Unifi Controller - Non Plugin - No remote access

[anakin827]

Been reading this forum and searching google, but haven't come up with an answer yet. I just installed the Unifi 6 controller in a fresh iocage jail. I can access the controller locally and can see it at network.unifi.ui.com and it shows that it is online. However, when I try to launch it I get an error that it is not accessible.

I have read that this could be because it is not officially supported on FreeBSD, but has anyone found a workaround for this? Otherwise I guess my option is to install an Ubuntu VM to get this going.

Thanks in advance.

 

[ianjohnson134]

I have unifi as well, everything that I've read or have been told is to just get the standalone unifi controller which is the cloud key, it just plugs into your switch and manage things from your phone app for almost everything in lieu of the desktop interface. The put more emphasis on the app quality because most IT guys are managing stuff from their phones over a laptop.

I know it doesn't help you with your exact plight albeit it does.present probably the most reliable solution. Ubiquiti makes awesome stuff, good quality, good reliability but their integration support is lackluster direct from them, community support is heavily relied upon.

 

[dcs730]

Been reading this forum and searching google, but haven't come up with an answer yet. I just installed the Unifi 6 controller in a fresh iocage jail. I can access the controller locally and can see it at network.unifi.ui.com and it shows that it is online. However, when I try to launch it I get an error that it is not accessible.

I have read that this could be because it is not officially supported on FreeBSD, but has anyone found a workaround for this? Otherwise I guess my option is to install an Ubuntu VM to get this going.

Thanks in advance.

I have exactly the same issue - Truenas 13 (Latest release) - Followed some online instructions to install UniFi Network controller in it's own jail.
I've opened up all the required ports on my internet gateway - port 443 tcp/udp, 8883 tcp from the WAN to the local IP Assigned to the Jail Controller. I can access network.unifi.ui.com controller remotely using my UniFi login. And it shows the Controller on the internal 192.168.20.17 IP. It shows it's online, Sites, devices and clients connected. Then to the right, there are three options to launch remotely.

Launch using WebRTC, launch using hostname : remote.blah.ui.com ... and via the IP (With port forwarding).
I haven't tried the latter 2, but when attempting to launch via WebRTC, I get error "Connection failed".
Network UniFi Controller software installed is the latest Network 7.2.94.

My only assumption is that the jail requires some port forwarding or static route enabled and does not know how to route the traffic back out via the gateway.

Can anybody assist with the trouble shooting with incoming / outgoing traffic in the jail?
The Truenas box sites on a single C Class network : 192.168.20.0/32 (IP address 192.168.20.22)
The jail is installed in truenas and allocated an IP : 192.168.20.17.
The jail appears to have access to the internet as it installed ok, performed updates and visible in the remote network.unifi.ui.com login.
The modem / gateway with the port forwarding rules for those mentioned above are port forwarding to the IP of the Jail. (192.168.20.17)

So can only assume is a routing or IP issue.

 

[Patrick M. Hausen]

iocage get defaultrouter <jailname>?

 

[dcs730]

iocage get defaultrouter <jailname>?

Reply from iocage get defaultrouter unifi
auto

Should it be something else?

 

[Patrick M. Hausen]

Try setting it statically to the IP address of your router.

 

[dcs730]

Thanks - Changed to static...

Done - Now : iocage get defaultrouter unifi .. shows
192.168.20.250

I still get the same result with connection fail when I launch WebRTC from the remote unifi console.

 

[Patrick M. Hausen]

Are you sure Unifi Controller can work behind a reverse proxy or NAT? Maybe you need to configure something explicitly. WebRTC is regularly embedded in the web page/application. If that one tries to reach the private RFC 1918 address of your controller, of course that will not work over the Internet.

I'd use a VPN connection rather than exposing my Unifi Controller, anyway.

 

[dcs730]

Thx Patrick. It's a build in function on the UniFi Network controller and you can enable 2FA so it's fairly secure.
It's recommended to work via WebRTC.

Not sure about working behind a reverse proxy or NAT. I suspect so as it's built so it can be access remotely.
I can try installing the software on a windows pc and exposing the same port forwards and see the result.
I am still on the assumption it's jail / network routing related.

 

[Patrick M. Hausen]

If you can reach the initial web page but not RTC, it cannot be routing related. There is no filtering of ports or anything for VNET jails. You are running a bridged VNET jail, right?

 

[dcs730]

yes - running a vnet jail.
The NAT -is disable
VNET enabled.
Berkley Packet filter enabled.

 

[ChrisRJ]

I have unifi as well, everything that I've read or have been told is to just get the standalone unifi controller which is the cloud key, [..]

You can just as well run it in a Linux VM or on something like a Raspberry Pi. Heck, initially I was running it locally on a MacBook, but that was when I only had an access point.

My main point is that there are other options than buying a Cloud Key. If you prefer the latter, because it is convenient, that is absolutely fine. But it is certainly not the only option for a reliable solution. As an example, I have been running the Unifi controller in a small VM on ESXi for years without an issue. And the snapshot was sometimes helpful when an update didn't work well.

 

[Patrick M. Hausen]

Absolutely. And Unifi runs just perfectly in a FreeBSD jail - no difference to a Linux VM, really. If there is some problem with remote access it is most probably not jail related.

 

[dcs730]

So here is my update...

I have built a test Windows 10 PC - Not changed any Port Forwarding rules on my gateway. So all required ports are forwarding to 192.168.20.17.

I temporarily stopped the jail on IP : 192.168.20.17.
Then installed the Unifi Controller on Win10 PC - Installed the UniFi Network controller software, then restored the network settings / database for the Unifi Controller from the Jail setup. Also assigned the same IP : 192.168.20.17.

From a remote pc (Whilst the Win10 UniFi Network Controller was running) - I was able to successfully launch WebRTC.
And could manage the UniFi network remotely.

Then rolled back to the Jail setup (Same settings whilst) the Win10 PC UniFi Controller disconnected (So NO network IP Conflict) and failed to connect using WebRTC.

This confirms it's definitely a config or setting in the UniFi Network controller setup (With the Jail Install) or something extra required in the TrueNAS setup.

I may disable the UniFi Network Controller software installed in the Jail.
And commission a Win10 pc on the LAN with the UniFi Network controller for management of UniFi Devices.