Skip to content

Instantly share code, notes, and snippets.

Last active October 22, 2023 12:16
Show Gist options
  • Save lg/998d3e908d547bd9972a6bb604df377b to your computer and use it in GitHub Desktop.
Save lg/998d3e908d547bd9972a6bb604df377b to your computer and use it in GitHub Desktop.
making the ubnt wifi awesome (uap ac lite) w/ openwrt
making the ubnt wifi awesome (uap ac lite) w/ lede (openwrt)
the reasons you would do this:
- you get 802.11r
- you get better roaming
- you get access to some new 5ghz channels
** note that though we're using Lede, it's essentially openwrt minus the drama
lots of info here:
if your AP is already on a unifi network (i.e. not new)
- make sure that the online uniquiti interface isn't auto-updating it back to the latest version
- as per, downgrade the ubnt to 3.4.7:
it's here:
- scp it to root@ubnt_ip_addy /tmp
- then 'fwupdate.real -m firmware.bin'
- ok now it's downgraded, time to install lede
ar71xx is the cpu
you'll be installing from trunk, so there'll be some excitement. (no gui for example)
image at:
- scp it to root@ /tmp. it's the same ip as before since it'll still be on ubnt firmware, just older. if you're updating a fresh uap-ac-lite, the username/password to ssh is ubnt/ubnt
- ssh in and run
mtd -r write /tmp/lede-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin kernel0
- if it reboots back to the regular ubiquiti firmware, you didnt downgrade (only applicable for non-fresh APs)
- ok now it starts lede. note there will be no web browser because it's on trunk
- scan your network to find out the ipv6 address and ssh in. alternatively change your ip to the 192.168.1.X range and ssh into
for example: ssh root@fe80::822a:a8ff:fe49:2859%en0
- set a password using the 'passwd' command
- before we get the webui up lets clean up a bit more
/etc/init.d/firewall disable
/etc/init.d/firewall stop
opkg remove dnsmasq
- ssh back in, lets hope stuff still works
- run 'opkg update'
- run 'opkg install luci-ssl'
- now you should be ableto use the web interface at
- ok now go through all settings and set things up right for yourself. i do the following:
- System>System and change hostname
- System>Adminsitrator and put your ssh public key
- System>LED Configuration and add white:dome (unchecked state) and add blue:dome (checked state)
- Network>Wireless and add your networks. after enabling the 5ghz network, it can take a minute for the interface to actually enable
ok now lets add 802.11r for fancy roaming between devices. back to the terminal
opkg update
opkg remove wpad-mini
opkg install wpad
/etc/init.d/network restart
# mobility domain can be anything, must be same between all aps though
uci set wireless.@wifi-iface[0].ieee80211r='1'
uci set wireless.@wifi-iface[0].mobility_domain='e612'
uci set wireless.@wifi-iface[0].pmk_r1_push='1'
# these numbers are the MAC address of the interface you want 802.11r for
# (based on
uci set wireless.@wifi-iface[0].nasid='44D9E79239B0'
uci set wireless.@wifi-iface[0].r1_key_holder='44D9E79239B0'
# these should be the same for all your APs. you need a line per AP (for both r0kh and r1kh).
# that last mumbojumbo is a password, change it to something unique for you.
# the pattern should be obvious, basically all your MAC addresses sometimes with : and sometimes not
uci add_list wireless.@wifi-iface[0].r0kh='44:D9:E7:92:39:B0,44D9E79239B0,8a7fcc966ed0691ff2809e1f38c16996'
uci add_list wireless.@wifi-iface[0].r0kh='44:D9:E7:92:3A:00,44D9E7923A00,8a7fcc966ed0691ff2809e1f38c16996'
uci add_list wireless.@wifi-iface[0].r1kh='44:D9:E7:92:39:B0,44:D9:E7:92:39:B0,8a7fcc966ed0691ff2809e1f38c16996'
uci add_list wireless.@wifi-iface[0].r1kh='44:D9:E7:92:3A:00,44:D9:E7:92:3A:00,8a7fcc966ed0691ff2809e1f38c16996'
# kick off bad low signal clients
uci set wireless.@wifi-iface[0].disassoc_low_ack='1'
uci commit wireless
/etc/init.d/network restart
Copy link

kwapster commented Dec 9, 2020

do you by any chance know how to revert this back to stock

Copy link

lg commented Dec 22, 2020

do you by any chance know how to revert this back to stock

@kwapster i never ended up reverting them, but curious if you did it? howd you end up doing it?

Copy link

twstagg commented Apr 7, 2021

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment