Reply
New Member
Posts: 8
Registered: ‎07-05-2016
Kudos: 4

Re: How To: OpenVPN Server Configuration on the USG

It's really disappointing that there is no Web UI for this. I would not have purchased Ubiquiti if I had known this - I would have stuck with Watchguard!

New Member
Posts: 41
Registered: ‎10-12-2016
Kudos: 20

Re: How To: OpenVPN Server Configuration on the USG

Yeah, I went back to pfsense for now.

 

 

Member
Posts: 240
Registered: ‎11-28-2016
Kudos: 128
Solutions: 1

Re: How To: OpenVPN Server Configuration on the USG

I'm going to try this tomorrow.  It would be nice if this were documented in a sanctioned help doc at https://help.ubnt.com/hc/en-us/categories/200320654-UniFi-Wireless so users don't need to search through the community and figure out which thread looks most promising.

 

Thanks

 

New Member
Posts: 17
Registered: ‎11-23-2016
Kudos: 3

Re: How To: OpenVPN Server Configuration on the USG

Excellent guide and it works. Althought the OpenVPN CLient is hard to get ahold of these days...

 

Also I want to bring to attention the .ovpn file. There is an extra space after </ca> that will need to be removed before saving.

New Member
Posts: 15
Registered: ‎11-18-2016
Kudos: 2

Re: How To: OpenVPN Server Configuration on the USG

Hi Guys,

 

is there a gui coming for openvpn?

 

At the moment i'm runing an ipfire, which works well.

Without some gui feature it is not a suitable replacment for an ipfire or pfsende.

 

Cheers Robert

Member
Posts: 240
Registered: ‎11-28-2016
Kudos: 128
Solutions: 1

Re: How To: OpenVPN Server Configuration on the USG

[ Edited ]

Sorry for the stupid question but...   I can ssh into my controller using root/{pw set in controller web page} but that isn't working for logging into the USG.  

 

Are the credentials set for each device separately?

 

 

Nevermind - the credentials are {user set in web page}/{pw set in web page}

New Member
Posts: 20
Registered: ‎11-24-2015
Kudos: 6
Solutions: 1

Re: How To: OpenVPN Server Configuration on the USG

The password for the devices is the one in the site setting from the controller. It is different from the password of the controller
Member
Posts: 159
Registered: ‎11-11-2016
Kudos: 20
Solutions: 2

Re: How To: OpenVPN Server Configuration on the USG

Is it possible to use the OpenVPN setup to access just one file server on the network? basically I need to find a way to provide secure remote file access to a windows server for a couple of employees, using their own windows server login to determine which files they can access.
Basically everywhere I read says that PPTP should be avoided, but so far it is looking like my only real option is to use the windows server as a radius server for that task.
Member
Posts: 164
Registered: ‎10-12-2015
Kudos: 73
Solutions: 6

Re: How To: OpenVPN Server Configuration on the USG

Are you trying to use RADIUS to authenticate OpenVPN? If so, try something like this: https://community.ubnt.com/t5/EdgeMAX/EdgeMax-ERPro-1-8-OpenVPN-server-with-Radius-authentication-fo...

Otherwise, just provide your users with a cert to login via OpenVPN, and then lock down the VPN Connection so it just routes to the one windows machine. Then your users can login via RDP/whatever using their standard windows credentials.
Member
Posts: 159
Registered: ‎11-11-2016
Kudos: 20
Solutions: 2

Re: How To: OpenVPN Server Configuration on the USG

Thanks for that... now just to work out what i actually want

Member
Posts: 143
Registered: ‎08-09-2014
Kudos: 317
Solutions: 2

Re: How To: OpenVPN Server Configuration on the USG

Definately UniFi UI support is needed for this. There are a lot of steps to perform and those who are not Linux people or comfortable with ssh/cli stuff are bound to make understandable mistakes.

 

For an 'enterprise' product, the USG (3 or 4) shouldn't need this sort of hacking to enable enterprise features.

 

Is there anything on the USG road map for this and other VPN tunnel types?

New Member
Posts: 33
Registered: ‎10-16-2016
Kudos: 617

Re: How To: OpenVPN Server Configuration on the USG

So heres the thing, I am Linux Savy  and I think this is too much to ask. I am running my Unifi controller in a docker container on my NAS. I think it is BS that I need to hack the USG to get this working.

 

My cheapie Asus router had this feature 4 years ago at under 100 dollars! To be clear i do mean OpenVPN with local auth, no radius. I really dont want to stand up a radius server and or LDAP server for me and my wife just to VPN in!

 

Can we get this into a reasonable roadmap soon?!

 

 

Member
Posts: 240
Registered: ‎11-28-2016
Kudos: 128
Solutions: 1

Re: How To: OpenVPN Server Configuration on the USG


@cdrom1028 wrote:

So heres the thing, I am Linux Savy  and I think this is too much to ask. I am running my Unifi controller in a docker container on my NAS. I think it is BS that I need to hack the USG to get this working.

 

My cheapie Asus router had this feature 4 years ago at under 100 dollars! To be clear i do mean OpenVPN with local auth, no radius. I really dont want to stand up a radius server and or LDAP server for me and my wife just to VPN in!

 

Can we get this into a reasonable roadmap soon?!

 

 


It is in the beta now (well slight hiccup with 5.5.2 but..) 

Member
Posts: 240
Registered: ‎11-28-2016
Kudos: 128
Solutions: 1

Re: How To: OpenVPN Server Configuration on the USG

I think three or four pages of complaining is enough about this already.  Take a look at the beta forum and the roadmap and if you aren't happy, move on to another product.  I had to unsubscribe to what once was a useful thread because of the sheer number of complainers about the same thing over and over again.

New Member
Posts: 9
Registered: ‎12-02-2016
Kudos: 2

Re: How To: OpenVPN Server Configuration on the USG

Good manual, was allmost ready.

the only this that can not be done is open client.key to copy the text.

persmission denied, tryed to change permission from 0600 to 0644 with winscp but not working.

 

the other .key files can allso not be opened.

 

howe can this be done ?

 

kind regards

Ronald.

New Member
Posts: 15
Registered: ‎01-30-2017
Kudos: 11

Re: How To: OpenVPN Server Configuration on the USG

I am not sure that this is still a valid thread.

 

I keep getting throught the initial configuration, throught to committing and saving and then I get the following error:

 

OpenVPN configuration error: Specified dh-file "/config/auth/keys/dh2048.pem" is not valid.
Member
Posts: 164
Registered: ‎10-12-2015
Kudos: 73
Solutions: 6

Re: How To: OpenVPN Server Configuration on the USG

[ Edited ]

Can you run "ls -la /config/auth/keys/" and paste the results here?

New Member
Posts: 15
Registered: ‎01-30-2017
Kudos: 11

Re: How To: OpenVPN Server Configuration on the USG

Hi,

 

I think I posted pre-maturely. I don't think it liked when I didn't run 

 

./build-dh

 

root@2600Edge:/usr/share/easy-rsa/keys# ls -lt
total 68
-rw-r--r-- 1 root root 424 Mar 6 08:16 dh2048.pem << now have it. 
-rw-r--r-- 1 root root 5664 Mar 6 07:37 02.pem
-rw-r--r-- 1 root root 293 Mar 6 07:37 index.txt
-rw-r--r-- 1 root root 21 Mar 6 07:37 index.txt.attr
-rw-r--r-- 1 root root 3 Mar 6 07:37 serial
-rw-r--r-- 1 root root 5664 Mar 6 07:37 server.crt
-rw-r--r-- 1 root root 1098 Mar 6 07:37 server.csr
-rw------- 1 root root 1708 Mar 6 07:37 server.key
-rw-r--r-- 1 root root 5657 Mar 6 07:36 01.pem
-rw-r--r-- 1 root root 21 Mar 6 07:36 index.txt.attr.old
-rw-r--r-- 1 root root 145 Mar 6 07:36 index.txt.old
-rw-r--r-- 1 root root 3 Mar 6 07:36 serial.old
-rw-r--r-- 1 root root 1765 Mar 6 07:34 ca.crt
-rw------- 1 root root 1704 Mar 6 07:34 ca.key
New Member
Posts: 15
Registered: ‎01-30-2017
Kudos: 11

Re: How To: OpenVPN Server Configuration on the USG

quick question, since I am completely new to OpenVPN. 

 

I have various subnets behind my USG. to access LAN networks from the OpenVPN client (which is now connected), do I simply add to the server config as follows? Or, is there more to it?

 

openvpn-option "--push route 10.26.0.0 255.255.255.0"
New Member
Posts: 15
Registered: ‎01-30-2017
Kudos: 11

Re: How To: OpenVPN Server Configuration on the USG

One final question. I have an existing config.gateway.json file. How best to integrate this into that?

 

Reply