Ubiquiti Controller/USG - and VPN setup

xrapidx

xrapidx

Honorary Master
Joined
Feb 16, 2007
Messages
42,198
Reaction score
4,044
Location
Cape Town
Sometime in December, I accidentally deleted my Ubiquiti controller (docker container) - and subsequently realised my backup wasn't working. I had to re-do my entire network (fortunately, hardware wise, only the USG and 2APs) - but - quite a bit of work with the IoT devices.

Now - for the life of me - I can't get my remote-client VPN running again. Controller version is 6.0.43.

Previously - there was a wizard, it seems to have been removed, I've tried following this guide, section: "Classic Web UI L2TP Server", because "New Web UI Basic L2TP Server" doesn't exist.

Only thing I can find that resembles my issue is this post on reddit.

On the client side, it just fails to connect - I see nothing on the server side being logged.

If anyone has experienced anything simliar, or could offer advise - it'd be appreicated.
 
I'd suggest using openvpn. There's some good how to's on the net...
 
I thought the USG was a controller in and of itself?

Anyway what VPN are you trying to connect to? It wasn’t clear or I missed it maybe.

Had a ball of a time trying to get an AWS VPN going recently on a UDM (and gave up), but OpenVPN was dead simple.
 
SauRoNZA said:
I thought the USG was a controller in and of itself?

Anyway what VPN are you trying to connect to? It wasn’t clear or I missed it maybe.

Had a ball of a time trying to get an AWS VPN going recently on a UDM (and gave up), but OpenVPN was dead simple.
Click to expand...
Nope. The usg is a router/firewall.
 
Sinbad said:
I'd suggest using openvpn. There's some good how to's on the net...
Click to expand...
I had openvpn running before on my previous router - not an option at the moment as I dont have anywhere to run it.
 
xrapidx said:
I had openvpn running before on my previous router - not an option at the moment as I dont have anywhere to run it.
Click to expand...
It runs on the usg. You have clients on your phones/remote devices...

Or do you mean outbound VPN?
 
SauRoNZA said:
I thought the USG was a controller in and of itself?

Anyway what VPN are you trying to connect to? It wasn’t clear or I missed it maybe.

Had a ball of a time trying to get an AWS VPN going recently on a UDM (and gave up), but OpenVPN was dead simple.
Click to expand...
The controller is separate in the Unify space...

I'm trying to setup the VPN "server" as per the link, to allow access to my home network, from my phone/laptop.
 
xrapidx said:
Ah, thanks - might give this a try, although I see it uses the controllers Radius server, which I suspect where my existing problem is.
Click to expand...
I think you can do it with static users as well.

Here's a setup using certificates

How to set up an OpenVPN server on a Unifi USG

I love being able to jump back into my home network via OpenVPN, it’s much more secure, easier to set up and is supported by quite a few…
medium.com medium.com
 
xrapidx said:
The controller is separate in the Unify space...

I'm trying to setup the VPN "server" as per the link, to allow access to my home network, from my phone/laptop.
Click to expand...

Yeah that VPN I recall is only there for linking multiple Unifi Gateways to each other and is a mess to configure for anything else.

But like Sinbad says OpenVPN is the way to go.
 
I've been using the built in L2TP VPN on the USG - connect from my Android mobile/Win10 desktop at work / Linux laptop to home numerous times during the day to access local resources.

Nb. Using DuckDNS.org for dynamic DNS.
 
OCP said:
I've been using the built in L2TP VPN on the USG - connect from my Android mobile/Win10 desktop at work / Linux laptop to home numerous times during the day to access local resources.

Nb. Using DuckDNS.org for dynamic DNS.
Click to expand...
Yeh, was working fine until I lost everything and had to setup again... Now it just does nothing once setup, only reference I could find to something similiar is the reddit link I posted.
 
so did you try using the classic interface instead of the new one to create the vpn configuration as is suggested in the reddit link?
 
access said:
so did you try using the classic interface instead of the new one to create the vpn configuration as is suggested in the reddit link?
Click to expand...
Yeh, but I haven't tried resetting up or migrating the site - its a serious mission.
 
xrapidx said:
Yeh, but I haven't tried resetting up or migrating the site - its a serious mission.
Click to expand...

yeah that seems a bit rough. i dont every use the new interface tbh, so i cant give much insight into it.

ive always just set them up on via the classic gui.

so youve deleted the vpn config on the new gui(i would restart device and controller) changed to classic gui and configured a new vpn and it doesnt work?

ive seen some weird isp and os related issues to usg vpn as well.
 
access said:
yeah that seems a bit rough. i dont every use the new interface tbh, so i cant give much insight into it.

ive always just set them up on via the classic gui.

so youve deleted the vpn config on the new gui(i would restart device and controller) changed to classic gui and configured a new vpn and it doesnt work?

ive seen some weird isp and os related issues to usg vpn as well.
Click to expand...
I also use the classic interface - but started off with the new interface, which seems to have been the issue.

Deleted everything - and re-did the setup - nothing changed. Haven't tried a restart, let me try that this afternoon - otherwise I think I'll go with OpenVpn.

Definitely not ISP/device related - I've tried multiple.
 
xrapidx said:
I also use the classic interface - but started off with the new interface, which seems to have been the issue.

Deleted everything - and re-did the setup - nothing changed. Haven't tried a restart, let me try that this afternoon - otherwise I think I'll go with OpenVpn.

Definitely not ISP/device related - I've tried multiple.
Click to expand...

alright. if you can, check the client logs(enable it i suppose) and see at/during which phase it hangs.
 
access said:
alright. if you can, check the client logs(enable it i suppose) and see at/during which phase it hangs.
Click to expand...
Cant establish connect - or a derivative of that.

Re-setup everything - same story.

If I do a port scan - the only port open is the one I'm forwarding for home-assistant. It doesn't look like any of the VPN specific ports are being opened.

Think its time to call it a day and go with OpenVPN
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X