vpnservergraphic

Full Disclosure: I am not getting any money from Ubiquiti for this article or any of the articles on this site. I like Ubiquiti, and I have installed it for several customers in the US and not in the US. It is a solid product even if it is not Cisco.

You can see some of our recent Ubiquiti projects here: LINK.

Read how to setup a vpn client on Windows 10/11. LINK.

Read about the UDM-Pro router HERE.

Read about Ubiquiti network switches HERE.

You can read about Ubiquiti UID HERE.

 

What is a VPN server?

A VPN is a Virtual Private Network. The best way to think about a VPN is that it is a tunnel. The sides of the tunnel are a wall of encryption so that your data flowing through the tunnel is protected from everything on the internet. Even your ISP will not be able to see the data you are sending and receiving in that tunnel.

The main purpose of a VPN is privacy not anonymity. Some good uses for a VPN are protection from ad dossier building bots (they want to see what requests you are making on google, what sites you are visiting etc.), protection from hackers when you are making sensitive transactions (your bank or investment account or online purchases), watching out of area tv programs and general privacy guarding.
A VPN server is a software mechanism that allows you to connect to it and create a VPN from your computer to wherever the server is located. If you are using a commercial VPN server like expressVPN, NortonVPN and others, you make an encrypted connection from your computer to the provider’s server. You then emerge onto the internet from whatever location you choose with an IP that is not the same as your location IP.
If your VPN server is located at your house, you can make an encrypted connection between your computer and your home. Not only is all your data encrypted between your computer and your home but you are also now local to your network. That means you can access computers on your home network when you are not home. And with a VPN connection, you can access your stuff safely and securely.

What types of VPN server does Ubiquiti provide?

The server can be an OpenVPN server, a Wireguard VPN server or an L2TP /IPSEC VPN server. This article is going to cover the L2TP / IPSEC vpn server because it works best with Windows. The OpenVPN and Wireguard servers work well with Linux.

Is the Ubiquiti VPN server safe?

Yes. The OpenVPN and Wireguard VPN Servers are safe to use. They are fast and work well especially on Linux. I had some trouble getting them to work with Win10 / 11 though. The built in VPN client in Win10 / 11 did not like the encryption in the OpenVPN and Wireguard VPN servers.

The server using L2TP / IPSEC would not be secure if it was only an L2TP server. However, by adding the IPSEC security (a private key to encrypt the data), the VPN is secure.

How do I get started setting up a VPN Server?

Setting up a VPN Server on a Ubiquiti UDMP or UDMP SE is pretty straight forward. First setup the server on the UDM-Pro or UDM-Pro SE end. I did not test this or attempt this on a Dream Machine.

Login

Login to your console either locally on your network or through the web portal at unifi.ui.com. You will see the main screen showing all your cloud key components.

vpn server
vpn server
Click on the network server plugin. Then click on the gear icon on the bottom left side of the sidebar.

LLC article VPN Server 3

Teleport – it rocks!

You will see “Teleport & VPN” on the left side (fourth option down). We will publish an article about Teleport soon. It is an awesome option for connecting to your server with your mobile devices.

LLC article ubiquiti VPN Server 4

Click on the “VPN Server” tab on the top of the screen.

Click on “Create New” to create a new VPN Server”. You can create three different servers (one each of Wireguard, OpenVPN and L2TP/IPSEC).

If you do not have any other servers configured, you will see choices for all three VPN types in the VPN Type row. Choose L2TP for this example.

Give your L2TP/IPSEC server a name. I would recommend using a name that contains L2TP. It just makes it easier to know which VPN server type you are dealing with later.

Choose the WAN1 adaptor for the IP Address. The software should choose this by default. If you have two WAN connections, you can choose WAN2. The server just needs a public IP to allow connections from clients.

Now, create an account to connect to the server. You can give the account any user name you want, and you can set the password to whatever you want to. I would recommend using a really long and random password. It is important to make this connection difficult to breach, so please don’t use password123 for a password.

Scroll down and change the VPN Advanced settings from Auto to Manual.

You can leave the RADIUS Profile to default unless you created a custom profile.

I used the default Gateway / Subnet settings. However, you can set the IP host address to whatever you want, and you can use a custom netmask.

You should enable “Require Strong Authentication” under the list of other options at the bottom of the page.

Almost done

Save the new server settings.

The Private Key

You will need to copy the private key at the top of the server configuration to use in the VPN client software configuration. Please copy the key and put it somewhere safe so that you can paste it into your Win10/11 VPN client software.

Conclusion

The VPN server on a Ubiquiti device works well.  I think it is a great, clean and safe way to connect to your home while you are away from home.

To see how you can use Windows 10/11 built-in vpn client to connect to your vpn server, please see this article: LINK.

Please contact us if you need help setting up your VPN server or have any other technical questions. CONTACT FORM LINK.