There are plenty of people looking to extract full-length video from their UniFi Protect instances, either for archival purposes, or (as in my case) to create full and multi-day timelapse videos. The iOS app and the web app both allow limited download of video, but the interface to define your clips is clumsy at best, crashy at worst, and in my experience extracting an entire day seems to fail more often than it succeeds. Given these limitations, I went looking for a more robust way to dump video from the devices – read on for my findings.Continue reading
I have three APC PDUs – all the AP7920 model, they monitor power consumption and allow remote switching of a bunch of devices in the main rack. Last week I sourced a fourth device to live in the garage comms rack. This came from eBay, and as has been the case with every used device I’d have, it still had old IP config and an unknown username and password set.
So for future-Howard’s benefit: how to reset the password and settings so it can be set up from scratch…Continue reading
A quick How To for getting conditional DNS forwarding working on the UDM-PRO hardware. Before this upgrade I ran a CloudKey Gen 2 controller and a USG-PRO-4 for routing – this allowed me to deploy custom configuration via the config.gateway.json to insert extra options to the running config.
The options I needed were to force the DNS server on the gateway to check against my Active Directory DNS for those entries that arrive with the correct suffix – ad.durdle.com. This allows the lookup of clients from the UniFi’s DHCP lease table as well as AD DNS entries.
The UDM-PRO is a completely different beast from the old controller and gateway, running an entirely different OS. It doesn’t support config via json. So what’s a geek to do?Continue reading
As an exercise in good network health, I spent some time last month moving all the “Internet of Things” devices in my network onto their own segregated VLAN. I’ve configured things so that by default no traffic can leave the IoT network without my adding explicit rules to permit it. This protects the trusted side of my network from potentially dodgy traffic from the IoT devices with cheap WiFi chips and Chinese hosted servers. (I’m looking at you ThermoGroup.)
Logically, my network ends up looking something like this, with separate networks for the trusted kit, the IoT devices and the guest wireless network.
One wrinkle with this approach is that – by design – each VLAN is its own broadcast domain. That means the devices on my primary trusted VLAN can no longer use multicast to discover devices on the IoT VLAN. The most obvious victim of this was Sonos – none of the controllers could see the Sonos devices once I separated the LANs. Enter igmpproxy running on my router – the UniFi USG-PRO-4.Continue reading
Another post to save Future Howard the trouble of trying to remember how to fix a problem: when the DNS server in the USG-PRO has cached an old or invalid IP for a host. To verify:
- SSH to the USG-PRO itself (not the Cloud Key/Controller).
- To see the list of IPs it has stored, with the incorrect entry:
- To edit (elevated) and remove the offending line
sudo vi /etc/hosts
- And to ensure the DNS service forgets the incorrect value:
clear dns forwarding cache
You’re welcome, Future Howard.