• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Pfsense and Unifi controller/AP on different subnets

Scheduled Pinned Locked Moved General pfSense Questions
11 Posts 5 Posters 2.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    notaduck
    last edited by Dec 9, 2020, 12:51 PM

    Hi guys. I have two subnets on my network

    • 10.0.1.0/24 (LAN)
    • 10.0.2.0/24 (DMZ)

    I have AP connected to the LAN interface and the I have a proxmox host in DMZ with an LXC container hosting the UNIFI Controller.
    However, the controller cannot see the AP the LAN subnet. Anyone, who knows if this is 100% impossible for the controller to adopt the AP since they arent on the same subnet?

    S J 2 Replies Last reply Dec 9, 2020, 12:55 PM Reply Quote 0
    • S
      stephenw10 Netgate Administrator @notaduck
      last edited by Dec 9, 2020, 12:55 PM

      There are several ways to make that work. It's the access point that has to be able to connect to the controller.

      The easiest way I have found is to set a host override for 'unifi' and point it at the controller IP. The AP will try to resolve that to connect to the controller.

      You can also ssh into the AP and set the controller IP manually.

      Steve

      N 2 Replies Last reply Dec 9, 2020, 12:56 PM Reply Quote 1
      • N
        notaduck @stephenw10
        last edited by Dec 9, 2020, 12:56 PM

        @stephenw10 Thanks for the fast reply! I will try to give it a shot

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by johnpoz Dec 9, 2020, 1:30 PM Dec 9, 2020, 1:27 PM

          This is just L3 adoption - here
          https://help.ui.com/hc/en-us/articles/204909754-UniFi-Layer-3-Adoption-for-Remote-UniFi-Controllers

          Be it your controller is just on another vlan locally or remotely doesn't really matter.. I manage my sons USG and flexHD remotely on my controller.

          You do need to make sure the ports are open as well.. 8080, 3478 I do believe.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          J 1 Reply Last reply Dec 9, 2020, 2:00 PM Reply Quote 0
          • J
            JKnott @notaduck
            last edited by Dec 9, 2020, 1:57 PM

            @notaduck

            I recently set up a Unifi AP. Part of the process is the controller has to be able to find the device. That likely won't happen if it's on the other side of the router. However, the controller should be reachable via it's IP address. So, you'll have to do some manual config, as described above.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 0
            • J
              JKnott @johnpoz
              last edited by Dec 9, 2020, 2:00 PM

              @johnpoz said in Pfsense and Unifi controller/AP on different subnets:

              8080, 3478 I do believe.

              I allowed 8080 through my firewall, but I didn't do 3478, as that's for STUN, which I don't need.

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              J 1 Reply Last reply Dec 9, 2020, 3:07 PM Reply Quote 0
              • N
                notaduck @stephenw10
                last edited by Dec 9, 2020, 2:09 PM

                @stephenw10 I managed to get it to work, I used ssh to connect to the AP with default ubnt:ubnt creds and used set-inform http://ip-of-controller:8080/inform to set the IP of the controller.

                B 1 Reply Last reply Dec 9, 2020, 2:14 PM Reply Quote 0
                • B
                  bingo600 @notaduck
                  last edited by bingo600 Dec 9, 2020, 2:58 PM Dec 9, 2020, 2:14 PM

                  @notaduck said in Pfsense and Unifi controller/AP on different subnets:

                  @stephenw10 I managed to get it to work, I used ssh to connect to the AP with default ubnt:ubnt creds and used set-inform http://ip-of-controller:8080/inform to set the IP of the controller.

                  If you create a unifi dns entry or override , and let it point to the controller ip , that login shouldn't be needed.

                  But i seem to remember that my AP liked to have TCP 8080 and 22 opened.

                  Edit: Correct dns name

                  /Bingo

                  If you find my answer useful - Please give the post a 👍 - "thumbs up"

                  pfSense+ 23.05.1 (ZFS)

                  QOTOM-Q355G4 Quad Lan.
                  CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                  LAN  : 4 x Intel 211, Disk  : 240G SAMSUNG MZ7L3240HCHQ SSD

                  1 Reply Last reply Reply Quote 0
                  • S
                    stephenw10 Netgate Administrator
                    last edited by Dec 9, 2020, 2:47 PM

                    Nice!

                    I always forget about using their phone app which makes it easy. For most people at least 😉

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • J
                      johnpoz LAYER 8 Global Moderator @JKnott
                      last edited by Dec 9, 2020, 3:07 PM

                      @jknott said in Pfsense and Unifi controller/AP on different subnets:

                      as that's for STUN, which I don't need.

                      I wanted it because my son's devices at his house so there is nat between, etc.

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                      J 1 Reply Last reply Dec 9, 2020, 4:36 PM Reply Quote 0
                      • J
                        JKnott @johnpoz
                        last edited by Dec 9, 2020, 4:36 PM

                        @johnpoz said in Pfsense and Unifi controller/AP on different subnets:

                        I wanted it because my son's devices at his house so there is nat between, etc.

                        That problem could be avoided, if the gear supported IPv6. As far as I can tell, my AP configuration only supports IPv4. On the other hand, the controller supports IPv6, if it's available on the host system. My cell phone is IPv6 only, using 464XLAT for IPv4 sites, so if I had my controller on it, it would have to use that on the phone and NAT at the remote site, when IPv6 would eliminate the need for both.

                        PfSense running on Qotom mini PC
                        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                        UniFi AC-Lite access point

                        I haven't lost my mind. It's around here...somewhere...

                        1 Reply Last reply Reply Quote 0
                        11 out of 11
                        • First post
                          11/11
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                          This community forum collects and processes your personal information.
                          consent.not_received