Hey all:
I currently have a Unifi network setup in my home consisting of:
USG Pro
Unifi 24-port gigabit switch
Unifi Cloud Key Gen 1
4x Unifi AP-AC wireless access points
I am concerned about the whole “reporting back to the mothership” thing and am contemplating replacing the whole thing with something comparable. Ubiquiti has not been clear as their future support for WireGuard. Remote management is a must as I am going to use the same basic setup scaled-down in a vacation home my family is building. Is there a solution by Mikrotik that would do the job? I was hoping @kernellinux would chime in on this but I understand that he is a busy guy.
For the record, I live in Miami. FL and my house is essentially made of poured concrete outer walls and gables with drywall interior walls. The second floor in the addition is on a 6-inch ferroconcrete slab separating the two floors. You have to love the South Florida Building Code. Their motto: “Wireless is a cancer that must be stopped at all costs!”
Ideally, the setup should be:
firewall/router
24-port gigabit switch, minimum (48-port for growth) POE if possible to power AP’s
Wireless AP’s that would allow seamless networking across my house.
Ability to manage remotely and provide secure connection via WireGuard
I agree Mikrotik is a little confusing but I am intrigued by what they offer and the seemingly overwhelming positive response (if reviews can be trusted). I don’t have anything to offer other than to say I am very curious to see what you come up with.
You miss the point: I need something that I can remotely manage that doesn’t phone home or restart phoning home with an update.The Unifi interface lets me manage the firewall, switch and wireless access points all from a single application. Updates are all handled the same way as well. Is there nothing else that does that with a reasonable (ie: low) price?
[UPDATE] I looked at the OpenWRT site and only my access points are supported. Switches and the USG-Pro are not supported.
for $379. What confuses me is that it can run RouterOS or SwitchOS. If I run RouterOS does this mean it is my firewall as well or is that a separate thing?
Looking at the webfig interface for Mikrotik. Very muddled. I can’t even find the part about setting up a VPN server let alone WireGuard. I may have to look at an OpnSense firewall device. @kernellinux mentioned some on one of his past shows.
OpenWRT can just be set up to act like a simple switch but i’m not sure if it’d have more computing overhead. You’d need to test it but it’d be slim if it’s there. Where I think OpenWRT doesn’t work for you is they don’t recommend or even declare their software as working on any hardware with a lot of ports excluding a few brands that I can’t source easily. This has been my major pain point.
As for remote access over the public ip you can install SSH into any Linux based router and set up port forwarding accordingly. For browser based GUI access you can’t expose it’s port 80 because that’s ridiculous insecure but you could VPN into your network and access it as you would locally. There’s probably a more elegant solution like tunneling only that specific http connection over SSH though.
They mentioned a way to disable the whole ET Phone Home thingy on the Ubiquiti Unifi line on the Packet Pushers a few episodes back. They don’t mention Ubiquity a whole lot, but they did mention someone in their Slack had a software fix for the reporting issue. It’s not a default, but I was able to come across this. Maybe it will in help not having to gut your infrastructure?