Unifi Dream Router (UDR) shows internet offline but is online

Sat, 14 Jan 2023 08:01:08 +1400

My Unifi Dream router showed the internet status as offline since it had been upgraded to Unifi OS 3.x

Per default the device tries to reach the address ping.ubnt.com which was reachable without any issues on the commandline of the device. Nevertheless i was not able to figure out why that doesn’t work. A thread on Reddit finally told me the correct solution - it is possible to change the address. And this is how::

Navigate via Geräte -> UDR -> Settings to the section Services:

Change the address of the Echo Servers to a public, highly available address (e.g.. 1.1.1.1 or 8.8.8.8 or 8.8.4.4)

Save and the internet status should go back to green:

Unifi Dream Router - Setup of podman

Mon, 22 Aug 2022 08:24:29 +2200

After having the new Unifi Dream Router for a while i had the desire to add additional services like NTP. For this you’ll need a container engine like podman which unfortunately isn’t pre-installed anymore.

On-Boot Script

Install the unifios-utilities according to instructions :

1

curl -fsL "https://raw.githubusercontent.com/unifi-utilities/unifios-utilities/HEAD/on-boot-script/remote_install.sh" | /bin/sh

The directory /mnt/data/on_boot.d should now be available. Unfortunately the filesystem layout has changed in Unifi OS 2.x, hence we need to move the directory to the internal SSD:

1
2
3
4
5


mkdir -p /data/on_boot.d/
mv /mnt/data/on_boot.d/* /data/on_boot.d/
mv /mnt/data/.cache /data/
rm -Rf /mnt/data
ln -snf /data /mnt/data

Installation of Podman

Navigate to the Build-Overview of the unifios-utilities for the “UDM-SE Podman”. Click on the latest build and download the file “udmse-podman-install.zip” from the artifacts section.
Unpack the file - this unpacks “podman-install.zip”.
Create a persistent directory on the UDR:
1

mkdir -p /data/podman/
Move the file “podman-install.zip” to the UDR (e.g. via WinSCP) into the directory (/data/podman/).
Then unpack the file (this is the “installation”)
1 2

cd /data/podman/ unzip podman-install.zip

Configuraion of Podman

Now various config files have to be created.

Docker Registry Config

1
2
3
4


mkdir -p /data/podman/etc/containers/registries.conf.d
cat > /data/podman/etc/containers/registries.conf.d/dockerio.conf <unqualified-search-registries=["docker.io"]
EOF

Container Policy

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17


mkdir -p /data/podman/etc/containers/
cat > /data/podman/etc/containers/policy.json <{
    "default": [
        {
            "type": "insecureAcceptAnything"
        }
    ],
    "transports":
        {
            "docker-daemon":
                {
                    "": [{"type":"insecureAcceptAnything"}]
                }
        }
}
EOF

Storage Config

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214


mkdir -p /data/podman/etc/containers/
mkdir -p /data/podman/var/lib/containers/
cat > /data/podman/etc/containers/storage.conf <# This file is is the configuration file for all tools
# that use the containers/storage library. The storage.conf file
# overrides all other storage.conf files. Container engines using the
# container/storage library do not inherit fields from other storage.conf
# files.
#
#  Note: The storage.conf file overrides other storage.conf files based on this precedence:
#      /usr/containers/storage.conf
#      /etc/containers/storage.conf
#      $HOME/.config/containers/storage.conf
#      $XDG_CONFIG_HOME/containers/storage.conf (If XDG_CONFIG_HOME is set)
# See man 5 containers-storage.conf for more information
# The "container storage" table contains all of the server options.
[storage]

# Default Storage Driver, Must be set for proper operation.
driver = "vfs"

# Temporary storage location
runroot = "/run/containers/storage"

# Primary Read/Write location of container storage
# When changing the graphroot location on an SELINUX system, you must
# ensure  the labeling matches the default locations labels with the
# following commands:
# semanage fcontext -a -e /var/lib/containers/storage /NEWSTORAGEPATH
# restorecon -R -v /NEWSTORAGEPATH
graphroot = "/var/lib/containers/storage"


# Storage path for rootless users
#
# rootless_storage_path = "$HOME/.local/share/containers/storage"

[storage.options]
# Storage options to be passed to underlying storage drivers

# AdditionalImageStores is used to pass paths to additional Read/Only image stores
# Must be comma separated list.
additionalimagestores = [
]

# Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of
# a container, to the UIDs/GIDs as they should appear outside of the container,
# and the length of the range of UIDs/GIDs.  Additional mapped sets can be
# listed and will be heeded by libraries, but there are limits to the number of
# mappings which the kernel will allow when you later attempt to run a
# container.
#
# remap-uids = 0:1668442479:65536
# remap-gids = 0:1668442479:65536

# Remap-User/Group is a user name which can be used to look up one or more UID/GID
# ranges in the /etc/subuid or /etc/subgid file.  Mappings are set up starting
# with an in-container ID of 0 and then a host-level ID taken from the lowest
# range that matches the specified name, and using the length of that range.
# Additional ranges are then assigned, using the ranges which specify the
# lowest host-level IDs first, to the lowest not-yet-mapped in-container ID,
# until all of the entries have been used for maps.
#
# remap-user = "containers"
# remap-group = "containers"

# Root-auto-userns-user is a user name which can be used to look up one or more UID/GID
# ranges in the /etc/subuid and /etc/subgid file.  These ranges will be partitioned
# to containers configured to create automatically a user namespace.  Containers
# configured to automatically create a user namespace can still overlap with containers
# having an explicit mapping set.
# This setting is ignored when running as rootless.
# root-auto-userns-user = "storage"
#
# Auto-userns-min-size is the minimum size for a user namespace created automatically.
# auto-userns-min-size=1024
#
# Auto-userns-max-size is the minimum size for a user namespace created automatically.
# auto-userns-max-size=65536

[storage.options.overlay]
# ignore_chown_errors can be set to allow a non privileged user running with
# a single UID within a user namespace to run containers. The user can pull
# and use any image even those with multiple uids.  Note multiple UIDs will be
# squashed down to the default uid in the container.  These images will have no
# separation between the users in the container. Only supported for the overlay
# and vfs drivers.
#ignore_chown_errors = "false"

# Inodes is used to set a maximum inodes of the container image.
# inodes = ""

# Path to an helper program to use for mounting the file system instead of mounting it
# directly.
#mount_program = "/usr/bin/fuse-overlayfs"

# mountopt specifies comma separated list of extra mount options
mountopt = "nodev"

# Set to skip a PRIVATE bind mount on the storage home directory.
# skip_mount_home = "false"

# Size is used to set a maximum size of the container image.
# size = ""

# ForceMask specifies the permissions mask that is used for new files and
# directories.
#
# The values "shared" and "private" are accepted.
# Octal permission masks are also accepted.
#
#  "": No value specified.
#     All files/directories, get set with the permissions identified within the
#     image.
#  "private": it is equivalent to 0700.
#     All files/directories get set with 0700 permissions.  The owner has rwx
#     access to the files. No other users on the system can access the files.
#     This setting could be used with networked based homedirs.
#  "shared": it is equivalent to 0755.
#     The owner has rwx access to the files and everyone else can read, access
#     and execute them. This setting is useful for sharing containers storage
#     with other users.  For instance have a storage owned by root but shared
#     to rootless users as an additional store.
#     NOTE:  All files within the image are made readable and executable by any
#     user on the system. Even /etc/shadow within your image is now readable by
#     any user.
#
#   OCTAL: Users can experiment with other OCTAL Permissions.
#
#  Note: The force_mask Flag is an experimental feature, it could change in the
#  future.  When "force_mask" is set the original permission mask is stored in
#  the "user.containers.override_stat" xattr and the "mount_program" option must
#  be specified. Mount programs like "/usr/bin/fuse-overlayfs" present the
#  extended attribute permissions to processes within containers rather then the
#  "force_mask"  permissions.
#
# force_mask = ""

[storage.options.thinpool]
# Storage Options for thinpool

# autoextend_percent determines the amount by which pool needs to be
# grown. This is specified in terms of % of pool size. So a value of 20 means
# that when threshold is hit, pool will be grown by 20% of existing
# pool size.
# autoextend_percent = "20"

# autoextend_threshold determines the pool extension threshold in terms
# of percentage of pool size. For example, if threshold is 60, that means when
# pool is 60% full, threshold has been hit.
# autoextend_threshold = "80"

# basesize specifies the size to use when creating the base device, which
# limits the size of images and containers.
# basesize = "10G"

# blocksize specifies a custom blocksize to use for the thin pool.
# blocksize="64k"

# directlvm_device specifies a custom block storage device to use for the
# thin pool. Required if you setup devicemapper.
# directlvm_device = ""

# directlvm_device_force wipes device even if device already has a filesystem.
# directlvm_device_force = "True"

# fs specifies the filesystem type to use for the base device.
# fs="xfs"

# log_level sets the log level of devicemapper.
# 0: LogLevelSuppress 0 (Default)
# 2: LogLevelFatal
# 3: LogLevelErr
# 4: LogLevelWarn
# 5: LogLevelNotice
# 6: LogLevelInfo
# 7: LogLevelDebug
# log_level = "7"

# min_free_space specifies the min free space percent in a thin pool require for
# new device creation to succeed. Valid values are from 0% - 99%.
# Value 0% disables
# min_free_space = "10%"

# mkfsarg specifies extra mkfs arguments to be used when creating the base
# device.
# mkfsarg = ""

# metadata_size is used to set the 'pvcreate --metadatasize' options when
# creating thin devices. Default is 128k
# metadata_size = ""

# Size is used to set a maximum size of the container image.
# size = ""

# use_deferred_removal marks devicemapper block device for deferred removal.
# If the thinpool is in use when the driver attempts to remove it, the driver
# tells the kernel to remove it as soon as possible. Note this does not free
# up the disk space, use deferred deletion to fully remove the thinpool.
# use_deferred_removal = "True"

# use_deferred_deletion marks thinpool device for deferred deletion.
# If the device is busy when the driver attempts to delete it, the driver
# will attempt to delete device every 30 seconds until successful.
# If the program using the driver exits, the driver will continue attempting
# to cleanup the next time the driver is used. Deferred deletion permanently
# deletes the device and all data stored in device will be lost.
# use_deferred_deletion = "True"

# xfs_nospace_max_retries specifies the maximum number of retries XFS should
# attempt to complete IO when ENOSPC (no space) error is returned by
# underlying storage device.
# xfs_nospace_max_retries = "0"
EOF

Max logsize Config

Sets a limit of container logs (similar to container-common for unifi devices with podman). 104857600 Bytes = 100 Megabytes

1
2
3


cat > /data/podman/etc/containers/libpod.conf <max_log_size = 104857600
EOF

Boot Script

This script ensures that podman is fully installed on the start of the UDR. All binaries are therefore linked from the persistent directory.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21


cat > /data/on_boot.d/07-podman.sh <#!/bin/bash

mkdir -p /usr/share/containers
mkdir -p /usr/libexec/podman
mkdir -p /etc/containers
mkdir -p /etc/containers/registries.conf.d
mkdir -p /data/podman/var/lib/containers/

ln -sf /data/podman/usr/share/containers/seccomp.json /usr/share/containers/seccomp.json
ln -sf /data/podman/usr/libexec/podman/conmon /usr/libexec/podman/conmon
ln -sf /data/podman/usr/bin/runc /usr/bin/runc
ln -sf /data/podman/usr/bin/podman /usr/bin/podman
ln -sf /data/podman/etc/containers/containers.conf /etc/containers/containers.conf
ln -sf /data/podman/etc/containers/policy.json /etc/containers/policy.json
ln -sf /data/podman/etc/containers/storage.conf /etc/containers/storage.conf
ln -sf /data/podman/etc/containers/libpod.conf /etc/containers/libpod.conf
ln -sf /data/podman/etc/containers/registries.conf.d/dockerio.conf /etc/containers/registries.conf.d/dockerio.conf
ln -sf /data/podman/var/lib/containers/ /var/lib/containers
EOF
chmod a+x /data/on_boot.d/07-podman.sh

Quellen

Unifi Dream Router (UDR) - Setup of the NTP Server

Mon, 22 Aug 2022 08:24:29 +2200

After i had installed my new Unifi Dream Router i discovered after a while that the time of some of the devices in my network was screwed up. After a bit of research i found that the UDR (in contrast to my previous Unifi Gateway) doesn’t feature NTP. Hence i had a pretty timeless setup.

Setup of podman

The NTP server is setup in a container , hence it is important to first setup podman on the UDR.

Setup of the NTP Container

To automatically start the container, the respective file has to be created. This is done through the following command:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10


cat > /data/on_boot.d/20-ntp.sh <#!/bin/sh
CONTAINER=ntp
if podman container exists ${CONTAINER}; then
  podman start ${CONTAINER}
else
  podman run --device=/dev/net/tun --publish=123:123/udp --cap-add=SYS_TIME --name ${CONTAINER} -d tusc/chrony-udm
fi
EOF
chmod a+x /data/on_boot.d/20-ntp.sh

Now pull the container:

1

podman pull tusc/chrony-udm

And start the container:

1

/data/on_boot.d/20-ntp.sh

Unifi Dream Router on Ulis Notes