Unifi VPNs 2024: Site Magic, Teleport, Wireguard

Nice overview. I've been setting up OpenVPN for remote users that just need access to the primary office NAS. What's nice is that only traffic to the NAS is routed through the VPN. I understand that Site Magic, and other options you showed would route all traffic through the VPN. Are you able to configure the VPN in any of the options you showed to only route traffic to a particular IP address (like when hosting VPN on Synology NAS)?

ApexOneTech

THIS helped me sooo much! Tried out Wireguard and Teleport. Thank you!

obiromaniankenobi

Whaaaa I was just researching this 5 minutes before this uploaded

Chenny

Excellent video! Was just doing research on these last week and this was great timing! 🎉

jj_

Hi Cody - great video! All your content has been very helpful for me. I had a somewhat unrelated question for you.
I'm setting up a different VLANs on my home network using your guides. In order to block vlans from accessing gateways and the management interfaces, you suggest setting up firewalls which, for example, block VLAN1 from accessing the gateway IPs of all other VLANs, and then also blocking access to its own gateway IP on ports 80, 22, and 443.

However, someone else just suggest to me that I can simply select the VLANs I want isolated and make them "guest networks" and all the necessary rules will be automatically created to prevent inter-vlan routing and devices from accessing the firewall, while still having internet - plus I don't have to fiddle with confusing IP and port groups and keeping them up to date if something changes.

Do you see any problem with that approach? Is there a reason you don't do that?
Any insight is much appreciated.

Tempo

Excellent video breakdown thank you. Like to see more detailed firewall rules around using site magic and blocking between to site please.

kevinhughes

Great video :) . I am temporarily living in another country. I have purchased video striming services in my country, but they are not available in the country where I currently live. Should I use the VPN client method to have access on several devices?

sawomirm

Great video thank you, Here are somethings I would like to see in a future video: Explain LAN in/out/local & Internet in/out/local. Also, I would like to see how you would connect both Unifi and non unifi devices to a UDMP using the Ubiquiti UMR as a remote for cameras both Unifi Protect and OnVif. Since the UMR seems to have a difficult time with port forwarding and the Site2Site is not really a Site2Site but just a vpn, I am wondering how you would approach that.

EnterActiveNetworks

I just like the L2TP does not require a client to be installed on macOS, but I get it's basically being deprecated.

justinknash

I was able to connect using both Teleport and WireGuard but I'm unable to hit any of the local IP addresses like he did. What am I missing?

fUjiMaNia

Any ideas or fixes for conflicting/overlapping OpenVPN tunnel IPs? I need to enable two different OpenVPN connections at the same time but it gives an IP conflict error because both are using 10.8.x.x for the tunnels. They work fine on their own. Great content, BTW! I have referenced many videos during my Unifi equipment setup.

SoloStrikeDude

Another informative video, it would be interesting if you made a video on how to create static routes between other manufacturers

PauloSilva-gyei

Awesome vid Cody, thanks. One question. I dont think its possible yet but, can you create a wireless network that direct you into a vpn connection? The reason is for example, i want to connect my tv to a netflix outside of my region, so i can watch restricted content.

wodnfn

Hi, another great video! Can you make a separate video specifically on setting up a wire guard client. Thanks

jasonbeiko

This is a great video! But I still don't understand why we need to use "LAN Out" on VPN firewall rules instead of "LAN In"? Can't wrap my head around it...any help would be really appreciated!

TangDynasty

Thanks for the video. What about routing tunneled wireguard clients to the commercial vpn connection? Is it possible to configure the wireguard clients to use the commercial VPN within Unify? In other words, In the case where unify has vpn client co figured with Nord and provides network wide vps for all devices. In this case, if we configure the wireguard ‘server’ in unify, and if i am connecting to unify from a different country via wireguard client. How can unify tunnel all my traffic through the Nord VPN for internet access while providing access to the LAN? i cannot find any tutorials to make this work. i tried it, but i’m my wireguard client doesn’t seem to use the nord vpn when connecting from outside (from a different country try for example)

asong

very nice video and very good job. the question I have is at the point where you set up the wireguard (server address) there is an exclamation mark there should we deal with it or not (if I remember correctly it should say something about the dynamic ip)

HliasPontioSsS

How would you route traffic from a remotely connected machine using wireguard to go via Nord VPN that is currently setup on the UDM?

zedmak

What about firewall rules *TO* the VPN? I've never been able to figure out how to block that. Tried adding a rule to LAN In and LAN Out saying local traffic to the VPN network should be dropped, but it seems to still go through?

brwyatt

Is it possible to set up a VPN connection to the deivce to get onto the network but not route internet traffic through the VPN?

hencoshannon