Messages

[first choice]

Thanks for the thoughtful responses!

I apologize for coming in hot with "yet another AI generated tool" I suspected it would be rubbing a little in the wrong direction. Hence the disclaimer.
I understand, it bothers me too when I see it.

I, for instance, would not point curl at any abitrary internet URL, fetch a script and let it execute on my OpnSense - even if I like the idea and could use it.

You bring valid security concerns, I offered an easy setup script, but I should have also presented the manual way as well, maybe first. I'm trying to host my own pkg/apk/yum/opk/deb repo inside of GitHub pages so installing the GPG key is a requisite and that script takes care of it. Maybe does not warrant an easy script but yeah.

My suggestion for you would be to create an OpnSense plugin and try to create a PR for OpnSense. In that case, any further iteration could be controlled by trusted parties and more people would likely use your tool.

This was ultimately my goal, but as Monviech suggested, it appeared that a python script would not fly as a candidate. My best approach was to convert it into an executable and publish it using the go-to package managers first. Then maybe look for a plugin, but seems like it's for naught.

Thus, you could as well create a docker container that runs independently and does not have to be integrated as executable code into OpnSense, thereby causing no risk at all.

I am also offering a docker container for this, but as I understand FreeBSD doesn't support docker, so I think at some point I would like to entertain the idea of providing an OCI-compliant image for Podman which appears to be supported there (more on that later)

The main reason to be running inside of FreeBSD (for now hopefully) was to be able to access some of the utilities to get stats, like CPU/memory, ARP tables, DHCP registrations, interfaces, etc. But my goal is to move into the API side of things as soon as I can as I understand provides even more data I could leverage. This, after all, is an alpha version and I'm trying to also target pfSense/OpenWRT for those that like to use them (until I can figure out their APIs as well). And maybe after all this, hosting it in a docker container would be the first choice, no root access, can run outside of the router, and I don't have to host my own FreeBSD GitHub runner anymore :D.

I don't mind this being here to be honest, a user who uses the shell as root should know what they are doing (hopefully). I know not all do know the implications, I also like to run simple install scripts on linux after all. I hope for the best xD

We're never safe from supply chain attacks as the current npm thingy shows once more (and did multiple times in the past but nobody is learning :O)

I hope that I don't have to depend on more libraries to get this going. So far, the only dependencies are python3-psutil and python3-pycryptodome. I will keep this in mind to reduce my attack surface.

There is a point if it's unsupported as of version x.y.z of the UniFi Controller and might not show any statistics at all because of that even tho it's not the actual device !! ;)

I would suggest emulating something recent like the https://eu.store.ui.com/eu/en/category/cloud-gateways-compact/products/ucg-ultra since it's very likely that it's going to be supported for a long time in the future.

You are right! Now there seems to be a new UniFi OS something or other, that most likely will kill the USGs. The problem is that I don't have one of those new UCGs and getting one well, I would not have any need for this emulator anymore, or OPNSense for that matter :(

So maybe, after all this, I was 10 years too late... 

Why do you want the USG in your UniFi Controller while all USG models are declared EOL officially and should be avoided since about 1 year ago ?!

The point of this app is to emulate a USG device backed by OPNSense, there is no real USG whether its EOL or not is not the point.

In other words, it is just a shim/facade. UniFi thinks OPNSense it's a USG, that's all. Now you can see OPNSense stats inside UniFi Controller. Something you couldn't before.

But you bring a valid point. I guess you could technically emulate the latest device, in the inform protocol, it is just a string identifier. I would just need to find out what that string is and maybe we could unlock more features within UniFi's controller.

I hope this clarifies it.

Hey all,

Like many of you I run UniFi APs and switches but use my own router (OPNSense in my case). The one thing that always bugged me was the missing gateway in the UniFi controller. No topology, no WAN stats, just a hole where a "UniFi Gateway" should be.

Thanks to the brilliant efforts of others before me, the inform protocol got reversed-engineered. Some work started to get a working emulator but nothing concrete materialized over the last ten years. Sadly, lots of abandoned projects.

A reddit post recently reminded me of this topic and after looking back and seeing nothing, I decided to take a stab at it.

I've been working on a small daemon that emulates a UGW3. It speaks the actual inform protocol (TNBU binary, AES encryption, the whole thing) so the controller genuinely thinks there's a USG on the network. You get interface stats, traffic counters, connected clients, DHCP leases, CPU/mem, latency, all showing up in the dashboard like a real gateway.

It currently runs on:

• Linux (Debian, Ubuntu, RHEL, etc.) - apt/dnf repos available
• FreeBSD / OPNSense / pfSense - pkg repo available
• OpenWRT - opkg repo available
• Docker - if you just want to throw it on whatever box
• There are also standalone binaries (x86_64, ARM64, ARMv7) if you don't want to mess with Python.

Setup is basically: install, point it at your controller's inform URL, adopt it like any other device, and run. The config file just maps your real interfaces (like eth0, br-lan, whatever) to the emulated USG ports.

It supports dnsmasq, ISC dhcpd, and KEA lease formats out of the box. Platform-specific stuff (ARP tables, routing, neighbors) is handled automatically based on your OS.

It is still a work in progress. I'm working on deeper API integrations for OPNSense and OpenWRT so it can pull richer data (per-device traffic from Netflow, manufacturer info from ARP, etc.) and eventually push config back from the controller to the router (DHCP reservations, port forwards, DNS overrides).

Repo: https://github.com/amd989/unifi-gateway

Would love for people to try it out and let me know what breaks. Issues and PRs welcome.


Disclaimer: I've used AI code assisting tools to get well ahead I would have done on my own, so if that doesn't rock your boat, just skip this one.