Supported VPN Types

Ubiquiti (Ubnt) devices, such as UniFi Security Gateways (USG), UniFi Dream Machines (UDM), and EdgeRouters, support VPN configurations for secure remote access or site-to-site connections. Here's an overview of setting up a VPN on Ubiquiti hardware:

  1. OpenVPN (Remote Access or Site-to-Site)
  2. IPSec/L2TP (Site-to-Site or Remote Access)
  3. WireGuard (via third-party scripts or newer UniFi OS versions)
  4. PPTP (legacy, not recommended due to security flaws)

OpenVPN Setup (Remote Access)

On UniFi OS (UDM/USG)

  1. Enable OpenVPN Server:

    • Go to UniFi Network SettingsTeleport & VPNOpenVPN.
    • Enable the OpenVPN server and configure:
      • Port (default: 1194)
      • Subnet for clients (e.g., 8.0.0/24)
      • DNS settings (e.g., your LAN DNS or 1.1.1).
    • Download the .ovpn client config file.
  2. Configure Firewall Rules (if needed):

    • Allow traffic from VPN clients to your LAN under Firewall & Security.
  3. Client Setup:

    • Use the .ovpn file with OpenVPN client apps (e.g., OpenVPN Connect).

IPSec VPN (Site-to-Site)

On EdgeRouter or UniFi

  1. Phase 1 Settings (Authentication):

    • Encryption: AES-256
    • Hash: SHA256
    • DH Group: 14 (or higher)
    • Lifetime: 28800
  2. Phase 2 Settings (Data Transfer):

    • Encryption: AES-256
    • PFS: Enable (DH Group 14)
  3. Peer Configuration:

    • Enter the remote gateway IP and pre-shared key (PSK).
    • Define local/remote subnets (e.g., 168.1.0/240.0.0/24).

WireGuard (Advanced Setup)

WireGuard is not natively supported in UniFi OS but can be installed manually:

On UDM Pro/SE (via SSH)

  1. SSH into the device and install WireGuard:
    unifi-os shell
    apt update && apt install -y wireguard
  2. Generate keys and configure wg0.conf:
    umask 077; wg genkey | tee privatekey | wg pubkey > publickey
  3. Start WireGuard:
    wg-quick up wg0
  4. Configure clients (peer devices) with the public key and allowed IPs.

Troubleshooting

  • VPN Not Connecting?

    • Check firewall rules (allow UDP ports for OpenVPN/IPSec).
    • Verify subnet conflicts (VPN IP ranges shouldn’t overlap with LAN).
    • Ensure NAT traversal is enabled (for IPSec behind NAT).
  • Slow Performance?

    • Use AES hardware acceleration (supported on EdgeRouter/USG).
    • Prefer WireGuard for better speed (if available).

Recommended VPN for UniFi

  • Remote Access: OpenVPN (easy setup) or WireGuard (faster).
  • Site-to-Site: IPSec (compatible with most enterprise routers).

For UniFi Dream Machine (UDM), the built-in Teleport VPN (based on WireGuard) offers a simple remote-access solution via the UniFi Network app.

Would you like a detailed guide for a specific VPN type or device?

Supported VPN Types

扫码下载蓝快VPN加速器

扫码下载蓝快VPN加速器

139-5478-2631
扫码下载蓝快VPN加速器

扫码下载蓝快VPN加速器