NOTE for UAP-v2: As for July 2018, Ubiquiti seems to have blocked custom firmware installation possibility by using signatures on all 3.7 and later brand firmwares. As long as there is no brand pre-3.7 firmware available (in order to downgrade) for UAP-v2 devices, installing OpenWrt/LEDE could be impossible, as seen on the forum https://forum.lede-project.org/t/are-ubiquiti-actively-blocking-installation-of-third-party-firmware/4301 and https://forum.lede-project.org/t/are-ubiquiti-blocking-lede-installation/3877. If you want liberty, do not buy Ubiquiti.
Barrier Breaker 14.07 openwrt-ar71xx-generic-ubnt-unifi-squashfs-factory.bin works out of the box, no need to change XM/BZ for the firmware image. Configurations then can be changed right away using LuCi.
|Model||Version||Current Release||Firmware OpenWrt Install||Firmware OpenWrt Upgrade||Firmware OEM Stock|
fwupdate.real -m openwrt-ar71xx-generic-ubnt-unifi-squashfs-factory.bin -d
Later 3.xx firmware versions fail to upgrade using the above and brick so use instead. If brick reset device with 20-sec-press way with connected lan-cable - after it tftp start work.
mv /tmp/openwrt-ar71xx-generic-ubnt-unifi-squashfs-factory.bin /tmp/fwupdate.bin cd /tmp nohup syswrapper.sh upgrade2
- As refered, it could be impossible to install OpenWrt/LEDE on UAP-v2 devices.
If you have already installed OpenWrt and like to reflash for e.g. upgrading to a new OpenWrt version you can upgrade using the sysupgrade command line tool. It is important that you put the firmware image into the ramdisk (/tmp) before you start flashing.
cd /tmp/ wget http://downloads.openwrt.org/.../openwrt-ar71xx-ubnt-unifi-*-sysupgrade.bin sysupgrade -i /tmp/openwrt-ar71xx-ubnt-unifi-*-sysupgrade.bin
Very helpful in case your upgrade went wrong or your AP is not responding anymore. See TFTP Unbricking section below for more detailed instructions on this process
tftp -i 192.168.1.20 put openwrt-ar71xx-generic-ubnt-unifi-squashfs-factory.bin
Transfer successful: 3342748 bytes in 2 second(s), 1671374 bytes/s
A male-strip is on board to connect your TTL capable serial converter. Serial connection parameters: 115200, 8N1
How to connect to JTAG interface, and how to reflash the device with JTAG tools
See port.jtag for more JTAG details.
The USBJTAG NT also supports read, write, erase, debrick, etc. You can use the WRT160NL config, or download the specific device config from this forum post.
The UniFi ap has 2 leds, the orange one can be configured adding something like:
config led option default '0' option name 'led1' option sysfs 'ubnt:green:dome' option trigger 'netdev' option dev 'br-lan' option mode 'link' config led option default '0' option name 'led2' option sysfs 'ubnt:orange:dome' option trigger 'netdev' option dev 'br-lan' option mode 'tx rx'
at the end of /etc/config/system. This will give you a steady green when the ethernet is up and a light blink during wireless activity.
Also its possible to change the led status manually.
echo 1 > /sys/class/leds/ubnt\:orange\:dome/brightness echo 1 > /sys/class/leds/ubnt\:green\:dome/brightness echo 0 > /sys/class/leds/ubnt\:green\:dome/brightness echo 0 > /sys/class/leds/ubnt\:orange\:dome/brightness
echo timer > /sys/class/leds/ubnt\:orange\:dome/trigger echo 1000 > /sys/class/leds/ubnt\:orange\:dome/delay_on echo 1000 > /sys/class/leds/ubnt\:orange\:dome/delay_off
echo 0 > /sys/class/leds/ubnt\:orange\:dome/delay_off
The UniFi has only the single ethernet port, so much of the OpenWrt documentation is a little confusing. Most of the documentation is written with the idea of routers which have a WAN port, a LAN wired switch and the WLAN wireless. Clearly the Unifi doesn't have the wired LAN switch.
After flashing (I found r41163 worked while the 12.09 version had the XM problem discussed above and editing the characters 4-6 didn't fix it) I was able to connect via wired ethernet as described in FirstLogin (i.e. there is a DHCP server handing out IPs in the 192.168.1.X subnet, running on the ethernet port).
After changing the password and exiting, I had to wait a while (60 secs?) until I could ssh back into the box. That was strange because I thought I'd lost networking … I think that is due to a long-running first time ssh key generation. Even so, each ssh in takes a long time to respond (something about recent versions of dropbear taking a long time to setup a session key). I found LUCI not installed, so I had to work to get internet access on the box before I could use that.
Once ssh'd into the box I followed these steps: 1. Enable wireless, using commands at top of the UCI wireless config page. This enables the radio. The radio is bridged to the lan network. 2. Connect to the wireless network, disconnect the wired from your computer, and ensure that you can ssh in via the wifi. 3. Swap eth0 and eth1 between lan and wan. The default configuration has the ethernet port on the lan network. But if you are going to plug the Unifi into a cable modem (for example) to use it as a router, then you want the ethernet port to be the wan network (and to seek a dhcp assigned address). I edited the /etc/config/wireless file changing etho in the lan section to eth1, and eth0 in the wan section to eth1. Quite honestly I'm not sure that this is perfect (since there isn't an eth1 on the Unifi, but it worked for me). 4. Restart networking (/etc/inid.d/networking restart) 5. Connect the ethernet lan on the PoE injector to the cable modem. Remember nonsense about having cable modem off for 20 seconds or so to give out an IP to a new MAC address. 6. Connect back to the OpenWrt Wifi. 7. ping google.com. yay.
At this point things are working with NAT routing between the lan and the wan.
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0'
config globals 'globals' option ula_prefix 'fd18:37f2:587f::/48'
config interface 'lan' option ifname 'eth1' option force_link '1' option type 'bridge' option proto 'static' option ipaddr '192.168.1.1' option netmask '255.255.255.0' option ip6assign '60'
config interface 'wan' option ifname 'eth0' option proto 'dhcp'
config interface 'wan6' option ifname '@wan' option proto 'dhcpv6'
root@OpenWrt:~# ifconfig br-lan Link encap:Ethernet HWaddr DC:9F:DB:EB:19:24 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fd18:37f2:587f::1/60 Scope:Global inet6 addr: 2605:6000:1018:5f::1/64 Scope:Global inet6 addr: fe80::de9f:dbff:feeb:1924/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:35879 errors:0 dropped:0 overruns:0 frame:0 TX packets:64154 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:7629054 (7.2 MiB) TX bytes:76188963 (72.6 MiB)
eth0 Link encap:Ethernet HWaddr DC:9F:DB:EA:19:24 inet addr:18.104.22.168 Bcast:22.214.171.124 Mask:255.255.224.0 inet6 addr: 2605:6000:ffc0:60:1406:59bd:ae45:b383/128 Scope:Global inet6 addr: fe80::de9f:dbff:feea:1924/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:88136 errors:0 dropped:1 overruns:0 frame:0 TX packets:36148 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:78402192 (74.7 MiB) TX bytes:8333999 (7.9 MiB) Interrupt:4
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:16092 errors:0 dropped:0 overruns:0 frame:0 TX packets:16092 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1137726 (1.0 MiB) TX bytes:1137726 (1.0 MiB)
wlan0 Link encap:Ethernet HWaddr DC:9F:DB:EB:19:24 inet6 addr: fe80::de9f:dbff:feeb:1924/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:35881 errors:0 dropped:0 overruns:0 frame:0 TX packets:65056 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:8131532 (7.7 MiB) TX bytes:77645373 (74.0 MiB)
In a situation where you'd just like to drop the AP in an existing network, it might be handy to use DHCP. However, how do you figure which IP the AP is using… Below config allows you to use a DHCP assigned IP and still keep an extra IP address (192.168.254.1) you can use to directly connect over the ethernet port.
Your usual 'ifconfig -a' will not show this 2nd IP. Yes, this very confusing and is caused due to a limitation of Busybox. You'll have to use the 'ip' command which you can install using 'opkg install ip'.
#/etc/config/network config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config globals 'globals' option ula_prefix 'fdcb:9bde:4f7c::/48' config interface 'lan' option ifname 'eth0' option force_link '1' option type 'bridge' option proto 'dhcp' config interface 'lan2' option ifname 'br-lan' option proto 'static' option ipaddr '192.168.254.1' option netmask '255.255.255.0' config interface 'wan' option ifname 'eth1' option proto 'dhcp' config interface 'wifi' option proto 'static'
Parts of this section taken from UniFi - TFTP soft recovery for bricked access point
Before starting, set a static IP on your PC's NIC from 192.168.1.0/24 range, but not 192.168.1.20 (this is the Unifi AP default TFTP IP).
Follow the steps to unbrick your UAP: