Explained: The 5 Types of VPN in UniFi Network
HTML-код
- Опубликовано: 28 июн 2024
- Unlock the full potential of UniFi Network with our comprehensive guide to its 5 distinct VPN types. We'll go over the user-friendly Teleport VPN, setting up your own VPN Server, and understanding crucial firewall rules. We'll also discuss VPN Client functionality and explore the dynamics of the site-to-site VPN as well as Site Magic. Whether you're a newbie looking to secure your network or a pro aiming to fine-tune your setup, this video covers all you need to know about UniFi VPN. Don't miss out on optimizing your network's security and flexibility. Subscribe for more insights on UniFi and other tech trends! #UniFiVPN #NetworkSecurity #VPNGuide
Rogue Support is here for all of your network and wireless needs!
Rogue.Support
Use coupon code ROGUE for 25% off your first engagement!
Private Internet Access VPN (affiliate): www.piavpn.com/Crosstalk
Timecodes:
00:00 Intro
01:29 5 Flavors of UniFi VPN
02:14 Teleport VPN
04:51 VPN Server
08:14 Firewall rules for VPN
18:16 VPN Client
20:21 Site-to-site VPN
21:43 Site Magic
-----------------------------
Buy me a coffee! ko-fi.com/crosstalk
Crosstalk Discord: / discord
Follow me on:
- Twitter: / crosstalksol
- Facebook: crosstalksolutions
- Instagram: / crosstalksolutions
- TikTok: / crosstalksolutions
- LinkedIn: goo.gl/j2Ucgg
Crosstalk Solutions - RECOMMENDED PRODUCTS: crosstalksolutions.com/recomm...
Amazon Wish List: a.co/7dRXc67
Crosstalk Solutions offers best practice phone systems and network/wireless infrastructure design/deployment. Visit www.CrosstalkSolutions.com for more info! 
Наука
Would love to see Site Magic deep dive. Especially locking down access to specific parts of another Unifi network - or even routing specific devices only through it if possible.
If like to specifically see how we can have one device at one site be routed through and out to the internet at a different site using Site Magic.
R2-D2 UDR STAND!!!!!! SHUT UP AND TAKE MY MONEY!!!!!
I really enjoyed this walkthrough, I'd like to see more videos going in-depth on specific use-cases, such as secure ways to setup VPN server and allow my smart phone to remotely access Protect cameras via the app. Something like that. Is there already such a video?
A site magic video on how to make multiple locations all appear to be one location, for services like Netflix, would be amazing.
Awesome, thanks for the information. I'm currently building the Ethernet and wireless network at my 5 acre property; watching your videos has been instrumental in learning how to configure things properly. Keep it up!
Just an old tech addict getting crazy with my home. I recently added the UDM-SE. I started using Ubiquiti APs about 8 years ago .. now getting crazy and learning. Thanks for these great videos.
Love your videos man. Glad that you are going over VPN. I’ve been doing some VPN set up in the last year and an overview would be fantastic.
Keep up the great work!
Yes, would love the Site Magic video!
Nice walkthrough. I like the cadence of your tutorials.
This was excellent. Thank you! I certainly hope you will do the site magic version too!
Your videos are so awesome. Very well presented, very easy to follow. You explain things in layman's terms, too, so a newbie like me can understand and follow.
Thanks for this video! I went through my settings and saw I didn't have the same options as you and realized my Unifi dream machine wasn't updating!
Great walkthrough, many thanks!
Yes, please do some Site Magic videos! Thanks!
I'd be interested to know if "Site Magic" is totally within your control or if you are entrusting UniFi Cloud, a bit like in a typical ZeroTier setup where you generally still entrust their servers for adding nodes to the network etc.
Late to the party, but this was one of the most informative & useful content-per-minute videos I’ve watched in a while. Subscription earned for sure! Also loved the router stand & looking for it online. Thanks!
Great vid, looking froward to the PIA dedicated vid, thanks
I'd be very interested in Site Magic. Great video as always. Thanks
Yes please on a site magic video. I have a UDM-PRO at home and planning on getting a SE at my business. Controlling it from home would be ideal.
Thank you! I love your videos, since a few years ago I've been playing a lot with networking as I find this topic fascinating. I used to have a pfSense box in which I created a few VLANs to split my devices using different VPNs and a direct connection to the Internet. Now I replaced my pfSense for an Ubiquiti Dream Router, and I'm working towards getting everything set up again, including my VPN, so a tutorial about the topic would be great!!
What Chris forgot to mention is not all the VPN options are available on a USG
Which work on the Edge Router?
Yep, I only have VPN Server & Site-to-Site options for USG Pro-4.
This video emphasizes the importance of online security. How does VPNHouse ensure user data protection?
VPNHouse uses strong encryption methods and doesn't keep logs. Plus, their open-source nature allows for community vetting.
That's reassuring. How's the setup process?
Quite straightforward. VPNHouse provides clear instructions, and the setup is quick
i know i am very late here, but did you know that you can click that image and make it larger so it can actually be scanned a lot easier :)
You can click on the QR Code and than its display larger.
Good tip - I'll have to try that! It's pretty useless when it's so tiny.
I was looking for this comment, i was setting up my VPN today and had that issue and then realized you could click on it 🤦♂
Please do a vide on Site Magic :)
Thanks for a very good video on Unifi VPN!
I have seen a few videos which focus on the LAN IN rules to manage inter-vlan traffic ... my question is ... should you use LAN OUT rules too? I'd love to see a video which talks about typical use cases for LAN-IN, LAN-LOCAL, LAN-OUT, etc.
Looking forward to that PIA video :)
Hi! Many thx! I expect a magic VPN... It's all a new level! I like that... I check the other videos. There is a true business here!
Currently watching this video over my UniFi WireGuard VPN whilst on holiday 😅
I'm just seeing the Starwars stand for the DreamMachine... Any chance you would share a link for where it came from? :)
"So remember, the Site-to-Site VPN functionality that's in a specific UniFi network controller is for connecting a Site-to-Site VPN with different types of equipment on each site. Site Magic is for connecting two different sites that are both UniFi gateways."
Probably misspoke, but site-to-site VPN also works with two UniFi controllers. I have had this running for about a year or more.
epic content, adopted both solutions.
Please do make a video on how to connect multiple sites using Site Manager, and in that video, please cover how a device at one site can talk to devices at the other site. I'm expecting that they will not be able to see each other without doing something. (Would you need to set different IP address ranges for each site to avoid having duplicates?)
Would love to see some site magic content!
I would love to see a site magic video. I have 3 sites, 1 dream router and 2 UDM pros, all of which have cameras. It would be awesome if this could be used to create some redundancy between video storage across sites.
Awesome content. Can you do a video showing the setup on udm for an iptv please? IPTV works on the UDM but some specific movies/series do not. When UDM is bypassed these then work. This is some sort of setting which I am not aware of.
With regards to the WireGuard QR code - zoom the browser to something like 180-200%. The phones have no issue reading the code then.
Do you have to turn on port boarding for the native VPN servers? i.e. you have to go to Port forwarding and turn on 51820 to the UDM server IP.
Question on the firewall rules for Teleport VPN. Current when I use Teleport VPN on my iPhone and it can ping device on any vlan. I have the rule the block traffic between vlan. Above this rule I have rule for allow established and related and allow default lan to anywhere (setup following one of your guides). I have to pause both of these rules to stop pings from the Teleport VPN device. Any idea why?
I want to see a site magic video especially if the new unify express is supporting this.
I would love a video on site magic
Please make a video on the site-site magic
Oh my god the R2D2 stand for UDR!
Thanks for the brilliant tutorial. After you download the wireguard config file, how do you use it with windows operating system - didn't see how you implemented.
I’m interested in site magic too.
would love a site magic vpn video
Any chance you can do a video about the Auto IPSec VTI? I'm not sure if this is deprecated but my USG Pro 4 are still showing it but my UXG does not. It would be nice to know exactly how it works... we have about 25 sites but we do manual IPSec for site to site because the Auto VTI seems to screw up routing when you have more than 2 sites.
I assume this update will cover wire guard config since I believe they somewhat recently added that as an option in the VPN server config.
You assume correctly.
@@CrosstalkSolutions would really like to see a video implementing Wireguard VPN client into Unifi with PIA
Could you do a video site-to-site VPN between two USGs ? If one is behind NAT(mobile/cellurar connection). Thank you,
I would love a Site Magic video. Does the Ubiquiti Express support it? If so, that would be awesome.
Interested in site magic vid
Can you do a video on site magic Setup Chris? Thanks
I like those improvements in the latest Unifi Controller , but still no solutions for multiples UDMs behind NAT , so I did a multi-sites VPN using wireguard on all my UDMs with DynDNS pointing on each one of them and setup the VPN through CLI and it works great , I just need to run a simple "wg quick down wg0 && sleep 20 && wq quick up wg0" every 3-4 days .If I don't do it the transfer rate between sites drop to 1 Mbps .I don't know why.
I had a similar situation and problems. I wound up using Raspi4's at each site to do the tunnels and they've been 100% rock solid. By the time Unifi puts WG client support into the network app these UDM's will be dead and buried.
which type of VPN would you recommend for controlling home assistant from the internet? i tried the duckdns method but that stopped working last week :-(
A follow up question on VPNs. Is it possible to configure an in-bound VPN connection on a Dream Machine SE where the primary WAN is a Starlink connection? ADSL connectivity is also available, so I can have that connected to WAN2 if in-bound through Starlink isn't possible. The remote clients in this case would be Windows PCs, not mobile devices.
Hi, I have a a question: is teleport VPN working over double NAT? My telco provider modem does not allow my UDM Pro to have public IP (modem has the public IP)?
I know its abit of topic can please make an guide on SIP especially how to read packet captures 😅 there is no clear tutorial for it would greatly help some of just starting out in voip
I want the R2D2 for my UDR please
Available on Etsy
Thanks, but one question,, what to do if I need to use an allready created Vlan ??
could you help on what setup is required if I need to have TV casting or Airplay working using VPN on unifi?
Regarding create 1 rule for each direction, since I guess the firewall is Statefull, I beleive there's no need, if you only want to do the ping from the phone to the Network 2. If you do not need to ping from Network 2 to the Phone, there's no need to create the oposite rule.
Great video! Also, it seems that using Wireguard and OpenVPN will skip the LAN IN, probably because they are not defined as Unifi-networks but instead are entering "on the side", so you must use LAN OUT in order to block access to other networks but I can't stop VPN-users from accessing non-VPN-GW. Also, as VPN-users come in on a "non-unifi-defined" network so they can't be assigned a VLAN and hence not be set a bandwith limit either.
And for some reason, Wireguard-traffic is going via Management-lan (non-VLAN one) i.e. via another network. It doesn't reach the LAN OUT-rule to block inter-RFC1918-traffic. LAN LOCAL-rule to block non-VPN-GW works either..
I have just managed to connect from my Raspberry Pi (Ubuntu) Workstation. I'm guessing that WireGuard on the UDM creates all four certificates (Public & Private for the UDM; Public & Private for the "Client"). Then, puts its own Public Key and the "Client's" Private Key into the Configuration File? If so, does it then discard the "Clients' Private Key?
I have an off-topic question: Can the tp_link archer ax55 router accommodate 24 clients?
Can I use teleport on my iPhone and then use hotspot on my iPhone to share that vpn connection to my wifi only ipad?
Hi what router can use to start a wisp and to limit customer speed?
Thanks for the video. I setup openvpn on a Pi years ago because the VPN options on USG was un usable. Now have a UDM and have not looked into these options until now. I am playing with Wireguard, and am unclear how to utilize dynamic DNS. Is that an option? I'm using a dynamic DNS account so that when my WAN ip address changes I do not have to update every device's open VPN config.
Have there been issues with Wireguard clients dropping or connecting? I am always resetting the l2tp and ipsec manually from the command line, and constant microsoft updates that break everything drives me crazy!
I have been hesitant to adopt the UniFi router into my network simply because I see the rules as being a bit clunky right now. I am a die hard pfsense fan. I own a UDMSE but it is still in the box currently.
If there are traffic routes configure for certain vlan/devices via a VPN Client. What would happen when that VPN Client disconnects?
Can you have two VPN Client connection up at the same time? Tried it, one connected and the other one just "connecting".
How do you determine whether the Wireguard VPN connection is full or split tunneled?
double nat is often a problem here in germany. many internet providers still dont know they have to open there services to my router i want to use. please make a extra video. would be helpful
I have the double Nat issue at home, tried port forwarding with no success haha. So yes video would be great.
Please do a video for people than me in Argentina, that have to deal with double nat
Could setting up VPN help a friend of mine run his Unifi Voice (UDMPro) even though his ISP uses CGNAT? I've not been able to help him get anything working.
I don't understand, this rule doesn't work for me, I already have it blocking traffic between subnets, but it doesn't block VPN traffic to any subnet. I was only able to make it work by applying the rule to lan out
I was going to ask this same question. I've always had to put a special rule in Lan Out to block teleport or now wireguard. I wonder if it had to do with the way he was connected to the VPN. (Cellular or another VLAN)
I as well have the same problem I have to use the LAN Out and not the LAN In. I think the LAN In worked for him because he was on another network in his house (LAN IP) and not come from a WAN IP.
Also, I have not found out a way to block me from pinging the gateways or honeypots on my separate vLANs when I am connected via WireGuard.
Exactly the same here and I just found out by a comment above here, that this is because of the 'Accept Established & Related' rule that most of us have as first Lan In rule. I paused it and pings from Teleport to other VLAN`s started dropping as they should ! Now I don`t have the solution yet, but at least know where to start looking. I think the Established and Related rule needs to narrowed down somehow. I have it from source LAN group (all my VLAN`s) -> target Any
Teleport should have a pc client app.
I can only see L2TP or PPTP for the VPN protocol options on my USG PRO 4
Will this work with Starlink? I read that it uses CGNAT for home users so thinking it might not work.
i have a situation with 2 Starlink CGNAT connections. any chance for a VPN between these two sites?
Hi. Thanks for the video. I do not see Wireguard, Teleport or Open VPN as choices. I have the name network version. For VPN, I only get L2TP and PPTP. Is there something I'm missing?
Is blocking VLAN to VLAN traffic better using the Traffic Rules or Firewall Rules? I've been using Traffic Rules for my last few UDM setup and seems to work, and it is easier to set up. Anyone know of any issued with that?
With Teleport does it VPN ALL traffic protocols?
Im really dumb on this topic so I apologize. But if you set lets say one device in its own VLAN would you need to do firewall rules since its not connecting with anyone?
So ok how would you allow Wireguard VLAN and OpenVLAN VLAN to talk to each other?
I am still getting to grips with all this VPN stuff... So al present I have a VPN service on my iPhone which means I can browse the web privately but my Smart TV has no VPN. Would option 3, Private Internet Access be the type of service I need? I am currently using Proto VPN could this run on my Dream Machine?
❤❤❤❤❤❤
hey can i use alien router vpn to change country usa europe asia and so on or is it only paid vpn service that can change countrys
Do a Omada vpn video please
23:04 Site Magic will work with the new UXG-Lite.
Wifiman is availible on MacOS too for teleport
you just have to use "open with" on the .webloc file
Is Ubiquiti VPN as good as, for example, ExpressVPN? Is Ubiquiti VPN different in different Ubiquiti devices?
My QR has a click to enlarge. Maybe they added since the video?
Does this all work on DreamMachine SE?
Wireguard shows me the internal IP of the UniFi gateway 'cause its behind NAT. The client trys to connect to the 192er IP from the outside. How i have to configure the ISP router or wireguard so the connection is possible ?
For VPN Server Types, you did not talk about L2TP Or Open VPN. Is there any Reason not to Use L2TP in your opinion? I tried setting up, and I could use my computer, but others not. Seemed the first PC worked but any other user did not. Wireguard Connected buy killed my Local Internet. I Did an Update for the UDR and Open VPN Appeared as an option, must of been after this video. That worked really well. Got my client to remote into his computer very well. Would be nice if it had 2FA for clients to access the VPN.
Can I setup a ubiquiti mesh with the option of using a vpn without having to pay for a subscribtion?
what is your NETWORK 2 used for?
SiteMagic: any ETA for more than 5 sites?
i have a USG-3P is wiregurad not available for this model ?
No. Only newer models like the Gateway Ultra I just bought.
Hi, Chris. I'm not an expert. I lost my self on RFC1918 config. Am I supposed to list all networks I have configured on that group?
Does the Teleport and Wireguard work with the USG router, or does it require a newer router?
Requires a newer one.
@@Yggdrasil42 Thanks
you never went over connecting a pc/laptop to the vpn server - only downloading the config file for the wireguard app