laptops which roam between the two.

The primary requirements were to provide;

  • networked file storage (preferably redundant)
  • centralised user management (single sign-on and access control)
  • site blocking/web filtering

If both sites had “reasonable” internet connections, I would have suggested a single server at the “central” location with a site-to-site VPN. Unfortunately the connections are~ 3MBit down, 0.3Mbit up (ADSL). This introduces a need for additional hardware (servers at every site) and a way of synchronising/replicating between the sites!

As always, everything should be designed with scalability in mind, but sticking to a tight budget.

The File Servers

My first purchase were the file servers. Many years back I used to “roll my own” with something like a HP MicroServer and Windows Home Server (or possibly FreeNAS/OpenFiler) but some years back I made the transition to a dedicated Synology appliance.

Whilst you lose some of the flexibility (being able to install any software on x86/x64 hardware like the MicroServer) you gain a huge amount of reliability and support by going with a dedicated appliance (not to mention the huge feature set and ability to run many additional applications on the Synology product line).

One of the only requirements for the file server was redundancy (so at least 2 bays to support raid 1). Wanting to stick with Synology I used their product comparison tool (https://www.synology.com/en-uk/products/compare) to make a shortlist and then after looking at the prices settled for the DiskStation DS214.

Although storage requirements were pretty small, I got a great deal on WD Green 3TB disks so bought 5 (2 for each site and 1 spare).

The Routers

Had this have been a “home solution” i’d probably have opted for something like the Asus RT-AC66U flashed with one of the open source firmwares such as OpenWRT or DD-WRT. But, needing a “business solution” I needed something, most importantly reliable (the potential sacrifice being ease of use).

On top of reliability, the primary feature requirement for the routers is site-to-site VPN. After some research I decided to give the Ubiquiti EdgeRouter Lite 3 a try. Frustratingly the ADSL connection coming in at both sites is provided by a BT HomeHub3. The HH3 doesn’t support bridge mode, and to avoid double NAT / further complications I decided to purchase 2 ADSL modems (there aren’t many to chose from… I went for the Draytek Vigor 120).


I previously posted about some SharePoint issues i’ve been tackling, this is the medium i’ve chosen for documenting and sharing the how-to guides, configuration details and process documents. I’m yet to tackle, but may also use it for new user requests, password resets, support requests etc.

To be continued…

Similarly, I have already posted about getting OpenLDAP replication working, this was one tiny part of the project. I will be following up this post with a number specifically tackling the implementation and configuration of the new solution.

Watch this space.

An update on my latest project

Further to: https://tickett.wordpress.com/2012/12/31/a-new-year-a-new-project/ I have discovered quite a few things, and it looks like I’m not going to have to start from scratch (although I may still be designing some form of hardware, it’s hard to tell at this point).

Existing projects/products set out to do something similar:

NPlug- http://www.indiegogo.com/projects/283102/x/2060579

  • Consumption measuring (believed to be more accurate than existing devices)
  • Remote switching
  • WiFi connected (requires no bridge/gateway device)
  • Zigbee 802.15.4 for connecting to other devices
  • USB option (add 3G dongle, additional RF interface etc)
  • SoC running OpenWRT Linux
  • Open source
  • Lots more…
  • £100 (estimate)

This is really meant as a single device and not to be used with every appliance in the home. The device acts like a gateway itself and aims to connect to existing consumption/switching devices such as the IRIS / AlertMe suite.
I have pledged as a sponsor for this project, and hope to get my hands on a prototype- however, the funding has been a bit slow, so please help out :)

AlertMe (IRIS)- https://www.alertme.com/shopping

  • Consumption measuring
  • Remote switching
  • Zigbee
  • Requires the SmartEnergy pack as a bridge/gateway to the internet
  • £25

Ubiquiti mFi mPower- http://www.ubnt.com/mfi#m-Power

  • Consumption measuring
  • Remote switching
  • WiFi connected (requires no bridge/gateway device)
  • Comes in 3 flavours: Single, 3 socket extension cord and 8 socket extension cord
  • Only currently available with US / EU plugs
  • No EU stock currently available (when it is, I will try one with a UK plug adapter)

Belkin WeMo Switch- http://www.belkin.com/uk/c/WSWH

  • Switching only by the look of it
  • WiFi connected (requires no bridge/gateway device)
  • £40

Meter Polug- http://www.indiegogo.com/meterplug/x/2060579

  • Consumption measuring
  • Remote switching
  • Bluetooth only- so unless you’re within range and carrying a bluetooth equipped device, it’s not much good. This being said, the project has been fully funded, so there is clearly demand for such a device.
  • I have asked whether they’ve considered building a gateway device to enable internet connectivity but yet to hear back. Fingers crossed.


  • I have purchased a USB Zigbee packet sniffer in the hope that I can make sense of some of the traffic floating around my house from various “smart” gadgets.
  • Still waiting on delivery of my EVE Alpha board- http://www.kickstarter.com/projects/ciseco/eve-alpha-raspberry-pi-wireless-development-hardwa this should allow me to start doing some cool stuff with a raspberry pi using the gpio pins rather than dozens of USB sticks!
  • The guys over at flukso have confirmed that they will be continuing work on their enhanced hexabus plug once they have another project out of the way: https://www.flukso.net/content/hexabus-plug
  • I sent some details to a few companies in an attempt to understand costings for PCB design, production and assembly. Just one company has responded to date: http://www.newburyelectronics.co.uk/ – for something like the Hexabus plug they’re suggesting (rough figures): £1,000 PCB design (£500 each of the 2), £80 PCB production (£40 each of the 2), £60 parts (excluding several parts they can’t source), £130 assembly & inspection. Bringing the total in at about £270/device (forgetting PCB design)- ouch!

That’ll likely be my last update for a few weeks, as I’m off to Thailand shortly :)


I received a couple of 20′ poles last week so thought i’d have another go at getting the dishes hooked up… I didn’t make any progress using "guess work" so decided I need to find a better way!

Getting on the roof the other end is going to be a bit tricky so I started at this end. Here’s a picture I took with my iPhone (remarkably good quality):

Zoomed to 100% of where I think I’m aiming:

I wanted to get a bit closer- so took this with my Canon 5D Mark II & Canon 70-200mm f2.8L IS @ 200mm @ 100%:

This is from google maps (you can see the other side of the two houses in the shot above- notice how close to the destination marker A they are):

Google maps again (this is looking roughly at the angle between the houses- it looks like I might just about miss the tree on the right hand side):

I’ve ordered a few cheap laser (lazer?) pointers from eBay which I hope to strap to the dishes for some further testing next week…

Watch this space!


Busy busy busy

Unfortunately I’ve been very busy with work so little time for blogging. Just a few little bits:

Problem Steps Recorder

A colleague told me about this recently. A new tool available in Windows 7 designed to record steps to recreate problems- you can then send the output to support desks etc who can analyse the output.

You can access PSR (Problem Steps Recorder) by typing psr into the start menu and clicking the top result (highlighted above).

The tool is very straight forward- I’ve only used it a few times to date, but essentially it records screenshots and describes each "action"- for example clicking, dragging, user input etc. The output file is then a zipped, self-contained html type structure. See example: http://tickett.net/downloads/ip_address.zip (I have to admit I’m a little puzzled as I recorded the steps to launch a command prompt and run ipconfig to determine your ipaddress but the keyboard input doesn’t appear to’ve been captured- I think I need to play a bit more).

The beauty of the tool is that it could quite easily be used to simplify the process of creating documentation and user guides as well as the intended purpose of recording problem steps (currently we often create documentation but taking numerous screenshots and manually pasting into word with annotations- this automates that process somewhat).

Lock Screen in OS X

I did a google a while back as I’ve started to use my laptop in the office a lot more and never like leaving the screen unlocked. In windows I’m sure we all know ctrl-alt-del allows us to lock the workstation, but I’d yet to find an option/keyboard shortcut in OS X. My search didn’t turn up much- and the first item I tried didn’t work at all.

The next day a colleague showed me the "hot corners" option available in the system preferences under displays / screen savers. This works pretty well but my ideal solution would be a keyboard shortcut.

I resorted to trusty stackexchange and was informed that shift-ctrl-eject which actually puts the display to sleep but effectively achieves the desired result of locking the screen (as once awoken the password is requiring to resume).

Ubiquiti AirVision / AirCam Update

I have finished permanent installation of my 3rd Ubiquiti AirCam but have been experiencing increasing problems with the AirVision and NVR software.

For example the above screenshot- you can see the Back Garden feed is blank. These increasingly problems in addition to the rather cpu/memory hungry windows processes spurred me on to give the linux software a go.

I diverted a little from the linux installation guide on the forum: http://forum.ubnt.com/showthread.php?t=44098

Here are my steps:

  • Install Ubuntu server edition checking only the OpenSSH option
  • SSH into the ubuntu server and escalate to root: sudo su
  • Modify the apt-get sources file: nano /etc/apt-get/sources.list
  • Add at bottom of file: deb-src http://extras.ubuntu.com/ubuntu natty main
  • Add at bottom of file: deb http://www.ubnt.com/downloads/airvision/apt natty ubiquiti
  • Quit and save changes: ctrl-x
  • Update apt-get: apt-get update
  • Install AirVision and all dependencies: apt-get install airvision
  • Install AirVision NVR and all dependencies: apt-get install airvision-nvr
  • Ensure everything is up to date: apt-get upgrade

You should now be good to go! Try an browse to https://server-ip-or-hostname:7443 and you should be presented with the configuration/setup wizard.

NB: HTTPS. I made the mistake of trying to browse to http://server-ip:7443 and wondered why it wasn’t working :)

So far performance seems better and resource usage seems a little lighter. Fingers crossed.


I had a few minutes to continue setting up the wireless link and take a few snaps. Here’s the dish mounted:

And a bit of a close-up:

I found a better way of determining the bearing between the two properties using google earth (I had previously used googlecompass: https://tickett.wordpress.com/2012/02/15/setting-up-getting-started-with-ubiquiti-nanobridge-m5/):

Unfortunately I don’t really have any way of determining the dish’s current bearing (other than a visual guestimate). Google earth also shows the elevation profile:

Which seems to pretty much agree with the AirLink tool. Admittedly when I first used it I didn’t really know what I was looking at in the graph:

It surprises me the bearing isn’t displayed anywhere (that I can see?). I think I’m going to need a slightly longer pole to mount both the dishes giving sufficient clearance above the houses/trees in the path. I wonder what length I can get away with- the current pole is about 2 metres long and waves about quite a bit in the wind. I guess I just need something a little sturdier.

More soon :)


Ubiquiti AirVision Improvements

It’s great to see Ubiquiti appear to be working really hard on the AirVision software. Earlier today I upgraded to the latest versions of the AirVision (v1.1.0b4) and AirVision NVR (v1.0.9) software (see http://forum.ubnt.com/forumdisplay.php?f=70)

Further to my earlier post: https://tickett.wordpress.com/2012/02/10/home-security-cameras I’m sure there are a lot of new features but 3 I’ve instantly noticed and feel the need to shout about:

E-mail alerts (for motion and loss of camera/nvr connectivity):

New improved iPhone (potentially other but that’s all I have to test) interface:

Ability to save/export recordings:



After my relative success with the AirCams last week (https://tickett.wordpress.com/2012/02/10/home-security-cameras/) I purchased some AirCam Domes to try out.

Initially when I unboxed them I was a little surprised/disappointed by a few things:

  1. There appears to be no mounting option other than "in a hole"
  2. The lens cover doesn’t seem very secure
  3. The position/orientation of the RJ45 ethernet jack seems to limit mounting options
  4. The lens can only be adjusted up/down (vertically) not left/right (horizontally) – this seems to be yet another indication that the Domes aren’t really meant to be wall-mounted
  5. You can simply unscrew the camera from the "nut", unplug the ethernet cable and walk off with the camera (equally easy with the AirCam)
  6. I’ve got my doubts as to how waterproof the unit is *EDIT* Oops- apparently i dreamt that this is suitable for outdoor use? :)

WHT from the Ubiquiti forum: http://forum.ubnt.com/showthread.php?t=48067 suggested a solution for wall mounting the Dome by reversing the nut usually used to clamp the camera to a ceiling. I followed the advice and set off drilling 3 holes in the nut to mount it to the wall:

I then drilled 3 holes in the wall for the screws and one in the middle for the ethernet cable:

I mounted the nut, pulled an ethernet cable through and crimped an RJ45 connector on the end:

The camera wouldn’t screw back into the nut because it’d been slightly skewed by the screws. I backed them off a bit and it went on a treat. With the added bonus when I fastened the screws back up the camera was locked in place and couldn’t be unscrewed without easing the screws back off:

I may make some adjustments as ideally I’d like to look further left and lose a bit from the right:

I experienced some issues with the camera not registering properly with the NVR ("PREVIEW MODE. PLEASE ASSIGN TO NVR"):

But it seemed that the software had ground the server to a halt and a reboot seems to’ve fixed things for the moment. I’m still a little concerned at the number of processes running and the amount of CPU usage they’re consuming:

And that’s with only 2 cameras currently connected. I may try installing the software in linux later to see if it appears any more efficient.

I have a few more cameras to mount but they’re going to be a bit trickier (running the ethernet cables etc). I’ll update once I’ve found the time.


%d bloggers like this: