Using SSL certificates with unifi cloudkey or UDM Pro the easy way

In short, you can access your UDM Pro with https://unifi.local and make the security warning go away. I have been using my unifi hardware for some time at home now and I love it. The one thing that kept being annoying is accessing the cloudkey software over SSL. It always returning this warning: And if you approved and continued you still got this icon in your browser:

How to detect if your devices are trying to circumvent your pihole

As I described in my previous blog post, you can set up a pi.hole DNS server to optimize your network traffic and your browsing experience. But not every device will be respecting your DHCP DNS settings it seems. Some devices have hardcoded DNS entries and just ignore your settings. Scott Helme wrote on his blog how to redirect those naughty devices and redirect their traffic to your pihole instead. But before we start doing that I was curious to find how many of those devices I actually had on my network.

Installing pihole on your Cloudkey gen2+

The other day I bought myself a Gen2 cloudkey plus from Ubiquiti and replace my old cloudkey. It comes installed with the Unifi SDN and the new Unifi Protect. The device looks really nice and has a little display which shows you information about the applications running on the device. Since I have been playing with pi-hole lately on one of my Raspberry Pi’s, I was wondering if I could install pi-hole on the cloudkey so I would have everything from my network on a central place.

Creating my config.gateway.json provisioning file for my USG

As described in a few previous blog posts I needed to set some configuration through the command line for my USG. But every time you provision the USG the changes will be lost. This can be solved to store the changes in the config.gateway.json file on my cloud key. Since the cloud key is running Ubuntu I can find that file in /usr/lib/unifi/data/sites/default (your site can be named differently, but mine is the default).

Configuring source address based routing on my Unifi USG

Updated 10/24/2018 since routing didn’t work anymore. You have to disable source-validation, thanks to Roelf for the comment with the correct command. For some time now I wanted to be able to test some network stuff. I want to be able to connect certain devices over a VPN to the Netherlands but without the need to configure every client with VPN connections. With this scenario it is possible to test different geo stuff accessing my network from different places in the world, it also helps me test the different latencies when going across the ocean and back.

Creating 2nd network with seperate IP range on my Unifi network

Some time ago I bought new network gear for my home from Ubiquiti. The Unifi range of hardware is very nice. It’s a bit pricy but you can do so much interesting stuff with it and the hardware is rock solid. At home I have the following hardware running: Unifi Security Gateway (USG) Cloud Key The 8 ports PoE switch to power access points and some security cameras Unifi 802.

How to enable IPV6 from Comcast on your UniFi Security Gateway

Since a while I run my home network on Unify hardware. I have got the UniFi security Gateway 3P, 1 (but soon 2) UniFi AP-AC-Pro and a UniFi Switch 8 POE-150W. Of course a Cloud key to manage it all (so I don’t need to install Java on my PC). Update (11/22/2017) for Unifi 5.7.7 or higher which added ipv6 support in the UI. FInally ubnt added IPv6 support to the UI of Unifi.