"Recent posts
#91
Development and Code Review / UniFi Gateway emulator
Last post by amd989 - March 30, 2026, 08:26:17 PMHey all,
Like many of you I run UniFi APs and switches but use my own router (OPNSense in my case). The one thing that always bugged me was the missing gateway in the UniFi controller. No topology, no WAN stats, just a hole where a USG should be.
Thanks to the brilliant efforts of others before me, the inform protocol got reversed-engineered. Some work started to get a working emulator but nothing concrete materialized over the last ten years. Sadly, lots of abandoned projects.
A reddit post recently reminded me of this topic and after looking back and seeing nothing, I decided to take a stab at it.
I've been working on a small daemon that emulates a UGW3. It speaks the actual inform protocol (TNBU binary, AES encryption, the whole thing) so the controller genuinely thinks there's a USG on the network. You get interface stats, traffic counters, connected clients, DHCP leases, CPU/mem, latency, all showing up in the dashboard like a real gateway.
It currently runs on:
Setup is basically: install, point it at your controller's inform URL, adopt it like any other device, and run. The config file just maps your real interfaces (like eth0, br-lan, whatever) to the emulated USG ports.
It supports dnsmasq, ISC dhcpd, and KEA lease formats out of the box. Platform-specific stuff (ARP tables, routing, neighbors) is handled automatically based on your OS.
It is still a work in progress. I'm working on deeper API integrations for OPNSense and OpenWRT so it can pull richer data (per-device traffic from Netflow, manufacturer info from ARP, etc.) and eventually push config back from the controller to the router (DHCP reservations, port forwards, DNS overrides).
Repo: https://github.com/amd989/unifi-gateway
Would love for people to try it out and let me know what breaks. Issues and PRs welcome.
Disclaimer: I've used AI code assisting tools to get well ahead I would have done on my own, so if that doesn't rock your boat, just skip this one.
Like many of you I run UniFi APs and switches but use my own router (OPNSense in my case). The one thing that always bugged me was the missing gateway in the UniFi controller. No topology, no WAN stats, just a hole where a USG should be.
Thanks to the brilliant efforts of others before me, the inform protocol got reversed-engineered. Some work started to get a working emulator but nothing concrete materialized over the last ten years. Sadly, lots of abandoned projects.
A reddit post recently reminded me of this topic and after looking back and seeing nothing, I decided to take a stab at it.
I've been working on a small daemon that emulates a UGW3. It speaks the actual inform protocol (TNBU binary, AES encryption, the whole thing) so the controller genuinely thinks there's a USG on the network. You get interface stats, traffic counters, connected clients, DHCP leases, CPU/mem, latency, all showing up in the dashboard like a real gateway.
It currently runs on:
- Linux (Debian, Ubuntu, RHEL, etc.) - apt/dnf repos available
- FreeBSD / OPNSense / pfSense - pkg repo available
- OpenWRT - opkg repo available
- Docker - if you just want to throw it on whatever box
- There are also standalone binaries (x86_64, ARM64, ARMv7) if you don't want to mess with Python.
Setup is basically: install, point it at your controller's inform URL, adopt it like any other device, and run. The config file just maps your real interfaces (like eth0, br-lan, whatever) to the emulated USG ports.
It supports dnsmasq, ISC dhcpd, and KEA lease formats out of the box. Platform-specific stuff (ARP tables, routing, neighbors) is handled automatically based on your OS.
It is still a work in progress. I'm working on deeper API integrations for OPNSense and OpenWRT so it can pull richer data (per-device traffic from Netflow, manufacturer info from ARP, etc.) and eventually push config back from the controller to the router (DHCP reservations, port forwards, DNS overrides).
Repo: https://github.com/amd989/unifi-gateway
Would love for people to try it out and let me know what breaks. Issues and PRs welcome.
Disclaimer: I've used AI code assisting tools to get well ahead I would have done on my own, so if that doesn't rock your boat, just skip this one.
#92
Zenarmor (Sensei) / Re: Zenarmor performance @ Int...
Last post by Greg_E - March 30, 2026, 08:21:00 PMWith the 2.5g, Microtik doesn't really have any choices or I might have bought one. Knock the POE requirement away and the crs326-24s+2q+ and some 2.5g modules would do the trick. 2.5g modules are around $20 from Wiitek (I have a couple of these in service right now, not hot at all), hard to say if I'm getting real 2.5g speeds, but I'm getting more than 1.5g speeds through a Moca 2.5 pair of converters and about 100 feet of RG6, average 4ms ping times which is right in line with what the manufacturer says.
Now that said, I haven't priced any Mikrotik gear in a while, not since before the great AI wars, they might be goofy priced right now. Both of the crs326 that I have were under $600 new (one for my personal lab, and another for work because I liked it so much).
There are some Extreme Networks switches that fit your needs, but you are going to want to wait until you see a bounced of the truck sale. That's how I got my 5420m-48w-4ye (48 gigabit ports with 90 watts POE each port, and 4x25g, with 2x stacking that can be 2x10g, and dual 900 watt supplies) at $400 I couldn't resist. Was brand new in box, but I'm not going to register it.
Also look at some of the FS switches, again wait for a bounced off the truck sale on ebay.
Now that said, I haven't priced any Mikrotik gear in a while, not since before the great AI wars, they might be goofy priced right now. Both of the crs326 that I have were under $600 new (one for my personal lab, and another for work because I liked it so much).
There are some Extreme Networks switches that fit your needs, but you are going to want to wait until you see a bounced of the truck sale. That's how I got my 5420m-48w-4ye (48 gigabit ports with 90 watts POE each port, and 4x25g, with 2x stacking that can be 2x10g, and dual 900 watt supplies) at $400 I couldn't resist. Was brand new in box, but I'm not going to register it.
Also look at some of the FS switches, again wait for a bounced off the truck sale on ebay.
#93
26.1 Series / New IPv6 address assignment op...
Last post by melectronics - March 30, 2026, 07:52:43 PMHello to the OPNsense community,
I´m new here, but I think I have found a bug in OPNsense 26.1.5.
The new IPv6 address assignment option "Identity Association" assigns a /63 instead of a /64 to the interface.
And also when I choose the 0x1 prefix, it also assigns a /63 which is not correct because the first /63 goes from `0000 - 0001`. So this wont work with multiple /63.
I´m looking forward to get informations if the bug is known already (I don´t found a forum topic about that) or not. :)
I´m new here, but I think I have found a bug in OPNsense 26.1.5.
The new IPv6 address assignment option "Identity Association" assigns a /63 instead of a /64 to the interface.
And also when I choose the 0x1 prefix, it also assigns a /63 which is not correct because the first /63 goes from `0000 - 0001`. So this wont work with multiple /63.
I´m looking forward to get informations if the bug is known already (I don´t found a forum topic about that) or not. :)
#94
Zenarmor (Sensei) / Re: Zenarmor performance @ Int...
Last post by dirtyfreebooter - March 30, 2026, 06:57:57 PMQuote from: OPNenthu on March 30, 2026, 06:28:32 PMQuote from: dirtyfreebooter on March 30, 2026, 06:08:00 PMwhere is the AVX is required?For MongoDB since version 5.0: https://www.mongodb.com/docs/manual/administration/production-notes/
And for ARM you need at least ARMv8.2-A.
This change effectively rendered both my Intel NUC7PJYH (J5005) and RPi 3B+ incapable of running the Network controller with any still-supported version of Mongo. Neither can my OPNsense box (N5105).
ah man, i am surprised the N5105 is missing AXV, just has SSE4.2. well that kinda sucks. i use an old unifi cloud key gen2 (the one without the hard drive), since its poe, uses 1-2w idle, and then i dont have think about it and move on with my life and not make homelab a 2nd full time job. i assume either that is arm64 is 8.2+ or unifi will figure it out, one way or the other.
#95
26.1 Series / Re: Kea DHCPv4 fails to start ...
Last post by Monviech (Cedrik) - March 30, 2026, 06:41:29 PMI read a bit through the KEA mailing list and this looks related:
https://lists.isc.org/pipermail/kea-users/2026-March/006027.html
https://lists.isc.org/pipermail/kea-users/2026-March/006027.html
#96
26.1 Series / Re: IPv6 prefix modifcation cr...
Last post by jaykumar2005 - March 30, 2026, 06:38:07 PMAny chance a fix would be upstreamed in FreeBSD 15.1/OPNsense 26.7 ?
#97
German - Deutsch / Re: download einer bestimmten ...
Last post by meyergru - March 30, 2026, 06:29:23 PMWenn diese Seite TLS verwendet - im Wesentlichen: nein. Du müsstest Traffic Inspection machen, dazu benötigst Du eine TLS-Terminierung in OpnSense. Das geht zwar mit Squid, aber es müssen dazu Zertifikate on-the-fly erzeugt werden von einer eigenen CA, die in Deinem Browser als trusted eingetragen wird.
Siehe https://forum.opnsense.org/index.php?topic=42985.0, Punkt 12.
Siehe https://forum.opnsense.org/index.php?topic=42985.0, Punkt 12.
#98
Zenarmor (Sensei) / Re: Zenarmor performance @ Int...
Last post by OPNenthu - March 30, 2026, 06:28:32 PMQuote from: dirtyfreebooter on March 30, 2026, 06:08:00 PMwhere is the AVX is required?For MongoDB since version 5.0: https://www.mongodb.com/docs/manual/administration/production-notes/
And for ARM you need at least ARMv8.2-A.
This change effectively rendered both my Intel NUC7PJYH (J5005) and RPi 3B+ incapable of running the Network controller with any still-supported version of Mongo. Neither can my OPNsense box (N5105).
#99
Zenarmor (Sensei) / Re: Zenarmor performance @ Int...
Last post by meyergru - March 30, 2026, 06:24:04 PMYes, I was only talking about x64 as VM, which seems like the obvious choice for self-hosting.
I know you can use a Raspberry, yet I found it to have a high power envelope for what it can do and also, it cannot handle virtualisation for many different applications. The main reason that ARM image is supported seems to be that the UDM line of products is ARM64 as well.
The UNC can even be used as a package under OpnSense itself, it is available from Mimugmail's repository.
That AVX requirement on x64 platforms is mostly irrelevant anyway, because even an N100 has AVX2. Any fairly modern x64 CPU should have it.
I know you can use a Raspberry, yet I found it to have a high power envelope for what it can do and also, it cannot handle virtualisation for many different applications. The main reason that ARM image is supported seems to be that the UDM line of products is ARM64 as well.
The UNC can even be used as a package under OpnSense itself, it is available from Mimugmail's repository.
That AVX requirement on x64 platforms is mostly irrelevant anyway, because even an N100 has AVX2. Any fairly modern x64 CPU should have it.
#100
Zenarmor (Sensei) / Re: Zenarmor performance @ Int...
Last post by dirtyfreebooter - March 30, 2026, 06:08:00 PMhttps://ui.com/download/software/unifi-os-server
has an arm64 build, which installs on raspiberry pi without AXV, obviously. where is the AVX is required? maybe for x86? AVX2 was 2013, haswell, so even that isn't really a concern at this point.
i have no love for unifi and its lottery / gamble of software updates, i run unifi switches, APs, protect and its really a gamble sometimes (much like zenarmor!), but this thread seems like it has a lot of misinformation in it
has an arm64 build, which installs on raspiberry pi without AXV, obviously. where is the AVX is required? maybe for x86? AVX2 was 2013, haswell, so even that isn't really a concern at this point.
i have no love for unifi and its lottery / gamble of software updates, i run unifi switches, APs, protect and its really a gamble sometimes (much like zenarmor!), but this thread seems like it has a lot of misinformation in it
