TABLE OF CONTENTS

• Configure VPN Server on UniFi Network
• Configure VPN Client Device
  •     WireGuard
• Troubleshooting
  •     WireGuard 

Configure VPN Server on UniFi Network

Most recent UniFi Cloud Keys and Dream Machines will support at least one type of VPN. This guide will cover all protocols supported by UniFi OS besides PPTP because this protocol is grossly insecure to such a degree that you might as well start opening ports. 

    Configure VPN Server in UniFi OS 

1. Navigate to VPN server configuration within UniFi OS by following: Network -> Settings -> VPN -> VPN Server -> Create New
2. Determine VPN Protocol to Use (Currently Supported in UniFi OS: L2TP, OpenVPN & WireGuard)
3. Follow Appropriate Subsequent Steps

Configure VPN Client Device

    WireGuard

1. WINDOWS - Install WireGuard Installer through Internet Browser. MacOS - Install WireGuard through the App Store
2. In UniFi - Click 'Add Clients' after selecting WireGuard as the VPN Protocol of choice.
3. Download the Configuration File.*NOTE* unique user per device is required
4. Make sure to ADD and APPLY CHANGES for the created client
5. In WireGuard - Select Import tunnel(s) from file and select the downloaded configuration file from UniFi
6. To connect to the remote network, click activate on the designated tunnel. 
7. This configuration can also be accomplished with specific authentication details via the 'Manual' page selectable when adding a new client but this is ill advised as significant security concerns are presented.

    OpenVPN

    L2TP

1. WINDOWS
2. MacOS
   1. In UniFi - Create a New User
   2. On MacOS system open System Settings -> VPN -> Add VPN Configuration -> L2TP over IPSec...
   3. Create Proper Display Name (just to identify the right VPN)
   4. Server Address on client Mac is the same as the Server Address IP Address stated in the UniFi VPN server. *NOTE* this must be a static IP if a DNS is not made
   5. Account Name = Username
   6. Set user authentication to "password" and put the corresponding password of the username
   7. Set the Machine authentication to "Shared secret" and type in the Pre-Shared Key
   8. Switch it on and wait for connection. 

Troubleshooting

    WireGuard 

        Q. Client Devices are not saving on the UniFi VPN

        A. Be sure to select "Apply Changes" at the bottom left after adding a client.

        Q. Cannot connect to remote network after creating WireGuard tunnel

        A. Make sure client was successfully added to the VPN server, if it was not you have to get a new configuration file.

        A2. The client's system may require a restart. NOT the UniFi VPN Server.

        Q. Not sure which VPN tunnel to select / Connecting to the wrong VPN Server

        A. If you have multiple tunnels, be sure you are selecting the correct tunnel. This can be  identified through matching the endpoint found in WireGuard's tunnel configuration to the UniFi VPN server IP Address Be sure to select "Apply Changes" at the bottom left after adding a client.

    OpenVPN

    L2TP