UniFi Wireguard VPN (And Firewall Rules)
ฝัง
- เผยแพร่เมื่อ 28 เม.ย. 2023
- In this video we will talk about UniFi Wireguard VPN which is a fairly new addition for the UniFi Dream Machine and Dream Machine Pro, starting with UniFi OS version 3.0.20
The UniFi Wireguard VPN Implementation is actually spot on. Its so easy to configure, its fairly customizable and most importantly far more secure than the old L2TP based remote access VPN.
While the UniFi Dream Machine Pro SE and the UniFi Dream Router have been enjoying the wireguard VPN option for a while now, the "Classic" UniFi Dream Machine and Dream Machine Pro are only now starting to see this functionality being brought "down".
The UniFi Wireguard VPN is indeed easy to setup and easy to connect to but the most important portion of setting up a VPN server, in my opinion, is security in the form of at least firewall rules. you need to ask yourself, once a client connects to VPN, do i want this client to gain access to the entire network? My assumption is that answer to this question is no.
With UniFi Wireguard VPN or any other VPN server, Firewall rules needs to be placed in order to manage what can and cannot go through your network and we are going to talk about this in this video. Creating firewall rules in UniFi is also easy to do, you just need to be aware you indeed need them.
After watching this UniFi Wireguard VPN video, I highly recommend you watch my video about my method of creating firewall rules in UniFi and the link to this video will be shown in the end screen of this video. Watching that video will give more perspective on what we are doing with firewall rules in this UniFi Wireguard VPN video.
#unifi #wireguard #vpn
Follow us on twitter: / techmeout5
Join our Synology Facebook group: / synousergroup
Join our Ubiquiti UniFi Facebook group: / ubntusergroup - วิทยาศาสตร์และเทคโนโลยี
![บุษบา - มอส รัศมี [COVER VERSION]](http://i.ytimg.com/vi/_n0yENSl8d8/mqdefault.jpg)
Thanks for the video, which helped me. Being no UDM expert, but there is also another way instead of creating two rules for covering both directions:
Define a rule to allow all established and related sessions for internal adresses. Source: all local IPs, dest: all local IPs. Then under advanced check established and related.
Works for me and could be easier, if you are creating more similar rules and want to avoid pair of rules.
Loved the video, Avi! Awesome walkthrough!
Thanks Frank. Glad you liked it. Thank you for watching
Thanks you so much... You just solve my problem with communication network. I like this video...
Great video. How do you define whether the Wireguard client uses full or split tunneling?
Thanks so much! But I can't ping any device on my default network. Any idea what it is?
Just playing with WG on Unifi for the first time today, seems like it's not going to work S2S, it's just for desktops, phones to connect back. Trying to get it to play with PFSense...
For now, its only implemented as a remote access vpn. Not as site to site
@@TechMeOut5 Thank you for taking time to respond.
Thanks. How can I tag a VLAN to a client?
What do you mean?
Hi, are you able to block VPN clients from acces to VPN's and also the other subnets Gateways/ Interface of the UDM?
Hi. I think i may have a hard time understanding your question. Can please try to explain further?
I think for some reason on UDMP/UDMSE (unlike on UDM) you need to assign that drop rule to LAN-OUT instead of LAN-IN.
@@TechMeOut5Hi! Is it possible to block WG client from access UDM WebUI or SSH?
For me nothing helped :(
Followed step by step, no joy…
I've had the same results. I follow the same steps and I get connected but I have no internet access and can't ping anything. Also my VPN device never shows up in connected devices.
Ubiquiti have always had shitty speeds with their VPN options... Show us a speedtest
Sadly, showing a speed test will prove absolutely nothing since speeds are highly dependent on several factors like isp speeds, distance between client and server and several other factors. I can tell you that at least for me, the is no comparison between the old l2tp based vpn and wireguard. Wireguard kicks ass!