Heey guys!! I have scrolled on the internet a bit to find open source alternative solutions that can compete with ubiquity/unifi wireless access points and their controller software, with VLAN's etcetera. I could only find old threats about OpenWRT but nothing new and as well developed as OPNsense for routing. Do you guys now of any of such projects running at the moment ? I would be eager to try them out!!
Cheers Y'all.
OpenWRT is the only project I am aware of.
I prefer Mikrotik over Unifi for their straight forward approach to local web based administration and - once you got the hang out of RouterOS - quite rich feature set and acceptable documentation. For wireless it's still closed source if you want anything up to date with current standards.
So, what functionality are you looking to replicate?
I used Unifi AP's only for years. I started back before they sold switches, routers and the like, when the Unifi controller was just there to control AP's.
Initially I used pfSense for my router/firewall, but since then I have switched to OPNSense for the router/firewall.
For switches I use Mikrotik in SwOS mode. Mikrotiks RouterOS is very powerful, but it can be an absolute nightmare to get working, and most of their hardware has nowhere near the capability to actually do some of the routing RouterOS can pull off, so I just stick with SwOS for that. All I really need is Layer 2 switching (with some managed features like VLAN's) anyway.
Last year I decided to move away from Unifi. It was a long time coming, but lets just say that when I started using them they were the little upstart, and overtime they became really big and tried to become an ecosystem and take over everything, and I hated that.
I hated logging into my Unifi controller and seeing red X:es for missing Unifi switches and routers that I didn't have, and didn't want to have. When they decided to discontinue the local server for Unifi Video and force everyone to the cloud at the same time as news broke about their massive cloud breach in 2021 was when I had had enough, and decided I would be moving away from Unifi.
But it still took me a couple of years to actually do it, as I had other projects that were ahead of it in the queue.
Last year I pulled the trigger on a couple of Mikrotik cAP ax accesspoints. I figured since i liked their switches, the access points would be great too. I tried. I really did. I'm no stranger to configuring networks, but I just couldn't get the Mikrotik AP's to work properly with VLAN's. In part this was complicated as they were RouterOS only. I gave myself a deadline. I would try really hard to make it work, but if I didn't have it working by the time my Amazon return policy was close to being up, they would be going back.
Now I am no stranger to configuring VLAN's, and it has always just worked for me with other vendors, and I put a lot of time and torubleshooting effort into it, but in the end I just could never get it to work. I felt like RouterOS was poorly documented, had some bugs, and in general felt like using a beta software. Whereas on other products (including Mikrotik's own SwOS) you make sure you have all the right VLAN's assigned to the uplink port both on the switch and on the AP, and then just select which SSID uses which VLAN, and it just works. But with the cAP ax under RouterOS it was a nightmare. There were certain things that needed to be configured on multiple screens, and you had to enable VLAN aware in some places but not in other places, and they had to be in the right order etc. etc. etc. or it just wouldn't work.
I was able to get my primary VLAN to work, but the rest never saw traffic. So when the Amazon return deadline approached after a month, they went back.
Instead I bought two Ruckus R650 access points and flashed them with the Ruckus Unleashed firmware. This means that no local server is necessary. The management interface runs on the Ruckus Unleashed firmware itself.
These access points were a little bit pricy, but I am very very impressed with their performance and range. I got two, because with Unifi I needed two to cover the entire house, but with the Ruckus R650 units, I probably could have used just one.
They are a little bit pricy, but they are well worth it.
As for the access points
hAP-ax2 running great with multiple SSIDs and VLANs here - if you are interested I can post my config and a couple of screen shots. The trick in RouterOS is that everything layer 2 - that is if you don't want to route, NAT, firewall, ... on the device - hides in the "Bridge" menu.
Kind regards,
Patrick
Quote from: opnserious on August 08, 2024, 11:47:40 PM
I have scrolled on the internet a bit to find open source alternative solutions that can compete with ubiquity/unifi wireless access points and their controller software, with VLAN's etcetera. I could only find old threats about OpenWRT but nothing new and as well developed as OPNsense for routing.
If your looking for Open Source solutions for Routing/Firewalling and Wireless, OPNsense and OpenWRT are pretty much top of their league. No _direct_ integration between the two, but Wireless AP configuration should be quite static in most cases. All the dynamics (like DHCP, DNS, etc) can be easily covered by OPNsense.
So keep your Unifi hardware (it's running OpenWRT already, just a "closed" Ubiquity build) and reflash them with vanilla OpenWRT. Configure them as a "Dumb AP" according to the OpenWRT docs, connect them to an OPNsense instance which will cover all the non-wireless network stuff and call it a day...
If you manage multiple AP's with OpenWRT c/p the configs should be easy (again, your Wireless AP config is quite static), but if you want some "Controller" functionality you might want to look at OpenWISP : https://openwisp.org/ . But you probably are fine by installing the Prometheus plugin for OpenWRT and use Grafana to give you detailed (controller like) stats.
I never used the Ubiquity software stuff, but I'm a big fan of their hardware builds which I flash with OpenWRT for three hardware generations now. One thing that makes me happy: The screwholes for the AP backplates are still the same, so rip and replacing my AC-PRO's with 6LR's was an easy task and when sold on-time, you can get good money for them on the second hand market.
Although Ubiquity is actively trying to "lock down" their hardware it won't take long before the Gen 7 AP's can be flashed with OpenWRT. When the time is there: I'm selling my 6LR's... ;D 8)