Unifi OpenVPN Server

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

everyone Cody from Mac Telecom networks in this video we're going to be taking a look at the openvpn server that just became available in unified Network application 7.4.156 this is still a release candidate just so you know so we're going to set up the openvpn server but we're also going to set up Dynamic DNS because if you have a dynamic IP and it changes your VPN will go down and that's what I have my ISP gear is in bridge mode we're also going to create a couple traffic management rules to restrict our VPN users from getting to anywhere in our Network except arsenology Nas if you'd like to hire me for Network Consulting visit my website at Mac telecomnetworks.com I do have affiliate links down in the description below and we also have a new merch source so if you want to check that out that's Mac telecomstore.com or you could find that below as well the first thing that we're going to get set up is the Dynamic DNS so you're going to have to go to the settings wheel and then click on internet and then click on either Wan 1 or Wan 2 whichever you'll be using for the openvpn server under Dynamic DNS we could create new Dynamic DNS there's a bunch of different services that we could use a frayed DNS Park DSL reports I'm just going to be using no IP for this video now I'm over at noip.com we need to register so we could create a new account with this new account we need to put an email a password and then a host name so the host name could be whatever you want but you just need to remember what it is I've already set a hostname up as well as the username and password so let's get into that account now we're into my account a couple things that you're going to need you'll need a password you'll need a username and you could choose whatever username you want as long as it's available and this is all done under account and then account info it will alert you if you need to get these things done so once you have your username your password and your hostname created we could go back into unify now back under UniFi we need to put our hostname our username and our password you can specify a server if you want but you don't need to so I'm going to get that in and then I'm going to press create now looking under Dynamic DNS we can see the service we have no IP and then we have our host name associated with that so now that that's done we could do our openvpn server Now to create the openvpn server we need to go to teleport and VPN and then we have VPN servers we're going to create new with ubiquity we now have a few different options for VPN servers we have wireguard openvpn and then l2tp we're going to be focusing on the openvpn the top we're going to specify a name I'll just say VPN and then it's saying server address so which Wan IP do you want to go through so I'm going to be using my Wan one if you have a Wan 2 you could use that as well the default openvpn Port is 11.94 and then under user authentication we need to create a new user so for each one of your workers you want to create one of these so I'm going to create a new user I'm going to put in my name Cody and then I'll put in a password and then we'll create that user after the users are created we could go down to Advanced and we could switch this over to manual if we want so we have a radius profile and then we have the Gateway subnet so we could switch this subnet I'm just going to leave it at 192.168 3.1 for this video now that's everything that we need to do so we could apply the changes now we need to download the configuration file so I'll click on download and then I'm going to open that up in notepad plus plus we need to switch the public IP to our Dynamic DNS hostname now the configuration filed open in notepad plus plus we could see under line 4 it says remote and beside that is our public IP and then the port so we need to change the public IP to be our Dynamic DNS name and then save this file so once I do that I'm going to send it over to my phone and we'll see if it worked now I'm on my phone I have the openvpn client running and we could see that I'm importing a profile so this is something at ddns.net which is my Dynamic DNS so I'm going to press add it's showing us our profile name which we could change is showing us our server host name which we can't change and then we need to put our username in so this is the username that we added into unify after we add the username it's going to ask us for that password for that user and as you can see we are now connected to the openvp end server which is awesome so I'm going to go ahead open up a ping utility and see if we could hit my Synology Nas as well as one of the unify access points so if this ping utility opened up on my phone I'm going to Ping 192.168.10.220 which is my sonology Nas and we could see that the packets are going through so that's working how it should so one of my access point is on 192.168.10.160 and we should be able to hit this because we haven't put any traffic management rules in yet and as you can see those ping replies are coming back so now we have to create some rules to be able to block that out to only allow this VPN to get to our Synology Nas okay now we're back into unify and I'm under traffic management so we're going to want to create a new rule this first rule the action is going to be to block and then the category is going to be an IP address and we're going to put in an IP address range so we could add IP address range and I'm going to start at 192.168.3.1 to 192.168.3.255 so that's that whole range for that VPN server under our Target we're going to block out every single subnet so we're going to select a device and we could say all devices now I'm going to call this block openvpn to Networks and then I'm going to add the rule so now if we go back to our phone we shouldn't be able to get to our Synology Nas or that unify access point now back on our phone we can see that I have the IP address for access point let's try to Ping it and you can see that the requests are timing out so now let's try to ping my Synology Nas and again we're not able to hit it so we need to go back into our traffic management rules create an allow rule to allow this VPN to get to the nas so now we're going to create another Rule and then we're going to have it this time the action to be allow the category is again going to be an IP address range of 192.168.3.1 to 192.168.3.255 and then we're going to have it select a device if you know the IP address of the device you could type it in here mine is done under a host name so I'm going to add that hostname now we're going to have a note and I'll say allow VPN to Nas and then we're going to add that rule now that that rule is enabled we should be able to hit the Synology NAS from our VPN clients now from my phone let's try to hit the NASA 192.168 10.220. and we can now see that those ping replies are successful so all of our VPN clients could get to the Synology Nas so that's going to be this video on the openvpn server we went through how to set up a Dynamic DNS and we also went through some traffic management rules if you have any questions about this video please leave it in the comments below if you like this video hit the Thumbs Up Button if you're new here please subscribe and hit the Bell icon alright thanks

Info

Channel: Mactelecom Networks

Views: 29,401

Rating: undefined out of 5

Keywords: ubiquiti networks, unifi remote user vpn, unifi vpn setup, unifi dream machine pro, Unifi openvpn server, udm pro openvpn server, udm se openvpn server

Id: ji0nP-QKo3g

Channel Id: undefined

Length: 6min 49sec (409 seconds)

Published: Tue May 30 2023