Skip to content

Instantly share code, notes, and snippets.

Last active October 22, 2023 12:16
Show Gist options
  • Save lg/998d3e908d547bd9972a6bb604df377b to your computer and use it in GitHub Desktop.
Save lg/998d3e908d547bd9972a6bb604df377b to your computer and use it in GitHub Desktop.
making the ubnt wifi awesome (uap ac lite) w/ openwrt
making the ubnt wifi awesome (uap ac lite) w/ lede (openwrt)
the reasons you would do this:
- you get 802.11r
- you get better roaming
- you get access to some new 5ghz channels
** note that though we're using Lede, it's essentially openwrt minus the drama
lots of info here:
if your AP is already on a unifi network (i.e. not new)
- make sure that the online uniquiti interface isn't auto-updating it back to the latest version
- as per, downgrade the ubnt to 3.4.7:
it's here:
- scp it to root@ubnt_ip_addy /tmp
- then 'fwupdate.real -m firmware.bin'
- ok now it's downgraded, time to install lede
ar71xx is the cpu
you'll be installing from trunk, so there'll be some excitement. (no gui for example)
image at:
- scp it to root@ /tmp. it's the same ip as before since it'll still be on ubnt firmware, just older. if you're updating a fresh uap-ac-lite, the username/password to ssh is ubnt/ubnt
- ssh in and run
mtd -r write /tmp/lede-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin kernel0
- if it reboots back to the regular ubiquiti firmware, you didnt downgrade (only applicable for non-fresh APs)
- ok now it starts lede. note there will be no web browser because it's on trunk
- scan your network to find out the ipv6 address and ssh in. alternatively change your ip to the 192.168.1.X range and ssh into
for example: ssh root@fe80::822a:a8ff:fe49:2859%en0
- set a password using the 'passwd' command
- before we get the webui up lets clean up a bit more
/etc/init.d/firewall disable
/etc/init.d/firewall stop
opkg remove dnsmasq
- ssh back in, lets hope stuff still works
- run 'opkg update'
- run 'opkg install luci-ssl'
- now you should be ableto use the web interface at
- ok now go through all settings and set things up right for yourself. i do the following:
- System>System and change hostname
- System>Adminsitrator and put your ssh public key
- System>LED Configuration and add white:dome (unchecked state) and add blue:dome (checked state)
- Network>Wireless and add your networks. after enabling the 5ghz network, it can take a minute for the interface to actually enable
ok now lets add 802.11r for fancy roaming between devices. back to the terminal
opkg update
opkg remove wpad-mini
opkg install wpad
/etc/init.d/network restart
# mobility domain can be anything, must be same between all aps though
uci set wireless.@wifi-iface[0].ieee80211r='1'
uci set wireless.@wifi-iface[0].mobility_domain='e612'
uci set wireless.@wifi-iface[0].pmk_r1_push='1'
# these numbers are the MAC address of the interface you want 802.11r for
# (based on
uci set wireless.@wifi-iface[0].nasid='44D9E79239B0'
uci set wireless.@wifi-iface[0].r1_key_holder='44D9E79239B0'
# these should be the same for all your APs. you need a line per AP (for both r0kh and r1kh).
# that last mumbojumbo is a password, change it to something unique for you.
# the pattern should be obvious, basically all your MAC addresses sometimes with : and sometimes not
uci add_list wireless.@wifi-iface[0].r0kh='44:D9:E7:92:39:B0,44D9E79239B0,8a7fcc966ed0691ff2809e1f38c16996'
uci add_list wireless.@wifi-iface[0].r0kh='44:D9:E7:92:3A:00,44D9E7923A00,8a7fcc966ed0691ff2809e1f38c16996'
uci add_list wireless.@wifi-iface[0].r1kh='44:D9:E7:92:39:B0,44:D9:E7:92:39:B0,8a7fcc966ed0691ff2809e1f38c16996'
uci add_list wireless.@wifi-iface[0].r1kh='44:D9:E7:92:3A:00,44:D9:E7:92:3A:00,8a7fcc966ed0691ff2809e1f38c16996'
# kick off bad low signal clients
uci set wireless.@wifi-iface[0].disassoc_low_ack='1'
uci commit wireless
/etc/init.d/network restart
Copy link

twstagg commented Apr 7, 2021

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment