Full Disclosure: I am not getting any money from Ubiquiti for this article or any of the articles on this site. I like Ubiquiti, and I have installed it for several customers in the US and not in the US. It is a solid product even if it is not Cisco.
You can see some of our recent Ubiquiti projects here: LINK.
Read how to setup a vpn client on Windows 10/11. LINK.
Read about the UDM-Pro router HERE.
Read about Ubiquiti network switches HERE.
You can read about Ubiquiti UID HERE.
What is a VPN server?
A VPN is a Virtual Private Network. The best way to think about a VPN is that it is a tunnel. The sides of the tunnel are a wall of encryption so that your data flowing through the tunnel is protected from everything on the internet. Even your ISP will not be able to see the data you are sending and receiving in that tunnel.
What types of VPN server does Ubiquiti provide?
The server can be an OpenVPN server, a Wireguard VPN server or an L2TP /IPSEC VPN server. This article is going to cover the L2TP / IPSEC vpn server because it works best with Windows. The OpenVPN and Wireguard servers work well with Linux.
Is the Ubiquiti VPN server safe?
Yes. The OpenVPN and Wireguard VPN Servers are safe to use. They are fast and work well especially on Linux. I had some trouble getting them to work with Win10 / 11 though. The built in VPN client in Win10 / 11 did not like the encryption in the OpenVPN and Wireguard VPN servers.
The server using L2TP / IPSEC would not be secure if it was only an L2TP server. However, by adding the IPSEC security (a private key to encrypt the data), the VPN is secure.
How do I get started setting up a VPN Server?
Setting up a VPN Server on a Ubiquiti UDMP or UDMP SE is pretty straight forward. First setup the server on the UDM-Pro or UDM-Pro SE end. I did not test this or attempt this on a Dream Machine.
Login
Login to your console either locally on your network or through the web portal at unifi.ui.com. You will see the main screen showing all your cloud key components.
Teleport – it rocks!
Click on the “VPN Server” tab on the top of the screen.
Click on “Create New” to create a new VPN Server”. You can create three different servers (one each of Wireguard, OpenVPN and L2TP/IPSEC).
If you do not have any other servers configured, you will see choices for all three VPN types in the VPN Type row. Choose L2TP for this example.
Give your L2TP/IPSEC server a name. I would recommend using a name that contains L2TP. It just makes it easier to know which VPN server type you are dealing with later.
Choose the WAN1 adaptor for the IP Address. The software should choose this by default. If you have two WAN connections, you can choose WAN2. The server just needs a public IP to allow connections from clients.
Now, create an account to connect to the server. You can give the account any user name you want, and you can set the password to whatever you want to. I would recommend using a really long and random password. It is important to make this connection difficult to breach, so please don’t use password123 for a password.
Scroll down and change the VPN Advanced settings from Auto to Manual.
You can leave the RADIUS Profile to default unless you created a custom profile.
I used the default Gateway / Subnet settings. However, you can set the IP host address to whatever you want, and you can use a custom netmask.
You should enable “Require Strong Authentication” under the list of other options at the bottom of the page.
Almost done
Save the new server settings.
The Private Key
You will need to copy the private key at the top of the server configuration to use in the VPN client software configuration. Please copy the key and put it somewhere safe so that you can paste it into your Win10/11 VPN client software.
Conclusion
The VPN server on a Ubiquiti device works well. I think it is a great, clean and safe way to connect to your home while you are away from home.
To see how you can use Windows 10/11 built-in vpn client to connect to your vpn server, please see this article: LINK.
Please contact us if you need help setting up your VPN server or have any other technical questions. CONTACT FORM LINK.