Last active
October 22, 2023 12:16
-
-
Save lg/998d3e908d547bd9972a6bb604df377b to your computer and use it in GitHub Desktop.
making the ubnt wifi awesome (uap ac lite) w/ openwrt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| making the ubnt wifi awesome (uap ac lite) w/ lede (openwrt) | |
| the reasons you would do this: | |
| - you get 802.11r | |
| - you get better roaming | |
| - you get access to some new 5ghz channels | |
| I AM NOT TO BE HELD RESPONSIBLE FOR ANYTHING IN HERE. DO AT YOUR OWN RISK. THANK YOU AND HAVE A LOVELY DAY. | |
| ** note that though we're using Lede, it's essentially openwrt minus the drama | |
| lots of info here: https://wiki.openwrt.org/toh/ubiquiti/unifiac | |
| if your AP is already on a unifi network (i.e. not new) | |
| - make sure that the online uniquiti interface isn't auto-updating it back to the latest version | |
| - as per https://discuss.cucumberwifi.io/t/openmesh-1750-ac-unifi-ac-lite/258/42, downgrade the ubnt to 3.4.7: | |
| it's here: https://s3-eu-west-1.amazonaws.com/ps-firmware/_other_/firmware/U7PG2/3.4.7.3284/firmware.bin | |
| - scp it to root@ubnt_ip_addy /tmp | |
| - then 'fwupdate.real -m firmware.bin' | |
| - ok now it's downgraded, time to install lede | |
| ar71xx is the cpu | |
| you'll be installing from trunk, so there'll be some excitement. (no gui for example) | |
| image at: | |
| https://downloads.lede-project.org/snapshots/targets/ar71xx/generic/lede-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin | |
| - scp it to root@ /tmp. it's the same ip as before since it'll still be on ubnt firmware, just older. if you're updating a fresh uap-ac-lite, the username/password to ssh is ubnt/ubnt | |
| - ssh in and run | |
| mtd -r write /tmp/lede-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin kernel0 | |
| - if it reboots back to the regular ubiquiti firmware, you didnt downgrade (only applicable for non-fresh APs) | |
| - ok now it starts lede. note there will be no web browser because it's on trunk | |
| - scan your network to find out the ipv6 address and ssh in. alternatively change your ip to the 192.168.1.X range and ssh into 192.168.1.1 | |
| for example: ssh root@fe80::822a:a8ff:fe49:2859%en0 | |
| - set a password using the 'passwd' command | |
| - before we get the webui up lets clean up a bit more | |
| /etc/init.d/firewall disable | |
| /etc/init.d/firewall stop | |
| opkg remove dnsmasq | |
| reboot | |
| - ssh back in, lets hope stuff still works | |
| - run 'opkg update' | |
| - run 'opkg install luci-ssl' | |
| - now you should be ableto use the web interface at http://10.0.1.37 | |
| - ok now go through all settings and set things up right for yourself. i do the following: | |
| - System>System and change hostname | |
| - System>Adminsitrator and put your ssh public key | |
| - System>LED Configuration and add white:dome (unchecked state) and add blue:dome (checked state) | |
| - Network>Wireless and add your networks. after enabling the 5ghz network, it can take a minute for the interface to actually enable | |
| ok now lets add 802.11r for fancy roaming between devices. back to the terminal | |
| opkg update | |
| opkg remove wpad-mini | |
| opkg install wpad | |
| /etc/init.d/network restart | |
| # mobility domain can be anything, must be same between all aps though | |
| uci set wireless.@wifi-iface[0].ieee80211r='1' | |
| uci set wireless.@wifi-iface[0].mobility_domain='e612' | |
| uci set wireless.@wifi-iface[0].pmk_r1_push='1' | |
| # these numbers are the MAC address of the interface you want 802.11r for | |
| # (based on https://www.reddit.com/r/openwrt/comments/515oea/finally_got_80211r_roaming_working/) | |
| uci set wireless.@wifi-iface[0].nasid='44D9E79239B0' | |
| uci set wireless.@wifi-iface[0].r1_key_holder='44D9E79239B0' | |
| # these should be the same for all your APs. you need a line per AP (for both r0kh and r1kh). | |
| # that last mumbojumbo is a password, change it to something unique for you. | |
| # the pattern should be obvious, basically all your MAC addresses sometimes with : and sometimes not | |
| uci add_list wireless.@wifi-iface[0].r0kh='44:D9:E7:92:39:B0,44D9E79239B0,8a7fcc966ed0691ff2809e1f38c16996' | |
| uci add_list wireless.@wifi-iface[0].r0kh='44:D9:E7:92:3A:00,44D9E7923A00,8a7fcc966ed0691ff2809e1f38c16996' | |
| uci add_list wireless.@wifi-iface[0].r1kh='44:D9:E7:92:39:B0,44:D9:E7:92:39:B0,8a7fcc966ed0691ff2809e1f38c16996' | |
| uci add_list wireless.@wifi-iface[0].r1kh='44:D9:E7:92:3A:00,44:D9:E7:92:3A:00,8a7fcc966ed0691ff2809e1f38c16996' | |
| # kick off bad low signal clients | |
| uci set wireless.@wifi-iface[0].disassoc_low_ack='1' | |
| uci commit wireless | |
| /etc/init.d/network restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@kwapster i never ended up reverting them, but curious if you did it? howd you end up doing it?