VPN with Ubiquiti EdgeRouter and Google fiber

[curado]

The Google Fiber network box had some annoying symptoms that masked themselves as Blue Iris issues. It would frequently interfere with Blue Iris when viewing remotely, ie. freezing up or unable to reconnect. The wifi was less-than-stellar also, so even when I was home, I couldn't reliably view cameras from my phone or tablet. Whoever was at the door would be gone by the time I could pull up a camera.

https://www.amazon.com/gp/product/B00YFJT29C

Decided to replace the Google Fiber box with an EdgeRouter X. It runs a full copy of EdgeOS, same features as comparable Cisco routers. There is a web interface supplemented by console configuration. It's layer-3 at gigabit speed, so it fully supports Google Fiber. The tricky thing is configuring it. Google Fiber isn't plug-n-play once you remove their network box.

Previously I was using port forwarding, so I switched to VPN for accessing Blue Iris. No difference in performance, but now it's much more secure.

Also my neighborhood is full of wifi (whose isn't?). I couldn't get a signal standing 5 feet away sometimes, or it would be full strength but unable to view a camera. Went with the Unifi Pro access point.. seeing a trend here?

https://www.amazon.com/gp/product/B015PRO512

For now 802.11ac is amazing... not many people are using it around here yet, so I can get a decent signal while they all compete with each other on the old standards. This particular Unifi AP supports a/b/g/n/ac and the signal reaches my driveway

TLDR: I replaced the Google Fiber network box with an EdgeRouter, and switched to wireless AC standard, and Blue Iris is flawless now (and works great over VPN).

 

[NoloC]

Sounds very cool. I am curious about the 802.11ac results. Trying to understand if the change in wifi performance was due to the band switch from 2.4 to 5.8 alone? Was the 5.8 band crowded in your area? 802.11ac standard has some neat stuff but from what I understand it goes to larger bandwidth (160Mhz) by combining channels and goes up to 256QAM from 64QAM. Also has the directional "beamforming" but looks like the Unifi only has 3 antennas. In my experience with microwave stuff, links need to be pretty darn good to support 256QAM, but maybe there is some magic error correction schemes now I am too old to know about!

My point, if there is one, would be that I expected the larger bandwidth channel and 256QAM to be less robust and therefore more susceptible to other signals. But if it works, so much for my theory.

Congrats on your new setup!

 

[curado]

The change in band was probably a big part of it. Comcast/Google Fiber/AT&T all have been supplying 2.4ghz equipment for quite a while now for every new install, plus the increased number of people probably using streaming services on wifi instead of hard wired. But my interference issues didn't seem to come at particular times of day. It was constant. I even got a thumbnail sized USB 802.11ac adapter for my laptop (since they are rather particular about swapping out wifi cards sometimes) and even that thing works great now.

Plus the AP is ceiling mounted if that makes any difference, probably better than setting it behind a TV or something.

 

[NoloC]

If you haven't already looked at the spectrum to see channel usage, it can be helpful. I think the UBNT stuff has this functionality built in.
I use Inssider. The old free version on my laptop to see what is around the neighborhood. In my area I have never seen any 5.8 activity. It's pretty rural here but I still see the 2.4 stuff everywhere.

 

[giomania]

Wifi Analyzer for Android works for analyzing channels


Sent from my iPhone using Tapatalk

 

[weigle2]

I want to go the Ubiquiti route also. One thing, holding me back, is the reported difficulty in setting up OpenVPN on Ubiquiti. If you are running OpenVPN, was it difficult setting it up?

 

[giomania]

I had a very steep learning curve myself due to lack of command line experience but I persevered and after a lot of googling and over several weeks working in the evenings and on the weekends, I have a large document with detailed instructions I would be willing to share.


Sent from my iPhone using Tapatalk

 

[curado]

Great documentation. The first should be called "the missing OpenVPN setup guide for EdgeRouter"

PPTP is least secure but also the easiest. I settled for PPTP because I was having lots of issues getting L2TP to work more than once due to the connection sticking open. I have also had trouble in the past with more than 1 connection from the same IP due to port address translation.

OpenVPN is immune to both issues I had. It has had security issues, but continues to be updated. It's fairly easy to set up using a Windows server, and now with the guide at hand, it looks pretty easy to set up on EdgeRouter also. Great job!

 

[curado]

Another suggestion for a project. It would be really interesting to know the specifics on where traffic is heading through the EdgeRouter. For example, assign all cameras a valid default gateway and see which ones attempt to transmit to Chinese IP addresses. This would be easy to do with a Watchguard and their provided software, as it logs each connection request. Haven't taken the time to figure this out on the EdgeRouter yet. Also a $750 difference in cost and licensing between the two products, so no interest in buying a Watchguard for personal use.

 

[giomania]

I don't know if it's the "missing" guide, as there were others that I found for the EdgeRouters, but they didn't have a complete instruction set for command line neophytes like myself.


Sent from my iPhone using Tapatalk