In UniFi community we have now a few choices in the case of establishing or utilizing VPN. Whether or not you need to join from a distant community to your personal community, join a number of websites collectively, or need to use a privateness VPN like NordVPN.
Every VPN choice in UniFi has a distinct use case, however they’re all straightforward to configure within the present variations of UniFi community.
On this article, we’ll take a look at the completely different VPN choices in UniFi community, clarify their objective, and present you easy methods to configure them.
UniFi VPN Choices
In UniFi Community there are 5 completely different VPN choices that we will use. Which VPN choice that you must use actually relies on what you need to do. Once you open the VPN settings, you will notice 4 completely different choices at first look, the fifth choice, Web site-Magic, is out there within the website supervisor when you could have a number of websites.
Earlier than we go into element about every choice, let’s first check out the completely different choices and their use case:
- Teleport – Simply connect with your community out of your cell or desktop utilizing the WiFiman app.
- VPN Server – Permits you to join units to your community, utilizing WireGuard or OpenVPN
- VPN Consumer – Generally used with privateness VPN options, like NordVPN or SurfShark
- Web site-to-Web site VPN – Used to create a safe tunnel between two networks.
- Web site Magic – Web site-to-Web site VPN between two UniFi websites
UniFi Teleport
Teleport is designed as an easy-to-use VPN resolution to your community. It permits you to connect with your community out of your cell gadget or desktop with the WiFiman app. With the VPN connection enabled, you cannot solely entry your native community gadget, like your NAS but additionally browse the web utilizing your personal web connection.
Particularly the latter is nice when you find yourself engaged on a public community. In these instances, you don’t need to entry delicate data, like your on-line financial institution. However by utilizing UniFi Teleport, you possibly can securely entry it by a safe VPN connection.
Utilizing UniFi Teleport
To make use of UniFi Teleport, you solely have to allow it within the UniFi Community app, underneath Settings > VPN > Teleport. You possibly can then set up the WiFiman app in your cell or desktop gadget and easily register along with your site-admin account to connect with the VPN.
An alternative choice is to generate an invite hyperlink to ask different customers. The consumer is then taken to a website the place they’ll scan the QR code and connect with Teleport. The one draw back of Teleport is that the hyperlink can solely be used on one gadget.
Just be sure you learn this text as effectively for a extra detailed information on UniFi Teleport.
VPN Server
UniFi Teleport is mainly a pre-configured VPN Server to your UniFi Community. It really works nice for cell units or desktops, however typically you want a bit extra. For instance whenever you need to join units to your personal community that don’t run the WiFiman app. Or whenever you want extra management over the assigned IP Addresses.
To create a VPN server, go to Settings > VPN and select VPN Server. The primary selection that you’ll have to make is the VPN kind that you just need to use:
- WireGuard – Light-weight, fashionable, and safe protocol. It’s the quickest of the three however just isn’t supported by all purposes/units.
- OpenVPN – An older, however nonetheless safe protocol. Has broader assist than WireGuard, however requires extra processing energy, making the connection slower.
- L2TP – Legacy VPN protocol. Solely use it when you possibly can’t use any of the opposite two choices
Organising a VPN Server
With the WireGuard VPN kind chosen, you will have to offer your server a reputation. This title will probably be seen within the VPN shopper, so ensure that it’s a significant title. You possibly can depart the server deal with in your WAN connection.
With the server facet accomplished, you possibly can create the configuration for the purchasers. Merely click on on Add shopper and provides the shopper a reputation and obtain the Configuration File. You’ll need to create a VPN configuration file for every distinctive shopper.
If you wish to know extra in regards to the VPN server and easy methods to configure the completely different choices, then be sure you learn this text the place we go extra into the main points.
VPN Consumer
With the UniFi Cloud Gateway, we will additionally connect with different VPN servers. I usually see this getting used for privacy-based VPNs, like ProtonVPN or Surfshark. The benefit of utilizing your Cloud Gateway as a shopper is which you can route all, or part of your visitors, by the VPN.
The true power of the VPN shopper comes with the Coverage-Based mostly routing choices. This lets you configure which visitors must be routed by the VPN. For instance, you possibly can configure that solely explicit units are routed by the VPN, or solely particular domains.
It’s additionally potential to pick a particular community to be routed permitting you to create for instance a devoted WiFi community for it.
Take into account although that the VPN Consumer will increase the load in your Cloud Gateway. Particularly on the smaller Cloud Gateways, just like the UniFi Specific, the VPN Consumer causes efficiency points.
Configuring the VPN Consumer
To configure the VPN Consumer, you will have to have a WireGuard or OpenVPN configuration file which accommodates the keys and all the opposite particulars for the connection. The most suitable choice is to make use of WireGuard, however not all VPN suppliers assist that together with a router (Cloud Gateway)
For instance, NordVPN is a bit troublesome to stand up and operating with WireGuard. However with ProtonVPN you possibly can merely obtain the WireGuard configuration file, add it, and set up the connection with out points.
You’ll need to create one Coverage-Based mostly route not less than after you could have efficiently added the VPN connection. In any other case, none of your visitors will undergo the VPN connection.
I may even create a extra in-depth article in regards to the VPN Consumer and the Coverage-Based mostly Routing. Just be sure you observe LazyAdmin.nl on Fb or subscribe to the e-newsletter to remain updated.
Web site-to-Web site VPN
The positioning-to-site VPN permits you to join your UniFi Community to a distinct (non-UniFi) community. You possibly can mainly create a VPN tunnel with some other model router that helps IPsec or OpenVPN.
Web site-to-site VPN options are sometimes solely utilized in enterprise community environments and could be a bit troublesome to stand up and operating.
So I’m not going into particulars on easy methods to configure and use it as a result of it additionally actually relies on what sort of gadget you might be connecting with.
If you wish to create a site-to-site VPN reference to one other UniFi Cloud Gateway, then it’s best to actually try the Web site Magic choice.
Web site Magic
Web site Magic is an SD-WAN resolution that permits you to simply inter-connect a number of UniFi Gateways. It creates a WireGuard VPN between the completely different websites and makes use of OSPF to study all of the routers which can be marketed.
There are a few essential necessities in the case of utilizing Web site Magic which can be good to know:
- One console might want to have a public IP Handle (The opposite console might be in double-NAT mode (behind one other router))
- Solely UniFi Cloud Gateways are supported and the UXG Professional paired with a Cloud Key
- Must run UniFi OS 3.1 or newer
- Max 15 websites are supported (UniFi OS 3.2)
- IP ranges on the completely different websites can’t overlap
- IPv6 just isn’t but supported
Sadly, we will’t use policy-based routing with Web site Magic. An choice might be to configure static routes, however that’s not as easy as creating policy-based routes.
Wrapping Up
With UniFi Community we get a variety of choices in the case of creating and utilizing VPN connections. Teleport is one thing that you just actually ought to check out. Setting it up solely takes a few minutes and it’s very easy to make use of. Excellent for when you find yourself engaged on a public WiFi connection.
Just be sure you try the in-depth articles as effectively. When you’ve got any questions, simply drop a remark beneath.