I have an old coworker who is looking at a simple way to add a VPN between two offices. They're used to using SonicWall (now Dell) but they noticed the Ubiquiti USG. But neither of us know anyone with direct experience with it. Has anyone used these boxes or the larger Ubiquiti firewalls? For VPN or otherwise?
Experience With Ubiquiti's Unifi Security Gateway?
Matthew Fox
Sep 27, 2016I have switched over to Unifi in all of my locations for both switching and routing. The VPN works very well, once you figure it out. It is super simple to maintain, but can be a hassle to set up if you are not familiar with it. I have several USG VPNs connected.
The USG is great for smaller installs of 5-50 cameras and works great with any line of Unifi switch. They make all sizes 8, 16, 24 and 48. All managed and PoE+ capable. The USG Pro is best for larger installs and also works with the entire line of Unifi switches.
All of the switches are managed via a centralized interface which allows you to maintain the network from anywhere. This is handy for remotely rebooting a single port or to check who is on the network. The Unifi AP use the same interface and switches so I find that by installing a single AP per location, I can use the WiFi when configuring cameras from my surface or large tablet without needing any other tools
Let me know if you have any other questions.
Ethan Ace
Sep 28, 2016Thanks! That's informative. From a personal standpoint, not based on testing it, I like that you can manage all devices via the Unifi software. It seems to be a much simpler interface than most network platforms.
Have you set up any VPNs with the USG? It looks dead simple, basically point and click, but I'm curious how well it works in practice.
Matthew Fox
Sep 28, 2016I do actually, between my home and office. I have the controller on my office server so both my office router and my home router point to the controller at my office. That can be the trickiest part. But once are managed from the same controller, you can simply add a site to site vpn, select another managed location and you are done.
Now, you can't have any other routers in front of the USGs or it won't work. There are a couple of other caveats as well, but for the most part, it is very simple. I have had it working at my office for over a year now with only one headache, but i think that was the controller PC and not the network. The support is weak, I do admit, but it is out there if you look.
Also, the Unifi software is actually only running on top of the EdgeOS software so you can use the .json files to manipulate further. I am not that technical, nor do i want to become so, so the software has done everything I have needed thus far. I am still trying to figure out how to VPN in but have not figured that part out yet. They say it is simple, again with a .json file, but i don't have time to mess around with it.
Kyle Folger
Oct 01, 2016I know it's not the USG, but I recently setup site to site VPN using the Ubiquiti EdgeRouter Lite and used OpenVPN. OpenVPN is supported on the ERL but not through the GUI. You currently set it up through CLI. My hesitation on the USG are the reports regarding limitations in software. I used this guide as a base:
https://help.ubnt.com/hc/en-us/articles/204949694-EdgeMAX-OpenVPN-Site-to-Site
I took a brief look, since the ERL and USG are basically the same with different software offerings, and it seems that you should be able, through the CLI on USG, to setup sit to site with OpenVPN.
I had to set this up and get the client to purchase static IPs because the phone company sales person was a yes person. What my client wanted, the phone company said they could do without a problem. Unfortunately, the phone company failed to mention this would involve new routers, static IPs, and a VPN tunnel setup.
It's nice that you can monitor the VPN through the interface after it was setup through the CLI. The primary reason for using this router was cost as they already had inexpensive routers that were working, but those didn't offer reliable VPN options.
I had one issue with one of the ERLs. That problem was fixed with a fan. I used the device with built-in POE which is the 5 port version. The run warmer but it does power the Unifi AP.
Kyle Folger
Oct 01, 2016Are you using Unifi Cloud Key for centralized management or do you locally host or remotely host a server with the Unifi controller setup? I currently use a remote hosted server with Unifi running. I also have a second one running and I use that to test the beta software and also read forums for issues before upgrading the main controller. I was just curious how others setup their Unifi controllers for centralized management.
When I first started playing with the Unifi controller years back, I tested it on Amazon's servers. That experiment ended costing more than I hoped, and I quickly changed direction.
Matthew Fox
Oct 01, 2016I also first started off using an Amazon hosted solution, but like your experience, it ended up costing more than I was willing to pay for it... I have it hosted on a server in my office.
RD
Rob Dunham
Oct 09, 2017The Ubiquiti line will get the job done and it's designed by a company who caters to enterprise customers. Aside from equipment reliability, the concern with VPNs is more about standards compliance. Ubiquiti fits on both counts though. Much like SonicWALLs SOHO and smaller TZ appliances, other manufacturers also offer similarly sized products, but Ubiquiti seems to have the edge on value considering their lower purchase cost and lack of expensive licensing.
New discussion
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.
Newest discussions