Unifi OS 3.2.7 : Free Unifi Identity, High availability, DNS Over HTTPs, Unifi Innerspace
Vložit
- čas přidán 1. 08. 2024
- In this video we take a look at the new Unifi OS update 3.2.7 This brings a lot of changes including Unifi identity for free on our local consoles which allows us to use one click WIFI, one click VPN and allows us to unlock our doors from our phones
We also are able to do high availability with Shadow mode, DNS over HTTPs and we see the new Unifi Innerspace
Release notes:
community.ui.com/releases/Uni...
▶ Ubiquiti affiliate link :
store.ui.com/us/en?a_aid=MacT...
▶ Hire us on our website
mactelecomnetworks.com/
▶ Watch my VLOG channel:
/ @mactelecomvlogs
▶ Join our Discord Channel:
/ discord
------------------------------------------------------------------------------------
Affiliates I use:
▶ VOIP.MS
www.voip.ms/en/code/Mactelecom
▶Canadian Amazon Store front:
www.amazon.ca/shop/mactelecom...
▶USA Amazon store front:
www.amazon.com/shop/macteleco...
▶NordVPN:
go.nordvpn.net/aff_c?offer_id...
------------------------------------------------------------------------------------
▶ Find us on social media:
▶ Instagram:
/ mactelecomnetworks
▶ Facebook:
/ mactelecomnetworks
▶ Twitter:
/ mactelecomn
▶ TikTok:
/ mactelecomnetworks
▶ Linkedin:
/ cody-maccallum-29311b6b
▶ Twitch:
/ frozil3
0:00 Intro
0:39 Unifi Identity Free
3:40 Unifi Shadow mode (High availability)
4:29 VLAN Magic
5:48 DNS over HTTPS, DNS Shield (DoH)
6:21 Unifi Innerspace
6:47 Final thoughts - Věda a technologie
That ability to NAC-like move devices to a new VLAN and even isolate them was pretty neato
Nice Video, really appreciate your efforts especially as a ubiquity beginner
DNS DOH is a great addition. It's the one killer feature that pihole doesn't have. Might give DNS shield a try when the new firmware releases & compare it to my pi4 pihole, see if I notice a difference. Great summary as always!
Pihole with cloudflared...it's in their official docs and works great for DoH with many different providers (not just cloudflare). I run two piholes for redundancy on two physically different devices for now with NextDNS DoH (using cloudflared). It would also be nice if the UDM-SE had the ability much like pihole to be a local dns server for my custom domains for ssl certs (for internal services). My wishlist for the UDM-SE is long if you can't tell. haha
As it stands you can't put custom URLs in the UDM-SE atleast for DNS Shield, so it's pretty useless for my case.
Nice work Cody !!
I can't say I'm a big fan of the way Ubiquiti implemented shadow mode. I think the implementation should've been similar to VRRP so a user doesn't have to physically disconnect any consoles.
They are going to make it seem less eventually so you don’t need to change any physical connections
“Currently, Shadow Mode operates as a “Warm Spare,” meaning some manual intervention is required, however this will become fully automated in an upcoming release”.
I hope they keep both as options - I have a location where the ISPs equipment locks us out if we try to do VRRP failover.
They wrote this will be coming in a later release. Really need it!!!
3.2.7 early release killed my UAP-BeaconHD meshpoints. Really sucked for the past week or so; this update did fix it! Very happy
The unifi has its quirks and issues but I think you can argue that from a value for dollar/ease of use perspective, Ubiquiti really is miles above anything else.
the DNS over HTTPS is awesome! finally done installing nextdns agent on the UDM locally to do exactly this.
Can you set up NextDNS on the setting?
@@ldnzz I'm hoping it's one of the options you can select. I'm not running that version yet
I may different VLANs to different NextDNS profiles. As such I'll keep using the CLI agent, but for those with a single profile it would be ideal to do it in the UI.
@@Nuuki9 well I’m on Reddit and someone has said there is no option to add individual profile details. Therefore it just goes directly to NextDNS. The options are:
• Nextans
• Nextdns-ipv6
• Nextdns-ultralow
UI should really allow us to assign profile ID.
@@ldnzz It's easy enough to use NextDNS CLI so sounds like I'll be sticking with that.
DNS DOH is a great addition. I have a DNSCrypt-proxy up and running but I would have considered DNSShield as a good alternative.
With your intense "Insider" contacts with these guys, could you please tell them that "Design Center" needs to do "Multi-Level" layouts. Not all of us are doing single level installs. I can even map out my own house . . .
Your efforts will be greatly appreciated!
I think it sorta can. I need to do another update video on design center they changed a lot about it
@@MactelecomNetworksthey do but they also do not. I think what bob means is that Wifi signals only show horizontal coverage but not vertical, which sucks to be honest
If Unifi manages to make Shadow Mode fully automatic that certainly will be a very enticing feature.
would love to see a in depth video about dns shield to setup cloudflare and quad9.
So with the app for users to access the doors, does that only allow them to open the doors when they are close to the reader, or can they unlock the door anytime from any location? Thanks for the content!
I use cloudflair dns & glad they add this.
It’s a great new option
hello in DNS Shield, can we manually add DNS https or is it a blocked list, like for example adding nextdns personal DNS?
I emailed ubiquity asking for free identify access when they first released it so I didn’t even notice when it released with this update.
Is there option to add NextDNS for the DOH shield ?
Cody how to downgrade the UDMPro to 3.1.16? Because after the update my SFP+ for ISP stopped working. This would definitely be a helpful video.
Is identity also integrating in MS Active Directory when used on premise in a home lab for SSO?
I believe you can with the paid version
Has Anyone Else Experienced Security Issues with VLAN Configuration on UniFi Switches since this release ?
When we assign a native VLAN to a port and set the "Tagged VLAN Management" to block ALL, the 'Block all' setting seems to be ignored.
In our tests, we connected multiple endpoints, each set manually with a VLAN ID that should have been blocked. Surprisingly, these devices were still able to connect.
We also tried the "custom" setting, but encountered the same issue where devices could connect to VLANs not specified in the list.
We're wondering if this could be related to the "network override" feature. We're planning to test this on a previous firmware version for confirmation.
Has anyone in the community experienced anything similar or have any insights on this issue? Any advice or suggestions would be greatly appreciated.
Looking forward to your feedback.
Best regards,
DNS DoH support is awesome, but I can't add any manual entries? It only lets me choose from their list :( I use NextDNS, which is supported, but I have no way of directing it to use my profile :(
Hi there, thanks for the excellent and timely vid! I haven’t been able to find any information about VLAN Magic yet. Do you know how the feature works for WiFi devices? Does it allow you to have multiple VLANs on the same SSID and password, without having to use Private Pre-Shared Keys (PPSK)? Have you happened to had a chance to test it?
I'm having the same issue about not finding VLAN Magic. I'm on 3.2.7 & network 8.0.24 - have you found any resoltuion?
Perfect! The UNIFI is better system.
Hello! I have a big problem with IPSEC routing and VPN. When I close the VPN to the SAP environment on AWS, only the Firewall (Ubiquiti UXG Pro) pings the remote gateway. No host below UXG can ping the other side. Can anyone help me ?
Seems my UDR can run 3 apps now with InnerSpace added to it!
Ya I need to do an updated video on it
I am a little hesitant to enable DNS Shield as it disables the WAN DNS which could be problematic if the DNS servers on the Shield fail due to an outage and while the DNS from your local ISP (Bell or Rogers) continue to work with not much interruption.
The likes of google & Cloudflare both having outages for their DNS is very unlikely. You can set it to manual and have more resiliency than just 2 DoH providers. Plus ISP DNS is just horrible and usually slow.
@@BenRichardsonbrichardson1991 Tell you the truth I normally don't use my ISP DNS, so I don't know what else on the UDM-Pro would use it.
Does the new local Unifi Identity work with the Windows Unifi Identity App? I would like to use the app to connect to the UDM Pro WireGuard VPN server instead of using the native WireGuard GUI.
How does DNS Shield compare to Unbound on a Pi-hole? Am currently running 2 Pi-hole devices that sync for HA. Wound be great to be able to eliminate them and simplify my network.
With the free version of identity can you wave your phone across the door card reader and unlock the door using bluetooth still?
I‘m researching if it is finally possible to use the native NFC function of my iPhone for UniFi Access, as this is the most convenient way. Stating in this 3 year ongoing thread it should be possible but I can’t get it to work. Now with it to be free it should work or?
it did work before for 5 users free
Still no option to disable NAT on UDMPro? 😢
How do you update Unifi OS? I can't find the check for updates on the console?
You’ll need to switch the release channel to release candidate
WAIT, Identity is free now? Uggggh, we *just* set up Enterprise last week as our user count exceeded 5. I wonder if we can roll back....
Is there plane to push Wifiman for Windows?
Yup they said it would be out by the end of December
Does Innerspace factor in the ap's power levels? Otherwise it's basically useless imo
first
my se often disconnect 😂😂😂 failover this version very bad.
With InnerSpace have they worked out how to do multi floor buildings yet? It seems like an obvious thing to me but maybe I'm missing something!