In this tutorial you will learn how to configure Unifi UDM PRO Site to Site VPN on Unifi Controller 7.0.22.
A site-to-site virtual private network (VPN) is a connection between two or more networks, such as a corporate network and a branch office network. Many organizations use site-to-site VPNs to leverage an internet connection for private traffic as an alternative to using private MPLS circuits.
Site-to-site VPNs are frequently used by companies with multiple offices in different geographic locations that need to access and use the corporate network on an ongoing basis. With a site-to-site VPN, a company can securely connect its corporate network with its remote offices to communicate and share resources with them as a single network.
Let’s get started.
Make sure you are on Unifi Controller Version 7.0.22. I will be using a Unifi UDM Pro for this configuration.
Step 1: Log into your Main Office Unifi Controller.
Step 2: Click Settings
Step 3: Click VPN
Step 4: Scroll down until you locate the Site-to-Site VPN Section. Afterwards click Create Site-to-Site VPN button.
Step 5: Now Let’s configure the Site-to-Site VPN Network.
- Network Name: Since we are logged into the Main Office Unifi Controller, we will set this network name to reflect the Branch Office we are connecting to.
- VPN Protocol: Select, Manual IPsec.
- Pre-shared Key: Use a strong key. This key will be needed when you setup the Branch Site-To-Site VPN settings.
- Server Address: Here we will select from drop down or manually enter what WAN IP address you want your Site-To-Site VPN traffic to go through.
Step 6: Scroll down until you locate Remote Device Configurations.
Step 7: Under Remote Gateway/Subnets you will want to enter your Branch primary LAN subnet. In my case they are using 192.168.10.0/24, once your address is entered you will be prompted to create the policy. Click Create.
Step 8: Under Remote IP Address enter the WAN IP address of the Branch Office.
Step 9: Since you are connecting to another UDM Pro with Site-to-Site VPN on the same controller version, Auto can be left as is. If your using other firewall/vpn type, you will have to select Manual and make sure your additional settings match up with your branch office or main office.
Step 10: Click the Add Network button. Your VPN connection should have been successfully created.
Step 11: Log into your Branch Office Unifi controller.
Step 12: Follow the steps starting from Step 2 and configure your Branch UDN PRO VPN to connect to Main Office.
- Use the same pre-shared key.
- Server Address is what you specified for the main office to connect to.
- Remote Gateway/subnets is the Main Office primary LAN.
- Remote IP Address is the Wan IP of the main office you specified for Site To Site VPN.
Step 13: Open Command Prompt and test some pings.