Need help setting up unifi on pfsense box



  • Hello

    I recently venture in the realm of using presence, I am still very new to it. recently I got Verizon fios internet, I configured the box to be my main router and ship the actioncrap back to Verizon. Now I'm trying to get my UNIFI AP to work on the box and I having a hard time configuring it to work

    this how i have it currently setup

    FIOS –> pfsense -->

    em0 ( wan) --> Verizon fios ( internet)
    em1 ( Lan) --> currently connected to pc
    em2 ( OPT)
    em3 ( OPT)
    re0  ( OPT) MB nic)

    What I'm trying to do is use 1 of the spare NIC as a connection to the unifi AP, so i can manage the wireless devices that need the internet. I could bridge the wireless and wired NIC, but I am not sure if the optimum or would cause slow down when it getting hammered. I have tried installing the controller on the box but I have a port 8080 unavailable when i start the service. I also tried to run the software controller on my PC but somehow i can't get communication to the AP for it to configure

    any thought and idea are appreciated :)


  • LAYER 8 Global Moderator

    I do recall seeing how to run the controller on pfsense.

    https://community.ubnt.com/t5/UniFi-Wireless/Tutorial-UniFi-3-1-4-running-on-pfSense-2-1-RC/td-p/539534
    I also see this project
    https://github.com/gozoinks/unifi-pfsense

    What is using 8080 on your pfsense, change it or change the controller port

    As to running on your PC.  Well that would put the AP on different network unless yes you bridged which I would not recommend.  So you have to adopt via L3
    https://community.ubnt.com/t5/UniFi-Controller-Installation/UniFi-Layer-3-methods-for-UAP-adoption-and-management/ta-p/455643

    I have my controller run on a VM that I connect to my wlan network 192.168.2.0/24.  So it can do layer 2 discover of the AP for adoption, I then create vlans on this pfsense nic to allow for different ssid vlans, guest, etc..



  • the gozoinks script (https://github.com/gozoinks/unifi-pfsense) works well.
    I added- unifi.db.extraargs=–smallfiles to /usr/local/UniFi/data/system.properties
    This keeps the database from getting so massive.



  • You can either try out a RaspBerry PI2 and the linux based UBNT free UniFi Controller software or set up an
    Alix Board to do so. Not all things must be running on pfSense, only as a work around if nothing matches really
    your needs.


  • LAYER 8 Global Moderator

    Yeah I would not really setup on pfsense unless that was your only option..  Not a fan of installing 3rd party stuff on your firewall if you know what I mean.

    I have seen instructions on installing on a raspberry pi as well, so that would a really cheap option of having your controller setup on its own stuff.



  • @johnpoz:

    I do recall seeing how to run the controller on pfsense.

    https://community.ubnt.com/t5/UniFi-Wireless/Tutorial-UniFi-3-1-4-running-on-pfSense-2-1-RC/td-p/539534
    I also see this project
    https://github.com/gozoinks/unifi-pfsense

    What is using 8080 on your pfsense, change it or change the controller port

    As to running on your PC.  Well that would put the AP on different network unless yes you bridged which I would not recommend.  So you have to adopt via L3
    https://community.ubnt.com/t5/UniFi-Controller-Installation/UniFi-Layer-3-methods-for-UAP-adoption-and-management/ta-p/455643

    I have my controller run on a VM that I connect to my wlan network 192.168.2.0/24.  So it can do layer 2 discover of the AP for adoption, I then create vlans on this pfsense nic to allow for different ssid vlans, guest, etc..

    base on this there isn't anything running on  port 8080, so i'm not sure why it say that it unavailable, unless i'm doing something wrong

    @BlueKobold:

    You can either try out a RaspBerry PI2 and the linux based UBNT free UniFi Controller software or set up an
    Alix Board to do so. Not all things must be running on pfSense, only as a work around if nothing matches really
    your needs.

    I will look into it some time down the road , at this moment i just need this up a running for now then i can redo whole setup and make more secure.

    @johnpoz:

    Yeah I would not really setup on pfsense unless that was your only option..  Not a fan of installing 3rd party stuff on your firewall if you know what I mean.

    I have seen instructions on installing on a raspberry pi as well, so that would a really cheap option of having your controller setup on its own stuff.

    I definitely understand where you coming from , I don't like running 3rd party apps on my box either but at this current time it my only option.



  • 8080 is the controller port. Can you connect to the unifi interface on 8443? Try sockstat -4 | grep 8443
    Look at the mongod.log for any issues. If the install is bodged up, nuke the entire unifi directory, reboot and re-run the script.



  • @dotdash:

    8080 is the controller port. Can you connect to the unifi interface on 8443? Try sockstat -4 | grep 8443
    Look at the mongod.log for any issues. If the install is bodged up, nuke the entire unifi directory, reboot and re-run the script.

    this is what i get when i try socket 4

    here port 8443 web

    nub question how do i nuke the script lol



  • so i went a alternative route, a route most you guy suggest and advised. i bug up my old linksys wireless G router and converted it into a dumb down switch and hook everything that way i ported the rule though the firewall , i end up using unifi software on my desktop to get it running. still need to figure out how to uninstall unifi controller off the box without wiping it


  • LAYER 8 Global Moderator

    What do you mean nothing listening??  Clearly there is something listening both on tcp4 and 6 on 8080 in you routput.. Are you blind??

    If there was nothing listening you would get this

    [2.2.3-RELEASE][root@pfSense.local.lan]/root: netstat -an | grep 8080
    [2.2.3-RELEASE][root@pfSense.local.lan]/root:

    Why don't you just do a sockstat and not grep..  And look at it..

    So you didn't have a switch?  You put the ap on your lan?  You could put it on different segment and use layer 3 adoption.




  • @johnpoz:

    What do you mean nothing listening??  Clearly there is something listening both on tcp4 and 6 on 8080 in you routput.. Are you blind??

    If there was nothing listening you would get this

    [2.2.3-RELEASE][root@pfSense.local.lan]/root: netstat -an | grep 8080
    [2.2.3-RELEASE][root@pfSense.local.lan]/root:

    Why don't you just do a sockstat and not grep..  And look at it..

    So you didn't have a switch?  You put the ap on your lan?  You could put it on different segment and use layer 3 adoption.

    I realize that after I posted, what i didn't see is what was running on it since i didn't do a sockstat, i'm not use to all these commands lines i'm just learning as i go along.

    No i didn't have a switch my original plan was to use 1 of the spare NIC and configure it for the AP  or bridge  it , but since that not a great idea. I grab a old router i had there a wireless G and converted it into a switch.  so this how it setup now

    fios –> pfsense (wan)(lan)( 3 NIC not used)
    lan -- switch port 1
    switch port 2 -- pc
    switch port 3 -- unifi AP

    the 3rd party software running on desktop, my only gripe is that my computer need to stay on because the AP need the software to run, want to offload the software onto something else so it not reliant on my pc to be running. since running it on the box isn't advice , you have any other ideas?


  • LAYER 8 Global Moderator

    You don't need to run the software all the time.. Just to config, unless you are using portal or want stats on your clients, etc..  But the software does not have to be on in simple setup.  You run it setup your AP with ssids, etc..  And then can shut the software down if you want.

    And again you could just do layer 3 management of the AP where the controller is on different segment.  Shoot you could even run the controller in the cloud if you wanted on a vps or amazon instance, etc.



  • @johnpoz:

    You don't need to run the software all the time.. Just to config, unless you are using portal or want stats on your clients, etc..  But the software does not have to be on in simple setup.  You run it setup your AP with ssids, etc..  And then can shut the software down if you want.

    And again you could just do layer 3 management of the AP where the controller is on different segment.  Shoot you could even run the controller in the cloud if you wanted on a vps or amazon instance, etc.

    Ahh didn't know it wasn't require , i figure if i close the controller to the AP, it would not run.

    you lost me there fora second could you give me a quick example of what you mean layer 3 management?



  • You don't need to bridge, you could run the wireless on a separate segment. People always think they need to bridge, and then someone always has to tell them bridging is the devil's work, and cat and dogs will start living together if they bridge two ports on pfSense. Now running UniFi on pfSense is satanic and you're better off buying something else to run it on, or running it in the cloud, or just not running it. I thought the topic was 'Need help setting up unifi on pfsense box', not 'Please talk me out of running unifi on pfSense'. Whatever, just trying to be helpful, not trying to compromise your soul with unholy knowledge. Here is the uninstall info.
    Unifi lives under /usr/local/UniFi, so stop the controller-
    service unifi.sh stop
    then nuke the dir-
    rm -R /usr/local/Unifi
    The script installs a bunch of packages. They shouldn't hurt anything, but if you really want to clean up, you could 'pkg delete' them all.
    Easiest way to clean everything up is to save the config, re-install, then restore the config.



  • @dotdash:

    You don't need to bridge, you could run the wireless on a separate segment. People always think they need to bridge, and then someone always has to tell them bridging is the devil's work, and cat and dogs will start living together if they bridge two ports on pfSense. Now running UniFi on pfSense is satanic and you're better off buying something else to run it on, or running it in the cloud, or just not running it. I thought the topic was 'Need help setting up unifi on pfsense box', not 'Please talk me out of running unifi on pfSense'. Whatever, just trying to be helpful, not trying to compromise your soul with unholy knowledge. Here is the uninstall info.
    Unifi lives under /usr/local/UniFi, so stop the controller-
    service unifi.sh stop
    then nuke the dir-
    rm -R /usr/local/Unifi
    The script installs a bunch of packages. They shouldn't hurt anything, but if you really want to clean up, you could 'pkg delete' them all.
    Easiest way to clean everything up is to save the config, re-install, then restore the config.

    I still want to get unifi controller running on the box, the more options i have the better , the reasoning i use the switch was just get this up and running to see if the hardware functioning without any hitches. i think need to reinstall the controller script and see if it runs. i find it silly that i have 5 nic on this box  and i cant make use of them. rather have pfsense manage everything


  • LAYER 8 Global Moderator

    I provided a link to layer 3 setup.. Think of it this way with layer 2 the controller and the AP have to be on the same network.. They broadcast for each other.. With layer 3, you set an IP address on the AP and it talks to the controller that way.

    https://community.ubnt.com/t5/UniFi-Controller-Installation/UniFi-Layer-3-methods-for-UAP-adoption-and-management/ta-p/455643

    So did you figure out what was running on 8080 on your pfsense box?  Did you install some proxy, set the gui to use that port?  Out of the box pfsense shouldn't be listening on 8080 that I recall.. Mine sure isnt.



  • @shak2300
    For sure the money for that must be also there, I know that too, no problems for me if peoples setting up
    much as they can do on their one appliance, but do you know perhaps now, why I am preffering the choice
    to get an dedicated UniFi WLAN Controller on a small Box like an RaspBerry PI2 or Alix (APU) board?

    I provided a link to layer 3 setup.. Think of it this way with layer 2 the controller and the AP have to be on the same network..

    And if VLANs are in usage the controller must be a member of all VLANs!



  • @BlueKobold:

    @shak2300
    For sure the money for that must be also there, I know that too, no problems for me if peoples setting up
    much as they can do on their one appliance, but do you know perhaps now, why I am preffering the choice
    to get an dedicated UniFi WLAN Controller on a small Box like an RaspBerry PI2 or Alix (APU) board?

    Enlightening me on your thought, i just feel it waste to get a complete alix baord just to run a unifi controller, when i'm already running a apu in this box

    @johnpoz:

    I provided a link to layer 3 setup.. Think of it this way with layer 2 the controller and the AP have to be on the same network.. They broadcast for each other.. With layer 3, you set an IP address on the AP and it talks to the controller that way.

    https://community.ubnt.com/t5/UniFi-Controller-Installation/UniFi-Layer-3-methods-for-UAP-adoption-and-management/ta-p/455643

    So did you figure out what was running on 8080 on your pfsense box?  Did you install some proxy, set the gui to use that port?  Out of the box pfsense shouldn't be listening on 8080 that I recall.. Mine sure isnt.

    I will let you know my result when i get off from work



  • @shak2300:

    I will let you know my result when i get off from work

    So what were the results if I may ask? ;)


Log in to reply