UniFi Magic Site to Site VPN (UniFi Based SD-WAN?)
HTML-код
- Опубликовано: 10 окт 2024
- UniFi Magic Site to Site VPN is actually named by UniFi in the UniFi cloud console as "site magic". Either way, this new feature is a huge step forward in connecting sites together. It resembles what other vendors usually call "SD-WAN".
The new UniFi Magic Site to Site VPN is so easy to setup, you might think for a second it can't actually work or that it might fail to establish the VPN tunnels but it actually works great, fast and stable. In fact, I myself was a little sceptic at first but i can't believe i am saying it...it just works!
The beauty of this new feature is that you no longer have to manually create tunneks between multiple sites in order to create connectivity between them. no longer do you need to remember pass codes or encryption algorithms or IKE versions. no more. you don't even to log in to the sites network applications, everything is done from the cloud console.
The UniFi Magic Site to Site VPN creates a high-performance and massively scalable VPN using the power of both WireGuard and OSPF. As long as one gateway has a public IP, even gateways behind NAT or on LTE/5G service can join the VPN.
One disadvantage i can see with this new UniFi Magic Site to Site VPN is that the VPN tunnels created do not get any representation inside the network application. if you are not aware of the connectivity created via the UniFi Magic Site to Site VPN, you will not "find out" about it in the network app. at all.
#ubiquiti #unifi #vpn
Follow us on twitter: / techmeout5
Join our Synology Facebook group: / synousergroup
Join our Ubiquiti UniFi Facebook group: / ubntusergroup 
Наука
*What do you think of this new feature? Share your thoughts*
Good video. As someone that owns an MSP the way this VPN system works is perplexing. It seems to only connect Unifi consoles together. None of our clients have Unifi consoles, they are all using USG or UXG routers connnected to our server. They have an auto ipsec site to site setting for the old USGs which does something similar but there is nothing for their UXG lineup. It seems to me that home users are far less likely to need this feature (not that I think they should take it away, it's a great thing to have) than business users. This is just my perspective as I would love to be able to use wireguard to auto create tunnels like what the USG lineup is capable of while keeping all sites within our server.
Excellent video Avi! Very informative and easy to follow. A pleasure to watch. Regarding this new feature, some preplanning must be done to avoid overlapping networks, but it is cool.
Hi tony. Great point. You are absolutely right! I definitely should have mentioned that. Thanks for watching tony!
I’ve installed it between 3 UDMPs, one with a public address. What I’m finding is that if A is the UDMP with the public address, it is connecting A to B and B to C, but I can’t get from B to C!
Love it, would like to know how to get DNS working between sites.....both have a UDM Pro handling local DNS and DHCP, but want to be able to access resources in both directions by name instead of IP only.
Can you make a video where one can make Wifi network on Site A that will use the network of Site B or vice versa ? (using the Unifi Magic feature)
What are speeds between clients in different sites? Is bottleneck ISP speed, or something else?
What happens if a site loses connection, and has multiple WANs. Does it automatically recover? and if so, can you do unbreakable vpn, where it sends data down redundant tunnels? so you dont lose a packet? the end-user clients don't feel a drop in connection when there is failover???? There really is no documentation for SD-WAN Magic site....
Is there any special setting for NAT if you have trouble accessing server. Server do come up but it take for ever. All our other server respond quick. But this server who is slow is an program application server.
Can I manage a single Wi-Fi network of WAP’s across a campus of 5 UDM’d and UDR’s.
I was thinking of using option 43 to point remote VLAN with the WAP’s to one “main” UDM SE.
I need to be able to rome between between buildings using the same SSID/passwords and distribute the traffic to each WAN.
Currently the WAP’s report the other buildings WAP’s as intruders on the SSID.
I have this up and running... sort of!
Option 43 worked as planned, and the WAPs on the remote sites (UDR) show and get adopted by the UDM-SE.
I can add them to groups and select the groups to broadcast SSIDs.
HOWEVER, I have not found a way to "adopt" the UDR WAP!
They don't show as adaptable to the UDM-SE.
Any Ideas?
I want to have dedicated wifi networks on site A and site B ... where i can connect to a dedicated wifi network where all traffic is routed via the VPN of the other site.
Simple! Setup a network vlan, assign the WiFi network to that clan, then under routing set the network to that clan, and interface to the VPN out connection. You may also want a firewall route to deny traffic outbound just in case the VPN connection drops
Does it also work if you have your UniFi Controller as a cloud controller?
No. This is for the unifi hardware firewall / controller lineup of products.
Oh yeah, thats cool! replacing ipsec with this magic site to site feature right now.
Thanks for sharing! good luck
speeds(file transfers) the same?
Question how dose the internt route when a client connet localy on a site ïs it like a splt tunnel where all internet trafic is local
Hi. One point is that I had to remove the old p2p VPN before it worked.
Thanks for sharing!
Really? Does this support CG-NAT? It isn’t in their documentation.
Yep! Its does.
Yep, tested with a starlink setup, setup in 3 seconds
Any way to connect two sites which are in different UniFi cloud Accounts?
Regular site to site vpn
Only 2 of my 6 UDMP Deployments are showing up for site magic configuration, any idea why?
What devices do you have? I meam the gateway devices
make sure they are all updated, I had the same issue
Yup, about 15 minutes after my comment I realized this feature only works on 3.1+, I was to excited updating and playing with my toys to come back here and post an update. It is disgusting how well it works, rdp 1000 miles away with no degradation, my remote access software is pointless on unifi deployments now lol
Almost like a company intranet
when i select all, i can't ADD
Nice! looks super cool!