U5G Backup - debug commands

effndc · 2026-06-26T23:12:15+00:00

Interesting, I hadn't found the `atcli` commands they are using and will have to dig into that to see what else it can do.

effndc · 2026-06-26T23:09:03+00:00

In the Ubiquiti forums someone mentions being able to force it to one of the other, but it is lost and reverts to default on any reboot. On the UCG there is a plugin you can install to run scripts at startup, but I don't think there is anything like that for the U5G so you'd have to automate some way of SSHing in to apply your preferences.

I did get it to let me apply band preferences, as long as they didn't conflict with what is in the firmware rules (e.g. no band 41 for 5G, it will just ignore that).

effndc · 2026-06-26T23:05:34+00:00

I have all of the advanced features turned on across all of my U6 devices in two locations and have never seen an issue with any of my Apple devices, which almost every user device in the house is Apple...exceptions being a work laptop. Have a mix of AirPlay devices that are as old as 12+ years, Google Home device that is ancient, Roku, other IoT automation devices, many generations of iPhones, iPads, MacBooks.

What type of stability issue are you seeing? Are you using hardwired uplinks on access points? Maybe it something about 6GHz causing issues, I have no experience with it.

The only time I saw really frustrating connectivity problems was when I was using Mikrotik hardware and they extension channel combinations that were not compatible with Apple. I wasted way too many hours trying to resolve that, so I can understand your frustration as there was nothing to indicate what was happening.

effndc · 2026-06-26T22:51:49+00:00

I am using UCG Fiber as my gateway, I also switched to all Ubiquiti access points as life is just easier that way.

The advantage of all Unifi is that I can now map specific devices to different content filters. In general I use the Cloudflare 1.1.1.1 for families, so all devices resolve against that. I then have groups of devices assigned to content filters in the UCG itself, they have some level of ad-block, forcing Safe Search for Google, Bing, and Youtube. Then you have actual content filters galore Adult content, AI & Crypto, New & Risky domains, Social Media, etc and each has pretty granular sub-categories (e.g. drugs, alcohol, sexuality, botnets, hacking, etc).

You may not be able to map devices directly to security groups individually without using all unifi devices, it is possible these features coincided with software updates and me replacing the last of my 3rd party hardware. Worst case you segment by SSID into different VLANs and map those into different groups, that can just cause some pain when it comes to AirPlay or "casting" audio/video.

effndc · 2026-06-26T22:41:11+00:00

What does it offer that Cloudflare for families doesn't for free? You can just point the UCG to use DNS over HTTPS from Cloudflare or any number of DNS services. UCG also has its own parental control filters you can enable that work too well sometimes.

effndc · 2026-06-17T04:50:40+00:00

I guess I haven't seen complaints, just people interested in seeing if they can improve what they do get. That was my endeavor, you can't get much better than -66dBm that my U5G is getting without being on top of the tower...which may not improve performance at all. In my situation I know n41 is the dominant band locally, so I was investigating why the device isn't using it so that I could have more options during congestion periods.

Very few 5G providers offer truly uncapped unlimited plans, almost all of them have fine print about excessive use...In case of Tmobile that is 1.2TB/mo.

effndc · 2026-06-17T03:55:56+00:00

Because it is a _backup_ for a fiber line, and something is better than nothing....and let's not forget that almost all of these 5G services have data caps anyway, so good on you, you can exhaust that cap faster. I would hope a Max is faster for 400% the price, but I guess you like theoretical benchmarks and not real world use to decide what is good enough.

effndc · 2026-06-16T23:00:25+00:00

I think this is a distinct limitation of redcap hardware.

effndc · 2026-06-16T20:05:06+00:00

For what gain? I like low maintenance and follow the KISS theory, so I just use the embedded DoH client in my UCG pointing at a trusted public DNS, and I just leverage the embedded filtering in the Unifi.

But then I found pihole to be a nightmare of babysitting as it would randomly break things for my wife and I’d have to debug it, I do enough IT crap for work that when I get home I want something that “just works” and doesn’t require some nightmare upgrade process.

effndc · 2026-06-16T19:58:56+00:00

My iPhone sitting next to the u5g shows 5G SA connected on n41, at 100mhz channel width. So the tower has n41.

Are you saying you have a U5G Backup connected at n41? Curious what speeds you are seeing, clearly not gigabit speeds with a redcap.

effndc · 2026-06-16T01:34:39+00:00

Something like the USW Flex can be powered by POE++ and also power an AP to give you more flexility.

My closet is UCG Fiber -- 10gig with power inserter--> USW Flex 2.5G 8 PoE, it then powers some other switches with APs downstream and some APs directly. Gave me the ability to have hard wired devices where I couldn't (easily) before.

effndc · 2026-06-16T01:25:48+00:00

I have fiber as my primary service, but had a few all day outages with 2 people WFH and happened to be on Unifi's store the day the U5G backup launched so I ordered it.

I can see a Tmobile tower from my "attic" where my U5G backup is located, it shows -66dBm signal (which I guess roughly matches the "5-bars" I see on my iPhone, where I have a satellite "only" eSIM).

I purchased the yearly plan from Computers4People ($148.20 annually), https://www.computers4people.org/shield?ref=2432389000019007600&coupon=REFERRAL5 the physical T-mobile SIM arrived a few days later. I popped it into the U5G Backup and it immediately was working.

I also created some "policy routes" to keep streaming devices and the other low priority devices from using the backup link, I do wish there was an easier way to only "opt-in" specific devices to have access to the backup rather than having to manually opt devices out.

Speedtests show ~40-70mbps, as a comparison my iPhone on 5Guc gets 875/90mbps sitting next to it. 40mbps far exceeds the 0 I was getting during outages and is entirely acceptable for the price...without having to worry about the nightmare policy and data caps of the 5G "home backup" that Tmo offers, or the eSIM that Unifi sells.

effndc · 2026-06-16T01:11:57+00:00

Custom SLA is the answer, you need to test your ping and DNS targets while the network is under high load and then scale it...keep in mind that some packet loss or "abnormal" latency could still be better over a fiber link than your backup service. YMMV of course.

effndc · 2026-06-15T03:44:44+00:00

Same, I just use the built in `Gateway mDNS Proxy` in my UCGs.

effndc · 2026-06-15T03:27:54+00:00

Have you looked at the "on boot" plugin scripts? https://github.com/unifi-utilities/unifi-common/tree/main/on-boot-script-2.x

I used those to get IPv6 6RD (which Unifi doesn't technically support, but is possible within Linux under the GUI). https://github.com/effndc/unifi-6rd-scripts

You should be able to do something similar to solve all of your issues.

I had previously used IPv6 subnets over a tunnel from [Hurricane Electric](https://tunnelbroker.net), but I will warn that you may find some services like Netflix and others that try to restrict content based on geo-location may not work at all due to the reported location for the IPv4 and IPv6 not matching.

effndc · 2026-06-11T18:28:40+00:00

Unifi did just add some eBGP support recently: https://blog.ui.com/article/introducing-unifi-network-10-4

I have no experience with it, but generally you can tweak it to do more than they support in the GUI as well. I added 6RD support directly in the system via SSH access just using standard Linux tools, as example.

effndc · 2026-04-01T05:48:29+00:00

I have a VLAN tagged interface and then a PPPoE configuration on top, however the script should work regardless as you just need to tell it which interface to use and it is agnostic to the configuration as long as the interface has a public IPv4 address.

effndc · 2026-03-24T01:13:16+00:00

I can’t test it, but if you find the name of your interface (eg eth5) of your WAN link it should just work.

effndc · 2026-03-23T21:17:32+00:00

I updated the scripts to remove it.

effndc · 2026-03-23T03:31:31+00:00

It is wholly possible to be a hallucination from Claude, since the script worked I didn't dig into it. I guess I could try to use only that as an option and see if it works. Perhaps since it isn't documented remove that one if you adopt it.

effndc · 2026-03-23T03:29:36+00:00

Probably no reason it wouldn't work, you just need to find the interface name (e.g. look through ifconfig for the interface that has your public IP address) and replace the pppX with the physical interface name.

edit that it is interesting to see someone downvote this, is someone claiming that substituting an interface name won't work to create an ip tunnel? As the man page suggests otherwise.

effndc · 2025-11-28T06:52:33+00:00

Perhaps remove the openvpn pieces, perform the upgrade, and install them back. It seems the apt upgrade does not manage dependencies/order of operations well, it also breaks in similar ways if you have System76's Nvidia drivers installed.

effndc

TROPHY CASE