Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unifi Cloud Key Gen2+ ipv6 issues

    Scheduled Pinned Locked Moved IPv6
    6 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sheebz
      last edited by

      sooo.... has anyone had this issue where their cloud key stops connecting when ipv6 is enabled on the wan?

      i dont know why, but mine has been working fine for about 6 months, now all of a sudden it wouldn't connect. sat on with unifi support for hours and they couldn't figure out what was wrong.

      came across a post where someone had this issue and fixed it by turning off ipv6 on the wan. i tried it and it worked. cloud key booted up great.

      only issue now is, i want ipv6 enabled. when i re-enable it, the cloud key says its offline when i try to log into the unifi management portal, but i can login fine when i goto the ip address.

      anyone know how to fix this? if there is no fix for it and my only options are to login through the ip address, is there any way to create a certificate for my computer to trust the site? it drives me crazy when i have to go through security pages and then having the red warnings at the top of the page. i've tried adding the site cert to the trust store but it doesnt change anything. so im not sure what im doing wrong on that side of things...

      is there a way to disable ipv6 in pfsense on the cloudkey specifically?

      JKnottJ johnpozJ 2 Replies Last reply Reply Quote 0
      • JKnottJ
        JKnott @sheebz
        last edited by

        @sheebz

        I don't use cloud key, but the server version, running on a Linux box failed after a recent update. I haven't bothered to look into it yet though.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        S 1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @sheebz
          last edited by johnpoz

          @sheebz said in Unifi Cloud Key Gen2+ ipv6 issues:

          the cloud key says its offline when i try to log into the unifi management portal, but i can login fine when i goto the ip address.

          What is the fqdn your trying to access unifi.ubnt.com? What does that resolve too? Are you trying to login via their remote management or something? If your using that to access your clouldkey, its possible while your clouldkey gets IPv6, your firewall rules do not actually allow that sort of access.

          I don't use any of their remote management anything.. I have that disabled!

          My controller runs on a box called newuc.local.lan, this resolves to its local ipv4 address 192.168.2.12

          I don't see how the box having an IPv6 address would have anything to do with that. I don't currently run IPv6 on this box.. But I could try and duplicate your problem I guess. But I don't currently have IPv6 enabled on the vlan the controller sits on.

          is there any way to create a certificate for my computer to trust the site?

          Sure there is - I have a cert created for newuc.local.lan from pfsense cert manager via a CA I created there and my browsers trust.. Install the cert you signed via your CA that your browser trusts for the controller to use. You will have to look up how to install ssl cert for the controller or cloudkey.. Its not as simple as it could be that is for sure.. PITA really ;) There really should just be a simple gui in the controller software. You need to use the keystore tool if I recall, I know the password is "aircontrolenterprise"

          I should really update/change this - I want to migrate to home.arpa vs local.lan for my domain. And changing the certs used on my devices to use home.arpa has me dragging me feet.. the unifi one being the most difficult to deal with..

          keystore.jpg

          There is a free gui keystore explorer that might be of help.

          cert.jpg

          If you want your browser to trust this via IP access - then just add a san for the IP into the cert you create. Again via the cert manager in pfsense.

          certsan.jpg

          As to IPv6 on your clouldkey.. I don't have one to validate with - but on a usg3p my son has that I manage in my controller. There is setting for IPv6, you should be able to disable it or set it to none, etc..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • S
            sheebz @JKnott
            last edited by

            @jknott 5137ac6f-1b7d-46d8-b47e-dab85f483dcf-image.png

            i used to be able to log in fine through here, up until the last week. the weirder part is that it was completely fine until i bought a unifi poe switch and added that into the mix.

            i was previously running the cloud key, camera and ap's with poe and everything was great. as soon as i adopted the switch and plugged everything into the switch ports the whole network went haywire. disconnect issues every few minutes for my switches and ap's, plus the cloud key kept saying no internet connection (even though is would produce an ip address and i could ping it). so i reset everything to factory thinking that would work, which it stopped the disconnect issues, but didnt correct the cloud key connection.

            this is the link i came across that resolved my issue

            but as i stated earlier, i would like ipv6 enabled on my network. when i disabled ipv6 on the wan, Boom! cloud key suddenly had internet connection. so i set up my network again from the web manager over to the cloud key, then once i enabled ipv6, it stopped letting me connect through the unifi.ui.com portal, but now actually lets me log in through the ip address.

            i did try making a cert in the pfsense cert manager, but no luck. i also tried the keystore explorer program yesterday already. followed the instructions and installed the new cert and still shows up as not trusted.

            3e299593-b902-4ab6-a126-e18ab359807a-image.png

            this is a screenshot of it connected through the ip address of the cloud key.

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @sheebz
              last edited by johnpoz

              @sheebz said in Unifi Cloud Key Gen2+ ipv6 issues:

              till shows up as not trusted.

              And did you trust the CA you created in the cert manager in your browser?

              Here is an old thread of mine where I do a watch the bouncing ball walkthru

              https://forum.netgate.com/post/831783

              The only real change in that is browsers no longer like certs that are good for more than X number of days.. Something around a year is tops now.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

              S 1 Reply Last reply Reply Quote 0
              • S
                sheebz @johnpoz
                last edited by

                @johnpoz i installed the cert and added it to the trust store 🤷 so i'm assuming i did lol

                cool ill take a look

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.