- Tutorial: How to enable openvpn server in Unifi device?
- 0 Internet Providers (Modem to Security Gateway)
- 1 Enable SSH auth
- 2 Security Gateway - Install easy-rsa
- 3 Security Gateway - Generate the client/server/ca keys
- 4 Controller - Create config.gateway.json file
- 5 Firewall
- 6 Client
- Android App (Optional)
- Console client using ovpn file (Optional)
- Radius (Optional)
- Useful links
Steps how to configure openvpn in the Unifi
Feel free to contribute via PullRequest adding your local Internet Provider Settings from any part of the world.
Please note:
The tutorial assumes users will physically connect (i.e: RJ45 cables) the Internet Provider modem into the Security Gateway device.
It's recommended to change the default password for the admin of the modem: cusadmin
The default passwords are: highspeed or CantTouchThis as described by comcast
- Enable in the controlle SSH authentication via Advanced Features
- Controller -> Settings -> Site -> DEVICE AUTHENTICATION
[x] Enable SSH Authentication
- Controller -> Settings -> Site -> DEVICE AUTHENTICATION
Security Gateway login as admin and install easy-rsa for generating the keys
$ ssh admin@SECURITY_GATEWAY_IP
$ sudo su -
# curl -O http://ftp.us.debian.org/debian/pool/main/e/easy-rsa/easy-rsa_2.2.2-1_all.deb
# sudo dpkg -i easy-rsa_2.2.2-1_all.deb
Common Name is "OpenVPN CA"
# cd /usr/share/easy-rsa
. vars
./clean-all
./build-ca
Common Name is "server"
# ./build-key-server server
# ./build-key client
# ./build-dh
# mkdir /config/auth/keys/
# cp keys/* /config/auth/keys/
Controller login as root
$ ssh root@CONTROLLER_IP
$ sudo su -
# cd /srv/unifi/data/sites/default
# vi config.gateway.json
See this working example of config.gateway.json
$ cat /etc/fedora-release
Fedora release 33 (Thirty Three)
dnf install NetworkManager-l2tp \
NetworkManager-l2tp-gnome \
NetworkManager-strongswan-gnome \
NetworkManager-strongswan -y
# systemctl restart NetworkManager
$ rpm -qa | grep NetworkManager
NetworkManager-l2tp-gnome-1.8.2-2.fc33.x86_64
NetworkManager-openvpn-gnome-1.8.12-1.fc33.1.x86_64
NetworkManager-ssh-1.2.11-2.fc33.x86_64
NetworkManager-vpnc-1.2.6-5.fc33.x86_64
NetworkManager-vpnc-gnome-1.2.6-5.fc33.x86_64
NetworkManager-ssh-gnome-1.2.11-2.fc33.x86_64
NetworkManager-openvpn-1.8.12-1.fc33.1.x86_64
NetworkManager-openconnect-gnome-1.2.6-5.fc33.x86_64
NetworkManager-strongswan-gnome-1.5.0-2.fc33.x86_64
NetworkManager-pptp-1.2.8-2.fc33.1.x86_64
NetworkManager-openconnect-1.2.6-5.fc33.x86_64
NetworkManager-l2tp-1.8.2-2.fc33.x86_64
NetworkManager-strongswan-1.5.0-2.fc33.x86_64
NetworkManager-pptp-gnome-1.2.8-2.fc33.1.x86_64
NetworkManager-libnm-1.26.4-1.fc33.x86_64
NetworkManager-1.26.4-1.fc33.x86_64
NetworkManager-wwan-1.26.4-1.fc33.x86_64
NetworkManager-bluetooth-1.26.4-1.fc33.x86_64
NetworkManager-adsl-1.26.4-1.fc33.x86_64
NetworkManager-ppp-1.26.4-1.fc33.x86_64
NetworkManager-team-1.26.4-1.fc33.x86_64
NetworkManager-wifi-1.26.4-1.fc33.x86_64
NetworkManager-config-connectivity-fedora-1.26.4-1.fc33.noarch
Optional step.
Use your client.ovpn with the Android app
Optional step.
# openvpn --config filename.ovpn
Optional Step.
-
Enable Radius (Optional if you are using only auth keys)
-
Controller -> Settings -> Services -> Radius
-
Server tab
- Create secret
- Authentication Port: 1812
- AccountingPort: 1813
- Account Interim Interval: 600
- Tunnelled Reply: ON
-
Users tab
- Name: YOUR_USERNAME
- Password: YOUR_PASSWORD
- Tunnel Type: 3- Layer Two Tunneling Protocol (L2TP)
- Tunnel Medium Type: 1- IPv4 (IP version 4)
-
UniFi - Accounts and Passwords for Controller, Cloud Key and Othe Devices
https://blog.configwizard.xyz/configuring-openvpn-on-a-unifi-security-gateway/
https://medium.com/server-guides/how-to-setup-an-openvpn-server-on-a-unifi-usg-e33ea2f6725d
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent