I recently got a Unifi Dream Router as an upgrade from the Unifi Security Gateway.
One of the differences is that the controller is hosted on the router itself, i quite often use the local access as opposed to going via unifi.ui.com. Since this is exposed locally on 443, i wanted to be able to access it without errors regarding invalid SSL certificates.
I found it was quite easy to provide a valid SSL certificate. I already have a wildcard certificate or *.gsellis.com, so I set a hostname in the internal DNS, and then copied over the wildcard cert and key to the UDR:
Then SSH into the UDR using credentials set in the controller, and navigate to /data/unifi-core/config and replace unifi-core.crt with fullchain.pem and unifi-core.key with privkey.pem. Once done you can restart the UI with:
systemctl restart unifi-core
And then navigate to the DNS name you set earlier and hopefully see a valid certificate:
Obviously this will need replacing each time the certificate expires, though i hope to setup a custom configuration in acme.sh to handle this.
At the moment I have my local domain name set to gsellis.com – the first issue I came across was that I lost the ability to look up my domain names on the internet – because the USG held the record of truth for gsellis.com.
I am fairly sure I should be able to configure it to look up unknown addresses, but i have not found out how yet.
The current solution I have implemented is to update the dnsmasq config with my internet domain name records – this means that if I make a change, I need to make it locally and on the internet – I will fix this when it becomes an issue.
Here I have my upstream DNS for the USG set to google, plus the domain name record for gsellis.com – i have included others but they arent important here.
Initially I just added the host record and cname – this resulted in the USG losing the ability to lookup any websites – meaning things like time server, dynamicdns etc stopped working. Adding the data back fixed things.
Having recently upgraded our home network to Unifi, I figured it would be useful to record some of the configuration changes i’ve made.
I have set up the network with two main VLANs – our normal VLAN, and an IOT network. The aim of the IOT network is to seperate IOT devices from the rest of the network. At the moment I havent implemented any block rules yet – i have been trying to get everything working as normal first before I start blocking traffic.
As well as the two local networks, I also am running two wireguard interfaces on the USG – one for incoming connections and one which establishes an outgoing connection.
For the incoming interface I can connect from my phone, I also have a VPS that I use for various purposes – I am now allowing this to connect into my network and then the majority of services run across that interface now instead of over the public internet.
The first configuration change I had to make was adding configuration to dnsmasq
After my vpn stopping working due to changes in openssl, i reinstalled it on a newer raspberry pi and tried to move my keys over – this didn’t work, first due to the diffie hellman only being 1024 bytes, then for some reason my client couldn’t negotiate tls, so rather than invest time getting the old keys working, i thought i’d just regenerate a new set – it’s not a bad thing.
The setup for keys via easy-rsa has changed since i last setup my pi, a quick search didn’t show up instructions for the new version, so i thought i would post this – for my own reference if nothing else.
After installing openvpn and easy-rsa, copy the easy-rsa directory into your openvpn directory: cp -r /usr/share/easy-rsa /etc/openvpn
Goto /etc/openvpn/easy-rsa and copy vars .example to vars – cp vars.example vars
Edit vars and set appropriate settings – i used the default values for everything – i noticed the default key length was 2048, so i shouldn’t hit the same issue with diffie hellman again
I then ran:
./easyrsa gen-dh (this took ages….run in screen next time!)
It’s now the Sunday of my first complete week in Sweden.
I hoped I’d have sorted more out than I have. After being offered a job last week, I got the contract through on Tuesday and went straight down to Skatteverket to register and get a personnummer.
This seemed to go well, as the person there said we’d brought down more than enough evidence. As Sofia & I have lived together for the last few years, I was eligible for a personnummer on two counts. First because I have a job in Sweden, and second because me and Sofia have lived and do live together. The person at skatteverket gave the same estimate as she gave to Sofia when she reregistered as being in Sweden – upto two months! However Sofia got reregistered within a few days, so I’m hoping it goes quicker for me too. I’ve read online people in the last month getting their number through within a week, so perhaps something may arrive next Monday or Tuesday….
What is a personnummer?
A personnummer is essentially like a national insurance number in the UK, however whilst in the UK it only really is used related to tax and benefits, in Sweden it’s used for absolutely everything.
After going to Skatteverket we went to a bank to try and get a bank account, however was told that I can’t do that without Swedish ID. This seems to be slightly incorrect, as the law apparently is like the UK where they need to be able to confirm my identity. As the personnummer is used for everything, an ID with this on confirms my identity. However, it does seem that it should be possible without a personnummer and just using my EU passport.
A few days ago I completed quite a long drive from the UK to Sweden. The journey length was about 1100 miles. The route I took was :
All in all I spread the drive over three days, the first driving in the afternoon to Dover where I stayed over night. Then on the next morning I took the ferry over to Dunkirk with my brother and we drove through France, Belgium, the Netherlands to Bremen, Germany. Then the final day we drove Bremen to Sweden.
It was a long drive, and ideally it would have been better to spend a few more days and get to see a little more, however we had to try and get there as soon as possible.
Now, I’ve got to get setup with everything I need to start my new job at the end of October.
Yesterday we finally exchanged contracts on the sale of our house. That means that on the 28th September we will complete the sale, and can begin our move to Sweden.
We’ve been planning this for a while now, so it’s quite exciting to finally know that it’s happening – though also slightly nerve racking, given the large number of things to organise before completion.
I still need to find work, which I’m in the process of applying for a number of jobs. Hopefully I’m able to find something interesting to work on.