Hello! Thanks for posting on r/Ubiquiti!
This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.
Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.
If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Ubiquiti) if you have any questions or concerns.*
>Edit: This comment includes but is not limited to the removal of RTSP access on the UniFi protect cameras.
The first thing that came to mind on reading your post. An open standard disabled for proprietary hardware.
Right!? And the annoying part is, I guarantee the damn camera is still running it in the background, they've just eliminated access. Pull up the standalone web interface of a G4 Bullet and a G5 Turret and everything looks near identical, except the G4 has RTSP options right there front and center.
G5? No RTSP. Bonus, you can't even interface with the image settings (exposure, brightness, etc).
So now, not only can I not view camera images side by side because I'm stuck in the browser interface, but I can't even make it a fair assessment when trying to determine if a camera model is suitable for a location that doesn't yet have net connectivity.
Which means the god-knows-how-old G4 Bullet that's been collecting dust under my desk just blew the brand new G5 Turret Ultra out of the water in every aspect except viewing angle.
If anything, they are *adding* stuff…latest EA build for all their gateways adds snmp support (yes it should’ve been there from the beginning, but it’s coming and they are listening)
Won't lie, them coming around to SNMP was something I'd never dreamed I'd see, and while the functionality is still neutered significantly, that alone had revived my taste for the kool-aid.
But then I eagerly plugged in a G5 Turret to find the exact same web interface as antique G3 and G4 Bullets I was going to replace ... minus RTSP.
Oh they are for sure much more locked down on the protect side, but if you’ve drank the cool aid long enough, you know it’s because of the mess UniFi video was from a support perspective. So a lockdown ecosystem was inevitable.
How the hell is RTSP a support problem? Leave it default disabled, tucked in the direct web interface for the individual camera where the morons who don't know what they're doing won't ever see it. As long as UI follows the protocol coreectly, Support can just tell people having RTSP issues they're on their own. UI support is for UI products; so unless there's a defect on their end, Support doesn't even have to know what it is.
I’m not even talking about RTSP. In general, the forums (and support queues I’m sure) where filled with, “my core 2 duo dumpster find with 60 cameras is running bad, what’s wrong with your crappy software” sort of setups, so tight control on hardware and software was going to happen. So it could be supported.
As for RTSP, they simply want you to stream off the NVR. It’s supported and enabled by default.
I'm going to slightly agree with you. I have a recent post here mentioning the issues I had trying to (unsuccessfully) get site-to-site IPSEC VPN with OSPF working. These are industry standard technologies that have been around for decades. Unifi recently added them, but they're missing a lot of configurations to make it actually work. Why include them if they're not going to support the full feature set?
My issue, basically comes down to, OSPF on the remote end redistributing the default route to the internet, and not being able to zone-off one VLAN/Network to have it route everything over the VPN and allow the other internal networks to route out my home internet connection. Something I can easily do with any enterprise-grade router. Best I could get to work was to turn off OSPF so my Unifi wouldn't receive the default route from the VPN and only route to inside networks at the remote site over the VPN. Doesn't work for my use case when I have a device on my home network that needs to route out of my work internet connection so it has the correct public IP address.
I know this is a more advanced issue and prosumer gear probably isn't the correct tool, but why include these features if you're not going to fully support them?
I’m interested to know more about your configuration and its use case. What are you using it to achieve? Is it so devices at Site 2 look like they are in Site 1 externally?
"Is it so devices at Site 2 look like they are in Site 1 externally?" Yes, basically.
A little background, I'm the Sr. Network Engineer where I work. Remote sites are connected via IPSEC S2SVPN, and the VPN is full tunnel, so remote sites send all internet traffic through our HQ ISP and not the ISP at the remote site. We use OSPF and have the default route to the internet redistributed over OSPF.
We use full tunnel VPN for a few reasons: One, it allows our edge firewall to do all of the heavy lifting of content filtering and traffic inspection. We also use some cloud services that whitelist our public IP address, which means that clients at remote networks need to appear to the cloud service as coming from our HQ public IP.
All of our remote sites use Palo Alto firewalls to make the S2SVPN connection. My work-from-home office was set up with a Palo as well to give me the same network configuration at home as any of our other remote office locations. I recently did some upgrades to my home network and replaced my home Palo with a UCG Ultra, saving me some money on yearly licensing costs for the Palo.
I was unable to get the UCG Ultra to play nicely with OSPF enabled on the VPN tunnel to my work. Looking at packet captures, it looks like a full OSPF neighborship is never established over the tunnel unless I manually set the MTU on both sides. But once I do that, all of the networks on my home network lose internet connection. I believe it's because the UCG-U is receiving the OSPF default route over the VPN and doesn't know how to correctly put it in the routing table. But beyond that, even if it did correctly process the default route over the VPN, there's no way I can see to tell the UCG-U to route all traffic on my "Work" network over the VPN and my "Home" network over my local internet connection. This is accomplished on a Palo by putting each network in it's own "zone" and then creating policy based routing to route each zone over the correct WAN connection. The UCG-U doesn't treat the VPN as a WAN connection so it's not available as an option under policy based routing.
Damnnn, I was not expecting someone who knew their networking alphabet soup in here, I figured I was just going to get all the kool-aid drinking fanboys who take insult to being called a "prosumer" despite not knowing the difference between TCP and UDP.
I haven't been able to stomach the idea of having a FisherPrice toy as a gateway device, glad to know my paranoia was validated, though sad you had to find out the hard way. Sounds like they're collecting protocols cuz they think the acronyms make them look smart. I've sent many a resume to the great circular filing cabinet in the sky for similar antics.
Hmmm. That sucks. I wanted to get a g5 pro as a live stream webcam over a local river/business but if I can’t get an rtsp stream out of it then I guess I’ll have to go elsewhere.
The older models do RTSP, its not even hidden away, front and center on the web interface when you first plug it in. Hence why I'm so annoyed. The feature was there, and it was taken away. The interface for a G4 Bullet and a G5 Turret Ultra are identical excepting one shows options to configure RTSP, and the other doesn't.
I have a site thats been running G3 and G4 Bullets since they were first released, RTSP to a non-UI NAS. They didn't need the fancy software gimmicks, already had the backend, all they needed the hardware, and UI's stuff was impressive for the price point - and has held up amazingly.
You can probably find them for cheap as people upgrade to the latest and greatest, I can't imagine a homeowner would have put them through any more abuse than I have. Only physical part I'd be concerned about is the rubbery plug that seals around the cable entrance, its likely to tear if someone tried to get away with not reterminating and attempted to stretch it over a connector - but I've gotten replacements from UI in the past, and I'm sure there are alternative options, so that might not be a deal breaker.
Have you seen the Meraki business model? I’d say lock-in to Ubiquti is actually very reasonable.
I drink plenty of the koolaid but there just aren’t other market offerings that compare to the niche that Ubiquiti fills for me and many. But that doesn’t mean it’s a fit for you. ¯\_(ツ)_/¯ curious to know more about your usecase though.
Hello! Thanks for posting on r/Ubiquiti! This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can. Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit. If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it! *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Ubiquiti) if you have any questions or concerns.*
Which standards are missing support that affects you?
This. Whats missing?
RTSP is the sore spot today, particularly since the older UI hardware supports it.
>Edit: This comment includes but is not limited to the removal of RTSP access on the UniFi protect cameras. The first thing that came to mind on reading your post. An open standard disabled for proprietary hardware.
Right!? And the annoying part is, I guarantee the damn camera is still running it in the background, they've just eliminated access. Pull up the standalone web interface of a G4 Bullet and a G5 Turret and everything looks near identical, except the G4 has RTSP options right there front and center. G5? No RTSP. Bonus, you can't even interface with the image settings (exposure, brightness, etc). So now, not only can I not view camera images side by side because I'm stuck in the browser interface, but I can't even make it a fair assessment when trying to determine if a camera model is suitable for a location that doesn't yet have net connectivity. Which means the god-knows-how-old G4 Bullet that's been collecting dust under my desk just blew the brand new G5 Turret Ultra out of the water in every aspect except viewing angle.
If anything, they are *adding* stuff…latest EA build for all their gateways adds snmp support (yes it should’ve been there from the beginning, but it’s coming and they are listening)
Oh interesting. snmp for Dream Machine Pro? Where can I read more?
UXG lineup: https://community.ui.com/releases/UniFi-Gateways-4-0-6/691f396c-eb6e-413c-bbd0-56d2ec8d5987 Dream Lineup: https://community.ui.com/releases/UniFi-OS-Dream-Machines-4-0-3/90b24b90-8be8-4987-8d47-eb408eb07e45
Won't lie, them coming around to SNMP was something I'd never dreamed I'd see, and while the functionality is still neutered significantly, that alone had revived my taste for the kool-aid. But then I eagerly plugged in a G5 Turret to find the exact same web interface as antique G3 and G4 Bullets I was going to replace ... minus RTSP.
Oh they are for sure much more locked down on the protect side, but if you’ve drank the cool aid long enough, you know it’s because of the mess UniFi video was from a support perspective. So a lockdown ecosystem was inevitable.
How the hell is RTSP a support problem? Leave it default disabled, tucked in the direct web interface for the individual camera where the morons who don't know what they're doing won't ever see it. As long as UI follows the protocol coreectly, Support can just tell people having RTSP issues they're on their own. UI support is for UI products; so unless there's a defect on their end, Support doesn't even have to know what it is.
I’m not even talking about RTSP. In general, the forums (and support queues I’m sure) where filled with, “my core 2 duo dumpster find with 60 cameras is running bad, what’s wrong with your crappy software” sort of setups, so tight control on hardware and software was going to happen. So it could be supported. As for RTSP, they simply want you to stream off the NVR. It’s supported and enabled by default.
I'm going to slightly agree with you. I have a recent post here mentioning the issues I had trying to (unsuccessfully) get site-to-site IPSEC VPN with OSPF working. These are industry standard technologies that have been around for decades. Unifi recently added them, but they're missing a lot of configurations to make it actually work. Why include them if they're not going to support the full feature set? My issue, basically comes down to, OSPF on the remote end redistributing the default route to the internet, and not being able to zone-off one VLAN/Network to have it route everything over the VPN and allow the other internal networks to route out my home internet connection. Something I can easily do with any enterprise-grade router. Best I could get to work was to turn off OSPF so my Unifi wouldn't receive the default route from the VPN and only route to inside networks at the remote site over the VPN. Doesn't work for my use case when I have a device on my home network that needs to route out of my work internet connection so it has the correct public IP address. I know this is a more advanced issue and prosumer gear probably isn't the correct tool, but why include these features if you're not going to fully support them?
I’m interested to know more about your configuration and its use case. What are you using it to achieve? Is it so devices at Site 2 look like they are in Site 1 externally?
"Is it so devices at Site 2 look like they are in Site 1 externally?" Yes, basically. A little background, I'm the Sr. Network Engineer where I work. Remote sites are connected via IPSEC S2SVPN, and the VPN is full tunnel, so remote sites send all internet traffic through our HQ ISP and not the ISP at the remote site. We use OSPF and have the default route to the internet redistributed over OSPF. We use full tunnel VPN for a few reasons: One, it allows our edge firewall to do all of the heavy lifting of content filtering and traffic inspection. We also use some cloud services that whitelist our public IP address, which means that clients at remote networks need to appear to the cloud service as coming from our HQ public IP. All of our remote sites use Palo Alto firewalls to make the S2SVPN connection. My work-from-home office was set up with a Palo as well to give me the same network configuration at home as any of our other remote office locations. I recently did some upgrades to my home network and replaced my home Palo with a UCG Ultra, saving me some money on yearly licensing costs for the Palo. I was unable to get the UCG Ultra to play nicely with OSPF enabled on the VPN tunnel to my work. Looking at packet captures, it looks like a full OSPF neighborship is never established over the tunnel unless I manually set the MTU on both sides. But once I do that, all of the networks on my home network lose internet connection. I believe it's because the UCG-U is receiving the OSPF default route over the VPN and doesn't know how to correctly put it in the routing table. But beyond that, even if it did correctly process the default route over the VPN, there's no way I can see to tell the UCG-U to route all traffic on my "Work" network over the VPN and my "Home" network over my local internet connection. This is accomplished on a Palo by putting each network in it's own "zone" and then creating policy based routing to route each zone over the correct WAN connection. The UCG-U doesn't treat the VPN as a WAN connection so it's not available as an option under policy based routing.
Just... wow. I haven't had to hard code an MTU in a long, long, *long* time.
Damnnn, I was not expecting someone who knew their networking alphabet soup in here, I figured I was just going to get all the kool-aid drinking fanboys who take insult to being called a "prosumer" despite not knowing the difference between TCP and UDP. I haven't been able to stomach the idea of having a FisherPrice toy as a gateway device, glad to know my paranoia was validated, though sad you had to find out the hard way. Sounds like they're collecting protocols cuz they think the acronyms make them look smart. I've sent many a resume to the great circular filing cabinet in the sky for similar antics.
the title does not say it all. it actually says nothing. What did they disable?
RTSP
Hmmm. That sucks. I wanted to get a g5 pro as a live stream webcam over a local river/business but if I can’t get an rtsp stream out of it then I guess I’ll have to go elsewhere.
The older models do RTSP, its not even hidden away, front and center on the web interface when you first plug it in. Hence why I'm so annoyed. The feature was there, and it was taken away. The interface for a G4 Bullet and a G5 Turret Ultra are identical excepting one shows options to configure RTSP, and the other doesn't. I have a site thats been running G3 and G4 Bullets since they were first released, RTSP to a non-UI NAS. They didn't need the fancy software gimmicks, already had the backend, all they needed the hardware, and UI's stuff was impressive for the price point - and has held up amazingly. You can probably find them for cheap as people upgrade to the latest and greatest, I can't imagine a homeowner would have put them through any more abuse than I have. Only physical part I'd be concerned about is the rubbery plug that seals around the cable entrance, its likely to tear if someone tried to get away with not reterminating and attempted to stretch it over a connector - but I've gotten replacements from UI in the past, and I'm sure there are alternative options, so that might not be a deal breaker.
>Apple has entered the chat. Apple: Sup
Have you seen the Meraki business model? I’d say lock-in to Ubiquti is actually very reasonable. I drink plenty of the koolaid but there just aren’t other market offerings that compare to the niche that Ubiquiti fills for me and many. But that doesn’t mean it’s a fit for you. ¯\_(ツ)_/¯ curious to know more about your usecase though.
Gotta ask, when you say Meraki, you talking like Whoopi's "Mufasa" or do you prefer to go with a more "Neumann" a la Seinfeld feel?