Ubiquiti gateway upgrade, QNAP and thoughts

I installed my Ubiquiti USG a long time ago in Milan. It initially acted as a gateway with a 30 Mb/sec radio link. Then, when my house was served by FTTH at 1 GB/sec, I immediately upgraded my line. That was a game changer as I could finally backup my QNAP in an S3-like bucket in the cloud.

That happened just a few weeks before the Covid pandemic, so -despite the hard times- I could enjoy full Internet speed during the lockdown.

Even though the USG is a low-spec device (Dual-Core 500 MHz MIPS64, 512Mb of RAM), it did great with a 1 Gb/sec link. I never had a glitch, and I’m a heavy user: QNAP backups, remote data transfers, and the docker images pull and push.

I recently decided to upgrade my Ubiquiti USG to the UXG Lite as I really wanted the embedded Wireguard support. So far, I have terminated my OpenVPN and Nebula VPN on a NanoPI 5 and used dynamic routing to inject the routes into the USG. To do that on USG, I used the config.gateway.json configuration file to start, among other things, both RIPv2 and BGP dynamic routing protocols.

After my experience of my OpenWRT in London, I liked the idea of terminating as much as possible in my central gateway. The announcement of Wireguard support in Ubiquiti was really appealing, and the low price of the UXG Lite made me decide to buy one.

The photo below shows the upgrade of the USG to UXG Lite:

I have to say that, with the Ubiquiti Controller, the upgrade was (initially) painless. Once I changed the basic IP settings in the UXG Lite and configured the “set-inform” URL, the controller acquired the gateway and pushed the configuration. Everything worked like a charm in a few minutes. I immediately checked the VPN tab on the Ubiquiti Controller and showed Wireguard. I was super happy.

But … all my custom configurations, like RIPv2 or my IPv6 tunnelling, weren’t working. The gateway didn’t pick up my config.gateway.json. I initially thought there was some configuration error: when USG didn’t like something in the json, it discarded the whole configuration. So, I tried to understand what was going wrong. I searched the forums and found out that the UXG Lite no longer supports any custom configuration using the config.gateway.json. Despite being both Linux-based routers, the engine seems to have changed from USG to UXG Lite, and custom (supported) configurations are no longer available. This means you must stick with the configuration options on the Ubiquiti Controller.

While you can certainly log in as root via SSH to the UXG Gateway and perhaps force the configuration manually using standard Linux commands, that’s not the experience I would like to have.

As an enterprise gears girl, I was kind of happy with the Ubiquiti products. Especially with the WiFi Access Points, I can have products with enterprise vibes at a decent price. Perhaps I’m too used to real enterprise products or to appliances where I can customise all the details, so I was deeply disappointed.

It seems like Ubiquiti, like other products, is following the “app” philosophy. You can have a broad set of features, but those are it. You can’t do much more than what the official specs give, and they discourage any other usage (aka “hacks”). I can say something similar to QNAP products.

Don’t get me wrong. Ubiquiti and QNAP are wonderful products. They are well-engineered and can accommodate advanced home users and home-lab enthusiasts to mid-sized companies. QNAP appliances, for example, can handle virtual machines and containers, have disaster recovery snapshot capabilities, and perhaps have more features than an enterprise product like NetApp can give to those target users for a reasonable price. I have a QNAP (TBS-453A) that was a gift from a friend, and it is running even longer than my former USG and still receives updates. I would suggest those products to anyone with more standard needs, which probably means >90% of the people and companies I know.

That’s the catch. I don’t have standard needs. Because I’m an atypical advanced user and run specific tests and labs, I need more customisation than the average home-lab enthusiast. If we want to stay with the QNAP example, I run two FreeBSD ZFS NASes in parallel with my QNAP. Although they run fewer services than my QNAP, they are tailored to my needs.

I need the exact same approach for my gateway. I’m now thinking about replacing the UXG Lite with an OpenWRT or VyOS over a standard x86 or ARM, which, despite perhaps having fewer features, allows me more customisations.

I can’t wait to have my IPv6 tunnel and GeoIP restrictions back.