Ubiquiti Dream Machine Pro - On the fence

I must congratulate you sir, you married very, very well. Both the right pocketbook, and the right attitued. Mine has the former, severely lacking in the latter.

Of course she is probably doing this out of self interest as she knows the WiFi/network will now be a lot faster and more reliable.

You would need to run it on another machine or docker. But I have no idea as to the cpu requirements or if there are any limitations behind it.

The problem with Unifi right now is that its hard to get some of their products. Everything has been sold out and in and out quickly. Integrators are having a hard time getting product. Luckily I was able to source my equipment directly from them and my switch I found from a place in Canada. So I'm all upgraded now. But there are a lot of shortages.

My first attempt didn't work out nearly as well. But yeah, she rarely complains about anything. I get far more frustrated when something doesn't work than she does.

Just stop, OK?! I was already jealous enough, and you have to add that.

Do you know where I can find "Install Wireguard on an Edgerouter for Dummies"? I'm currently doing it using a Raspberry Pi but figured it would be better to be on the Edgerouter.

Plus

Equals

I don't know about dummies... Oh wait, yes, that is me.

I started on the thread below, and asked many dumb questions along the way (complete noob to EdgeRouter, to personal VPNs, and to WireGuard. In other words, a triple threat to myself. Luckily nothing blew up.

The WIreguard thread on the Ubiquiti forum is here:
https://community.ui.com/questions/Release-WireGuard-for-EdgeRouter/3765d2a4-1952-4629-948a-3ac9d9c22311?page=1

The official ER Wireguard GitHub is here:

An install/update script for the official WireGuard ER release is below. I've used this script to update since I first installed. It can install the appropriate WG setup for many (all?) ER routers:

To make it easier to setup my devices to connect to the VPN, I updated a script that someone else had initially put together to automate creating peers on the ER. I posted it to Reddit and another user luckily took my script and improved on it further - link here below. The script allows you to quickly/easily create new peers on the ER, and creates QR codes you can use to create the necessary info for the peers you are connecting to your VPN.

You're saying that Ubiquiti access points can be used without a UDM or some other Ubiquiti controller?

Yes. You can just use the UniFi application on your phone to configure a UniFi Wireless Access Point.

You can also run the UniFi Controller standalone application on Windows, Linux, MacOS, etc. to configure and monitor a UniFi WAP.

So I could turn off the radios in my existing router (which I still need to do NAT, DHCP, etc.) and connect a Ubiquity AP?

How would a DHCP server know what SSID any given device has connected to though if I want multiple isolated subnets? I assume the AP doesn't have its own internal DHCP server or any routing logic. Or can you specify a custom DHCP port for each SSID and run multiple DHCP servers elsewhere?

If that would somehow work, perhaps then I could wait for the UDM Pro SE. I hate buying something when I know a newer version is around the corner.

A UniFi WAP is just a bridge between WiFi devices and your existing Ethernet network. It broadcasts the SSIDs you assign, and performs the authentication of the clients. Your existing router would still handle all of the DHCP server requests.

But if I wanted different DHCP ranges for each SSID, how would the DHCP server know what SSID a device connected to?

Edit: Never mind, looks like DHCP option 82 provides this, so I'd need a DHCP server that handled option 82.

I solve this problem by using my UDM!

I am not sure what options are available without running the full UniFi stack. Hopefully others will chime in.

In my setup the short answer is a vlan defined on my OpnSense firewall device which also provides DHCP to the interface. On the Ubiquiti side I created a separate network and assigned it to the vlan. From there it was just a matter of creating a new WiFi entry and assigning it to the network.

Kind of a double step without a UDM - create vlan interface on my firewall then on the cloudkey controller create a network entry.. but it works fine with my 24 port non-pro POE switch and U6 LR & Lite..

yes

Yes

Your DHCP server should be able to assign VLAN... I've been using unifi AP's in corporate enviroments for years without any other unifi equipment. They are the only unifi products in my house. They pass DHCP just fine.

Now, you can assign DHCP to specific SSID's as well and assign devices to specific vlan's. But honestly if you have a small network, a simple /24 will do fine....

My concern was that using an Ubiquiti AP without a UDM Pro (as a short term solution), how would a DHCP server know what SSID any given DHCP requestor has connected to, so it can use different IP ranges for different SSIDs.

I think the answer is DHCP option 83, which causes the DHCP intermediary (the access point in this case) to add a "circuit id" to the DHCP request that it passes on from the client. The DHCP server would use the circuit id (in reality the SSID) to decide what IP range to issue from.

No doubt all of this is seamless if you're using a UDM Pro or some other Ubiquiti controller.

And I'm only thinking about this because Ubiquity's stuff is out of stock and it could be weeks or months before I am able to get all the necessary pieces.

The ubiquity store right now has both the UDM Pro and the AP6LR in stock, FWIW

Wasn't available last night, and I never received an in-stock email even though I'm signed up for it.

However, I'm confused by the specs.

The Wifi 6 Long Range AP has a throughput rate of 2400 Mbps on the 5GHz band.
The Wifi 6 Pro AP (cheaper but out of stock) has a throughput rate of 4.8 Gbps on the 5 GHz band,

These are from the respective product's data sheets. Why would I chooise the "Long Range" over the "Pro"? Doesn't make sense.