OPNsense Forum
English Forums => Development and Code Review => Topic started by: tillsense on July 08, 2017, 07:32:00 pm
-
These guys have a sh script for FreeBSD.
https://github.com/gozoinks/unifi-pfsense (https://github.com/gozoinks/unifi-pfsense)
I'm going to look at this.
cheers till
-
Yes! It would be great!
-
The license looks good. Will somebody speak to the maintainer?
Thanks,
Franco
-
I´m following the project...what should I ask him?
-
If he would like to officially support OPNsense as well. :)
-
Ok!
-
That would be... awsome 8)
-
Can this be used with opnsense as-is?
-
In general a good idea - but I'm bit sceptic regarding all the stuff that gets installed by this... thorough testing is mandantory, I'd say^^
-
Can this be used with opnsense as-is?
no - it seems like this depends on java: https://github.com/gozoinks/unifi-pfsense/blob/master/rc.d/unifi.sh#L29
Java is not in the repository but you can get it from the FreeBSD repository.
-
Can this be used with opnsense as-is?
I'd say yes - if You mean the mentioned script - in case this script is working as expected...
Here's the list of all the additional stuff that gets installed:
103 AddPkg snappy
104 AddPkg python2
105 AddPkg v8
106 AddPkg mongodb
107 AddPkg unzip
108 AddPkg pcre
109 AddPkg alsa-lib
110 AddPkg freetype2
111 AddPkg fontconfig
112 AddPkg xproto
113 AddPkg kbproto
114 AddPkg libXdmcp
115 AddPkg libpthread-stubs
116 AddPkg libXau
117 AddPkg libxcb
118 AddPkg libICE
119 AddPkg libSM
120 AddPkg java-zoneinfo
121 AddPkg fixesproto
122 AddPkg xextproto
123 AddPkg inputproto
124 AddPkg libX11
125 AddPkg libXfixes
126 AddPkg libXext
127 AddPkg libXi
128 AddPkg libXt
129 AddPkg libfontenc
130 AddPkg mkfontscale
131 AddPkg mkfontdir
132 AddPkg dejavu
133 AddPkg recordproto
134 AddPkg libXtst
135 AddPkg renderproto
136 AddPkg libXrender
137 AddPkg javavmwrapper
138 AddPkg giflib
139 AddPkg openjdk8
140 AddPkg snappyjava
-
Ahmm - I just saw all this X - stuff...??? :o
-
I think I remember reading about this on reddit, really pumped about this!
ah nvm this is for running the controller on the router, I was reading about integration with the gateway protocols used in the controller itself.
-
So I have been trying to get the Unifi controller working but no luck so far. I've tried two different methods.
First I tried checking out the git repository and building the net-mngr/unifi5 package. After a few hours when it's compiling some java classes, the java runtime/compiler crashes so no dice.
Then I tried this script. The script works great! But same issue, the java runtime crashes. Has anyone successfully been able to get the Unifi controller to work on opnsense?
-
installing it on the command line with that install-unifi.sh script from the first link works just fine for me...
I am curious what will happen, when an upgrade of the UniFi software arrives (>5.6.29) - how that is handled - does it upgrade via the GUI (I mean the UniFi one)?
after a little trip on the UniFi USG 3-Port router I am going to come back home to OPNsense :)
-
installing it on the command line with that install-unifi.sh script from the first link works just fine for me...
I am curious what will happen, when an upgrade of the UniFi software arrives (>5.6.29) - how that is handled - does it upgrade via the GUI (I mean the UniFi one)?
after a little trip on the UniFi USG 3-Port router I am going to come back home to OPNsense :)
Interesting. I tried the command line script and indeed it worked. There must have been a bug that was fixed in the past few days. Thank you.
-
I am going to have to give this script a shot... would love to get the unifi controller off of the little tiny VM I have to run it :)
-
Interesting. I tried the command line script and indeed it worked. There must have been a bug that was fixed in the past few days. Thank you.
yes, there was a change about three days ago...
-
will read this too...
-
HI Guys i'm new here...
i start to use opnsense, and i find it incredible...
i try to install the unifi.sh on my device but somting doesn't work.
than... i follow the guide of gozoinks but i don't understand why i cant connect on my device on port 8443.
if i execute service -e i find /usr/local/etc/rc.d/unifi.sh
some one can help me ?
i'm not so good with Linux too :-[ :-[ :-[
thanks
-
btw. executing the script as mentionned on the 1st thread, it now also installs openjdk on the opnsense.
-
Works like a charm. But asks for updates on outdated packages on the opnsense afterwards.
-
btw. executing the script as mentionned on the 1st thread, it now also installs openjdk on the opnsense.
Openjdk is installed in Opensense.. and i tried to reinstall... but nothing to do...
but if i search it i do not see
root@OPNsense:/usr # pkg search ^open
open-vm-tools-nox11-10.3.0_1,2 Open VMware tools for FreeBSD VMware guests
openconnect-8.03 Client for Cisco's AnyConnect SSL VPN
openldap-sasl-client-2.4.47 Open source LDAP client implementation with SASL2 support
openldap-sasl-server-2.4.47_1 Open source LDAP server implementation
openpgm-5.2.122_5 Implementation of the PGM reliable multicast prot ocol
openssh-portable-8.0.p1,1 The portable version of OpenBSD's OpenSSH
openssl-1.0.2s,1 SSL and crypto library
openvpn-2.4.7 Secure IP/Ethernet tunnel daemon
root@OPNsense:/usr #
-
The controller software will install third party packages that OPNsense doesn't offer so there won't be any updates for it.
Cheers,
Franco
-
Then ? what can i do??
I forgot to say what use freebsd 11.2
Aiutooo
-
Solved, the problem was the firewall rules. there was no problem with Java or with the installation...
thanks...
-
Hi all
Does anyone tried to install it recently ? I'm getting :
Starting the unifi service...Starting UniFi controller.
eval: /usr/local/bin/java: not found
done.
-
Sure there was no error while installing the pkg?
-
No error during running script...
-
I'd recommend against this. OPNsense is a firewall, which should in fact be one of the safest devices on your network. It is basically the gatekeeper between you and the big bad internet. Running additional services on it increases the attack surface and therefor increases the risk.
Don't get me wrong, I am not entitled to anything, as a user of an open source project. Big I really like the vast focus of OPNsense towards security. They even switched bases from FreeBSD to HardenedBSD - because it's obviously much more secure. I can't speak for the developers, the core team or any contributing member of OPNsense; but running Java on a firewall seems pretty... inconsistent with the core values of OPNsense.
And hey, of course you are free to do as you please, but if your goal is to have one device acting as a firewall, gateway, WiFi controller and perhaps more, you will be better of and have an easier time with a Linux distribution designed for exactly these purposes.
EDIT: Adding - if you have a spare box, throw Ubuntu or Debian on it and take a look at these scripts for an easy UniFi Controller installation: UniFi Scripts (https://community.ui.com/questions/UniFi-Installation-Scripts-or-UniFi-Easy-Update-Script-or-UniFi-Lets-Encrypt-or-Ubuntu-16-04-18-04-/ccbc7530-dd61-40a7-82ec-22b17f027776)
-
I have to agree with jjanzz.
I have very good experiences with opnsense and it is mainly focused on security.
I do not recommend any use of UNIFI or any technology from Ubiquiti. I have very very bad experiences with their devices. There is no possibility to prevent any unifi device to send connections to China.
Just look at the connections it makes from itself. Their whole concept is blackbox - you do not have any chance to see what ubnt or unifi devices are really doing.
When you restart them, they have very big tendency to lose configuration. After power outages there is usually every time needed to configure all again. So you spend 1 hour per device for settings.
I know lots of IT admins and IT professionals, that use unifi devices. It is for their easy use - just clicking and all is "OK". They do not need to think much and "all" is "OK" and solved by unifi ;)
I think it is better to use your brain then to be controlled by comfort and by others...
From security view unifi is something which communicates to third party clouds in China and how do you know what really unifi controller does? For easy use of unifi devices connected to cloud which is "cool" is OK. But how secure it is. Just think it very carefully - it is sending your communication to China or another third party servers...it is really secure ????
I am using Mikrotik Hardware and it is one of the best manufacturer of network devices in world. You have total control on it and see directly what is in network. There is nothing comparable to their devices and you get them for very very good price. You need to use your brain to set Mikrotik HW correctly - there is no "click and OK".
Same princip is for opnsense - you have to know what you want and use brain to prepare network and configure whole appliance correctly.
I am using opnsense as security appliance and it is critical point in network. So it is better to not implement technologies which lower security for the comfort.
-
I agree that a firewall is a firewall is a firewall - so no other software/services should run on that device that you use for your network security. I would not run anything else on a firewall which does not have the purpose of firewalling my network!
but I do not agree that UniFi devices from Ubiquiti like switches and accesspoints talk to chinese servers! the only connection to the internet of such devices are (based on Sensei reports for the last 7 days): NTP service for time and connecting to the webserver hosting firmware update binaries. That is what I can say about my devices that are controlled by the UniFi network controller running on a ubuntu box.
so under which circumstances do your Ubiquiti devices talk to chinese servers?
-
I am talking about situation when you have some new unifi devices and they need to be connected to cloud to change settings. You also need some account on unifi cloud to access controller.
If you have device with controller SW you need to connect to cloud to set it.
If there is closed network or is not access to internet....it is not easy
Lots of customers simply do not easily want to allow any cloud (3rd party) access from their networks.
You do not see into unifi controller device or directly to unifi devices as for example Mikrotik allows.
I am not using unifi for my bad experiences and their requirements for cloud...it is just my experience.
-
if it is a "plugin" then it will serve both, those that like or those that dont want it...
it is a choice
id bet there are probably alot of Ubiquiti owners using opnsense instead of USG
-
if it is a "plugin" then it will serve both, those that like or those that dont want it...
it is a choice
id bet there are probably alot of Ubiquiti owners using opnsense instead of USG
Yes we exist but moving to Opnsense also makes me want to move to Aruba or something else on the switching end. I'm tired of my cloud key needing its firmware reset. I won't put that buggy software anywhere near my firewall.
-
that would be your or anyone's choice
-
I am talking about situation when you have some new unifi devices and they need to be connected to cloud to change settings. You also need some account on unifi cloud to access controller.
If you have device with controller SW you need to connect to cloud to set it.
If there is closed network or is not access to internet....it is not easy
Never had to connect something of my unifi gear to the cloud.
Install the controller or use a cloud Key (which doesn't mean that you have to Connect it to the cloud.
And they never connected to china servers.
They use aws servers for update checks.
But I would never Install the controller on a opnsense because:
- General Security
- afaik they use outdated packages (mongodb, Java)
-
I tend to agree that deploying this on an OpnSense makes very little sense. You can spin up a very inexpensive VPS in OVH for less than $10.00 a month and deploy the Unifi controller on it. It will be far more reliable than on an OpnSense box. If you are doing this at home then I might understand but for business, a cheap VPS is the way to go and allows for multi-tenant as I use with over 50 companies.
-
Sorry for opening a new "issue"
I just wanted to report that I've been successful installing Unifi Beta 5.13.10.0-g7664a3c6 on OPNsense 20.1.3.
The link I used was: https://dl.ubnt-ut.com/teunis/wpa3/5.13.10/UniFi.unix.zip
Thanks for your hard work!!
https://github.com/gozoinks/unifi-pfsense/issues/170
OPNsense 20.1.3
could be great
have not tried though, need more instruction, not really familiar with the console
-
https://github.com/gozoinks/unifi-pfsense
the latest commit is tested to latest opnsense
OPNsense 20.7.1-amd64
FreeBSD 12.1-RELEASE-p8-HBSD
OpenSSL 1.1.1g 21 Apr 2020
Unifi version 5.14.23
just follow the installation instruction
for upgrades, you must stop Unifi first before reinstalling
settings will not be affected by re installation of updated version
This is for those who would like Unifi Controller on their Opnsense machine. We understand the risk, we appreciate your concern.
-
original project site
https://github.com/gozoinks/unifi-pfsense
fork typically with newer firmware build
(dev is much more active than in main branch)
https://github.com/gnkidwell/unifi-pfsense
OPNsense 20.7.7_1-amd64
FreeBSD 12.1-RELEASE-p11-HBSD
I have installed and run both script with issue on latest OPNsense build(even on older builds)
-
original project site
https://github.com/gozoinks/unifi-pfsense
fork typically with newer firmware build
(dev is much more active than in main branch)
https://github.com/gnkidwell/unifi-pfsense
OPNsense 20.7.7_1-amd64
FreeBSD 12.1-RELEASE-p11-HBSD
I have installed and run both script with issue on latest OPNsense build(even on older builds)
I'd really like to run my unifi controller on opnsense. Any guidance on how to do it? I am new to BSD and OPNsense, though I am OK at linux generally.
-
I tend to agree that deploying this on an OpnSense makes very little sense. You can spin up a very inexpensive VPS in OVH for less than $10.00 a month and deploy the Unifi controller on it. It will be far more reliable than on an OpnSense box. If you are doing this at home then I might understand but for business, a cheap VPS is the way to go and allows for multi-tenant as I use with over 50 companies.
So you have a Unifi Controller on a VPS completely open on the Internet? Sounds scary.
I would use a Linux VM for the Unifi Controller in my HQ datacenter and only serve one company with it. This software is so lightweight every company can have its own Unifi Controller for their networks running as a VM in a closed network.
-
I'd really like to run my unifi controller on opnsense. Any guidance on how to do it? I am new to BSD and OPNsense, though I am OK at linux generally.
Don't do it. It'll cause a lot of headaches especially if you're new to the topic. Spin up a small Linux VM and let it run there. Much better solution.
https://help.ui.com/hc/en-us/articles/220066768-UniFi-How-to-Install-and-Update-via-APT-on-Debian-or-Ubuntu
-
There's no way to do VMs through OPNsense itself, is there? Just wanted to check. The hardware could probably handle it...
-
There's no way to do VMs through OPNsense itself, is there? Just wanted to check. The hardware could probably handle it...
That's a bad idea. Better would be to install ESXi, Hyper-V or Proxmox on the bare metal and then have one VM with OPNsense and another one with the Unifi Controller.
-
in your console (login)
press 8, for shell
then just enter the install script
fetch -o - https://git.io/j7Jy | sh -s
check out both githubs for info on version
original project site
https://github.com/gozoinks/unifi-pfsense
fork typically with newer firmware build
(dev is much more active than in main branch)
https://github.com/gnkidwell/unifi-pfsense
OPNsense 20.7.7_1-amd64
FreeBSD 12.1-RELEASE-p11-HBSD
I have installed and run both script with issue on latest OPNsense build(even on older builds)
I'd really like to run my unifi controller on opnsense. Any guidance on how to do it? I am new to BSD and OPNsense, though I am OK at linux generally.
-
in your console (login)
press 8, for shell
then just enter the install script
fetch -o - https://git.io/j7Jy | sh -s
check out both githubs for info on version
original project site
https://github.com/gozoinks/unifi-pfsense
fork typically with newer firmware build
(dev is much more active than in main branch)
https://github.com/gnkidwell/unifi-pfsense
OPNsense 20.7.7_1-amd64
FreeBSD 12.1-RELEASE-p11-HBSD
I have installed and run both script with issue on latest OPNsense build(even on older builds)
I'd really like to run my unifi controller on opnsense. Any guidance on how to do it? I am new to BSD and OPNsense, though I am OK at linux generally.
That looks like just what I would need. Thanks! A lot of good suggestions here - I appreciate it!
-
6.0.45 Official from https://github.com/gnkidwell/unifi-pfsense (https://github.com/gnkidwell/unifi-pfsense) works like a charm :)
The hard part was to install Sensei with Elastic. Otherwise both stops working and entire router goes sideways...
-
i have both,
you may want to check out the trouble shooting section for fixing java
-
https://github.com/unofficial-unifi/unifi-pfsense
bump po 6.2.26