Preparing for an Internet of Things with UniFi

2017-01-27

Last year a couple of things came together. First, a friend and I had renewed our efforts to create a site-to-site virtual private network (VPN) tunnel between our homes. We don’t have anything super exciting to do with this newfound ability, other than occasionally setting up some multiplayer games or file sharing. Second, I started to get fed up with the lack of updates and support in DDWRT (more on that in a minute). Lastly I started seeing reviews for for Ubiquiti consumer hardware, and started taking a look.

Ubiquiti has a very professional lineup, and their product line straddles the line between consumer and enterprise hardware. They sell products designed to be put into rackmounts, and some that are designed to be put on an end table. On top of that they have very competitive pricing with high end retail equipment.

I’ve been using dd-wrt, a community firmware project, on Netgear equipment over the last several years. dd-wrt has provided a level of freedom and quality that companies like Netgear, D-Link, etc have been unable to match. My problem, recently, has been that dd-wrt covers so many products, and support is so spotty, that equipment just isn’t getting updates fast enough. At one point I had to hard reset my router because it was still using SSLv3 and I could no longer log into it when all browsers just stopped supporting SSL. Make no mistake the dd-wrt project is excellent and should be supported, but for my personal use I wanted to invest in tools that had money and direction behind it.

So when I started looking at Ubiquiti’s product line and their tools I became engaged quickly. I picked up a Ubiquiti Security Gateway in the middle of last year, and set it up as my home network gateway. After some trial and error I’ve learned some of the nuances of the system, and I’m generally quite happy with the setup and design. The UniFi system connects to a dedicated controller instance which can be run locally or externally. At the moment I’m running mine on a RaspberryPi in my house, but I’ve considered moving it to a VPS like Digital Ocean or Linode.

One of the things that we able to do early with the USG was configure a site-to-site VPN. It was a simple configuration once we had the gateways configured properly in the controller software. Now we’ve got a stable, and simple bridge between our networks. It’s been fun.

Things got even better when I picked up one of the Access Points. I nabbed one of the Long Range AC models relatively cheaply. It has 802.11ac support; I’m not sure I have any clients that can connect to AC at this point, but now I’m future proofed. UniFi supports some remarkably useful configuration options, which is where I’m looking forward to being able to properly manage an IOT network. The UniFi system allows for easy creation of VLANs, which allow for easy seperation of traffic. That means I’ll be able to connect all of my lesser devices that need to be on a network onto a segregated sandbox, keeping my primary systems safer.

I’m still planning on expanding a bit, by grabbing a managed switch or two, which will mean that I can configure both PoE and VLAN support for IOT devices going forward. Its exciting and I’ve been learning a lot about networking.

unifiiotnetworking

The complex discussion around anti-virus software

All the best!