Reviewing UniFi 7.4.156: OpenVPN Server, Big VLAN Port Management Changes, and Other New Features!

Рет қаралды 36,277

Күн бұрын

lawrence.video/unifi
Release Notes
community.ui.com/releases/Uni...
Connecting With Us
---------------------------------------------------
+ Hire Us For A Project: lawrencesystems.com/hire-us/
+ Tom Twitter 🐦 / tomlawrencetech
+ Our Web Site www.lawrencesystems.com/
+ Our Forums forums.lawrencesystems.com/
+ Instagram / lawrencesystems
+ Facebook / lawrencesystems
+ GitHub github.com/lawrencesystems/
+ Discord / discord
Lawrence Systems Shirts and Swag
---------------------------------------------------
►👕 lawrence.video/swag/
community.ui.com/releases/Uni...
AFFILIATES & REFERRAL LINKS
---------------------------------------------------
Amazon Affiliate Store
🛒 www.amazon.com/shop/lawrences...
UniFi Affiliate Link
🛒 store.ui.com?a_aid=LTS
All Of Our Affiliates that help us out and can get you discounts!
🛒 lawrencesystems.com/partners-...
Gear we use on Kit
🛒 kit.co/lawrencesystems
Use OfferCode LTSERVICES to get 10% off your order at
🛒 www.techsupplydirect.com?aff=2
Digital Ocean Offer Code
🛒 m.do.co/c/85de8d181725
HostiFi UniFi Cloud Hosting Service
🛒 hostifi.net/?via=lawrencesystems
Protect you privacy with a VPN from Private Internet Access
🛒 www.privateinternetaccess.com...
Patreon
💰 / lawrencesystems
⏱️ Time Stamps ⏱️
00:00UniFi Network Application 7.4.156
01:59 7.4.156 Release Notes
02:51 UniFI OpenVPN Server
04:38 VLAN Port Management Changes
#UniFi #networking #ubiquiti

Пікірлер: 76

@MactelecomNetworks Жыл бұрын

Great video! Moving wireless clients to different network using virtual router override is actually apart of Unifi os 3.1 ( EA) I shouldn’t have added it quiet yet 😂

@itsgeorgenz400 Жыл бұрын

Id really like to see the updated video for Vlans

@agroleau04 Жыл бұрын

As usual, great review Tom! 🙂As a sidenote and as you mentionned in your firewall review video, Sophos firewalls also use OpenVPN and they also only allow a single OpenVPN instance. Not sure why. They do allow to configure it using UDP instead of TCP though.

@WAGISDev Жыл бұрын

As always, a great video and thoroughly appreciate hearing your perspective. Sometimes I am not a fan of their changes, for example...the main screen on the Unifi Network....I like customizing it for my needs. Looking forward to them making that a function in the future.

@giggadan Жыл бұрын

That new change with the switch port profiles messed me up on release but I see the benenfit of it for big scale setups where you have multiple vlans and you just select your management vlan and the vlan for those devices. For instance management vlan & apt 101,102…etc. easier than making separate switch port profiles with the same info.

@MPaulCezanne Жыл бұрын

Thanks for this. Really looking forward to a new UniFi VLAN setup video.

@gregfyn Жыл бұрын

Thanks Tom. I appreciate your content.

@timalbrecht5120 Жыл бұрын

I just upgraded my network controller to 7.4.156 yesterday (I use a 3rd party router) and I was not a fan of the new vlan management. I always liked seeing the 'ALL' tag beside my trunk ports on my switch, so I just went in and created an 'ALL' profile and added it to my trunk ports. Not at all necessary, but now it least looks a bit more familiar when I go into the port manager for my switch.

@stplegacy Жыл бұрын

Perfect review as always 🎉

@marlo6846 Жыл бұрын

I agree with everything you said, most notably why did they remove the All option for networks and why implement limitations on the size of the drop down tabs. I only have 6 months of experience configuring UniFi networks, but each "upgrade" so far has made basic tasks like VLAN configurations or LAN firewall rules more complicated than needed, with my current skill level anyway.

@Hossimo Жыл бұрын

Fnally the Move site option is back. Just yesterday (before updating) I moved a few devices from one site to another using the old UI as I always do, Glad to see this is finally back. Also yesterday on my Home network I got screwed by this new VLAN thing, my wife company is on a separate VLAN to the home network and for some reason the VLAN settings were incorrect causing her VLAN to stop working after an update. Didnt realize until yesterday when I way trying to figure out what the heck this new UI was.

@donvinton6954 Жыл бұрын

A very good primer on 7.4.156, thank you! You mentioned no problems reported (so far) on deploying 7.4.156. That’s good to hear but my experience wasn’t so. I have a home network with three VLANs, main, IoT and Guest. On main I have a lot of Apple products, 2 Apple TV 4K’s, 8 HomePods, along with iMac’s, iPhones & an iPad. On IoT a number of HomeKit devices. The upgrade to UniFi OS UDM Pro 3.0.20 / Network 7.3.83 was smooth! When I updated Network to 7.4.156 it broke mDNS creating havoc with the HomePods/Airplay! Surprisingly, HomeKit devices on IoT continued to function. This is not the first time mDNS has gone wonky after a release…. Anyone else experience this issue?

@MikeHarris1984 Жыл бұрын

My home lab I'm running a UDMSE and beta firmware, and I actually really like the way the v lans done now. I actually always thought the old way of how ubiquity did vlans and subnetting was bad, and a pain in the ass. My first time playing with ubiquiti and vlan, it took me a minute to figure it out. The new way, was actually very intuitive for me. I set up a new client site and went into the VLANs and the sub netting import assignment really was nice. And I really like the new ethernet port profiles! So now I can sign a port profile for say protect and have a separated VLAN with all my firewall rules restricting internet access, etc, and with the port profile I can put the MAC addresses of all my cameras and so now I don't have to do Mac authentication on each port for each individual MAC address. And then for my network access control, 802.1X for my main subnet now can be assigned set up and configured via port profile and then I just assign it to those ports that I want to have on that subnet.

@OthmanAlikhan Жыл бұрын

Thanks for the video =)

@paulkrijnen6062 Жыл бұрын

Great video as always. I bought a udm pro last week and would like to know something. Can I create a vlan for my the devices of my son and put a content filter on there? Without it messing with the rest of the network? Thanks and keep up the good work, you gave me the confidence to go and buy this and start messing around with it.

@glowkrantz Жыл бұрын

Re OpenVPN and tcp, we found that if udp in-traffic overloads the server we get about 1/10 throughput due to resends and other resync problems while tcp has it's flow control and handles this. So maybe they didn't want to have to answer questions about throughput.

@DesertGardenPrepper Жыл бұрын

Since I use pfsense router with unifi switches and ap's, I would like to see a video about how these new features, like vlan configuration have changed with my setup. I will hold off on upgrading the unifi os until I see more info about that. thanks Tom!

@TanKianW79 Жыл бұрын

Been configuring switches on Cisco and MikroTik ROS, so when switched to Ubiquiti switches, always find their way of configuring vlan more restrictive and less versatile. The "harder" way of setting up vlans has always make more sense/logic to me.

@davidanderson2436 Жыл бұрын

Great video - thanks for all your work! Has anyone seen if there will be a new variant of the cloudkey coming anytime in EA for Unifi? I have a handful of Gen1 CloudKeys I am getting concerned about - considering building a replacement with Unifi Network Application on a small linux box, moving to Hostify, or using 2nd Gen cloudkeys?

@skasaflicit Жыл бұрын

That vlan management in the switch is similar to how fortinet handles vlans in the FortiSwitch. I've gotten used to it and it took me a lot of adjusting to the unifi way of doing vlans. I like being able to individually specify the vlans like this. Hopefully there's a way to bulk update.

@faluff Жыл бұрын

Same here, really like this! However, the conversion process from the old to the new port profiles is not optimal (it generated allow anything but this vlan rules - for profilse that only allow 2 vlans)

@MikeHarris1984 Жыл бұрын

I had one client site where a switch didn't adopt correctly or something really odd messed up whenever I updated. The switch has about four different VLANs across the ports in certain ports have different VLANs and it didn't reassign the VLANS to the correct ports after the update and re-adoption. I've had odd stuff like this happened to me before, where after updates VLANs aren't attacked correctly fort's going to disabled state, and just things like that

@wiebowesterhof Жыл бұрын

Those VLAN-related changes also broke at some stage during the 2.x to 3.x EA or within the 3.x EA branches; It is fixed again now. But I had to factory default a few of my switches when using the Override Network option. It has been fine since, but it was a total pain to fix. They removed a bunch of the Network Profile options and the 'All' was the one that was removed, causing me to loose half of my network devices

@philiptalbert458 11 ай бұрын

@LAWRENCESYSTEMS Great video. Can pfsense be the firewall and unifi be the router (udm-se), switch, and AP? Wonder if there is a good way to mesh the strengths of both. Keep up the good work!

@LAWRENCESYSTEMS 11 ай бұрын

Yes kzbin.info/www/bejne/hZ7QY6OHiq-CZtE

Жыл бұрын

Recently I buy one switch Ubiquiti, but the web console has lag when I manage ports, sometimes freezes for a minute or more 😢 I have the application on a windows server

@Brother-Luke 11 ай бұрын

When I select traffic restrictions, block a couple of VLANS snd save, I go back into the port settings and its unticked and doesnt seem to save. Anybody else had that?

@user-ec6zn3nd5z Жыл бұрын

I would like to help from you relate software unify (install on pc) so how many ap can control on software unify ?

@FireBean8504 Жыл бұрын

Starting @4:38. That's why I'll stick to 802.1x port authentication for automatic VLAN mapping, and port isolation to force all traffic in and out of my firewall. You need a capable FW like Fortinet/Palo/CheckPoint etc to make this work though. I don't know if PFsense can make this work with intra-vlan routing but Inter-vlan obviously works. But by forcing all traffic to the firewall, you can then have it scan everything that goes through it and get some really granular control; get your money out of the said device. That's been my strategy for a while now. Save money on the switches and invest in a damn good NG-firewall and a good AAA system like Cisco ISE.

@manslayerdbzgt Жыл бұрын

Maybe you'll add udp option later maybe they were just trying to get open VPN out for those people with starlink and stuff like that I need to use their stuff and they'll add more features later like they did with wire guard

@mattb7406 Жыл бұрын

Can I do traffic management PBR on USG3 ?

@BSDKllr Жыл бұрын

The vlan thing could end up being better in the long run. I have spent hours pulling my hair out trying to diagnose a vlan issue only to find one switch didn't have the trunk port to all. So no traffic would flow.

@Jason.M Жыл бұрын

The ability to manage and create port profiles is still in the UI, you just cant use them when your configuring a port. Hopefully they tweak this to make it more streamlined. This currently implementation seems like a great way to fat finger a config.

@youknowit158 Жыл бұрын

Lol I was about to pull the trigger on my first unifi thing a UDM pro

@jordancalhouncom Жыл бұрын

Ooy, why not just integrate the port profile tool for vlan groups into that section instead. That looks like it would be really easy to have a security vulnerability on a port when making updates if you aren’t careful

@BrutusMaximusAurelius Жыл бұрын

This update broke my entire controller on my raspberry Pi. Luckily I had backups. Going to this version required a fresh install though and quite some tinkering on the OS.

@Mark-xr4zt Жыл бұрын

Is there any chance that you will do some videos on setting up the various VPN options on UniFi as I have had no success in getting either Wireguard or Open VPN to work. Whilst I can connect to the dream machine using these methods I am unable to access any of the internal network resources unlike LT2P which does allow access to some internal resource out of the box. The only problem with that option is that you are disconnected after a period of inactivity which is a pain.

@justinyoung5348 Жыл бұрын

I spent 3-4 hours trying to figure out why none of my vlans were working, lol. In the end, factory reset the switch, went back to the legacy UI, and restored a backup.

@therevoman Жыл бұрын

Agreed, I pulled down the update right off and the VLANs are super stupid in the new version.

@diceman199 Жыл бұрын

Well....that's gonna suck. I look after a site with numerous different clients all on their own VLAN's with continual movements around and on / off site. That VLAN management is going to be a pain

@Timichaud Жыл бұрын

For me, this new sorting vlan system is way better. Naming the switch port profils is a mess and I think its way easier to select what to keep or block instead of having 50 port profils. I was doing it by naming my port profils like this: Native 10 + 15+16+19 for exemple to know that profil is native vlan 10 and let pass vlan 15, 16 ans 19. Now I think it will be better with the new solution. Except if you have a better idea?

@mmrk_ Жыл бұрын

I really hope they bring Trunk Profiles back. It was way easier and much more logical in my opinion.

@PabloMoricz Жыл бұрын

I need that t-shirt! Where did you get it?!

@LAWRENCESYSTEMS Жыл бұрын

lawrence.video/swag

@stevenmishos Жыл бұрын

One thing I'd be interested to see you cover is the functionality of "none" on the port setup. By itself, it appears to behave the same as Default, but optionally allows you to block Default in Traffic Restrictions. On the Flex Mini, there's even a tool-tip that states, "Select None to set no restrictions and to enable traffic for all networks". None is the new All -- odd wording ¯\_(ツ)_/¯

@m1ellison38 Жыл бұрын

This is exactly what I had figured out. Have a client with a ton of the 5 port Flex switches, and phones and PCs hanging off them. Had to figure out to put the uplink in the None profile and then each port on the remaining four ports to its respective VLAN . Things worked after that, so great observation.

@francoisdupreez9754 Жыл бұрын

I thought this would be the solution, but when I switch my ports network to none it switches off the port. No network at all.

@KellicTiger Жыл бұрын

Still no easy method of importing certs, or using Lets Emcrypt in any automated way. But hey. At least Ubiquiti has the time and resources to put out a EV charger. So there is at least that....yes that was sarcasm.

@gacekk87 11 ай бұрын

When is the updated VLAN video coming?

@LAWRENCESYSTEMS 11 ай бұрын

I don't have a timeframe for that yet

@alanjrobertson Жыл бұрын

Interesting, why did you go for OpenVPN rather than Wireguard? I've moved my personal VPN from OpenVPN to Wireguard and found the latter much quicker to set up a connection.

@rolfamfelt9946 Жыл бұрын

I Think because off user management. WireGuard don’t have that. A lot of users know openvpn, WireGuard is new, from a support perspective.

@ozzy6900 Жыл бұрын

Unfortunately, if you are running your controller on a Raspberry Pi, this upgrade will not work. It seems that Mongo does not like the 32-bit Raspberry OS faking a 64-bit.

@CTWilliams89 Жыл бұрын

Ran into this issue, solved it by scp'ng the backup and then re-imaged the pi with a 64 bit version. The work around to this before was to edit /boot/config and add 64bit=0, unfortunately this no longer works. Hopefully this helps someone.

@RK-ly5qj Жыл бұрын

I am always waiting for your vid, cuz Mac is rather like "apple's fan boy" - you'll get information but not necessarily lets say "accurate." Switching (L2) and APs from ubi are great, but fws are still in stone age :)

@gxtoast2221 11 ай бұрын

Seeing Ubiquiti reducing support for self-hosted Unify Networking application installations, and developing dependencies on Unify OS, is forcing me to consider alternative brands as a prospective new customer. Ubiquiti's poor firewall implementation and my requirement for only layer-2 switching and wireless access point management (no need for Protect, Access or Voice) puts me in the self-hosting scenario. If self-hosting is slowly being abandoned by Ubiquiti what other brands provide solid self-hosting for layer-2 and wifi management?

@LAWRENCESYSTEMS 11 ай бұрын

I don't see them abandoning it and currently there IS NOT any other good option that does not have cloud lock in.

@thbadmin7751 Жыл бұрын

Dark mode is not that easy to see....

@throttlebottle5906 Жыл бұрын

I recently bashed my brains out over the missing "move device to other site". I was spitting fireballs and ready to trash every unifi device within a 100 mile radius. 🤬 it's almost as if they've read my mind(or monitor via the apps?) 🧐😳

@arubial1229 Жыл бұрын

I can’t believe they think it’s ok to just get rid of port profiles

@Soda88 Жыл бұрын

They didn't get rid of port profiles, just check the ethernet port profile under advanced menu

@arubial1229 Жыл бұрын

@@Soda88 they did. All the port profiles except for custom ones have been deleted. Including the “All” profile. It’s asinine.

@Soda88 Жыл бұрын

@@arubial1229 But you can make 'All' as a custom profile, set default network as default and uncheck traffic restriction. Not that you'd need to do that since you can achieve what you wanted by just unchecking traffic restriction under primary network box.

@arubial1229 Жыл бұрын

@@Soda88 that defeats the purpose

@PatentLobster Жыл бұрын

Intro vs voice audio levels is really off

@MR-vj8dn Жыл бұрын

Not that far off is it? The simultaneous FX might be a bit too loud. The music is distorted though.

@thebigbosshelp Жыл бұрын

Yeah the new VLAN settings are really dumb

@Spirch Жыл бұрын

tune down the intro a little bit, way too loud, it scare my cat every single time 😛

@innermotion7 10 ай бұрын

The VLAN changes are ok-ish but poor UX/UI design choices again. Mixing and matching 2 systems and also odd things happen with Flex Mini switches and Port profiles. Overall the gui does not really show what is going on when the conversion happens. Having "none" passing all networks is well dumb...but hey nothing surprises me with these $billion companies ability to do anything logical.

@artsoonteen Жыл бұрын

failover not failback very boring with unifi

@johnwaynebrooks Жыл бұрын

Note to self: don't watch Lawrence systems.

@LAWRENCESYSTEMS Жыл бұрын

¯\_(ツ)_/¯ But make sure you comment on Lawrence Systems so KZbin keeps suggesting my videos?

@johnwaynebrooks Жыл бұрын

@@LAWRENCESYSTEMS thumbing down fixed that. It's more effective to read change logs than watch your videos. Half the video was you pimping your business and recommending Mac telecoms video because you have no idea what's going on.

@LAWRENCESYSTEMS Жыл бұрын

@@johnwaynebrooks So you came here to comment on a video to let people know you prefer to read change logs rather than watch a video?