This page explains different configuration scenarios for Ubiquiti UniFi Controller with IronWifi - Captive Portal and WPA-Enterprise with external RADIUS authentication and accounting.
Warning - the Guest authentication in UniFi Network Controller firmware version 5.10.12 is broken. If you are experiencing authentication issues, please make sure you are using latest firmware version (5.10.17+) before contacting our Support team.
Configuring UniFi Controller for external Captive Portal authentication
IronWifi Console configuration
- Sign in to the Console
- Click on Networks and add a Network
- Click on Captive Portals and add a Captive Portal
- In the Captive Portal settings, add Authentication Provider - can be Anonymous for testing purpose
- IronWifi servers need to directly connect to your Controller (SW, Cloud Key) to authorize connecting devices. Enter the Controller URL or leave blank if the Controller public address is the same as connecting devices IP address (router public IP address). Controller URL should be in this format: - https://your_public_static_ip:8443. Make sure it is the PUBLIC IP address and it's reachable through the Internet (not internal address like 192.168.*.*, 172.16.*.*, or 10.*.*.*). You might need to configure port forwarding on your Internet router and firewall. If you are not sure, please consult with your ISP provider.
- Decide if you want to enable the Use Proxy feature. If enabled, we will be connecting to your controller from static IP addresses 126.96.36.199, or 188.8.131.52, or 184.108.40.206 but the authorization process will be little slower. If you disable this feature, we will be connecting from dynamic IP range - https://cloud.google.com/appengine/kb/#static-ip and the client authorization process will be faster.
- Enter Controller username (administrator privileges, you can create a new user in your controller) and password.
- Enable Controller monitoring
Ubiquiti Controller configuration
- Sign-in to your Ubiquiti Controller
- In Wireless network settings change the Security to Open and enable Guest Services
- Navigate to Guest services settings
- Select External Captive Portal
- Enter 220.127.116.11 in the IPv4 address input field
- Check the Use Secure Portal checkbox
- Check the redirect using hostname checkbox and enter the hostname from the Captive Portal settings page in IronWifi Console - for example splashr-bem7i-wud54-re5up.ironwifi.com
- Uncheck the Enable HTTPS Redirection
- Add 18.104.22.168/32 to the Pre-Authorization Access list
- Apply settings and try with your phone or computer
Configuring UniFi Controller for WPA-Enterprise
If you wish to have a WPA-Enterprise protected network without Captive Portal, navigate to Wireless Networks and change Security to WPA-Enterprise. Enter information about the RADIUS servers, IP addresses, ports and shared secrets are available in IronWifi Console -> Networks.
Captive Portal can return different error codes in the error_message parameter.
- unifi_authentication_failed - credentials configured in the Captive Portal settings are probably not valid. Sign in to the Ubiquiti Controller and create new admin user and password. Configure this username and password in the Captive Portal configuration page in our Console.
- unifi_gw_connection_failed - our servers could not connect to your Controller. Make sure the Controller is reachable over the internet, check your firewall settings and port forwarding rules if necessary. The controller should listen on port 8443/TCP.