My Unifi Network: U7 Pro APs,
VPN Fabric, and Grafana Monitoring
Most home routers are black boxes. You plug them in, vaguely understand there's Wi-Fi coming out, and that's it. I wanted something different โ visibility into every device, every VLAN, every access point's signal strength, and a VPN I can trust running on infrastructure I understand.
That's why I moved to Ubiquiti Unifi. This is my current setup: U7 Pro access points, network managed through the Unifi controller, OneTouch VPN via Unifi Fabrics, and a Grafana dashboard that shows me exactly what's happening on the network at all times.
Why Unifi
Ubiquiti Unifi is prosumer networking โ the kind of gear used in small businesses and schools, but accessible and affordable enough for home labs. The big advantages over consumer routers:
- Separation of hardware and management โ the access points are dumb radios, the controller (software) does all the intelligence
- Proper VLAN support โ IoT, lab, main, guest โ all separate networks, properly segmented
- Real Wi-Fi analytics โ RF environment, client RSSI, channel utilisation, roaming events
- Scale โ manage 1 AP or 50 the same way
The U7 Pro Access Points
The Unifi U7 Pro is a Wi-Fi 7 (802.11be) access point. For a home, it's overkill in the best way โ the coverage is exceptional and the throughput headroom means the network never feels congested even with many devices.
Key specs worth knowing:
- Wi-Fi 7 with 2.4 GHz + 5 GHz + 6 GHz tri-band
- 2.5 GbE uplink port
- Up to 300 connected clients
- PoE powered โ one cable does power and data, no power adapter needed
I have APs deployed for full home coverage with zero dead spots. The roaming between APs is seamless โ you can walk from one end of the house to the other on a call and not notice the handoff.
Running the Unifi Controller on Proxmox
The Unifi controller (Network Application) runs as an LXC container on Proxmox. This is better than cloud-hosted because:
- No Ubiquiti cloud dependency for local management
- Faster response for local devices
- Full config backup via Proxmox snapshots
- Still accessible remotely when needed
# The community TTeck scripts make this easy
# Run on Proxmox host:
bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/unifi.sh)"
# Follow prompts โ creates an Ubuntu CT with UniFi Network App pre-installed
After the container is up, the controller UI is at https://[ct-ip]:8443. Go through initial setup, adopt your access points, and you're managing the network from a UI that actually shows you what's happening.
VLAN Segmentation: Keeping Things Separated
One of the first things I configured was proper VLAN segmentation. Everything is on its own network with specific firewall rules between them:
- VLAN 10 โ Main LAN: Trusted devices (laptops, phones)
- VLAN 20 โ IoT: Smart home devices, cameras, Nest devices. Can reach internet, cannot reach Main LAN
- VLAN 30 โ Lab: Proxmox, VMs, containers. Isolated from everything
- VLAN 40 โ Guest: Visitor Wi-Fi. Internet only, isolated from all internal networks
The U7 Pro APs broadcast separate SSIDs for each VLAN. My phone connects to the main network, IoT devices connect to the IoT SSID, guests get the guest SSID. Clean separation enforced at the switch level.
OneTouch VPN via Unifi Fabrics
Unifi Fabrics is Ubiquiti's mesh VPN product. OneTouch VPN is the specific feature that lets you create a VPN between Unifi sites (or between a site and a remote device) with a single button press โ no manual WireGuard config, no certificate management, no tunnels to debug.
Under the hood it uses WireGuard. But the entire setup is handled through the Unifi UI:
- In Unifi โ Network โ VPN โ Teleport (or Site Magic depending on your controller version)
- Enable Teleport/Fabrics on your network
- On a remote device, install the Unifi Teleport app
- Scan QR code โ instant WireGuard tunnel back to your home network
When I'm working remotely from a cafรฉ, I'm on my home network as if I never left. Full access to Proxmox, Home Assistant, Pi-hole (so my DNS blocking follows me), everything. And because it's WireGuard, the performance overhead is minimal.
Grafana Dashboard: Seeing Everything
The Unifi controller already gives you good visibility. But I wanted long-term trend data, custom metrics, and the ability to correlate network events with other infrastructure data in a single dashboard. That's where Grafana + InfluxDB come in.
The Stack
- Grafana โ dashboard and visualisation layer
- InfluxDB โ time-series database for storing metrics
- Unifi-Poller โ open-source tool that pulls data from the Unifi controller and writes it to InfluxDB
All three run as Docker containers on Proxmox. The setup is about 30 minutes from zero to a live dashboard.
# docker-compose.yml (simplified)
services:
influxdb:
image: influxdb:2.7
ports: ["8086:8086"]
volumes: [./influxdb:/var/lib/influxdb2]
grafana:
image: grafana/grafana:latest
ports: ["3000:3000"]
volumes: [./grafana:/var/lib/grafana]
unifi-poller:
image: golift/unifi-poller:latest
environment:
UP_UNIFI_DEFAULT_URL: https://[unifi-controller-ip]:8443
UP_UNIFI_DEFAULT_USER: readonly-user
UP_UNIFI_DEFAULT_PASS: [password]
UP_INFLUXDB_URL: http://influxdb:8086
There are community-built Grafana dashboards specifically for Unifi-Poller. Import dashboard ID 11310 (Unifi-Poller: Clients) and 11312 (Unifi-Poller: Sites) from Grafana's dashboard library. You get a professional monitoring view in minutes.
What the Dashboard Shows
Sample Metrics โ Unifi Network Dashboard
The real value is time-series data โ I can look back at network load over the past week, see when a device went offline, or identify what time of day my WAN is most congested. That kind of visibility doesn't exist on a standard home router.
Things I'd Do Differently
If I were building this from scratch with what I know now:
- Buy a Unifi gateway/router from the start โ I'm still using an ISP router for WAN routing. A Unifi gateway gives you proper firewall rules between VLANs enforced at the router level, not just at the AP.
- PoE switch earlier โ running power injectors to each AP is messy. A PoE switch with one cable to each AP is much cleaner.
- Plan the AP placement before mounting โ I moved one AP after initial placement because the RF coverage wasn't right. Use the Unifi WiFi AI feature during planning.