Problem is it's going to spawn a legion of network admins who think you can just click buttons and never have to understand anything or the reason why things work. Which is fine, until things stop working.
Great video, super helpful. Would be great to see how to leverage Site Magic in a home setting, where you have two sites, but you want the Apple TV in site 1 (UDM PRO) to access the site 2 (UDM PRO) internet gateway to avoid country content restrictions
Hi, nice video! For the full setup it would be nice that when you create firewall rules that you show how do you would drop any connection or allow only a few services from your NAS to the Internet and accept only a Plex Media Server. And also a short view about Port Forwarding for a Plex Server.
Hi - the most requested feature I think people would love you to cover is using this site to site auto vpn BUT crucially allowing the internet to breakout from one site. i.e. if you have 1 main site and 2 additional sites and you would like the additional sites internet to not breakout locally but instead breakout of the main site
Hi - hopefully this explains the requirement more. We have a main site in the UK and multiple other smaller sites outside of the UK. All have UDP Pro SE. At each sites there are various vLANs. We would like to add one vLAN at each abroad site to route all traffic on that vLAN back to the UK site including internet traffic. The requirement / use case is for a specific vLAN at an abroad site to breakout their internet connection from the UK, not locally.
Screw Unifi magic, YOU are the magic here my friend! Thanks for the tips. Question: I set up a site to site VPN as per your direction. Everything is working fine as I can access the subnets on either remote network. My question to you is: Is it possible to set up a teleport to one of the networks and have access the remote network that I have site to site set up with? Hope this makes sense and Thank you!
Can you please do a video where you send the internet traffic through another site connected through the Magic feature? Assuming it requires some allow rules at the internet site.
I do some smart home consultancy and I would like to learn more about the Unifi capabilities for local dns stuff and restructuring network access for certain types of smart home devices.
As far as I understand, the 1 public ip can be dynamic as it uses the unifi cloud to update the Wan address.. vpn traffic does not go through the unifi cloud, it only acts as a dynamic DNS service...
Would love to see a setup of routing internet traffic from one site through another sites ip. Perfect for streaming applications that require a home ip address (cable, Netflix, etc.) Cable know your ip and check for vpns running on device so having my phone connect to a wifi network at a second location that routes through my home networks ip would be great
On the full setup video, please include setting up Talk VLAN and port profiles. I am having issues getting the phone to be on one VLAN and the other Ethernet port on the phone (used to hook up a computer through the phone) to be on a different VLAN.
does the public IP need to be a static IP? I imagine this would limit it to commercial applications as opposed to homelab, since residential static IP isn't really a thing. Trying to see if this would work to connect two homes together on residential gigabit internet, but neither has commercial public.
Would love to know if this is possible now... Having to office sites each one with her own internet, but routing internet traffic from specific wired or wireless clients through the remote internet at the primary site. This is specifically useful when you have to have allowed IPs for client work.
I’ve been using site to site VPN for a while but I’ve always had issues. For example, I could access computers on the two external sites I connect, it I couldn’t do it if I was coming in on a VPN (IPsec or WireGuard). This has happened a few times if I was out of my house and my mother or my aunt (who have the other networks I manage) had problems. I’m hoping this new feature solves this problem. And I assume I should erase the current site to site configuration before doing this.
Hi Cody. Do you think the UniFi NVR could be shared across two sites when using site magic? Synchronous gigabit internet to both locations and 6-10 cameras at each site with a doorbell at each. I don’t know the latency between the two sites yet.
Hey Cody, Thank you very much 😊 I have a problem i need help with, my UDM-Pro Site to Site VPN isn’t working and I’ve gone through your Site to Site video in detail. Both of my sites have a double NAT and both site have been configured to run in bridge mode. My VPN is not connecting what so ever
Hello! my question is: in case i want to use that with a selfhosted controller on a vps for bypassing cgnat. Is that possible? That would be an absolute dream!
Hi, Would I be able to configure ports? example i need to connect VIOP from secondary to primary and have to switch the port profile network to the one in the primary?
Hello, I am curious as to how long it takes for the Magic Site-to-site VPN to establish a connection. I can get my networks to the connecting portion with the orange light - but after waiting 15 minutes it never connected. Is it worth giving it a longer time?
thanks for the good explanation. is it possible to connect 2 synology nas together with side to side using of 2 UDM ? i am not able to set up a VPN because 1 of the modem is use can't be in bridge mode.
Question: Would this situation allow 3 remote devices to be on the same VLAN? Although not a typical use case. In the UK our Satellite Provider has a main device. Additional hubs as such can connect to that and they communicate across on the same network rather than direct via satellite. They can see the main hub to access, place recordings and access the live tv rather than downloading natively through the WWW. So my question is - would this feature allow me to setup a singular VLAN accessible across my two sites using magic-magic so that we can trick the system to thinking on the same network despite being remote completely from the main interface. Obviously this would be a case that Satellite provider can't detect this and would need testing but the principal - possible?
Hi mate , I watch your videos all the time and I watch a lot of Unifi videos but I can’t find one to help me with my issue , I have AP pro upstairs and one down stairs in my home but no matter how I configure them they always seem to interfere with each other , any advice would be great and keep up the great videos, thank you
I have a double NAT, which my unifi express in on the lower NAT. I have a “subnet is forbidden” for the subnet I want to communicate with (probably because it’s in a different router). How do I get it to communicate with that subnet?
Hi always love the videos. Do you have anything with udm se vpn speeds for ipsec and any other vpns. I can't find much information on the speed it runs. Many thanks
I'm missing something, I tried this on multiple sites and it won't work. Everything is updated and had existing connections that work on the manual version.
I want to use Unifi Talk for my home office, but I have a nonpublic IP due to using a 5G connection. I've tried talking before and had issues that couldn't be resolved. With this S2S to another location with a public IP, could this be my solution to get talk working?
please do a Full 2023 video with - VLANS based on Security - VLANS based on ports (meaning that i want this PC in VLAN 2 to be able to send / receive data on this specific port 8123 to that vlan 40 to that pc ip) - VLANS where the default network can access everything in a vlan (30) but the vlan 30 cannot access anything else from any other vlan - WiFi optimization practises based on UniFi products - VPN from Windows laptop to UniFi (something like the WiFi man for android) these are some ideas.
If you already have a site-to-site VPN among two or more sites you plan to use Magic VPN with, will the Magic auto config disable those for you or do you need to remove them first?
And suddenly having multiple UXG's became useful. Unfortunately this needed to be back ported to the USG's so that you can migrate auto site-to-site VPN's to magic site-to-site VPN's.
Does anyone know how to get this to work? They are connecting perfectly in site magic. However, I can not ping the remote network or anything on it. Thought it might be a firewall issue, but nothing. Super frustrating to watch 10 people do the same thing I’m doing with connecting them via site magic and immediately ping the remote network. 😡😡
Hi, I would like to see how I can put an ASUSTOR NAS at my sister her house, so I can backup my ASUSTOR NAS in my house over internet to her NAS. So that would involve a VPN and firewall rules I suppose 😜. I would like a detailed schema so I can just swap out your IP stuff with mine and sister ones lol... I have UDM-Pro, she has nothing Unifi, just stock ISP router (Belgium)
@@mrmotofy well ASUS has their NAS to NAS things... it's just that I understand it to copy/paste between 2 NASses on the same local network, just not over the internet with all those FW rules and VPN stuff... But I'll take a look at ZeroTier
@@ASUSfreak Zeroteir makes it extremely easy and seamless to connect 2 networks over the internet...just slower than local due to normally slower upload speeds for residential internet. No vpn setup stuff, no ddns needed, no complicated settings...just connect the 2 and poof connected it's crazy easy
Hello bro i tired to contact you for site to site vpn configure but no feedback from ur end please if u can support i can provide details. I have udm setup my home and showroom i have multiple g4 g5 cameras need to be view at home.
Such a great feature. Love how simple and brilliant it is
Problem is it's going to spawn a legion of network admins who think you can just click buttons and never have to understand anything or the reason why things work. Which is fine, until things stop working.
So it has to be complicated or it's a bad idea? That's like all the admins that refuse anything with a GUI cuz it has to be more complicated in CLI
Hi, when you do the full build videos please go detailed into the firewall rules.
Great video, super helpful. Would be great to see how to leverage Site Magic in a home setting, where you have two sites, but you want the Apple TV in site 1 (UDM PRO) to access the site 2 (UDM PRO) internet gateway to avoid country content restrictions
This is exactly wat I need as well!
Sounds like you want a full tunnel. Generally just firewall rules to the remote site sending all traffic there.
Hi, nice video! For the full setup it would be nice that when you create firewall rules that you show how do you would drop any connection or allow only a few services from your NAS to the Internet and accept only a Plex Media Server. And also a short view about Port Forwarding for a Plex Server.
I wonder if it will use the secondary WAN in a failover scenario. Seems cool though, nice feature.
I'm glad they brought back this feature. I had to do a different way for the site to site as they couldn't get a static IP
Didn`t think I`ll be thinking about getting another Unifi console till now, yes, I`ll order UDR now just because of 😁this new feature Thank you
Hi - the most requested feature I think people would love you to cover is using this site to site auto vpn BUT crucially allowing the internet to breakout from one site. i.e. if you have 1 main site and 2 additional sites and you would like the additional sites internet to not breakout locally but instead breakout of the main site
So you're talking about a split tunnel vs full tunnel?
Hi - hopefully this explains the requirement more. We have a main site in the UK and multiple other smaller sites outside of the UK. All have UDP Pro SE. At each sites there are various vLANs. We would like to add one vLAN at each abroad site to route all traffic on that vLAN back to the UK site including internet traffic.
The requirement / use case is for a specific vLAN at an abroad site to breakout their internet connection from the UK, not locally.
@@andybarber1620 Ah yep you want a full tunnel. A split is where only the related traffic goes through the VPN
@andybarber1620 hey I'm in a similar boat. Did you figure out an answer for that?
Do you know if the wireguard vpn config is full tunnel or still split tunnel such as the site to site vpn config was before this magic vpn setup?
Screw Unifi magic, YOU are the magic here my friend! Thanks for the tips. Question: I set up a site to site VPN as per your direction. Everything is working fine as I can access the subnets on either remote network. My question to you is: Is it possible to set up a teleport to one of the networks and have access the remote network that I have site to site set up with? Hope this makes sense and Thank you!
That's looking great! (One question, will name resolution across the VPN/subnets work automatically also?)
Can you please do a video where you send the internet traffic through another site connected through the Magic feature? Assuming it requires some allow rules at the internet site.
Is there a way to restrict VPN access to only certain devices, when this is enabled.
I do some smart home consultancy and I would like to learn more about the Unifi capabilities for local dns stuff and restructuring network access for certain types of smart home devices.
Question: does the device with the public facing ip need to be a fixed ip? or can it be dynamic? thanks for the information!
As far as I understand, the 1 public ip can be dynamic as it uses the unifi cloud to update the Wan address.. vpn traffic does not go through the unifi cloud, it only acts as a dynamic DNS service...
Would love to see a setup of routing internet traffic from one site through another sites ip.
Perfect for streaming applications that require a home ip address (cable, Netflix, etc.) Cable know your ip and check for vpns running on device so having my phone connect to a wifi network at a second location that routes through my home networks ip would be great
That's full tunnel
Great feature! That makes site to site very easy
Wow, great stuff, makes connecting to branch and remote offices easier, thanks
On the full setup video, please include setting up Talk VLAN and port profiles. I am having issues getting the phone to be on one VLAN and the other Ethernet port on the phone (used to hook up a computer through the phone) to be on a different VLAN.
How does it work with the DNS servers?
Looking forward to the full build video!
does the public IP need to be a static IP? I imagine this would limit it to commercial applications as opposed to homelab, since residential static IP isn't really a thing. Trying to see if this would work to connect two homes together on residential gigabit internet, but neither has commercial public.
I have a UniFi network at home and one at lake house. Would this setup allow me to use my Netflix account at both locations?
On your 2023 build guide please don’t forget VLANs and Traffic Management. Thanks 🙏
Can it be a public FQDN or does it still have to be an IP address?
Would love to know if this is possible now... Having to office sites each one with her own internet, but routing internet traffic from specific wired or wireless clients through the remote internet at the primary site. This is specifically useful when you have to have allowed IPs for client work.
I’ve been using site to site VPN for a while but I’ve always had issues. For example, I could access computers on the two external sites I connect, it I couldn’t do it if I was coming in on a VPN (IPsec or WireGuard). This has happened a few times if I was out of my house and my mother or my aunt (who have the other networks I manage) had problems. I’m hoping this new feature solves this problem. And I assume I should erase the current site to site configuration before doing this.
Firewall rules maybe
Hi Cody. Do you think the UniFi NVR could be shared across two sites when using site magic? Synchronous gigabit internet to both locations and 6-10 cameras at each site with a doorbell at each. I don’t know the latency between the two sites yet.
I would love to see the best way to configure firewall rules for a webserver where only IP's in the USA are allowed to hit it.
you can restrict by county, just block everything other than US
Awesome, can you do a video on setting up 1:1 NAT?
Thanks
Can you make a video where one can make Wifi network on Site A that will use the network of Site B or vice versa ? (using the Unifi Magic feature)
Hey Cody,
Thank you very much 😊
I have a problem i need help with, my UDM-Pro Site to Site VPN isn’t working and I’ve gone through your Site to Site video in detail.
Both of my sites have a double NAT and both site have been configured to run in bridge mode. My VPN is not connecting what so ever
Hello!
my question is: in case i want to use that with a selfhosted controller on a vps for bypassing cgnat. Is that possible? That would be an absolute dream!
Hi, Would I be able to configure ports? example i need to connect VIOP from secondary to primary and have to switch the port profile network to the one in the primary?
Hello, I am curious as to how long it takes for the Magic Site-to-site VPN to establish a connection. I can get my networks to the connecting portion with the orange light - but after waiting 15 minutes it never connected. Is it worth giving it a longer time?
Hello, is it possible to incorporate a Unifi Express to a Magic Site?
thanks for the good explanation. is it possible to connect 2 synology nas together with side to side using of 2 UDM ? i am not able to set up a VPN because 1 of the modem is use can't be in bridge mode.
Question: Would this situation allow 3 remote devices to be on the same VLAN? Although not a typical use case. In the UK our Satellite Provider has a main device. Additional hubs as such can connect to that and they communicate across on the same network rather than direct via satellite. They can see the main hub to access, place recordings and access the live tv rather than downloading natively through the WWW.
So my question is - would this feature allow me to setup a singular VLAN accessible across my two sites using magic-magic so that we can trick the system to thinking on the same network despite being remote completely from the main interface. Obviously this would be a case that Satellite provider can't detect this and would need testing but the principal - possible?
Hi mate , I watch your videos all the time and I watch a lot of Unifi videos but I can’t find one to help me with my issue , I have AP pro upstairs and one down stairs in my home but no matter how I configure them they always seem to interfere with each other , any advice would be great and keep up the great videos, thank you
I have a double NAT, which my unifi express in on the lower NAT. I have a “subnet is forbidden” for the subnet I want to communicate with (probably because it’s in a different router). How do I get it to communicate with that subnet?
site to site with a unifi express and dream machine pro should be a no brainer? asking for a friend :-) Thanks.
and maybe the firewall rules between sites?
What about the vpn clients/users connected to lets say Site A, will they be able to reach Site B after Magic Site vpn ist established?
Hi always love the videos. Do you have anything with udm se vpn speeds for ipsec and any other vpns. I can't find much information on the speed it runs. Many thanks
Excellent feature thanks for sharing.
Hi, with this VPN, can we create one hotspot on Head Office UDM for multiple Sites ? I need advice on that.
I'm missing something, I tried this on multiple sites and it won't work. Everything is updated and had existing connections that work on the manual version.
I want to use Unifi Talk for my home office, but I have a nonpublic IP due to using a 5G connection. I've tried talking before and had issues that couldn't be resolved. With this S2S to another location with a public IP, could this be my solution to get talk working?
Will this work if you have a DHCP assigned External IP, or does it require a static external IP?
Can I add a route rule to route specific traffic to the vlan magic site created? cause I didn't see that in the interface selection box
if we have 4 different buidling should we have a udm on each building>?
Please add a full setup of a guest hotspot and captive portal!
Watching the video from Unifi about this it seems you can have overlapping subnets....
please do a Full 2023 video with
- VLANS based on Security
- VLANS based on ports (meaning that i want this PC in VLAN 2 to be able to send / receive data on this specific port 8123 to that vlan 40 to that pc ip)
- VLANS where the default network can access everything in a vlan (30) but the vlan 30 cannot access anything else from any other vlan
- WiFi optimization practises based on UniFi products
- VPN from Windows laptop to UniFi (something like the WiFi man for android)
these are some ideas.
Can i connect a Camera on a diffrent site to my UDM Pro with site magic?
Question if I use magic site to site - Can I set an exit point e.g. Site 1 connected to Site 2, but all traffic to the internet goes out via Site 2
Great explanation. Thanks
Magic Site to Site requires 1 router to have a Public IP. How do I do this on UDM-SE?
can you do firewall ruls for site to site vpn firewall rules to only allow nas or others
Is it possible to configure site-to-site VPN from a Dream Machine Pro to a Unify Express? Does it both work with Site Magic?
Yup you can do either way
If you already have a site-to-site VPN among two or more sites you plan to use Magic VPN with, will the Magic auto config disable those for you or do you need to remove them first?
Makes you remove any pre-existing subnets that would be "overlapping" with a subnet used by Site Magic.
Is it possible to have a specific device on Site A to appear as if it’s located at site B
Will it work on if one there are two owners but the owner is invited to the other site?
Is it possible through magic to receive dhcp from a vlan of another site?
And suddenly having multiple UXG's became useful. Unfortunately this needed to be back ported to the USG's so that you can migrate auto site-to-site VPN's to magic site-to-site VPN's.
Does anyone know how to get this to work? They are connecting perfectly in site magic. However, I can not ping the remote network or anything on it. Thought it might be a firewall issue, but nothing. Super frustrating to watch 10 people do the same thing I’m doing with connecting them via site magic and immediately ping the remote network. 😡😡
magic vpn is supported on UniFi Dream Router also?
It is
Hello i have 2 udm et one udr and i Can see just 1 item. I'm the owner of the 3. I don't know how to do
How did you get this portal? mine doesnt have that green stats bar under each device. Thanks
Hi u must do an upgrade
Hi,
I would like to see how I can put an ASUSTOR NAS at my sister her house, so I can backup my ASUSTOR NAS in my house over internet to her NAS. So that would involve a VPN and firewall rules I suppose 😜. I would like a detailed schema so I can just swap out your IP stuff with mine and sister ones lol... I have UDM-Pro, she has nothing Unifi, just stock ISP router (Belgium)
Then you want Zeroteir on a device at each location for super easy remote network sharing or Tailscale for something but little more configuration
@@mrmotofy well ASUS has their NAS to NAS things... it's just that I understand it to copy/paste between 2 NASses on the same local network, just not over the internet with all those FW rules and VPN stuff... But I'll take a look at ZeroTier
@@ASUSfreak Zeroteir makes it extremely easy and seamless to connect 2 networks over the internet...just slower than local due to normally slower upload speeds for residential internet. No vpn setup stuff, no ddns needed, no complicated settings...just connect the 2 and poof connected it's crazy easy
Cool feature
Oye y cómo puedo hacer pasar una Vlan de tercero por la VPN site to site
Thanks
Ugh, it requires v3, and of course the regular udmp are still stuck on v2…
They are all on 3.0 you need to update
Hello bro i tired to contact you for site to site vpn configure but no feedback from ur end please if u can support i can provide details. I have udm setup my home and showroom i have multiple g4 g5 cameras need to be view at home.
Hey I am on vacation until august 1 and will be out of the country
You are the best!!!
Damn, has to be same owner, not just admin?
Full ownership . Not sure if this will change in the future
Anyone have any idea of what speed limitations there are between sites?
Does this work with the USG?
It does not
1000 or 15 sites?
Eventually it’s suppose to be 1000
@@MactelecomNetworks Thanks, nice video. No ETA on a 1000 sites
This isn't as much site to site VPN as it is sites to sites VPN.
SIP trunk behavior