Hello @BurningRoli

From what I can read here, you are the absolute professional when it comes to Internet Box and Unifi USG. 🙏

Many thanks to you in advance, thanks to your input I was able to solve this problem, simply brilliant!!

Can I now ask you how you would solve the following problem with your settings (which I have successfully implemented as you described and everything works perfectly, except SCTV, which I don’t need):

Connection via DynDNS from Swisscom Box (huber.internet-box.ch) (IP range IB2: 172.16.1.1/24) to the UniFi Controller on CloudKey Gen2 with IP 192.168.1.54 ((DHCP from USG 4: 192.168.1.1/24).

I would like to control the sites centrally from my UniFi controller (see above) for various sites (Eltern and in-laws) that do not have a local controller. I will then direct the APs (in their local network) to the DynDNS using “set inform URL” ( [http://huber.internet-box.ch:8080/inform](http://huber.internet-box. ch:8080/inform)).

Unfortunately I don’t understand how I can route the DynDNS address to the other network class on the controller.

P.S. my static IP for USG is set to 172.16.1.149 instead of xxx.254 (for USG: WAN IP 172.16.1.149), VLAN also works perfectly 😁

Can you help me with that? Or can another specialist help me? There are quite a few specialists here when I read the posts… 🙏

Thank you very much in advance

Greeting

Lorenz

Hello everyone

Does anyone of you have any idea what I’m doing wrong with my setup?

1. CB2 with fixed IP and DMZ mode

2. USG Pro 4 outgoing WAN 1 connected directly to port 1 of the CB2

3. CloudKey gen 2 connected to the USwitch 24

Now I have the problem that I can’t reach the CloudKey from outside. Although it is displayed to me via the Ubiquiti portal and I can access the controller via the portal, I cannot integrate any external devices into the network (adoption).

I also can’t establish a VPN connection. Can you help me here if necessary?

I’m at my wits’ end. Do I have to do anything on the USG (firewall)?

Maybe you also have a tip for me @BurningRoli?

Thanks for your help.

LG

SashaS

hmmm @SaschaS

do you have a controller hostname/ip defined in the settings?

Have you enabled the port on the firewall? With my IB2 I also release them again.

inform port forwarded to the correct IP?

Last but not least, overwrite the hostname.

Then you should add devices outside your network with the Static IP 1.1.1.1:8080 and the Inform Port

greeting

Hello @LittlePimp

port forwarding to the internal IP of your CloudKey with port 8080

---

@jarhead_r wrote:

hmmm @SaschaS

Do you have a controller hostname / IP defined in the settings?

Have you enabled the port on the firewall? With my IB2 I also release them again.

inform port forwarded to the correct IP?

Last but not least, overwrite the inform hostname.

then you should add devices outside your network with the Static IP 1.1.1.1:8080 and the Inform Port

greetings

---

yes, I have stored the fixed IP of the router there. However, somehow this doesn’t work. Which IP do I have to enter?

I had also set up port forwarding on the USG, now I have removed it, it hasn’t worked so far.

@SaschaS

But the controller is the CloudKey and not the router, just store the CloudKey IP

After that, in my opinion, everything has to be adopted again.

Port forwarding logically also to the CloudKey

Hello @jarhead_r

Many thanks in advance.

Is this possible if the IB2 (172.11.1.x) is in a different DHCP range than the USG (192.168.1.x)?

Where does port forwarding have to take place, in the IB2 or in the USG?

Shouldn’t all ports in IB2 already be released because of the DMZ?

Thanks and greetings

Lorenz

Good morning @LittlePimp

On the IB2 (172.11.1.x) you should set up the DMZ on the router USG (192.168.1.x)

In the USG itself you then set the port forwarding to the controller.

I put my IB2 DMZ on the UDM Pro and also port forwarding…….
Because I don’t always completely trust the Swisscom router XD

@jarhead_r

Thanks for the feedback. However, I set the settings accordingly and the whole thing still doesn’t work as usual. I’m trying from outside via command

mca-cli

set-inform http://146.x.xx.xxx:8080/inform

Connecting the devices, but nothing happens.

Here are a few print screens of the settings:

https://ibb.co/3RYtwWD
https://ibb.co/NmmK9wR
https://ibb.co/m0MDCgG

Do you have any other ideas what I could do?

Do I have to do anything else on the CB2?

Could it be that something was set incorrectly on the CloudKey itself?

https://ibb.co/vchNTy6

Please note:

CB2 has the local IP: 192.168.1.2

USG Pro has the local OP: 192.168.1.1

Hello @Tux0ne

Thanks for your answer.

By DMZ I meant that I have configured my Centro Business 2.0 as shown in the pictures attached here.

https://ibb.co/B335w8w
https://ibb.co/XWYJ1JQ

Is there anything special to consider with this setting?

---

@Tux0ne wrote:

The cloud key is accessible via UBNT Cloud (Cloud Access enabled), but you can’t continue your setup because you can’t adopt the switch and the USG? Am I understanding this correctly?

If so, it has nothing to do with port forwarding but rather the adoption itself fails, probably because an existing setup was somehow modified?!

(Port forwarding like STUN to the Cloudkey makes no sense, it needs the STUN port and 8883 outbound to communicate with the cloud…)

---

Do I understand correctly that I can remove port forwarding again?

It is true that I can access and control the system via UBNT Cloud. Only external devices can no longer be adopted. Previously this worked without any problems.

Your assumption is also correct that this is a changed setup. The location has moved and the CloudKey has been reinstalled. Everything works wonderfully in-house. Just not outside. I’m also currently unable to establish a VPN connection, which led me to suspect that it might be due to the USG pro 4 or the CB2…

Do you have any other tips for me as to what else I could try?

Addendum:

I have completely reset the external AP. But still can’t adopt him with the known commands.

LG, SaschaS

You certainly don’t need port forwarding for adoption.

The problems can be varied, but they can be found in your UniFi network.

Here you have a whole chapter of help: [https://help.ui.com/hc/en-us/articles/360012622613-UniFi-Device-Adoption](https://help.ui.com/hc/en -us/articles/360012622613-UniFi-Device-Adoption)

You have set it correctly regarding CB2. It would also be important to turn off the DMZ firewall in the CB because you have a USG and don’t want to do everything twice.

The USG on the WAN uses DHCP to obtain the usable public IP from your subnet and the CB actually no longer plays a role.

So it doesn’t matter at all what the LAN addressing is. It can even be the same as the LAN in the CB since there are 2 different networks.

Despite it. Absolutely no one in the security sector uses 192.168.1/24 on the internet.

This is simply used too often.

So if it turns out that you completely reset your setup, you can do a decent addressing right away.

According to the screenshots, you haven’t configured too much.

Thanks, I’ll try my luck again tonight. The IP addressing thing is still planned. I wanted to solve the problem here first.

Can you tell me if necessary, or does the CloudKey also need to be connected to the CB2, or is the connection via switch sufficient?

Switch is on USG LAN 1. CB2 is on WAN 1.

(I’m asking pretty basic things right now, but with Ubiquiti I had made the stupidest mistakes in the past, where I ended up just getting annoyed…. I’m guessing that this time a very stupid mistake was configured as well)…

Do you have any other contacts who could help if necessary? The effort will of course be paid accordingly. I assume that SC itself does not offer any support here….

---

@Tux0ne wrote:

You certainly don’t need port forwarding for adoption.

The problems can be varied, but they can be found in your UniFi network.

Here you have a whole chapter of help: [https://help.ui.com/hc/en-us/articles/360012622613-UniFi-Device-Adoption](https://help.ui.com/hc/ en-us/articles/360012622613-UniFi-Device-Adoption)

Regarding CB2 you have set it correctly. It would also be important to turn off the DMZ firewall in the CB because you have a USG and don’t want to do everything twice.

The USG on the WAN uses DHCP to obtain the usable public IP from your subnet and the CB actually no longer plays a role.

So it doesn’t matter at all what the LAN addressing is. It can even be the same as the LAN in the CB since there are 2 different networks.

Still. Absolutely no one in the security sector uses 192.168.1/24 on the internet.

This is simply used too often.

So if it turns out that you completely reset your setup, you can do a decent addressing right away.

According to the screenshots, you haven’t configured too much.

---

No, the Cloudkey has to be in the ubnt network and certainly not in the Centro Business LAN.

So yes, you shouldn’t expect any help from Swisscom. Even if this were to be solved in this forum, it would not have been Swisscom but someone who was voluntarily providing help. So please don’t mix it up 😂

Do you not see the devices at all via Cloudkey or do you have an error message during adoption?

It’s clear to me that there are no Swisscom employees here. 🙈🙈🙃

But I’ve already read a lot from you, so I think I’m already seeing an expert 😉

The fact is that I can basically see all the devices on my own network and adopt them. I just no longer see the devices at the external locations and can therefore no longer adopt them. I was able to adopt the devices in the old network without any problems using the familiar SSH command.

Can I create a support account for you so that you can view my setup?

As I said, it doesn’t have to be free 🙂

Oh right. Do you have a Cloudkey with different sites that you have connected to each other via VPN?

Sorry, I didn’t realize that. Have you already sketched this setup somewhere?

Can you currently reach the other devices via ssh via the VPN?

Yes, it is fanned that I place the devices in different sites. However, I would first like to try to integrate the devices into the existing site. Afterwards I can move the devices to another site.

So far the sites are not connected via VPN. This only happens in a second step. However, I had the same setup running before. Also with various external locations (connected to one site).
I’ll send you the drawing later.

Here is another current topology:

https://ibb.co/LhzpN3p

Hello @SaschaS

I have Unifi running…

But I have an IB3.

For me the IB3 is on the standard IP range 192.168.1.1

The USG-4-Pro had obtained a DHCP address from the IB3

Haber assigned the USG the following fixed IP: 192.168.2.1

From the USG-4P I go to a switch.

And the Unifi cloud key is connected there, to which I have assigned a static IP.

I first tried with different IP ranges, but had no success…….

In addition, the Unifi is secured with a letzscryt certificate.

Greetings Lorenz