Unifi Controller QubesOS Setup

Introduction

First of all, Unifi Controller software is a management tool for switches, access points, etc. made by Ubiquiti. I tried several brands and stuck with Unifi as it seems to be the easiest tool with all the features I want. It is quite advanced and is widely used in the enterprise space.

You can either buy a cloud key ($150-250 USD) that runs the Unifi controller software or set it up yourself. Since I don’t need protocols or a captive portal in my environment (home user setup), I don’t need management software running all the time and only use it from time to time for new device adoption, updates, etc. (general administration).

Therefore, the controller software running inside a qube is perfect for me as it is isolated, doesn’t annoy me and is accessible at any time I need it.

The Unifi controller software relies on some broken dependencies and is hard to install manually. Fortunately, there is a nice, convenient install script that is strongly endorsed by the community (it works like a charm). Many thanks to Glenn R.!

https://community.ui.com/questions/ccbc7530-dd61-40a7-82ec-22b17f027776

Problem

My Unifi controller in a standalone Debian 11 minimal template (the regular Debian 11 template doesn’t work either) is unable to connect (find) my Unifi devices. I suspect it has to do with some QubesOS firewall settings, but I’m too much of a noob in this area to know. It would be absolutely great if someone would be able to troubleshoot this issue with me.

My observations so far:

  1. My IP address is in the correct address space (the Unifi controller qube is basically a second sys-net VM with direct access to the home network).
  2. The Unifi controller update script works fine. Right now I am running it on an Ubuntu 22.04 LTS server and it works.
  3. I am able to run the Unifi controller on my qube (it works). The specific problem is that no devices are found. So I suspect a firewall communication problem between the controller and the devices.

Please help me to solve this. As I said in the introduction, I think Unifi has the best current networking devices and I think it would be great if this community could find a way to use them in a QubesOS friendly way.

I think you can ssh to your device and set the inform address like:

$ ssh ubnt@ip-of-your-unifi-device
ubnt@X.X.X.X's password: ubnt
...
# set-inform http://ip-of-your-unifi-cube:8080/inform

Alternative, if you run the UniFi App on your phone/table, you can do the same from there (Devices ready for adoptions should show up, IIRC) - you need to connect from your device to the UniFi controller in the Qube.

I don’t recall how the devices broadcast that they are online and ready for adoption … :-/

Thanks. I will check it out and report back.

I tried what you advised me, but without success. According to my research, the Unifi devices are reaching for http://unifi:8080/inform. My next idea is to overwrite the local DNS on my router unifi with the IP address of my qube. Does this make sense? Is there anyone running the Unifi controller software on QubesOS?

My final solution: I deployed the Unifi Controller on my home server (TrueNAS). It works perfectly fine! Device adoption is explained here pretty well: https://www.youtube.com/watch?v=meGL-AhJWkw