I'm afraid to ask, but why are people anti ubiquity? I freaking love my udm-pro and am waiting for their cams to come back in stock so I can ditch my nests.
I saw your exact question elsewhere, so I'll reply with my exact same answer:
I personally grew a strong distaste for several reasons. When I first started my homelab I was ready to go all in with Ubiquiti. Equipment looked nice, great looking UIs, great price. Seemed like everything was perfect for the prosumer. I bought some access points and a UDM pro to start, with plans for some POE switches next. First thing that irked me was that I had to log into everything through the cloud. And it wasn't possible to set up the UDM and access points at the time without a cloud account, though I know this has since changed. Second was that they were sending all kinds of telemetry to HQ. One of the reasons I set up a homelab is for privacy and data sovereignty, so having my low level network equipment spy on me is a huge no-go. The third thing that really pissed me off is that there was no way to manage any clients on my network that didn't go through a Ubiquiti access point. I had an old Airport Pro that I was using and all the clients that connected through it were not visible to the UDM pro. Both official support and the reddit forums said it wasn't possible and it didn't make sense anyway, and gaslit me and even removed some of my posts and comments. What is the point of a firewall if you can't disable traffic to some clients (e.g. I didn't want my robot vacuum phoning home to china). I SSH'd into the UDM and indeed see the vacuum in the ARP table so there was no technical reason to not allow me to set firewall rules for it in the UI. I mean the UDM gave these clients DHCP addresses, so it's obvious that the UDM was aware of them. It became clear - it's a business lock-in strategy to force you to go all-in on Ubiquiti equipment. They don't support heterogeneous mixed-vendor networks. I said fuck that and returned it all. Switched to open source products like OPNSense and used professional equipment from EBay and couldn't be happier. Way more control for the same price, no spying, and no vendor lock-in.
Forcing users to use a cloud account and an app for setup, and enabling telemetry without disclosing it to users, although once they were called out on it by folks noticing a bunch of traffic to their servers they eventually confirmed it was happening and added an opt-out option (see https://www.theregister.com/2019/11/07/ubiquiti_networks_pho...), also there was something about NVR and not being allowed to self host it, or use old hardware... I never bothered to really look into that one, but it seemed to come up a lot.
Stupid bugs caused me to move away from them, conveniently only days before the breach became public.
Bug #1 was when they stopped supporting 32-character SSIDs, so my main network called "Smart Meter Surveillance Network" suddenly was no longer editable. Switching routing platforms is easier than setting up all my devices again.
Bug #2 was the one I wrote up here on Reddit (https://www.reddit.com/r/UNIFI/comments/ghs4bg/arp_for_clien...), which was where ARPing for a client on a meshed wireless AP, from the wired network, would fail. If the client was on a non-meshed AP, it worked.
I expect better from my network, so I dumped Unifi and went to OPNsense on a fanless PC.
- Synology DS1019+ for storage, Plex, and Pi-hole via Docker
- 2x Rucuks R610 APs running Unleashed firware (off-lease eBay purchases, enterprise grade APs, about $150/ea, both wired/non-mesh)
- Brocade ICX6430-C12 Switch (4x 802.11at PoE, handles the APs, another eBay special, cost around $90)
This is working well for me, and unlike the UniFi stuff I can now pretty easily swap out any piece of it with another brand of the same function and things will be fine. The single ecosystem of Unifi always bothered me a bit.
If I want a new VLAN (or special WLAN) it's a little harder than on UniFi, but it's really just setting it up on OPNsense, defining it on the requisite ports on the switch, and turning up the new SSID (if needed).
I also don't miss Unifi's single pane of glass view either. All the shiny threat stuff isn't particularly actionable, and there's a bunch of gaps (IIRC like how it'd wouldn't have usable timestamps for some things) so I was never able to use it to make decisions.
I run the Synology with a LACP link; that's plenty fast as its more a storage/backup box than anything that needs to be performant. Speeding all that up would just be a matter of replacing the switch and adding a card into the Synology, but I don't need that for now. (I'd probably get a new NAS before that.)
• lies about supporting older versions of APs, telling me I need to upgrade to get x-such-feature, and then they support it later on the older hardware.
• Various features sold as _coming_soon_, that really take several years to come about.
• making more and more of their setup require a total buy-in of the whole infrastructure when I only wanted one piece of it.
• It just wan't very reliable. I'd have to reboot all the APs every now and then to get them communicating well again (this seems to be limited to myself and not my friends, but happened on two generations of the UBNT hardware)
But what did them in on the end for me was some version upgrade totally blew up my network, that does depends on different SSIDs mapping to different VLANs, but after the upgrade, they bridged everything together.
Found that unacceptable, so I gave up fighting them, dropped in another enterprise vendor, and now things are truely rock solid.
Yes, they give out many enterprise features for a very low cost, and the feature set does far surpass any of the consumer price range gear that they hover their price points around.
OOTH, since I do work with lots of Enterprise gear, I know when used gear is falling off in price to affordable for home levels, and how much more life I can reasonably get from it. Sure, I don't have 802.11ax, but I don't think my last round of UBNT AP buys can upgrade to 802.11ax either, would have had to buy another round of UBNT gear.
"On Wednesday, a former Ubiquiti developer was arrested and charged with stealing data and trying to extort his employer while pretending to be a whistleblower.
"Federal prosecutors say Nickolas Sharp, a senior developer at Ubiquiti, actually caused the “breach” that forced Ubiquiti to disclose a cybersecurity incident in January."
No matter how good your security is, a rogue employee with high-level access will always be a threat. Since they now have experience with this situation, I trust that Ubiquiti has dedicated more resources to preventing both employee sabotage and external breaches.
This also shows that not every breach is what it seems, and investigating fully before publicly disclosing can sometimes help prevent disinformation. The “whistleblower” in this case was intentionally lying, and every customer that dedicated time to mitigation had to pay part of the cost.
Yeah, reminiscent of the (apocryphal?) story of the stuntplane mechanic whose negligence almost cost the pilot his life; assuming he'd be fired, the mechanic was shocked when the pilot said he was now the only mechanic allowed to touch his plane, bc he knew, with certainty, there'd never be another such mishap.
I had six unifi protect cameras for over a year until I replaced them all. Rain at night means motion notifications every 30 seconds, bugs at night, same thing. Unifi cameras are terrible for outdoor applications.
I personally grew a strong distaste for several reasons. When I first started my homelab I was ready to go all in with Ubiquiti. Equipment looked nice, great looking UIs, great price. Seemed like everything was perfect for the prosumer. I bought some access points and a UDM pro to start, with plans for some POE switches next. First thing that irked me was that I had to log into everything through the cloud. And it wasn't possible to set up the UDM and access points at the time without a cloud account, though I know this has since changed. Second was that they were sending all kinds of telemetry to HQ. One of the reasons I set up a homelab is for privacy and data sovereignty, so having my low level network equipment spy on me is a huge no-go. The third thing that really pissed me off is that there was no way to manage any clients on my network that didn't go through a Ubiquiti access point. I had an old Airport Pro that I was using and all the clients that connected through it were not visible to the UDM pro. Both official support and the reddit forums said it wasn't possible and it didn't make sense anyway, and gaslit me and even removed some of my posts and comments. What is the point of a firewall if you can't disable traffic to some clients (e.g. I didn't want my robot vacuum phoning home to china). I SSH'd into the UDM and indeed see the vacuum in the ARP table so there was no technical reason to not allow me to set firewall rules for it in the UI. I mean the UDM gave these clients DHCP addresses, so it's obvious that the UDM was aware of them. It became clear - it's a business lock-in strategy to force you to go all-in on Ubiquiti equipment. They don't support heterogeneous mixed-vendor networks. I said fuck that and returned it all. Switched to open source products like OPNSense and used professional equipment from EBay and couldn't be happier. Way more control for the same price, no spying, and no vendor lock-in.