Unifi OpenVPN Server

Поделиться
HTML-код
  • Опубликовано: 29 окт 2024

Комментарии • 82

  • @terrorwolf0213
    @terrorwolf0213 Год назад +2

    That's a great Video! Let's hope they'll release IKEV2 at some point.

  • @tfacter
    @tfacter Год назад +1

    I love this feature and have had it running since possible. My family members have UDR's and I have the SE. With Netflix cutting down on password sharing, I've been able to use this to forward all traffic from their respective apple tv's through the vpn

    • @AngelusHD
      @AngelusHD Год назад

      how did you do that, are there links provided to set such a thing up?

  • @AviatorMike777
    @AviatorMike777 Год назад +3

    Great video. The only thing that stinks with using OpenVPN on a UDM is that it’s only TCP-based and not UDP. Not very efficient for an IPSec tunnel. Let’s hope Ubiquiti changes that or at least gives you an option between the two. Furthermore, you can only create one OpenVPN tunnel/server. Let’s hope they change that as well in the future.

    • @canadianwildlifeservice8883
      @canadianwildlifeservice8883 Год назад

      Using TCP on port 443 for OpenVPN can be useful for bypassing firewalls that block other outbound ports since it looks like normal HTTPS traffic.

  • @spokdayz
    @spokdayz Год назад +1

    Hey Cody, love ur job ! Keep going

  • @alexfleener
    @alexfleener Год назад

    Hurray for dark mode! Thanks. Cody 😊

  • @gaijinboricua
    @gaijinboricua Год назад +1

    Any information on the network speed impact when doing this in an UDM Pro? Does it really go down to 800 Mbps?

  • @johnmoricone294
    @johnmoricone294 9 месяцев назад

    Hi there, I've been using L2TP VPN on my USG Pro. It stopped working and Ubiquiti says my ISP is blocking the signal/traffic. The ISP says they don't do that. It's been a run around. Will this help me VPN back into my network or is it another round of back and forth? What are your thoughts on my current situation? Thank you

  • @Firebirdgm2000
    @Firebirdgm2000 Год назад

    How do I prevent the clients from accessing the other network if the VPN goes down?

  • @friteradgurka
    @friteradgurka Год назад

    this don't work for me... I upload the file to OpenVPN Connect on android, add username and password i try and connect, but it instantly fails. blinking ON and then OFF in a fraction of a second. No error or even a log event.
    What do i do? any ideas?

  • @pantag2
    @pantag2 11 месяцев назад

    So, is it better to do the VPN set up on the Unifi or on Synology side? Also, what about Tailscale, as a replacement for all these VPN configurations?

  • @mattguyatt
    @mattguyatt Год назад +1

    Great video thanks! Quick question, is every traffic rule processed no matter what? I would have thought the traffic would have been immediately dropped after hitting your first block rule and disregarded your allow rule? Or are the rules processed from bottom to top?

    • @MactelecomNetworks
      @MactelecomNetworks  Год назад +2

      There is no way to order traffic management rules as of yet and not sure if there will be.
      So if you add allow rules under block rules it still works

  • @jcb5388
    @jcb5388 Год назад

    Does this allow WAN traffic to be sent? If your outside the home and connect to the VPN and do a what is my ip does it show the VPN IP and DNS or your cellular IP and DNS?

  • @gizmoboy253
    @gizmoboy253 Год назад +1

    Keep up the great work

  • @pe1pqx321
    @pe1pqx321 9 месяцев назад

    Hi Cody,
    This OpenVPN setup works nice, however I cannot get out again via the internet. (Internet pass-throug?)
    The OpenVPN clients will not get an Gateway IP adress and are not able te get out to the web again.
    I like to use OpenVPN on my smartphone (when not at home) to use 2 Pi-Holes on my phone also. (I really hate annoying advertisements, and do not want to install "an other app" in my android phone)
    The only (known to me that is) work around is to "allow access to LAN/VLAN" to get internet on my smartphone.
    Big security risk here is access to all de LAN devices are allowed, no blocking is in place then.
    What I like to achieve: internet access with add-block capabilities AND access to selected devices (only NAS and LAN printer for example), but no access to Unifi Console via VPN.
    Equipment: UDM-Pro, Unifi OS 3.2.9, Unifi Network 8.028 with a 1/1gbit fiber connection.

  • @manslayerdbzgt
    @manslayerdbzgt Год назад

    Hey Cody does open VPN I tried all the settings does it not work with starlink I was thinking the dynamic DNS would maybe work with it but it'll probably doesn't cuz starling shares but I thought I don't know maybe I thought wrong or thought right or maybe I did something wrong but I followed all your steps to tea and it did not connect to the starlink but also open VPN the dynamic DNS name said I hit activate but it says I can't activate my name unless I pay money so I'm kind of confused cuz you made it seem like there was no paying for it so I just want to know

  •  Год назад

    Hey Cody! A month ago, DNSoMatic and Cloudflare DDNS (dyndns) stopped working on my UXG. Nothing's working so I have to use MarcsUpdater. Have you been able to make it work recently?

  • @vladjirasek
    @vladjirasek Год назад

    Thanks for the video. Does this OpenVPN implementation support static IP assignments for the vpn clients?

  • @Solanum.95
    @Solanum.95 Год назад

    Great video! Could you make a video on a OpenVPN Site to Site later on as well? Would like to see it! Keep up the good work!

  • @canadianwildlifeservice8883
    @canadianwildlifeservice8883 Год назад

    What do you guys think? I'm using the free home edition of Sophos Firewall with one of their access points. The access point is about to reach end-of-life later this year and will no longer function. Their newer access points are super expensive (we're talking almost $350 for the better entry-level models) and then you can only use them with Sophos firewalls. I have some Tp-link Omada switches and a controller. I would either stick with Sophos and go with a tp-link Omada access point which would make the most sense right now, or dump Sophos altogether and go with Ubiquity now that they are working on having OpenVPN server in their devices. From a security standpoint, Ubiquity is a kid's toy compared to Sophos, but Sophos can be a real pain to configure all the time and requires extensive amounts of configuration to keep working.

  • @agad7792
    @agad7792 Год назад

    Very solid

  • @darealdynasty
    @darealdynasty Год назад +2

    Great video as always my man 🇨🇦...Im curious...when you created that allow rule, did it automatically build out a route for that traffic flow? Would be interesting to see how it builds out the route. I know there are options for manually configuring routes.

    • @MactelecomNetworks
      @MactelecomNetworks  Год назад

      Ya it’s all automatic I didn’t do anything else. I’m sure you can go into the cli and see how it routes it

    • @darealdynasty
      @darealdynasty Год назад

      @@MactelecomNetworks makes sense brother. Appreciate your great work as always Sir.

  • @gonxme4
    @gonxme4 Год назад

    What are the max simultaneous users at the time on OpenVPN? Can we do 10 users?
    Also, with OpenVPN, can we have more than 5 concurrent users on RDP on different computers?

  • @Jupiter0ne
    @Jupiter0ne Год назад +1

    Hi Cody. Is this setup an alternative to the WireGuard video you previously created? In other words, is OpenVPN just another way for allowing remote access INTO your network? If so, I'm curious what the differences are. This setup seemed way more involved than the WireGuard setup.

    • @MactelecomNetworks
      @MactelecomNetworks  Год назад +6

      They are both used to login to your network remotely it’s just a personal preference.
      I wouldn’t think this is anymore involved and there is a lot of other things you can do with OpenVPN over wireguard. I may do a video comparing all of them

    • @Jupiter0ne
      @Jupiter0ne Год назад +3

      @@MactelecomNetworks With the various VPN options, a comparison video would be great!

    • @ezln028
      @ezln028 Год назад

      Hey Cody i have my cable modem as bridge mode but every time the model gets a new ip my udm pro looses wan and the only way to get it back online is to factory reset the modem.

  • @AnandakrishnanM27
    @AnandakrishnanM27 Год назад

    hi, how can I make the ddns update my ip automatically on the unifi device itself?

  • @TheRealscarab
    @TheRealscarab Год назад

    Did you had success with Stripe / payment logistic yet with the new captive portal page?

  • @hufftechsolutions7903
    @hufftechsolutions7903 Год назад

    Not sure why UI has to make it this difficult. On Untangle, it takes 20 sec to setup and just works. I've set and re-set this up multiple times and can never hit anything on my network while on VPN. I get my 192.168.2.x IP but can't talk to 192.168.1.x...no rules or traffic management. So damn frustrating

  • @zwstyles621
    @zwstyles621 Год назад

    Does this mean that I can finally route my clients to use the UDM as an exit point out to the internet. For a while I have been trying to work out how to get my remote site a to egress to the internet via site b. If I set up a client on site b and create the appropriate rule, do you think I will be able to achieve this? As always thanks for the great videos.

  • @VinayJhinkoe
    @VinayJhinkoe 11 месяцев назад

    How many concurrent users can connect with this?

  • @eduardovazquez3357
    @eduardovazquez3357 Год назад

    How can I block the vpn clientes to been able to access the web interface of the UDM

  • @JoerBrando
    @JoerBrando Год назад

    Is this new version changing anything on the Site-to-Site side of things? Or is it mainly just for clients to connect? I have a client who needs a Site-to-Site VPN between 2 sites, where 1 site has static IP but the other is behind CG-NAT. Any ideas how to solve this in UniFi?

    • @MactelecomNetworks
      @MactelecomNetworks  Год назад +1

      So this is just for client to site. Ubiquiti is coming out with a new VPN for site to site check it out here ( need an EA account)
      community.ui.com/questions/Introducing-the-Magic-Site-to-Site-VPN-feature/5caa6244-6cae-472a-ac79-6922c211fe43

  • @ThePcarneiro
    @ThePcarneiro Год назад

    Hello, great video.
    I also have it working but found an issue. I cant setup tunneling on the Android openvpn client.
    as soon as I connect al my web trafic goes trough the UNIFI.
    I tried anualy editing the config file adding route-nopull settings but no luck.
    could you please test or give some help?
    many thanks

  • @przeniko
    @przeniko Год назад

    Hi this is very useful tutorial. I wonder how to add speed limit over the VPN connection?

  • @muazabbas73
    @muazabbas73 Год назад

    Awesome!

  • @Jim-tw4ck
    @Jim-tw4ck Год назад

    Do they still have the issue where traffic management rules don't order properly as additional rules are added in 7.4.156? In the past if you added a rule that needed to be higher in the list you'd have to remove everything and add them all again in the correct order.

    • @MactelecomNetworks
      @MactelecomNetworks  Год назад

      Nope seems its been corrected. I do know I was having that issues in a previous video but seems good now

  • @JorgeHerrera0720
    @JorgeHerrera0720 Год назад

    Is there no way to organize the rules like the firewall rules? What is better, Firewall Rules or Traffic Management? What’s the difference if any.

    • @MactelecomNetworks
      @MactelecomNetworks  Год назад +2

      You can organize the traffic management rules it does it for you. It seems Ubiquiti is trying to push traffic management more than firewall it’s a little easier to understand.
      The traffic management rules really are just firewall rules so which ever you feel more comfortable creating

    • @JorgeHerrera0720
      @JorgeHerrera0720 Год назад

      @@MactelecomNetworks ahh okay that makes sense. They are easier. I just didn’t know if you can re-organize them. I saw some users couldn’t on the forums. I’ll try to make sure.

  • @andrewenglish3810
    @andrewenglish3810 Год назад

    Does this allow for 2FA? Most commerical VPN server/clients also support 2FA which adds an extra layer of security.

    • @MactelecomNetworks
      @MactelecomNetworks  Год назад +1

      That I will have to get back to you on. The only VPN within Unifi that I know 100% does support 2fa is UID VPN

  • @ronm6585
    @ronm6585 Год назад

    Thanks.

  • @davidesguerra7837
    @davidesguerra7837 7 месяцев назад

    Do you use dynamic IP from ISP

  • @rodolfoandrade8749
    @rodolfoandrade8749 2 месяца назад

    Amigo boa noite, posso usar outra porta tipo 1195 ?

  • @Devilz4Cry
    @Devilz4Cry Год назад

    Hi, can anybody tell me how many openvpn tunnels are possible with the Dream Machine Pro. I don't find any specs in the internet

  • @perrenud8282
    @perrenud8282 Год назад

    Hi Cody. please comment on the subject of using hotel WiFi to use internet or Teams meeting thru openVPN on Dream Machine but not exposing internal nodes for employies. Thank you in advance Best regards Per

  • @MarcPicard-b3q
    @MarcPicard-b3q Год назад

    is it possible to add 2fa with openvpn

  • @stephenfgdl
    @stephenfgdl Год назад

    It sucks that this doesn't work on USG PRO

  • @DJZF93
    @DJZF93 Год назад

    Do we need any subscription to use that vpn ? It is free? Thank you for your videos

    • @MactelecomNetworks
      @MactelecomNetworks  Год назад

      It’s free :) I mean beside buying the Ubiquiti hardware but no subscription

  • @shaunlavoie6183
    @shaunlavoie6183 Год назад

    What is the ping utility you are using?

  • @mathewcampisi7594
    @mathewcampisi7594 Год назад

    Hey Bro awesome videos, can you show how to connect to cloudflare? Also you have any vids on site to site connections with cloud providers? I have aws, and oracle cloud. Thanks in advance for any help you can give.

  • @Saadsug
    @Saadsug Год назад

    Is WireGuard more secure than open VPN?

    • @The_Tech_Ninja
      @The_Tech_Ninja Год назад +2

      They are both open-source protocols but wireguard is faster and newer!

    • @vladjirasek
      @vladjirasek Год назад

      Wireguard is much simpler protocol and code. Simplicity if friend of Security. That said, OpenVPN can support MFA while Wireguard does not.

  • @dbcooper7326
    @dbcooper7326 Год назад

    Wouldn't the Teleport 'Zero configuration remote access VPN' be an out of the box alternative ? I just want to give to my son so he can access our netflix 'from within the housegold'

    • @MactelecomNetworks
      @MactelecomNetworks  Год назад +2

      Sure but there is no windows client for teleport

    • @The_Tech_Ninja
      @The_Tech_Ninja Год назад

      Hope that unifi brings up a client version for windows too.

  • @ChrisHolzer
    @ChrisHolzer Год назад

    useless as doubleNAT is still not supported...
    for 5+ years the DynDNS implementation in EdgeOS has been able to figure out my WAN address even when I am forced to run behind the ISP router (inside its DMZ) - why wont UBNT add this to Unifi? We have been requestion this for so many years.....
    also why do we still have to manually edit the wireguard / ovpn config file to add the dyndns name?....
    same goes for when you dont want inbound wireguard connections to route the devices internet traffic through the tunnel (like when you just need remote access to your site), you must to go into the config file and remove the DNS entries......
    VPN is still such a half baked solution in unifi.

    • @MactelecomNetworks
      @MactelecomNetworks  Год назад

      Just port forward port 1194 from your isp gear towards the dream machine. Problem solved

  • @eduardovazquez3357
    @eduardovazquez3357 Год назад

    Can you make a video of site to site using openvpn

  • @antoniosa
    @antoniosa Год назад +1

    Why not use teleport ?

  • @rlocone
    @rlocone Год назад +1

    It would've been cool to put MacTeleComNetwork on the back of the t-shirts.

    • @MactelecomNetworks
      @MactelecomNetworks  Год назад +2

      That’s actually not a bad idea. I can make different variations just need to get the graphic artist to send me it

    • @darealdynasty
      @darealdynasty Год назад

      I'm here for a pre-order special lol

    • @MactelecomNetworks
      @MactelecomNetworks  Год назад +2

      @@darealdynasty 😂 I can talk to the person today and see

    • @MactelecomNetworks
      @MactelecomNetworks  Год назад +1

      New shirt with branding on the back
      mactelecomstore.com/listing/mactelecom-ufo-shirt

    • @darealdynasty
      @darealdynasty Год назад

      @@MactelecomNetworks good looking out 🔥 order placed!!