Unifi Network Access Issues



  • I'm having a serious problem with getting my Unifi devices to connect out. I'm running a controller in a FreeBSD jail in subnet 172.20.40.1/24, which seems to be working sufficiently.

    I have a unifi switch 8 150w, as well as two Unifi APs. The UniFi devices are in 172.20.70.1/24, and they have been assigned static IP address using DHCP.

    | IP | Hostname | Description |
    | 172.20.70.2 | unifi1 | Unifi AP |
    | 172.20.70.3 | unifi2 | Unifi AP |
    | 172.20.70.4 | unifiswitch | Unifi Switch |

    I'm not sure if it is a network issue or something on the Unifi end, but my Unifi APs are unable to access the internet, and are unable to ping the controller.

    I can SSH into the UniFi devices, and have checked what they're using for DNS, and it seems to be correct.

    $ cat /etc/resolv.conf
    
    search my.domain.tld
    nameserver 172.20.70.1
    

    I was able to get my switch to connect to the controller using```
    set-inform http://172.20.40.20:8080/inform

    Now it's connected, but I am unable to SSH into the switch. Maybe I shorld factory reset it?
    
    Here are my firewall rules, I don't know if this is the problem since I had originally set the rules to let them connect anywhere and it still wasn't working.
    
    ![](https://i.imgur.com/2MRlITp.png)
    
    Has anyone else had success with UniFi switches and pfSense?
    ![uni-rules.png](/public/_imported_attachments_/1/uni-rules.png)
    ![uni-rules.png_thumb](/public/_imported_attachments_/1/uni-rules.png_thumb)


  • Hi

    You have to provide a little more info about controller network pfsense rules on the LAN (LILAN0 or LILAN1 the 172.20.40.0 net one), VLANs and the switch config or part of it.

    Don't know if you have to add a roule in the 172.20.40.0 net to allow APs IPs.

    I have different setup with Unifi. Controller and the APs IPs have LAN net or a Management net. The wifi networks have a SSID in LAN net without VLAN and a GUEST network with VLAN. Rules on the Guest net is identical to your Uni net rules except the no need to add allow controller IP.



  • Things that tripped me with Unifi APs before were:

    1. Make sure your clients firewall is off…I couldn't access my AP when using a Mac unless I turned off my Mac firewall(I have read similar issues with a PC firewall)
    2. Unifi doesn't work well on VLANs i.e. controller and AP need to be on a non VLAN and on the same L2(same IP interface)

    Also explore their CloudKey pretty slick and despite the name doesn't require you to access it via the "Cloud"....

    Good luck....