How to install Ubiquiti mFi and/or UniFi software in a FreeNAS jail

[cyberjock]

Here's how to install the Ubiquiti UniFi and/or mFi in a FreeNAS jail:

Notes:

• This uses Mongodb 2.4.14 (latest 2.4 release available). At this time Mongodb 2.4.x is all that seems to be work with the Ubiquiti software. I'm providing a self-compiled version of 2.4.14. It took some real trickery to get it to compile and get it to work properly, so don't ask how I did it. Either use the included file or figure it out yourself. It's one of those things where "if you have to ask... you probably can't do it anyway".
  
• You must do this from a fresh jail. A fresh jail uses pkg-ng 1.4.12, which is necessary to install the mongodb package that I've compiled. There are ways to rollback, but that is far beyond what I'm going to try to do with this guide because of various caveats. Please don't ask questions about rolling back because I don't want to discuss the complexities of it. I will delete any posts asking about it.
• The UniFi and mFi software has some restrictions on how well it works. So you should read the included readme.txt file to figure out what limitations/problems may exist. Right now the readme files say:
  • Auto update (of the mFi/UniFi controller) does not work
  • Backup/Restore does not work (see FAQ)
• If you are using a network configuration that fully supports FQDN I recommend you use those for the setup of the jail as well as the setup of the devices themselves. If not, I recommend that your server and devices uses static IPs to ensure everything works properly in the future. Ideally your mPower and/or UniFi devices should have a static IP as well as the server. I set my whole network up with static IP for these devices and "it works for me".

Disclaimer/warning: Mongodb 2.4.14 has alleged vulnerabilities. I don't know what they are, but since I had to specifically tell the source to compile despite at least one vulnerability, I know that there is at least one known vulnerability. Since the Windows and OSX installations of the Ubiquiti software use older Mongodb versions and since the mongodb only uses the localhost port, I consider the risk to be pretty low. If this is unsatisfactory, well, feel free to complain to Ubiquiti and tell them to upgrade their software to use something newer.

1. Create the jail

Jail name: (Whatever you want)
Template: -----
Networking: Check DHCP or set the ipv4 address and netmask as appropriate (highly recommend using static IP)
Autostart and VIMAGE: checked (I want my jail to autostart so I can keep the stats 24x7)
NAT: unchecked

2. Prepare the Mongodb package

Copy the Mongo 2.4.14 pkg that I compiled to your jail wherever you want using whatever process makes you happy. But you need to know where you put it for later. I put it in the root of the jail and the remainder of my guide assumes that is where you put it as well.

Link: https://dl.dropboxusercontent.com/u/57989017/Mongodb/mongodb-2.4.14.txz

SHA256: 536862E9CF7969B0A104A43183D5074C65401E7DF08EF99C72A6C910B1AEA28F

3. Setup our packages

Run the following commands:

Lock the pkg-ng tool so it does not upgrade itself:

# pkg lock pkg-1.4.12

Install a bunch of dependencies and other things that we will use later:

# pkg install py27-setuptools27 devel/libexecinfo devel/pcre archivers/snappy devel/boost-libs scons v8 R-cran-DBI nano sudo wget tmux openjdk-jre

This will take a little bit.. have some coffee. I had to download 250MB of data. Your will likely be very close, depending on the current dependencies, etc.

Now install the mongodb package:

# pkg add /path/to/the/file/mongodb-2.4.14.txz

If you had any errors with this installation, see NOTE1 at the bottom.

Lock the mongodb install so it is never upgraded with future pkg-ng upgrades:

# pkg lock mongodb-2.4.14

Unlock the pkg-ng install so we can upgrade it to the latest

# pkg unlock pkg-1.4.12

Now upgrade all packages to the latest

# pkg update && pkg upgrade

4. Set the hostname

Set the hostname to a name that will resolve in DNS (if applicable). I had to do this because my jail was named 'mfi' and 'mfi' doesn't resolve to a FQDN so when I put in "mfi" on my mPower device it wouldn't resolve and failed to contact the server (boo). When i put in mfi.f.q.d.n.com it worked since my DNS handled it at home.

If you plan to tie your devices by IP, you can do that. But if your IPs ever change things will stop working.

Change the hostname of the jail to whatever you need it to be (if you want to use the DNS resolving)

# sysrc hostname="mfi.cyberjock.is-a-loser.com"

5. Set mongodb to run at startup

# sysrc mongod_enable="YES" (I did mean to put mongod and not mongodb).


6. Restart the jail from the WebGUI

Restart the jail from the WebGUI and verify that your mongodb service is running.

# service mongod status

If it doesn't say that the service is running you've made an error in step 5.


8. Install UniFi and/or mFi

For the sake of the guide I'll install both at the same time. On my personal setup I run them in independent jails because I always stick to "one jail per service" for isolation purposes.

At the time of this writing the two download files are:
http://dl.ubnt.com/mfi/2.1.11/mFi.unix.zip
http://dl.ubnt.com/unifi/4.7.6/UniFi.unix.zip

I downloaded the files to / and extracted them into respective directories as follows:

# cd /
# wget http://dl.ubnt.com/mfi/2.1.11/mFi.unix.zip
# wget http://dl.ubnt.com/unifi/4.7.6/UniFi.unix.zip
# unzip mFi.unix.zip
# unzip UniFi.unix.zip

Now you should have two directories (/mFi and /UniFi) that have your mFi and UniFi software.

9. Create the mongodb links

Remove the unzipped file and create the links as show below:

# rm /UniFi/bin/mongod
# ln -s /usr/local/bin/mongod /UniFi/bin/mongod
# rm /mFi/bin/mongod
# ln -s /usr/local/bin/mongod /mFi/bin/mongod

10. Run your services manually (not recommended... see step 11!)

To run mFi:

# cd /mFi
# java -jar lib/ace.jar start

To run UniFi:

# cd /UniFi
# java -jar lib/ace.jar stop

This works, but as soon as the session ends you lose the WebGUI for mFi and/or UniFi. The optional step 11 is recommended if you want to keep the historical data for 24x7 usage, blah blah blah...

11. (Optional, but highly recommended) Run as a service

If you want these to run automatically on jail startup run the following:

# sysrc local_enable="YES"
# echo /usr/local/bin/tmux new-session -d "/usr/local/bin/java -jar /mFi/lib/ace.jar start" > /etc/rc.local
# echo /usr/local/bin/tmux new-window -d "/usr/local/bin/java -jar /UniFi/lib/ace.jar start" >> /etc/rc.local
# chmod +x /etc/rc.local

If you did all of this correctly, you should be able to restart the jail and have access to the software.

12. Use the UniFi/mFi services:

Access the mFi software by going to:

https://IP.address.of.jail:6443/ or use the FQDN

Access the UniFi software by going to:

https://IP.address.of.jail:8443/ or use the FQDN

If you are using Firefox you may get a security warning that the web browser won't let you access the website because of the security certificate, you'll need to fix that by visiting: https://forum.eset.com/topic/5348-s...-code-ssl-error-weak-server-ephemeral-dh-key/


The problem is that Firefox doesn't allow some older encryption types. Unfortunately the Ubiquiti software doesn't support the newer types, so we have to allow support for the older encryption. If you are using Chrome you don't have to worry about this as Chrome doesn't stop you from using the older encryption.

Things that are pretty disappointing about this software:

1. Mongodb version being used is fairly old. Mongodb is currently at version 3.2 while 2.4.0 is from 2013. It would sure be nice if Ubiquiti updated their software to use something that isn't almost 3 years old.

2. We had to use the old Java 7 openjdk. At least in Windows, using Java 8 doesn't work and you get nasty errors just trying to get to the login page. (This is why I got fed up and decided that I'd make this stuff work in a jail.) Again, would be nice if Ubiquiti used current software.

3. If you change the username/password of the devices themselves, it will stop working with the server. The defaults must stay the defaults. Yes, this means that the IoT is insecure. Anyone expect anything less in this world?

I believe there is a way to change the username/password and then provide that info to the server by editing a config file, but the mFi/UniFi software won't let you do this through the WebGUI. /fail


NOTE1:

In the future, dependencies may change. If you get an error when trying to install mongodb like this:
# pkg add mongodb-2.4.14.txz
[UniFi] Installing mongodb-2.4.14...
pkg: Missing dependency matching Origin: 'devel/libexecinfo' Version: '1.1_3'
Failed to install the following 1 package(s): mongodb-2.4.14.txz

That means there are needed dependencies that you need to install before you can install mongodb. In this case, you'd want to fix this with:

# pkg install devel/libexecinfo

Good luck and hope this helps others that use FreeNAS with Ubiquiti products.

I've been pretty happy with Ubiquiti products aside from these software 'issues'.

My WiFi Hotspots of choice:Ubiquiti UniFi Long Range Access Point, (2.4 GHz, UAP-LR-US, US Version)
My power strip: Ubiquiti mPower mFi 3-port Power (EU and US) Wifi


I am not a Ubiquiti employee, don't have any affiliation with them, etc.

If you are an Ubiquiti employee and would like me to test newer versions of your software, update the guide to work with newer software, test new hardware (I love new hardware) feel free to message.

Special thanks to Sam for help in getting the mongodb package put together. Without his help I wouldn't have been able to get the old mongodb to compile!

 

[travanx]

This guide is much appreciated.

Still odd I was able to get the unifi controller to install using JDK8 and whatever version of MongoDB that I pulled. Also am on 4.7.6 from freshports and can change the logon/pass. But I know you guys were trying to figure out how to get mFi working and its worth jumping through the hoops to get this up on Freenas. Been really happy switching out a router turned AP to the UAP.

 

[DrKK]

I'm psyched. I can't wait to try this out. I hate that I have to have a Windows box on 24/7 to handle the mfi shit.

 

[cyberjock]

This guide is much appreciated.

Still odd I was able to get the unifi controller to install using JDK8 and whatever version of MongoDB that I pulled. Also am on 4.7.6 from freshports and can change the logon/pass. But I know you guys were trying to figure out how to get mFi working and its worth jumping through the hoops to get this up on Freenas. Been really happy switching out a router turned AP to the UAP.

You can install it.. and for some people some functions work. BUT, Ubiquiti's FAQ makes it very clear that you shouldn't expect it to work (and it is unsupported) Unless you are Using Java 7 and Mongodb 2.4.x. AFAIK nobody has seen it work completely with Java 8 (most because it's not compatible).

I can change the logon/pass of the server... but if you change the devices they will no longer be able to talk to the server. Based on the/var/log/messages on the devices themselves the server contacts them and logs in with the ubnt/ubnt log info and tells the device through the session to "give me all of your cookies (data)". If you change the ubnt login info then the device can't be logged into by the server anymore. I actually experimented with this while watching /var/log/messages, which is how I figured this out. ;)

 

[travanx]

I just as well ask, did you try resetting your AP completely and provisioning through Freenas like you just bought the unifi wireless frisbee? Maybe mine is working because I didn't bother to reset the UAP and just reprovisioned through the controller, and happened to use the same logon/pass I originally set everything up with. I hope someone over at UBNT forums picks this up and makes the install a bit easier.

 

[vikingboy]

I'm psyched. I can't wait to try this out. I hate that I have to have a Windows box on 24/7 to handle the mfi shit.

pity there isn't a Blue Iris NVR for FreeBSD as then I could ditch my last windows licence

 

[DrKK]

Just for the record, I did not have success with this. It looks very good; looks like everything is started, etc., and I expected it to work. But I never could get any of the mpower/mfi devices to connect to the FreeBSD jail. I saw no indications as to why in the logs either. I will work on it some more, but as always with this ubiquiti stuff, it's hard to tell if it's their ridiculous software, their ridiculous hardware, or something wonky in mongodb. I'll try to figure out what's going wrong, since I would *LOVE* to get my mfi stuff off of windows.

 

[Borja Marcos]

I am running both on FreeBSD. While mFi is kinda outdated and it requires a Mongodb 2.4.x due to API incompatibilities between second-level branches, the latest betas of Unifi (I am using the latest AC APs) can work with the up to date FreeBSD port of MongoDB (mine is 2.6.7 now).

Both of them are working for me using OpenJDK 8.

Regarding backups, disregard that non working functionality. ZFS solves the problem beautifully, just snapshot/copy/whatever you want the /usr/local/share/{UniFi/mFi}/data directory, and that's it.

Especially for mFi make sure to enable compression: Mongodb is a terrible disk hog. An example of a mFi data directory with two months of data now.

name used lrefer compressratio
rpool/mFi-data 8.22G 39.1G 4.79x

Feel free to ping if you need any help. I made them work following the ports for Unifi and mFi stuff.

 

[Borja Marcos]

Just for the record, I did not have success with this. It looks very good; looks like everything is started, etc., and I expected it to work. But I never could get any of the mpower/mfi devices to connect to the FreeBSD jail.

I would bet it can be a problem with IP addresses? They use some "magic" to locate the server, and it might get confused with multiple IP addresses on the same interface.

Have you tried this parameter on the data/system.properties file?
Documentation of sorts regarding the Unifi system.properties file:
https://help.ubnt.com/hc/en-us/articles/205202580-UniFi-system-properties-File-Explanation

# system_ip=a.b.c.d # the IP devices should be talking to for inform


That should help to solve any confusion.

Note that right now I am not running mFi nor UniFi on a jail, they are running on plain FreeBSD systems.

 

[anodos]

Just for the record, I did not have success with this. It looks very good; looks like everything is started, etc., and I expected it to work. But I never could get any of the mpower/mfi devices to connect to the FreeBSD jail. I saw no indications as to why in the logs either. I will work on it some more, but as always with this ubiquiti stuff, it's hard to tell if it's their ridiculous software, their ridiculous hardware, or something wonky in mongodb. I'll try to figure out what's going wrong, since I would *LOVE* to get my mfi stuff off of windows.

Following may be helpful if you use mport. I needed to add a dhcp server to the network where the mport was attached (webgui for mport doesn't appear to allow static addresses). You can also add the IP address and credentials for the mfi controller to the mport webgui (by default it's at 192.168.1.20).

At first it didn't work (before adding dhcp server, etc) then it worked. My troubleshooting steps were 'twist all the knobs', screech, fling poo, and go check the controller. If problem not fixed, repeat. I assume the above were the knobs I turned that made it finally work.

 

[vikingboy]

I would bet it can be a problem with IP addresses? They use some "magic" to locate the server, and it might get confused with multiple IP addresses on the same interface.
.

The 'magic' is that you need to be able to resolve 'unifi' on your network, or if DNS isn't working for local lookups, log in to each access point and redirect the adoption URL to the Ip address of your server.

 

[Roger Wilco]

Just out of curiosity, what are you guys using this hardware for (really a serious question)? I mean, for SOHO any AP will do, and the prices are cheaper. For a centrally managed enterprise WLAN the choice used to be Cisco or Motorola (or is it now completely Zebra?) hardware a few year ago. And I mean installations with 30+ APs and the like. I remember we had unresolvable issues in a Cisco-WLAN using Motorola's CB3000 wireless bridges - it never worked reliably. So I wonder why one would use hardware from a company selling it's products so cheap, compared to Cisco or Motorola products.

Please, in case you respond, do write things like it's because of the brand and alike - if it was only the name, and the product was rubbish, a company would not survive :)

Thanks and bye,
rw

 

[vikingboy]

I used to use Apple wifi hardware because it just worked and was reliable, however in my new home I couldn't get adequate coverage with one access point and rather than manage multiple airports, I just decided to throw a managed system in. The Ubiquiti stuff is cheap compared toCisco ands some of the other bigger boys but still just works, in my experience anyway.
The Ubiquiti stuff also provides multiple VLAN id's so it make it easy running a guest network and separate SSID for my VPN line etc.
It was like $500 for 3 * 802.11ac hotspots which is pretty reasonable for whole house reliable coverage and the feature set it offers.
My IT team at work have had nothing but grief with cisco wifi points and their feedback was one of the reasons I gave them a miss.

 

[cyberjock]

I went with Ubiquiti for the first time about 4 years ago. I needed Wifi that was better than the piece of crap you buy from Netgear, D-Link, and the like. After buying a Ubiquiti Picostation I was hooked and never went back. The performance, the range, etc is just so much better that I'll never go back to Netgear. I've also converted quite a few friends in the last 4 years because they had wifi problems, bought a Ubiquiti, never had wifi problems again. ;)

I want my Wifi to work virtually all the time. I want my Wifi to work everywhere in my house. I don't want to have to deal with jerking around with settings and/or rebooting it regularly just to continue to have stable Wifi. For me, buying Ubiquiti gave me all of those things. The prices for the newer 802.11ac stuff is rather high because they did a hardware refresh about a month ago and the prices are still very high. But the MSRP for the 802.11ac units I'll be buying for my house are $170 each. I need two (big house for upstairs and downstairs) and I'll gladly spend the money.

They are basically a middle-of-the-road between the crap you buy at the Fry's and Microcenter and the expensive Cisco stuff. For some people, it works so well they actually used it instead of Cisco stuff. When doing my research I read so much about all of the problems people had with Cisco that I was not going to go with them (even if I could have afforded them used).

 

[anodos]

The ubiquiti mport / mfi stuff is nice if you need to add environment monitoring to a server room. I have a temperature sensor configured to send me email alerts if the room temps start to spike. You can add a temp monitor, door monitor, and motion sensor to a server room for under $150, and script the heck out of it. This is nice when you have to retrofit existing construction with little budget (or have an old A/C unit in your house that likes to randomly freeze up).

 

[travanx]

Had a failing Netgear router and replaced that with an ERL and used the Netgear as an AP. That Netgear turned out to just be failing completely. Saw a few options and thought why not go with the cheap UAP? Since then the wireless has been flawless and reaches through the entire lathe and plaster house. The signal reaches 1 house down the street and its turned down. Waiting for the AC to come into stock as I have 2 laptops that I want to try AC with.

The edgerouter lite is amazing and found it simple enough for a newb like me to even figure out how to get an Ipv6 tunnel going. $100 for a router shipped through Prime is hard to beat. I was also looking at the cheap used Cisco AP's. Fry's gave me a weird look when I asked if they carried Ubiquiti.

To add, doing basic home automation is a lot easier when you don't have to worry about the terrible home networking gear. An Archer C9 is about $40 cheaper than an ERL and UAP. And no need to mess around with dd-wrt, openwrt, tomato, gargoyle or any of the other firmware hacks. And it all just works instead of fiddling with things every week when something breaks. The amount of times I flashed the WNDR3700 is quite stupid to try to get wireless to be stable. UAP has been on and never reset since I got it 3 months ago. POE on an AP is pretty sweet.

 

[Windle Poons]

11. (Optional, but highly recommended) Run as a service

If you want these to run automatically on jail startup run the following:

# sysrc local_enable="YES"
# echo /usr/local/bin/tmux new-session -d "/usr/local/bin/java -jar /mFi/lib/ace.jar start" > /etc/rc.local
# echo /usr/local/bin/tmux new-window -d "/usr/local/bin/java -jar /UniFi/lib/ace.jar start" >> /etc/rc.local
# chmod +x /etc/rc.local

When starting the service with this, I saw an error about tmux unable to access the default session. I realize now that this was because I only installed Unifi, and not mFi, so the new-window was incomplete since new-session is needed at least once first.

Might be useful to note that if you're only installing UniFi, then you should use new-session for it. Your instructions were working so well copy/paste that this hadn't occurred to me originally.

Thanks for the well done instructions!

 

[Intel]

Thanks so much for this guide! I just ordered a Ubiquiti mPower smart outlet and kept reading how horrible the software setup was. Thanks to your guide setup was a breeze and took me less than 30 minutes to setup

 

[Ellimist]

Just used this guide. Works great. Thanks for sharing, much appreciated.

 

[George51]

So with reports that the latest mongodb package and openjdk8 work with the all new Unifi controller 4.8 (previously the beta - just been released) I have decided to give this ago.

This is what've tried:

Create the jail as per step 1 in the guide

Code:

# pkg install py27-setuptools27 devel/libexecinfo devel/pcre archivers/snappy devel/boost-libs scons v8 R-cran-DBI nano sudo wget tmux openjdk8-jre
# pkg install mongodb
# pkg update && pkg upgrade

Then it ask me to do this - I have tried with and without (not sure if this is required?)

Code:

edit /etc/fstab

and adding the following lines

Code:

fdesc /dev/fd fdescfs rw 0 0
proc /proc procfs rw 0 0

Then:

Code:

sysrc mongod_enable="YES"

Restarted the jail and verified that mongodb was working:

Code:

# service mongod status
# cd /
# wget https://www.ubnt.com/downloads/unifi/4.8.12/UniFi.unix.zip
# unzip UniFi.unix.zip
# rm /UniFi/bin/mongod
# ln -s /usr/local/bin/mongod /UniFi/bin/mongod
# sysrc local_enable="YES"
# echo /usr/local/bin/tmux new-window -d "/usr/local/bin/java -jar /UniFi/lib/ace.jar start" >> /etc/rc.local
# chmod +x /etc/rc.local

Then I restart the jail - and try to access the controller via https://IP.address.of.jail:8443/

But i get:

This webpage is not available


ERR_CONNECTION_REFUSED

and It seems not to be working. Any advise on where to start looking?