0 Kudos

OpenVPN Site-to-Site Should Not Require "Remote Host" Field

Submitted by - a week ago
Status: New Idea

With an OpenVPN Site-to-Site, only one side needs the Remote Host field specified. This is useful when one of the sides does not have a Public IP address.

For example...

Site A - Public IP (Or behind NAT with ability to port forward)
Site B - Private IP Behind NAT (Unable to port forward)

Site A:

openvpn vtun1 {
     description VPN
     local-address 172.16.1.1 {
     }
     local-port 1321
     mode site-to-site
     remote-address 172.16.1.2
     remote-port 1321
     shared-secret-key-file /etc/openvpn/key.psk
 }

 

Site B:

openvpn vtun2 {
     description VPN
     local-address 172.16.1.2 {
     }
     local-port 1321
     mode site-to-site
     remote-address 172.16.1.1
     remote-host x.x.x.x # Site A Public IP
     remote-port 1321
     shared-secret-key-file /etc/openvpn/key.psk
 }


This is all that is needed to bring up the Site-to-Site. Unfortunately, the "Remote Host" field in the UniFi controller is a required field. You can put garbage in there, but the Site-to-Site will refuse to come up. You have to SSH into the USG, and manually delete the unnecessary remote-host on Site A, then everything starts working. Of course, it will be reverted after the next provisioning.

So please, can we get this field to not be required?