Change VLAN ID Ubiquiti Radio from SSH

First we’ll need to ssh into the device

ssh ubnt@192.168.1.20

Next lets open up the config file

vi /tmp/system.cfg

Now search for vlan and replace the vlan id with the appropriate number

In VI you can search by hitting / and then type in vlan

After you have changed all the vlan ids, save the file with esc, wq, enter.

Now we can save the config with

cfgmtd -f /tmp/system.cfg -w && reboot

OIDs for UI / Ubiquiti Solar Charge Controller

Here is a list of OIDs for Ubiquiti’s solar charge controller. You can download the

Top interesting ones are

  • Battery Voltage 1.3.6.1.4.1.41112.1.11.1.1.2
  • Panel Voltage 1.3.6.1.4.1.41112.1.11.1.2.2
snmptranslate -Pu -Tz -m ./UBNT-MIB:./UBNT-SUNMAX-MIB
"org"                   "1.3"
"dod"                   "1.3.6"
"internet"                      "1.3.6.1"
"directory"                     "1.3.6.1.1"
"mgmt"                  "1.3.6.1.2"
"mib-2"                 "1.3.6.1.2.1"
"transmission"                  "1.3.6.1.2.1.10"
"experimental"                  "1.3.6.1.3"
"private"                       "1.3.6.1.4"
"enterprises"                   "1.3.6.1.4.1"
"ubnt"                  "1.3.6.1.4.1.41112"
"ubntMIB"                       "1.3.6.1.4.1.41112.1"
"ubntORTable"                   "1.3.6.1.4.1.41112.1.1"
"ubntOREntry"                   "1.3.6.1.4.1.41112.1.1.1"
"ubntORIndex"                   "1.3.6.1.4.1.41112.1.1.1.1"
"ubntORID"                      "1.3.6.1.4.1.41112.1.1.1.2"
"ubntORDescr"                   "1.3.6.1.4.1.41112.1.1.1.3"
"ubntSnmpInfo"                  "1.3.6.1.4.1.41112.1.2"
"ubntSnmpGroups"                        "1.3.6.1.4.1.41112.1.2.1"
"ubntORInfoGroup"                       "1.3.6.1.4.1.41112.1.2.1.1"
"ubntORCompliance"                      "1.3.6.1.4.1.41112.1.2.1.2"
"ubntAirosGroups"                       "1.3.6.1.4.1.41112.1.2.2"
"ubntAirFiberGroups"                    "1.3.6.1.4.1.41112.1.2.3"
"ubntEdgeMaxGroups"                     "1.3.6.1.4.1.41112.1.2.4"
"ubntUniFiGroups"                       "1.3.6.1.4.1.41112.1.2.5"
"ubntAirVisionGroups"                   "1.3.6.1.4.1.41112.1.2.6"
"ubntMFiGroups"                 "1.3.6.1.4.1.41112.1.2.7"
"ubntUniTelGroups"                      "1.3.6.1.4.1.41112.1.2.8"
"ubntAFLTUGroups"                       "1.3.6.1.4.1.41112.1.2.9"
"ubntSunMaxGroups"                      "1.3.6.1.4.1.41112.1.2.10"
"sunMaxCompliances"                     "1.3.6.1.4.1.41112.1.2.10.1"
"sunMaxGroups"                  "1.3.6.1.4.1.41112.1.2.10.2"
"ubntAirFIBER"                  "1.3.6.1.4.1.41112.1.3"
"ubntEdgeMax"                   "1.3.6.1.4.1.41112.1.5"
"ubntUniFi"                     "1.3.6.1.4.1.41112.1.6"
"ubntAirVision"                 "1.3.6.1.4.1.41112.1.7"
"ubntMFi"                       "1.3.6.1.4.1.41112.1.8"
"ubntUniTel"                    "1.3.6.1.4.1.41112.1.9"
"ubntAFLTU"                     "1.3.6.1.4.1.41112.1.10"
"ubntSunMax"                    "1.3.6.1.4.1.41112.1.11"
"sunMaxMIB"                     "1.3.6.1.4.1.41112.1.11.1"
"sunMaxBatteryStats"                    "1.3.6.1.4.1.41112.1.11.1.1"
"sunMaxBatCurrent"                      "1.3.6.1.4.1.41112.1.11.1.1.1"
"sunMaxBatVoltage"                      "1.3.6.1.4.1.41112.1.11.1.1.2"
"sunMaxBatPower"                        "1.3.6.1.4.1.41112.1.11.1.1.3"
"sunMaxBatTemp"                 "1.3.6.1.4.1.41112.1.11.1.1.4"
"sunMaxPvPanelStats"                    "1.3.6.1.4.1.41112.1.11.1.2"
"sunMaxPVCurrent"                       "1.3.6.1.4.1.41112.1.11.1.2.1"
"sunMaxPVVoltage"                       "1.3.6.1.4.1.41112.1.11.1.2.2"
"sunMaxPVPower"                 "1.3.6.1.4.1.41112.1.11.1.2.3"
"sunMaxOutPutStats"                     "1.3.6.1.4.1.41112.1.11.1.3"
"sunMaxOutCurrent"                      "1.3.6.1.4.1.41112.1.11.1.3.1"
"sunMaxOutVoltage"                      "1.3.6.1.4.1.41112.1.11.1.3.2"
"sunMaxOutPower"                        "1.3.6.1.4.1.41112.1.11.1.3.3"
"security"                      "1.3.6.1.5"
"snmpV2"                        "1.3.6.1.6"
"snmpDomains"                   "1.3.6.1.6.1"
"snmpProxys"                    "1.3.6.1.6.2"
"snmpModules"                   "1.3.6.1.6.3"
"zeroDotZero"                   "0.0"

Get battery voltage

We can get the battery voltage from the controller with the following SNMP walk command. Change the community “ubnt” to your SNMP community.

snmpwalk -c ubnt -v2c 10.96.1.9 1.3.6.1.4.1.41112.1.11.1.1.2

Return value is

SNMPv2-SMI::enterprises.41112.1.11.1.1.2.0 = INTEGER: 24990

You may need to add a zero if you are trying to add the OID in LibreNMS for a custom OID.

Restart UniFi services on UDM

Mark manages the Ubiquiti UniFi applications at Incredigeek Inc. and is unable to access the UniFi controller. It starts loading and then stops. The URL bar shows that it is trying to load a null network site.

Thankfully the WiFi is still working, Mark thinks to himself, but how am I supposed to manage the network? I am able to access the UniFi Core application, so maybe I can login using a secure shell and check on the application.

ssh root@192.168.1.1

Once logged in, and after using the google, he finds that unifi-os restart will restart the UniFi applications. But I just need to restart the Network application. Running “unifi-os” –help reveals the following options.

# unifi-os --help
Usage: /usr/sbin/unifi-os [stop start restart shell 'update url']

Oh shell!

unifi-os shell

Alternatively, we know that on the UDM’s the UniFi Applications are run inside a Docker container. We could run “docker ps” to show the containers and then “docker exec -it unifi-os bash”

Now we can restart just the UniFi Network application.

systemctl restart unifi

It can take a little bit to restart.

UDM Pro Error Changing WAN IP Addresses

There appears to be a bug on the UDM Pro that you can encounter while trying to update your WAN IP addresses. The error was similar to “Can’t change IP Address “PublicIP” used in Default Network”

https://community.ui.com/questions/UDM-Pro-Cant-set-Static-IP-Address-on-WAN-interface/9f83c841-da1a-4b16-b963-c4be3ae3fbab?page=2

It appears that the issue stems from the Internet Source IP being used in the LAN Network settings.

The way to work around this is to disable the Internet Source IP. However, this is greyed out which keeps us from making any changes. We can however use the Chrome Developer tools to get around this restriction.

  • Enable the Legacy Interface. UniFi Network Settings -> System -> Legacy Interface
  • Go to Settings -> Networks -> Edit (Select Default Network)
  • Open up the Dev tools with Ctrl + Shift + i and select Console
  • Paste the following in and hit enter
$$('[disabled]').forEach( a => a.disabled=false )
Enable Internet Source IP on UDM Pro
  • Find “Internet Source IP”, Disable and Save!

Swap back to the new user interface and go change the WAN IP address.

Disable Wireless Security (WPA2) Preshared Key on Ubiquiti AC

On Ubiquiti AC radios, you can not disable WPA 2 security through the web interface. This is not necessarily bad, however, what happens if you have a client that is reset and will only connect to the default ubnt SSID?

Fortunately there is a way to disable the WPA2 Preshared key.

  1. Log into the device over ssh.
  2. Run the following command to disable WPA2 in the config
    sed -i s/aaa.1.wpa.mode=2/aaa.1.wpa.mode=0/g /tmp/system.cfg
  3. Save the config file with
    /usr/etc/rc.d/rc.softrestart save
  4. Login to the client device and configure the SSID.

After you are done, you can click the enable button to re-enable Wireless Security.

Auto Reboot Ubiquiti Devices with ubntmod.sh

Most of the heavy lifting is done by the ubntmod.sh script. All you need is the IP addresses for the access points. The script will figure out the connected devices, reboot them first, then reboot the AP.

Here is a quick run down of the steps we need to perform.

  1. Create list of AP’s and put them into an ap.lst file
  2. Install ubntmod.sh script
  3. Configure usernames and passwords to use with ubntmod.sh
  4. Setup crontab to automatically run

Create list of AP’s and put them into an ap.lst file

This is really as simple as creating the ap.lst file and filling it with the access point IP addresses. One per line. The script uses wstalist to discover connected devices.

nano ap.lst

Install ubntmod.sh script

Installing the script is really hard. 2 lines to get setup.

wget http://incredigeek.com/home/downloads/ubntmod/ubntmod.sh
chmod +x ./ubntmod.sh

More information can be found here.

https://www.incredigeek.com/home/ubntmod/

Setup usernames and passwords to use with ubntmod.shd

When you first run ubntmod.sh without the -y option, it should prompt you to setup usernames and passwords to use. After this is setup, the script automatically reads from the config file for future use.

You can manually modify the ubntmod.conf file update any usernames or passwords.

Example contents of ubntmod.conf file.

unpw=( "ubnt,ubnt"
"ubnt,password"
"admin,password"
)

Setup crontab to automatically run

Open up crontab with

crontab -e 

Configure the time. Refer to here for crontab date syntax

10 1 * * * cd /home/bob/ && ./ubntmod.sh -A

That’s it. Should be good to go.

Searching for devices in UniFi via command line / MongoDB

While the UniFi controller is nice and everything, it does make it hard to see if a device is already adopted. At least if you have a ton of sites. Fortunately, we can search the database directly to find out if a UniFi is already adopted and which site it is assigned to.

Connect to Mongo DB

First we need to connect to MongoDB. And then we need to use the ace database.

mongo -port 27117
use ace

List all the devices on the controller

This command will list all the devices on the controller. Regardless of which site they are assigned to.

db.device.find({}, { site_id:"", ip : "", name :"", mac:""})

Example output

{ "_id" : ObjectId("563a4d94e4b054e5376fc600"), "mac" : { "_id" : ObjectId("563a4d94e4b054e5376fc600"), "mac" : "44:d9:e7:34:d1:08", "ip" : "192.168.1.200", "name" : "Main_WiFi", "site_id" : "39485e9abf0e9a047bcded96" }
{ "_id" : ObjectId("9873b39ed1f5d30a6738abe"), "mac" : "44:d9:e7:01:a3:d4", "ip" : "192.168.1.201", "name" : "Testing_Wifi", "site_id" : "39485e9abf0e9a047bcded96" }

Each UniFi will have a “site_id”. You can use that ID to figure out which site it is assigned to.

List all the sites on the controller

db.site.find()

Example output

{ "_id" : ObjectId("39485e9abf0e9a047bcded96"), "name" : "default", "desc" : "Testing Site", "attr_hidden_id" : "default", "attr_no_delete" : true, "anonymous_id" : "83ae20ba-2948-458e-fd0a-1320583ecb04" }

Using our “site_id” from above, we see that the Testing_Wifi device is assigned to the “Testing Site” on the controller.

Something else to look at would be to use the UniFi controller API.

https://ubntwiki.com/products/software/unifi-controller/api

Extract UniFi .unf backup file

In this post we are going to extract the contents of a UniFi .unf backup.

This is helpful if we need to do any sort of recovery, or need to look through the database to find system information.

  1. Acquire backup
  2. Decrypt and extract backup
  3. Dump database to JSON file

Acquire Backup

This is easy to do. Log into the web interface go to Settings -> System -> Maintenance -> Backup and Restore

Scroll down to Available Backups and download.

Download Backup in UniFi Controller

You can also get the file via scp or sftp. Manual backups are located in

/usr/lib/unifi/data/backup

and auto backups are in

/usr/lib/unifi/data/backup/autobackup

Decrypt and Extract Backup

We’ll be getting the following decrypt script from here. https://github.com/zhangyoufu/unifi-backup-decrypt More notes on it below.

We’ll need to make sure that openssl and zip are installed

sudo apt install openssl zip

Download the script with wget

wget https://raw.githubusercontent.com/zhangyoufu/unifi-backup-decrypt/master/decrypt.sh

Make it executable

sudo chmod u+x decrypt.sh

And now we can convert the UniFi .unf backup file to a .zip

sudo ./decrypt.sh autobackup_6.2.33.unf autobackup_6.2.33.zip

Now we can extract the zip archive. You can do this on Windows, macOS, or Linux through the GUI or you can extract with

sudo unzip autobackup_6.2.33.zip -d unifi

This will extract all the files and folders to a directory named unifi.

cd unifi

Dump database to JSON

You should now see the db.gz file. This is a compressed archive of the database in BSON (Binary JSON) format. We can use the mongo-tools to convert this to a more human readable JSON format.

sudo apt install mongo-tools

Now we can extract the archive and pipe it through bsondump.

gunzip -c db.gz | bsondump

You can run it through grep to filter out what you need.

You can also dump the db to a json file with

bsondump --bsonFile=db --outFile=db.json

More notes on the decrypt script.

The decrypt script is really simple. It looks like it uses a key to decrypt the UniFi backup and then puts all the contents into a zip file. There is also an encryption script. Theoretically you can decrypt, make changes to the config and then reencrypt and restore to a server.

#!/bin/sh

# Authors:
# 2017-2019 Youfu Zhang
# 2019 Balint Reczey <balint.reczey@canonical.com>

set -e

usage() {
    echo "Usage: $0 <input .unf file> <output .zip file>"
}

if [ -z "$2" -o ! -f "$1" ]; then
    usage
    exit 1
fi

INPUT_UNF=$1
OUTPUT_ZIP=$2

TMP_FILE=$(mktemp)
trap "rm -f ${TMP_FILE}" EXIT

openssl enc -d -in "${INPUT_UNF}" -out "${TMP_FILE}" -aes-128-cbc -K 626379616e676b6d6c756f686d617273 -iv 75626e74656e74657270726973656170 -nopad
yes | zip -FF "${TMP_FILE}" --out "${OUTPUT_ZIP}" > /dev/null 2>&1

UniFi-Video Service failing to Start

Do note that the UniFi-Video software is no longer supported should be migrated to the UniFi Protect systems.

Running “systemctl status unifi-video” gives the following error.

(unifi-video) checking for system.properties and truststore files…
…fail!

It appears that the error is due to an unsupported version of Java. Installing an older version of Java resolves the issue.

You can check which versions of Java are available with

apt-cache show openjdk-8-jre

The versions that showed up for me were

8u282-b08-0ubuntu1
8u252-b09-1ubuntu1 

Installing the last one fixed the issue for now.

sudo apt-get install openjdk-8-jre-headless=8u252-b09-1ubuntu1

https://old.reddit.com/r/Ubiquiti/comments/l30jm5/unifi_video_31013_not_compatible_with_openjdk_180/

Unable to Remove Authorized SSH Keys from AirOS

For some reason I ran into an issue where I can not remove authorized SSH Keys in AirOS version 6.3. It redirects to a 404 page and then to the main page.

Attempting to remove SSH keys in AirOS
404 Error while attempting to remove SSH keys

Thankfully, we can still remove the authorized keys from the command line. For more information on making changes over SSH, refer to the following post.

SSH into radio. Replace username and IP address with your radios user and IP.

ssh ubnt@192.168.1.20

Open up config file

vi /tmp/system.cfg

Search for the lines that contain

the sshd.auth.key and remove them

Remove the sshd.auth.key lines

Save the file and write the configuration with

/usr/etc/rc.d/rc.softrestart save

Once the command completes, you should be good to go.