Press "Enter" to skip to content

Setup VPN on UDM Pro

bist 0

When you are away from home you might need to have access to your home network, to get files from your NAS for example. Or when you are on a public WiFi, you probably want to use a secure VPN connection before you access your bank account. With UniFi VPN we can arrange all this.

With UniFi network we can easily set up a remote access VPN server on our UDM Pro or USG. The remote VPN doesn’t only offer you access to your home network but also allows you to safely browse the internet.

In this article, I am going to explain how to set up UniFi VPN on the latest UniFi Network version (7.x) and we will take a look at some common issues.

Configure UniFi VPN

To configure the UniFi VPN you will need to have a UDM model or a USG. Also, make sure that you run the latest firmware on your console.

If you have a modem or router before your UDM or USG, then make sure that the modem/router is set into Bridge mode. This way all traffic will be forwarded directly to your Unifi Network. If that isn’t possible, then you will need to forward the following port numbers to your Unifi Network console:

– UDP port 500
– UDP port 4500

  1. Open the VPN SettingsIn the UniFi network app, go to Settings VPN

  2. Enable VPN ServerEnable the VPN Server and note or change the Pre-shared Key
    Make sure that the Server Address is set to your Public IP Address

  3. Create a new VPN user
    The next step is to create a new VPN user. Click on Create a new user and enter a username and password.

  4. Advanced ConfigurationSet the advanced configuration to Manual. Here you can change the subnet if you need. But more important is to set your internal DNS server and enable Require Strong Authentication.

    Strong Authentication is needed for the MS-Chap v2 protocol that is used by Windows 10 and 11.

Firewall rules are automatically created for the Remote access VPN, so we don’t need to look at them.

Leave a Reply

Your email address will not be published. Required fields are marked *