Milestone XProtect and Tailscale VPN using SSL

This post is an evolution of Milestone XProtect Mobile Server – SSL Certificate configuration as we continue to use SSL certificate with HTTPS.

The advantage is to use Tailscale VPN which is free up to 20 devices for personal use, to avoid open HTTP/HTTPS port to external public domain.

Configure Tailscale

Configuration is super simple:

  1. Download and install Tailscale to all Windows, Linux, Android, iOS devices
  2. Login using SSO with preferred method
  3. Once logged in Admin panel
  4. Select or change your tailnet name in DNS section to register unique domain name in DNS entries
  5. Enable MagicDNS in DNS section to automatically register domain names for devices in your tailnet
  6. Enable HTTPS Certificates in DNS section to allow provision of HTTPS certificates

HTTPS Certificates allows to replace manually generated certificate by Let’s encrypt with similar certificate generated by Tailscale for specific server in tailnet name.

Generate Certificate from Tailscale

To generate SSL certificate, connect to server / PC:

  1. Open PowerShell / CMD with Run as Administrator
  2. Move to folder where the certificate will be created CD C:\Certificate
  3. Generate the certificate using tailscale command: tailscale cert "<server_name>.<tailnet_name>"
  4. Certificate file <server_name>.<tailnet_name> and Private Key file <server_name>.<tailnet_name> will be created in the current folder

Convert certificate in Windows

To be able to use certificate in IIS running in Windows 10 or 11, the certificate file must be in PFX format which include the certificate and private key together.

Windows has certutil tool capable to generate PFX file using CER and KEY file (with the same name in the same folder), but the CRT file format isn’t recognized correctly:

certutil -mergepfx "<server_name>.<tailnet_name>" "<server_name>.<tailnet_name>"

To generate PFX file online use SSL online converter website and select “Standard PEM” as current certificate to “PFX/PKCS#12”

To generate the PFX file offline you can use OpenSSL built for Windows. This is syntax to convert PEM certificate to PFX:

openssl pkcs12 -export -out "<server_name>.<tailnet_name>" -inkey "<server_name>.<tailnet_name>" -in "<server_name>.<tailnet_name>"

Import PFX certificate

Easier way is to double click on PFX file and follow certificate import wizard, remember to import in Computer Store, not in the User Store.

Automated and script version is to use PowerShell with Import-PfxCertificate cmdlet

Set-Location -Path cert:\localMachine\my
Import-PfxCertificate -FilePath "C:\Certificate\<server_name>.<tailnet_name>"

Finally, select the new certificate in Server Config of XProtect Mobile Server


Baby Logger

[Update 10/7] Added OneDrive Backup and RaspberryPi shutdown page

This project logs baby’s bodily functions and displays them on a webpage. Many pediatricians recommend tracking your baby’s feeding patterns, wet and dirty diapers to help know if he/she are eating enough – at least for the first few weeks. This is valuable information if there is a problem early on. The doctor can use this information to help with a diagnosis.

For the tech/geek parents, Baby Logger is Raspberry Pi based on Python and PHP using 3 switches.

Here is some photo of the result, 100% Reduce – Reuse – Recycle approach: 😊

Here is the video of testing version, with 5sec delay in the script between switch activation and LED turning on:

Hardware Configuration

3 pin switch with LED

LED Switch configuration has 3 pin used as reported below:

Pin NumberPin ColorRoleConnectionState
1GoldGNDGND (-)Stable at GND
2SilverSwitch OUTVCC (+) FloatClosed = LED ON = VCC
Open = LED OFF = Float
3SilverSwitch INVCC (+)Stable at VCC
pinout switch configuration

Base hardware and engine is based on Raspberry PI Zero W pre-assembled and Electronics Fun kit or anything else to simplify cables and connectors between switch, LED and Pi with correct 10kΩ pull down resistor.

Pull Down switch configuration

Finally, RGB LED part of fun kit to report the status of the 3 switch back to user. Remember to add 220 Ohm resistor on the V+ wire:

Raspberry Pi Zero W – GPIO configuration

Raspberry Pi Zero W

List of GPIO pins used for the project. There 2 main groups:

  • Group #1 to control RGB Led
  • Group #2 to read status of switches for pee, fed and poo
  • Others are +3.3VCC and GND to power on/off
Variable NameGPIOTypeFunction
pee_led_pin20OUT#Green LED
fed_led_pin16OUT#Blue LED
poo_led_pin12OUT#Red LED
pee_switch_pin17IN#Green Switch
fed_switch_pin27IN#Blue Switch
poo_switch_pin22IN#Red Switch
PIN #17VCC +3.3V
GPIO configuration

Software configuration

Raspberry PI OS

Make sure you have latest Bullseye OS version, install it from Raspberry Pi OS – Raspberry Pi

Perform an update to latest pages and remove unused one:

sudo apt update
sudo apt upgrade
sudo apt autoremove --purge -y
sudo apt autoclean

Python setup

Install Python library and MySQL SDK for Python

#setup python
sudo apt-get install python3-pip

#setup MySQL SDK
sudo pip3 install pymysql

#Verify installation
pip3 show PyMySQL

MySQL MariaDB setup

Install MariaDB as MySQL – you can follow this guide: Setup a Raspberry Pi MYSQL Database

#Install MariaDB
sudo apt install mariadb-server 

#Answer Y to all questions for best security
sudo mysql_secure_installation  

Once MariaDB is installed, login, create user and configure DB and Table

#Login to MariaDB as root
sudo mysql -u root -p 

#Create User
USE babylogger;
CREATE USER 'logger'@'localhost' IDENTIFIED BY 'YourPassword!';
GRANT ALL PRIVILEGES ON babylogger.* TO 'logger'@'localhost';

#Create Table
USE babylogger;
CREATE TABLE buttondata
	id INT PRIMARY KEY auto_increment,
	category TEXT,
	state TEXT

After initial DB setup, you can login to DB using this:

mysql -u logger -p -D babylogger

#Show existing table

#Show existing records
SELECT * FROM buttondata;

Webserver NGINX setup

We need to setup web server to display PHP page with result of data. You can follow this guide: Build your own Raspberry Pi NGINX Web Server

#Remove Apache 2 if there
sudo apt remove apache2

#Install NGINX and start service
sudo apt install nginx
sudo systemctl start nginx

#Install PHP
sudo apt install php7.4-fpm php7.4-mbstring php7.4-mysql php7.4-curl php7.4-gd php7.4-curl php7.4-zip php7.4-xml -y

#Configure NGINX to process PHP
sudo nano /etc/nginx/sites-enabled/default

#Uncomment this section of the file
location ~ \.php$ {
               include snippets/fastcgi-php.conf;
               fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;

Test the webpage connecting to http://raspberrypi/ from your computer.

GIT configuration

Download the Repo via GIT to Raspberry PI:

#Instal GIT
sudo apt install git
>>> git is already the newest version (1:2.30.2-1).

git --version

#configure your login information
git config --global "username
git config --global ""

git config --list

#close repo
cd ~
git clone
cd Baby-logger/

If you need to get an updated copy of the repo:

cd ~/Baby-logger/
git pull origin master

Set parameters files

Once all software is installed and repo downloaded in ~/Baby-logger, update the 2 files holding configuration for MySQL DB:

#Edit MySQL settings for Python
nano ~/Baby-logger/script/

#Edit MySQL settings for PHP
nano ~/Baby-logger/website/mysql_variables.php

Testing HW, Script and Website

Raspberry PI + Python Testing

Test Raspberry PI configuration with, it’s a simple script used to test Switch and LED without writing to DB with all log printed in console:

python3 ~/Baby-logger/script/

Web Server + PHP Testing

Copy the website folder in the GitHub repo to /var/www/html/ so NGINX can execute it

sudo cp ~/Baby-logger/website/* /var/www/html/

Test PHP and NGINX via:

If you need to restart NGINX or get more logs:

# Restart NGINX + PHP
sudo systemctl status nginx # Status
sudo systemctl restart nginx #Restart
sudo service php7.4-fpm restart

# Print NGINX error log
tail -f /var/log/nginx/error.log
sudo tail -f /var/log/php7.4-fpm.log

Baby-Logger main script Testing

Execute the mail script from console to confirm all events are tracked and webpage is updating according:

python3 ~/Baby-logger/script/

# Example of startup logs:
Sep 28 14:17:47 raspberrypi python3[509]: DEBUG - Set GPIO PIN configuration
Sep 28 14:17:47 raspberrypi python3[509]: DEBUG - DB Connection settings: localhost logger YourPassword! babylogger
Sep 28 14:17:47 raspberrypi python3[509]: DEBUG - Set INPUT GPIO
Sep 28 14:17:47 raspberrypi python3[509]: DEBUG - Setup LED GPIO
Sep 28 14:17:47 raspberrypi python3[509]: DEBUG - Reset LED GPIO
Sep 28 14:17:47 raspberrypi python3[509]: DEBUG - Flash RGB LED - Category: STARTING -
Sep 28 14:17:50 raspberrypi python3[509]: LOG - Baby Logger running...
Sep 28 14:17:50 raspberrypi python3[509]: DEBUG - File: /home/pi/Baby-logger/script/buttondata_2022-09-28.csv
Sep 28 14:17:50 raspberrypi python3[509]: LOG - Backup to /home/pi/Baby-logger/script/buttondata_2022-09-28.csv
Sep 28 14:17:50 raspberrypi python3[509]: LOG - 76 rows written successfully to /home/pi/Baby-logger/script/buttond>

Website should looks like this:

Configure Baby Logger as service

Next step is to automate startup during boot as service.

Create a new file: sudo nano /lib/systemd/system/babylogger.service with the following content:

Description=Baby Logger Service

ExecStart=/usr/bin/python3 /home/pi/Baby-logger/script/


Reload daemon and start the babylogger.service:

sudo systemctl daemon-reload
sudo systemctl start babylogger.service

Enable autorun:

sudo systemctl enable babylogger.service

Check on the status of service:

#Check service status
sudo systemctl status babylogger.service

#Print last 30 rows of log
sudo journalctl -r -u babylogger.service -n 30 --no-page

OneDrive backup script

Follow these steps to setup rclone on Microsoft OneDrive ( and allow you to backup CSV file in backup folder directly into OneDrive in case your MicroSD get corrupted or fail:

curl -L | bash
rclone config

Follow the steps for onedrive and authenticate it via Windows is super easy.

Once done with initial configuration, you can use script/ to automate the sync between backup folder and ondrive folder on PI:

rclone sync -v /home/pi/Baby-logger/backup "onedrive:Documents/Baby-logger/Backup"

Remember to mark as eXecutable with the following:

chmod +x
crontab -e

Add the following entry in cron file:

0 * * * * /home/pi/Baby-logger/script/

This will automatically trigger the sync between RaspberryPi and Onedrive and you will get the file available remotely.

Remote shutdown

Raspberry Pi runs Linux, so clean shutdown is required to avoid corruptions.

Enable Reboot/Shutdown RPI from Web explains all steps.

Main PHP page has link to off.php to trigger a Python script

There are few steps to allow PHP to execute a script in SUDO mode:

sudo visudo
www-data ALL=/sbin/reboot
www-data ALL=NOPASSWD: /sbin/reboot
www-data ALL=/sbin/shutdown
www-data ALL=NOPASSWD: /sbin/shutdown

Unlock and Install custom ROM on AT&T Calypso (HW Tinno A318UU)


Unlock phone bootloader

Bootloader must be unlocked to install the new firmware.

MTK CLIENT will allow you to read stock firmware off from phone, except with this phone the manufacture has enabled security and authorization files to block sp flash tool.

Install Python 3.9 from Microsoft Store and Git – Downloading Package and daynix/UsbDk · GitHub, then open a CMD:

mkdir C:\test
cd C:\test
git clone
cd mtkclient
pip3 install -r requirements.txt

Once installation in complete, start MTK Client with

python mtk_gui

To activate BRUM mode for the phone and connect it to MKT Client

  • Turn off the phone if it’s on.
  • Press Volume UP + Volume DOWN and plug the USB cable.
  • Do not press power button and MKT Client will detect it.


  • In the Read partition tab,
  • Select all of them and Save to C:\Test\Firmware\Original
  • It will take about 40min to complete all the operation

Unlock Bootloader

  • In Flash Tools tab,
  • Click on Unlock bootloader button
  • Debug log will show Bootloader: unlock and python windows list
sej - HACC init
sej - HACC run
sej - HACC terminate
sej - HACC init
sej - HACC run
sej - HACC terminate
Progress: |██████████████████████████████████████████████████| 100.0% Write (Sector 0x1 of 0x1, ) 0.03 MB/s

If you restart the phone, you will see a warning that bootloader is unlocked and it will ask you to factory reset the phone.

Install the new firmware

You need to have Android DevelopersSDK Platform Tools |  Android Developers installed to be able to flash the new firmware.

Enable USB Debugging in the phone and connect ADB

  • Start the phone
  • Perform a Factory Reset
  • Restart the phone and complete the initial wizard
  • Open Settings -> “About Phone” -> Tap the “Build Number” item seven times.
  • You should get a message saying you are now a developer.
  • Settings -> “System” -> “Advanced” -> “Developer Options.”
  • Open the menu and enable “USB Debugging.”

To verify that ADB in installed correctly and is able to connect to the device:

CD C:\Test\Tools
adb version

Android Debug Bridge version 1.0.41
Version 33.0.1-8253317
Installed as C:\Test\Tools\adb.exe

adb devices

List of devices attached
AYMB5PKZCUEUUOSC        device

Boot into fastboot with the following command adb reboot bootloader 
or reboot while holding the volume up button and select fastboot.

Install Google ADB FastBoot driver in Windows 11

Download Google USB Driver  |  Android Developers as they will be needed to connect the device via fastboot. To install the driver, we need to force the installation in Device Manager with these steps:

  • Open Device Manager
  • Right click on Other Devices \ Android device
  • Select “Update Driver” -> “Browse my computer for drivers” -> “Let me pick from the list of available driver
  • Select “Show All Devices” -> “Have Disk
  • Navigate to “C:\Test\Tools\usb_driver_r13-windows” and let Windows load the drivers
  • Select “Android Bootloader Interface” as driver name
  • Test that Fastboot tool is able to interact with the phone
CD C:\Test\Tools
fastboot devices


Next step is to disable vbmeta verification with the following steps:

Firmware update via Fastboot

  • While the phone is in the FastBoot mode, type the following:
CD C:\Test\Tools
fastboot devices
fastboot --disable-verity --disable-verification flash vbmeta "C:\Test\Firmware\Original\vbmeta.bin"

target reported max download size of 134217728 bytes
sending 'vbmeta' (8192 KB)...   OKAY [  0.204s]
writing 'vbmeta'...             OKAY [  0.189s]
finished. total time: 0.393s

After vbmeta image is flashed, perform:

  • fastboot reboot fastboot to restart the phone and enter fastbootd
  • Check the phone is connecting correctly with fastboot devices
    and force the installation of Android Bootloader Interface in Device Manager if needed.

The following step delete product partition so system partition has enough space:

fastboot delete-logical-partition product

Deleting 'product'                                 OKAY [  0.016s]
Finished. Total time: 0.016s

This command flash the custom rom on system partition:

fastboot flash system "C:\Test\Firmware\system-squeak-arm32_binder64-ab-vndklite-vanilla.img"

Invalid sparse file format at header magic
Resizing 'system'                                  OKAY [  0.016s]
Sending sparse 'system' 1/5 (255489 KB)            OKAY [ 14.939s]
Writing 'system'                                   OKAY [  7.651s]
Sending sparse 'system' 2/5 (262100 KB)            OKAY [ 15.141s]
Writing 'system'                                   OKAY [  7.705s]
Sending sparse 'system' 3/5 (262104 KB)            OKAY [ 15.001s]
Writing 'system'                                   OKAY [  7.595s]
Sending sparse 'system' 4/5 (261825 KB)            OKAY [ 14.752s]
Writing 'system'                                   OKAY [  7.711s]
Sending sparse 'system' 5/5 (183741 KB)            OKAY [ 10.421s]
Writing 'system'                                   OKAY [  5.832s]
Finished. Total time: 107.885s

Once flash of new rom is completed, you can restart the phone and it will boot using the new rom.

Original post suggested to perform a factory reset.
WARNING: In my case, a factory reset caused a reboot loop and was not able to

If you want to proceed, in the menu on the screen:

  • Select “Enter recovery” and
  • Select “Wipe data/factory reset

Screen on the phone will show

-- Wiping data...
Formatting /data...
Formatting /cache...
Formatting /metadata...
Data wipe completed.

If you missed the previous screen, or clicked the wrong button/option:

  • restart the phone holding Volume UP,
  • Select fastboot on the phone
  • Type fastboot reboot fastboot to reenter fastbootd screen
  • And repeat the factory reset

Restart the phone and you are up and running.

Restore original firmware

If you need to restore original rom, use MKT Client tool to write:

  • vbmeta.bin
  • super.bin

then close the tool and restart the phone. It will be like new 🙂


Unifi Protect with Amcrest cameras

Best way to leverage your existing camera(s) on UDR or Unifi Protect is via Unifi Cam Proxy on GitHub.

It will create a dummy Unifi G3 Micro camera and enable you to use your RTSP (Real Time Streaming Protocol) enabled cameras even if they are not Unifi.

Optimal setup of Unifi Cam Proxy is via Docker on Raspberry Pi with the standard Raspbian OS on Pi.

Raspberry Pi Imager

Remember that if you are doing a clean install of OS on Pi, you will need to have keyboard and screen via HDMI to enable SSH, or you can edit the SSH file before you turn PI on.


Putty is the easiest and best tool to connect to Pi via SSH.

You need to know the IP address of the Pi, check the router screen or if you have it connected via HDMI, just type ifconfig.

Initial Raspberry Pi configuration

Once you have Raspbian OS installed on MicroSD, boot it and make sure you do the basics:

  • Change default password (Pi / Raspberry) = passwd
  • Enable Wifi and connect to your local network = raspi-config
  • Update to latest version = sudo apt update and sudo apt full-upgrade
  • Clean up old packages = sudo apt clean

Install Docker and Docker Compose on Raspberry Pi

  • Check Raspberry Pi OS version = cat /etc/os-release
  • Install Docker using this 1 line command: curl -sSL | sh
  • Check Docker version = docker version
  • Add user permission to docker group
sudo usermod -aG docker ${USER}
groups ${USER}
  • Install Docker Compose
sudo apt-get install libffi-dev libssl-dev
sudo apt install python3-dev
sudo apt-get install -y python3 python3-pip
sudo pip3 install docker-compose

Enable Docker at startup sudo systemctl enable docker

I suggest a sudo reboot of the Raspberry Pi and a test of Hello World docker run hello-world and you should get “Hello from Docker!”

UniFi Cam Proxy

Pre requirements includes few steps

1. Self-signed certificate generation created from another UniFi camera or directly from Raspberry Pi OS. These are steps to generate /tmp/client.pem certificate:

openssl ecparam -out /tmp/private.key -name prime256v1 -genkey -noout
openssl req -new -sha256 -key /tmp/private.key -out /tmp/server.csr -subj "/C=TW/L=Taipei/O=Ubiquiti Networks Inc./OU=devint/"
openssl x509 -req -sha256 -days 36500 -in /tmp/server.csr -signkey /tmp/private.key -out /tmp/public.key
cat /tmp/private.key /tmp/public.key > client.pem
rm -f /tmp/private.key /tmp/public.key /tmp/server.csr
cp /tmp/client.pem /home/pi/Documents/client.pem
cd /home/pi/Documents/
Add new Device in UDR

2. Adoption token created in Protect UI page in UDR [valid for 60 minutes from time of generation]

  • Open https://{UDR_IP}/protect/devices/add
  • Login with your Unifi credential
  • Select G3 Micro from “Select device to add” list
  • Select “Continue on Web” and type random text in SSID / Password fields
  • Click “Generate QR Code”
  • Save QR Code as image file
  • Upload QR Code to
  • Extract the token above UDR IP in the ‘Raw Text’ field
  • Adoption token looks like this: cpZaMhfzmBgAqLIHPR0psvoMp3mvCDtu
Adoption token extraction

3. Confirm RTSP support for your cameras using VideoLan Client VLC -> Network Stream.
For Amcrest cameras, the default local credential is admin / admin and RTSP standard URL has this format rtsp://[username]:password@CAM_IP:554/cam/realmonitor?channel=1&subtype=0

RTSP test in VLC

Docker configuration

Make sure you have all pre requirements completed before you move fwd with the docker configuration file:

  • Certificate /home/pi/Documents/client.pem
  • Adoption Token cpZaMhfzmBgAqLIHPR0psvoMp3mvCDtu
  • RTSP URL for your camera rtsp://[username]:password@CAM_IP:554/cam/realmonitor?channel=1&subtype=0
  • Docker is working properly and you have permission to run container

Create Docker Compose YAML file in /home/pi/Documents/docker-cameras.yaml using VI docker-cameras.yaml

version: "3.9"
    restart: unless-stopped
    image: keshavdv/unifi-cam-proxy
      - "./client.pem:/client.pem"
    command: unifi-cam-proxy --host {UDR_IP} --mac {CAM_MAC1} --cert /client.pem --token {Adoption token} rtsp -s rtsp://[username]:password@CAM_IP1:554/cam/realmonitor?channel=1&subtype=0 --ffmpeg-args '-c:v copy -vbsf "h264_metadata=tick_rate=50"'
    restart: unless-stopped
    image: keshavdv/unifi-cam-proxy
      - "./client.pem:/client.pem"
    command: unifi-cam-proxy --host {UDR_IP} --mac {CAM_MAC2} --cert /client.pem --token {Adoption token} rtsp -s rtsp://[username]:password@CAM_IP2:554/cam/realmonitor?channel=1&subtype=0 --ffmpeg-args '-c:v copy -vbsf "h264_metadata=tick_rate=50"'

Start Docker Compose with docker-compose -f /home/pi/Documents/docker-cameras.yaml up -d --remove-orphans

Wait for download and extract of all the components needed.

Connect to UDR https://{UDR_IP}/protect/devices/ and verify you can see the cameras:

Amcrest cameras added to UniFi Protect

Stop Docker Compose with docker-compose -f docker-cameras.yaml down

Please note that CPU load is high on Raspberry PI during live streaming, monitor it with top command:

Optimize CPU load

Amcrest cameras stream using H.265 codec for video and AAC codec for audio as you can review in VLC -> Tools -> Codec Information:

Amcrest streaming information

Unifi Cam Proxy settings expect H.264 codec which causes a lot of overload on Raspberry Pi CPU and ffmpeg library to transcode from H.265 to H.264 codec.

Unifi G3 Micro streams in H.264 with bi-directional audio as reported in the quick start guide

Unifi G3 Micro Video / Audio specifications

Docker command in YAML file provides arguments to ffmpeg library --ffmpeg-args '-c:v copy -vbsf "h264_metadata=tick_rate=50"' and according to ffmpeg documentation:

  • -c:v copy define the codec name and specifically, set FFmpeg to copy the bitstream of the video to the output
  • -vbsf "h264_metadata=tick_rate=50" set the video bitstream and codec to H264 [deprecated]

Reducing frame rate and resolution

Amcrest cameras have 2 substreams on channel #1 you can connect:

@ 30 fps
H.265 hevc with AAC MP4rtsp://[usr]:psw@CAM_IP:554/cam/realmonitor?channel=1&subtype=0
1640×480 @ 30 fpsH.264 AVC
with AAC MP4
Available SubStream in Amcrest camera

Using SubStream #1 which is VGA, instead of SubStream #0 (Full HD) allows to have PI at ~30% CPU load.

VGA resolution on H264


AT&T Calypso U318AA

AT&T Calypso specifications:

  • Weight: 170g
  • Dimensions: 150 x 72.88 x 9.95mm
  • OS: Android 10 (Go Edition)
  • Screen size: 5.5-inch
  • Resolution: 960 x 480
  • CPU: 1.5GHz Quad-core, MediaTek MT6739
  • RAM: 1GB
  • Storage: 16GB
  • Battery: 2,500mAh, Removable
  • Rear camera: 5MP
  • Front camera: 5MP


Ziply – Power outages backup plan

Nokia ONT FOG421

Nokia ONT FOG421

Ziply just upgraded existing Calix ONT 722GE which is market as End of Life and replaced with GPON ONT model FOG421 made by Nokia.

According to u/jwvo (John van Oppen – VP of Network at Ziply), the new Nokia ONT is able to support XGS and GPON

Power Supply – CyberPower CA25U16V2

The power supply is CyberPower CA25U16v2 is a 25.6 Watt power supply at 16 Volt able to provide 1.6 Amps and it’s designed to work with the new ONT

Some nice photos by Andrew of the ONT, Power Supply and new waterproof enclosure.

Power Outage overall backup plan

To continue to have internet during power outages, which are become more frequent and longer, best way is to have ONT and home router under UPS.

Home Router – Backup plan

12V UPS with 58Wh of battery

For standard home router using 12V power supply, the easier solution is to use an online, always-on UPS based on 12V Li-Ion battery pack which will continue to provide power to it for ~9h, considering 0.5A usage (9.62h =57.72 Wh / 12v / 0.5A).

ONT – “Basic” Backup plan

CyberPower CA25U16v2 has an auxiliary input port which support from 9.5V to 19.5V, so a similar 12V UPS can be used or a standard UPS like APC Back-UPS 425VA.

Power Supply is rated for 25W maximum power, which translate to 16V @ 1.6A.

APC Back-UPS 425VA can provide 25W continuously for ~1.5h if UPS is connected on 110V AC side.

Leveraging the auxiliary input port, you will need a 16VDC / 1.6A power supply with a 4.5mm plug (NOTE: Default plug of standard 12V power supply is 5.5mm and it’s too large).

ONT – “Advanced” Backup plan

10A Solar Charger Controller

Previous Power Supply supported a 12v 8Ah battery which could be re-used in this scenario.

Best solution would be to get:

LG 32LM631C0ZA

The LG 32LM6370PLA TV is a model with LED technology, a screen diagonal of 81.3 cm, a screen resolution of 1920 x 1080 pixels, 3 HDMI ports to connect a Bluray player, DVD, a game console, etc., 2 USB ports to connect an external hard drive, a Chromecast, a Bluetooth receiver etc., Ethernet port to connect to the internet via cable, internet connection via Wi-Fi, and finally with the Web OS operating system .

LG 32LM6370PLA Tech Spec

HDMI ports3
USB supportsYes
Ethernet socketsYes
USB ports2
Ultra slim TVNo
Refresh rate0
Curved TVNo
Size diagonal81.3
Resolution1920 x 1080
Video formats supportedHEVC,VP9
No. of speakers2
Total speaker output10
Internet accessYes
Smart TVYes
Miracast screen mirroring supportYes
Operative SystemWeb OS
OS version4.5
Adaptive Sound Control (ASC):No
AMD FreeSync:No
Apple AirPlay 2 support:No
Apple HomeKit support:No
Audio (L/R) out:1
Audio decoders:DTS,Dolby Digital
Audio Return Channel (ARC):Yes
Bluetooth Low Energy (BLE):Yes
Built-in processor:Yes
Built-in speaker(s):Yes
Certification:Tivùon! / Tivùsat, Lativù, HbbTV v 2.0.1, CAMREADY
Colour name:Ceramic Black
Common interface Plus (CI+):Yes
Compatible with universal remote control:No
Component video (YPbPr/YCbCr) in:1
Composite video in:1
Depth (with stand):180 mm
Depth (without stand):8.29 cm
Desktop stand:Yes
Digital audio optical out:1
Digital Living Network Alliance (DLNA) certified:Yes
Digital signal format system:DVB-S2,DVB-T2
Display diagonal:81.3 cm (32″)
Display diagonal (metric):81.28 cm
Display resolution:1920 x 1080 pixels
Display technology:LED
Dolby Vision:No
DVI port:No
Ethernet LAN:Yes
Ethernet LAN (RJ-45) ports:1
HD type:Full HD
HDMI ports quantity:3
Height (with stand):464 mm
Height (without stand):43.7 cm
High Dynamic Range (HDR) supported:Yes
High Dynamic Range (HDR) technology:High Dynamic Range 10 (HDR10),Hybrid Log-Gamma (HLG)
Hybrid Broadcast Broadband TV (HbbTV):Yes
Internet TV:Yes
Noise reduction:Yes
Number of speakers:2
Operating system installed:Web OS
Operating system version:4.5
Package depth:142 mm
Package height:510 mm
Package weight:5.85 kg
Package width:812 mm
Panel mounting interface:200 x 200 mm
PC in (D-Sub):No
Processor cores:4
Product colour:Black
Quantity per pack:1 pc(s)
RMS rated power:10 W
Rollable display:No
Screen shape:Flat
Smart TV:Yes
Smartphone remote support:Yes
Tuner type:Digital
USB 2.0 ports quantity:2
VESA mounting:Yes
Video apps:Catch-up TV, Chili, Mediaset Play, RaiPlay
Video formats supported:HEVC,VP9
Voice control:No
Web browser:Yes
Weight (with stand):4.7 kg
Weight (without stand):4.65 kg
Width (with stand):736 mm
Width (without stand):73.6 cm
Works with Amazon Alexa:No
Works with the Google Assistant:No
HGiG mode:No
Instant Game Response:No
Home Dashboard version:Yes
Automatic HDMI device recognition:No
Auto Genre Selection:Yes


Hisense 55U81QF

HiSense 55U81QF Tech Spec

Sizes of the television without stand736 x 1232 x 83 mm
Screen size in inches55
Screen resolutionUltra HD 4K
Display systemDirect-LED
Sound power10
Tuners availableDVB-T DVB-T2 DVB-S DVB-C 
Number of tuners3
Number of USB ports2
Number of HDMI ports4
Composite Input (Video)Yes
HDR CompatibleYes
HDR Dolby Vision CompatibleYes
VESA compatibilityYes
PVR AvailableYes
Power consumption158 W


Fonera – Client Mode config as backup WAN

Start from factory default: Admin > Factory Defaults > Yes > Save

Note: if La Fonera lose connectivity or IP, connect via

Main changes to perform:

Setup > Basic Settings

  • Internet Connection Type: Automatic Configuration – DHCP.
  • Local IP: 192.168.Z.Y, where Z is any number between 1 and 255 that IS NOT the same as X in the host router settings. I used for my tests.
  • Subnet:, or whatever is identical to the same setting in the host router.
  • Gateway & Local DNS: Leave these blank or the same as your host router’s Local IP.

Wireless > Basic Settings

Before altering the following, change Wireless Channel to an identical setting to the host router’s Wireless Channel. In my tests I used 11 (2.426 GHz). Hit save settings and continue with the guide. This setting will be unavailable after changing to Client mode.

  • Wireless Mode: Client.
  • Wireless Network Mode: Mixed. A setting identical to the host router is all that has been tested. Either using mixed on the La Fonera, or a separate setting that is identical to the same Wireless Network Mode used on the host router, will probably work.
  • “G-Only” on host OR both host & fon will not work – freonchill
  • Wireless Network Name (SSID): Identical to the same SSID in the host router.

Wireless > Wireless Security

  • Change the Security Mode for the Physical Interface to the same settings used on the host router.

At this point, if all settings are correct and the Fonera has connected as a client to the host router, the Fonera should now have gained an IP address from the host router.

Main guide is at DD-WRT forum: LaFonera Software Client-Mode

UniFi USG + Switch + AP – How to configure WAN Failover

UniFi Secirty Gateway (USG) WAN failover capability is not working using configuration UI. Here is step by step on how to have it working correctly.

Below you can find content of config.gateway.json to upload via WinSCP.

If you don’t have CloudKey, the correct path inside PC is “C:\Users\<username>\Ubiquiti UniFi\data\sites\default

     "load-balance": {
         "group": {
             "wan_failover": {
                 "flush-on-active": "enable"