Status: Accepted

An OpenVPN client for the USG with GUI support.  Routes ALL WAN traffic through the tunnel without additional confugration when the client is connected.  Should by default accept DNS settings sent from the VPN server etc.  You get the idea, limit what ISPs can do to collect, profile, and sell personally identifiable data.

on ‎07-08-2018 06:19 PM

I just bought into the "unifi" single management idea.  But the lack of OpenVPN is keeping me from buying a USG router.  I'm goign to stick with my pFSense for now.   But if you implement OpenVPN support in the unifi GUI and make it straight forward to manage and configure, i would switch in an instant.  So if you want to sell more devices please implement this feature.

on ‎07-10-2018 08:15 AM

How are there 101 comments supporting this idea but only 9 kudos?  


Would like to be able to send not all traffic over the OpenVPN connection but limit to certain destination ranges, similar to current VPN Client possibilities.

Would like to be able to send not all traffic over the OpenVPN connection but limit to certain source ranges, currently not possible via GUI (but possible with json file). Would allow certain devices to be using VPN while others go directly over the (higher speed) ISP connection.

on ‎07-10-2018 08:22 AM

At this point I'm going to stop monitoring this thread and give up on an implementation happening at any point.  I also have to say, I'm unfortunately starting to fall out of love with Ubiquiti just in general.

on ‎07-10-2018 08:28 AM

It looks like it was submitted by an account that is no longer existent, so maybe that’s why all the kudos have vanished. 

on ‎07-10-2018 08:38 AM
A simple interface like ddwrt would be enough with policy based routing so you can select what clients need to be under vpn..anyway noone listens so..
‎07-14-2018 08:00 PM - edited ‎07-14-2018 08:01 PM

Seriously, with as much attention this request and functionality has, why HASNT this been implemented into the GUI yet?! I mean most off the shelf consumer routers have the ability to setup an OpenVPN server built in, why is Ubiquiti ignoring this one?!

on ‎07-25-2018 12:46 AM
I posted a while ago, that I would need GUI support. I changed my mind. I am using several Unifi Accesspoints, Switches, the SecGW and the CloudStick and I want to have all the outgoing traffic encrypted. The SecGW works as firewall for the VLANS. I bought an ASUS device for handling VPN - but this is slow and unstable. In the meantime I bought another Ubiquity product (ER-X) - so I can play around with the configuration without ruining my SecGateway Config. The underlying OS seems to be the same (EdgeMax), the GUI is different - there is also no GUI support for OpenVPN an the ER-X. I tried a wile and failed. I asked a friend who works in the network department of a larger ISP - he tried for a few hours and came to the result : try installing OpenWRT on that box. I changed the VPN provider to make sure it is not an issue with the provider - also no change. After exchanging 5 emails with the Support from NordVPN I got the config working with a number of command line commands (the NordVPN support was rather good !). As mentioned in this thread before, the config for setting up a VPN on the box via command line is pretty easy - the point is to get the correct Routing/Firewall/NAT entries. So via command line it is still a pain - but now it works on the ER-X. It is also easy to set up OpenVPN via command line on the SecGW via Commandline - but there is the same problem to get the routing working. After a while I also managed to have the traffic from the VOIP box unencrypted and the rest encrypted via OpenVPN with the ER-X. With OpenVPN the ER-X supports around 12-13 MBit - that is a little bit more compared with the ASUS Router I was using before. And it is pretty stable - I had to reboot the Asus router regularly and the ER-X is running stable since a few weeks now. OpenVPN on my workstation gets me up to 23 MBit which is the max rate on my VDSL. The ER-X has a dual core / 800 Mhz CPU ans the SecGateway a dual core / 500 Mhz CPU - so the SecGW will be even slower. Conclusion : it is not easy, but it is possible to get OpenVPN working via command line with EdgeMax - but it is not really worth it because of the bandwith limitations. I was thinking about changing to IKEv2/IPSec - that could be faster because of hardware accelaration - and also reasonably safe. But this is not supported at all on Unifi devices - not even with command line. So in my opinion : forget about Ubiquity devices as a VPN client ! I will have to have another look for devices with more CPU power to get the full bandwith.
on ‎08-18-2018 11:07 AM

+1 from me on this feature as well.  I was amazed to find that my fancy new USG was unable to act as an OpenVPN client like every other router known to man. Man Sad

on ‎10-01-2018 06:42 PM


Would be nice to be able to force LAN2 connections out the VPN tunnel Man Happy



I ended up using a Raspberry Pi for an OpenVPN client router...



on ‎10-22-2018 05:03 AM

+1 would very much appreciate this feature, can anyone say something about if work is done in this area? Is it even considered?