1. Home
  2. Devices & Hardware
  3. Ubiquiti UniFi Cloud Controller

Ubiquiti UniFi Cloud Controller

This article describes installation and configuration steps for Ubiquiti UniFi Cloud Controller ( v5.7 or above). Our test was performed with Unifi controller 5.11.50 and Unifi AP-AC-Lite firmware version 4.0.54.10625.

( previous test was performed with v5.9.29 and v5.10.23.11668-1 controllers and Unifi AP-AC-Lite v4.0.9.9639.)

Connecting

Log in to your UniFi controller and click the Setting icon.

Create a Wireless Network that will be enabled for Guest Access.


Go to Settings / Wireless Networks, click Create New Wireless Network and configure following:

Name/SSID: Your SSID ( it’s your choice what will be set as SSID Name, Guest WiFi in our case)
Enabled: Enabled
Security: Open
Guest Policy: Enabled

Click Save to apply changes.

Go to Guest Control page and on the Guest Policies section set following:

Enable Guest Portal: Enabled
Authentication: Hotspot
Default Expiration: 8 Hours
Landing Page: Promotion URL – insert desired URL
Use Secure Portal: Disabled
Redirect using hostname: Disabled
Enable HTTPS Redirection: Disabled
Enable encrypted redirect URL: Disabled

On the Portal Customization section as Template Engine set Angular JS and enable Override Default Templates.

Later, when you change index.html and auth.html files Desktop preview will change to:

In the Hotspot section enable Radius-based authorization

Override Default Template should be disabled in the Voucher Customization section.

From the Radius section select previously created Profile . ( check Configuring parameters section to learn how to create new Radius profile)
As Authentication type select CHAP.
Accept incoming disconnect request: DISABLED

On the Access Control / Pre-Authorization section enter the Walled garden IP’s.

connect.starthotspot.com
cdn.starthotspot.com
starthotspot.com
40.121.151.4

13.92.228.228
13.90.247.200

Configuring parameters

Go to the Profiles Radius section and click Create new RADIUS profile button.
Click Create New RADIUS Profile and configure following:

Profile Name: Starthotspot
RADIUS Auth Server: 13.92.228.228
Port: 1812
Password / Shared secret: (contact our office)
Click Add Auth Server and configure Radius server 2:
RADIUS Account Server: 13.92.228.228
Port: 1813
Password / Shared secret: (contact our office)
Interim update: Enabled
Interim update interval: 86400

Save changes.

If you want to enable Social network login feature or use Paypal as payment gateway, add further IP’s as per below for each network you plan to support.

Please note, these IP ranges are subject to change depending on the social network setup.

Facebook

31.13.24.0/21
www.facebook.com
staticxx.facebook.com
connect.facebook.net
static.xx.fbcdn.net
157.240.0.0/16
31.13.0.0/16
– if it does not work, try adding:
45.64.40.0/22
66.220.144.0/20
69.63.176.0/20
69.171.224.0/19
74.119.76.0/22
103.4.96.0/22
129.134.0.0/16
173.252.64.0/18
179.60.192.0/22
185.60.216.0/22
204.15.20.0/22

Twitter

199.16.156.0/22
199.59.148.0/22
199.96.56.0/21
192.133.76.0/22

LinkedIn

91.225.248.0/23
www.linkedin.com
static.licdn.com
184.51.0.0/16
108.174.0.0/16
– if it does not work, try adding:
103.20.94.0/23
108.174.0.0/22
108.174.4.0/24
108.174.8.0/22
108.174.12.0/23
144.2.0.0/22
144.2.192.0/24
216.52.16.0/23
216.52.18.0/24
216.52.20.0/23
216.52.22.0/24
65.156.227.0/24
8.39.53.0/24
185.63.144.0/24
185.63.147.0/24
199.101.161.0/24
64.152.25.0/24
8.22.161.0/24

Paypal

paypal.com
sandbox.paypal.com
paypalobjects.com
paypalssl.doubleclick.net
paypal.112.2o7.net
securepics.ebaystatic.com
mobile.paypal.com
m.paypal.com

Facebook app setup instructions

Twitter app setup instructions

LinkedIn app setup instructions

Apply changes to save.

At the end, you will need to modify two html files on the controller so that it correctly redirects and authenticates.

Last, very important step:
Download this file and unzip contents (index.html and auth.html) it in your app-unifi-hotspot-portal directory
Depending of the OS, it is usually located at the location bellow:

Windows: C:\Users\\Ubiquiti UniFi\data\sites\default\app-unifi-hotspot-portal
MAC: ~/Library/Application Support/UniFi/data/sites/default/app-unifi-hotspot-portal
Linux: /usr/lib/unifi/sites/default/app-unifi-hotspot-portal

If you are using Cloud key, please upload our index and auth files into appropriate site folder. By default it’s:

/srv/unifi/data/sites/default/app-unifi-hotspot-portal

Troubleshooting

Having troubles? Here is a quick check list:

1. Make sure that you selected CHAP and not MS-CHAP

2. Make sure that you replaced index and auth files.
– If it’s local controller installation files are on your computer. See paths above.
– If it’s Cloud Key installation, upload these files into appropriate folder
– If it’s Hostifi, send your files to the admin to replace original ones.

3. Make sure that you typed AP MAC address into our cloud portal

4. If the mobile you are testing is not reaching our Hotspot splash page, but instead you get ERR_CONNECTION_REFUSED with address like http://yourpublicip:8880/guest/s/…. please make sure that your AP can reach machine where controller is being hosted. If it’s your personal computer, do a port forwarding, unblock firewall etc…

5. Make sure to match exact model of your AP. In some cases mistakes are not obvious, for example:

6. Client MAC is not received

If you are getting the splash page, but can not login and receive “Invalid password” or other errors, please check if the AP is sending client MAC address.
Some versions of Unifi AP firmware are buggy and do not send client MAC.
In such a case, downgrade AP firmware to the earlier version.
At the time of writing, downgrade from 4.0.42 to 4.0.9 resolved the issue.

If your attempts to downgrade via web links (SSH or Unifi Controller) continuously fail, please do it this way: SCP into the AP, copy the firmware file to /tmp, then SSH in and run command.

7. Make sure that you configured Ubiquity AP (Unifi Controller) when you deploy APs with the controller.

If you need help with configuration, please go to starthotspot.com and contact our tech support. We’ll be glad to help you.

Updated on February 10, 2020

Was this article helpful?