Disclaimer: I am not responsible for any issues that may occur as a result of following this guide. If you have any concerns about what you’re doing, please stop and do your own research.
This new version of the guide requires no gateway.config.json and enables IPv6. Please note, it may take up to 2 weeks for IPv6 to start working if you already had an address leased.
I used the following versioned firmware/software to create this, you’ll want to have these versions as a minimum. (These are stable release versions as of 11/2/2018)
- Cloud Key Controller: 5.9.29
- Cloud Key Firmware: UCK.mtk7623.v0.12.0.29a26c9.181001.1444
- USG Firmware: 18.104.22.16824210
Please ensure you know the IP address of your USG and UniFi controller, you will need these later on. You should also have basic familiarity with a linux command line, as well as some knowledge of the USG and Cloud Controller.
You’ll also want to download the latest archive of the eap_proxy repo (here).
If you followed the previous version of my guide and created a gateway.config.json, you should delete it (or remove all nodes aside from what’s needed for your own customizations) before proceeding.
First, we’ll wire up our network.
The LAN port on the USG should be plugged into your LAN, the USG VOIP/WAN2/LAN2 port should be plugged into the ONT port on your Uverse modem, the cable from your ONT should be plugged into the USG WAN port.
Next, let’s back up our UniFi config, this way if anything goes wrong we’ll have a working config to revert back to.
Navigate to your UniFi controller web page and go to Settings > Maintenance > Backup > Download Backup.
Once the backup has downloaded, we can proceed by checking a few important settings.
First, we want to ensure we’re not binding the VOIP port to WAN2.
To check this go to Settings > Site > Services and verify “Configure VOIP port as WAN2 on UniFi Security Gateway” is unchecked. (If you don’t see this option you’re good to move on)
Now we need to update our WAN network. We’ll do this by going to Settings > Networks > Edit (Next to WAN).
- For IPV6 select “Use DHCPv6” and set Prefix Delegation Size to 60
- Check “Use VLAN ID” and enter 0 in the box to the right (If you’re using the cloud controller save this step until after the ICMPv6 firewall change below. You will lose access to the cloud interface until you’re complete.)
We’ll configure IPv6 on the LAN as well, go to Settings > Networks > Edit (Next to LAN1).
Under “Configure IPv6 Network”,
- IPv6 Interface Type: Prefix Delegation
- IPv6 Prefix Delegation Interface: WAN
- DHCPv6/RDNSS Name Server: IPv6 name server of your choice (2001:4860:4860::8888 for google)
Next we’ll create our LAN2 network.
Go to Settings > Networks > Create New Network and enter the below options
- Name: LAN2
- Purpose: Corporate
- Parent Interface: LAN2
- Gateway/Subnet: 192.168.254.1/24 (or whatever you prefer)
- DHCP Mode: None
We’ll also need a small change to our firewall for IPv6 to work correctly. Go to Settings > Routing and Firewall > Firewall > Rules IPv6 > Create New Rule
- Name: ICMPv6
- Action: Accept
- IPv6 Protocol: ICMPv6
Now extract eap_proxy.py and eap_proxy.sh from the eap_proxy zip you downloaded earlier.
Open the eap_proxy.sh file and ensure IF_WAN is set to eth0 and IF_ROUTER is set to eth2. Additionally under config options append
Next connect to your USG using your SFTP program of choice and copy eap_proxy.py and eap_proxy.sh to /config/scripts/post-config.d.
Note: After doing this please do not restart your USG until I specify to do so.
Open an SSH connection to your USG.
After connecting you should see this,
First we need to move eap_proxy.py, type
sudo mv /config/scripts/post-config.d/eap_proxy.py /config/scripts/ . If you're prompted for a password enter the same one you used to log in initially.
Now we’ll start eap_proxy for testing. Switch back to the ssh session you opened for your USG and input the below command. If you copy/paste it, make sure it’s all on one line by putting it into a text editor first.
sudo python /config/scripts/eap_proxy.py --restart-dhcp --ignore-when-wan-up --ignore-logoff --ping-gateway --set-mac eth0 eth2
Now power-cycle your modem by unplugging the power cable and plugging it back in.
After 5 or so minutes you should see something like the below.
It may not look precisely like this, just give it a few minutes and try to reach an external website.
If it’s working, great! If not, retrace your steps and make sure you’ve completed all the steps in this guide. If you can’t figure out what the issue is, see the roll back instructions further down.
Now that we know eap_proxy is working, our final step will be to make the eap_proxy.sh file executable. In your USG ssh session press
CTRL + C to terminate eap_proxy then enter
cd /config/scripts/post-config.d and next
chmod +x eap_proxy.sh.
Finally, reboot your USG with
It may take upwards of 5 minutes to reinitialize, you can verify by attempting to SSH back into the USG. If you still don’t have internet access after it’s initialized you may need to power cycle the modem as well.
If you’re having difficulty stop and read the error messages.
You can see the USG’s syslog at /var/log/messages, this may hold clues as to what the issue is. Use
tail -n 50 -f /var/log/messages to keep up with any updates to the file.
If you see something like
[Errno 2] No such file or directory: ‘/sys/class/net/eth0.0/address’) in messages, reread though the guide and make sure you’ve followed the vlan setup step.
If eap_proxy works when you run the python command but doesn’t function after a reboot, the issue is likely with your eap_proxy.sh file. Try to launch it manually with sh eap_proxy.sh and see if it returns an error. If you modified the file in windows before uploading, it may have invalid (for linux) line endings. If you think this may be the case, run
If you still can’t figure out the issue there are a few places you can try for additional assistance,
If you continue to have issues that you’re unable to resolve it’s probably time to roll back your configuration changes.
You’ll to restore your USG backup. To do this, open your controller’s webui and navigate to Settings > Maintenance > Restore > Choose File and upload the backup you took at the start of this guide. This should restore you back to the configuration you had at the time of your backup.
If you’re unable to reach the webui, try power cycling the USG and waiting 5–10 minutes. As a final resort you can also reset to factory defaults by pressing the reset button for 10 seconds.