Reply
New Member
Posts: 9
Registered: ‎06-16-2016
Kudos: 2
Accepted Solution

USG ssh access on WAN version 5.2.7-8740

I am looking to setup SSH access on the USG WAN port from the controller and I am hopping I can do this from the Firewall section of the controller GUI. I need to setup VPN access for myself to check a switch. Since there is no radius server setup onsite I need to configure this through the CLI. If I can do this remotely that would be great as I dont see having the time to make the trip there anytime soon. 

 


Accepted Solutions
Regular Member
Posts: 757
Registered: ‎04-17-2013
Kudos: 340
Solutions: 37

Re: USG ssh access on WAN version 5.2.7-8740

I don't remember if 5.2.7 has Routing and Firewall enabled under settings, but if it does...

 

Routing and Firewall -> WAN LOCAL -> Create New Rule -> Allow TCP -> Destination -> Create Port / Group -> Port 22, save the whole mess, you're done.

 

Having said that... don't enable passworded SSH on your WAN.

 

 

Linux / Network / ISP / Virtualization Geek for Hire

View solution in original post


All Replies
Regular Member
Posts: 757
Registered: ‎04-17-2013
Kudos: 340
Solutions: 37

Re: USG ssh access on WAN version 5.2.7-8740

You don't need radius to set up a VPN.

 

Create a VPN, put in a radius server and key even though they won't work, then add a config.gateway.json on your controller containing something like

 

{
        "vpn": {
                "pptp": {
                        "remote-access": {
                                "authentication": {
                                        "local-users": {
                                                "username": {
                                                        "VPNUSERNAME": {
                                                                "password": "VPNPASSWORD"
                                                        },

                                                }
                                        },
                                        "mode": "local",
                                        "radius-server": {
                                                "127.0.0.1": {
                                                        "key": "secret"
                                                }
                                        }
                                },
                                "client-ip-pool": {
                                        "start": "10.254.0.1",
                                        "stop": "10.254.0.254"
                                },
                                "dns-servers": {
                                        "server-1": "8.8.4.4",
                                        "server-2": "8.8.8.8"
                                },
                                "mtu": "1492"
                        }
                }
        }
}

Trigger a provision event on the USG and you should have a working VPN.

 

Linux / Network / ISP / Virtualization Geek for Hire
Senior Member
Posts: 2,930
Registered: ‎04-26-2016
Kudos: 1115
Solutions: 302

Re: USG ssh access on WAN version 5.2.7-8740

[ Edited ]

For SSH access via WAN you can use the config.properties file.

 

See this article: https://help.ubnt.com/hc/en-us/articles/205146040-UniFi-config-properties-File-Explanation

 

The config.firewall.internet.local.ssh=true property should do the trick.

 

Also: If it is a Unifi switch you can open a debug terminal from the controller.

New Member
Posts: 9
Registered: ‎06-16-2016
Kudos: 2

Re: USG ssh access on WAN version 5.2.7-8740

Thanks for the replys. Sounds like I cannot setup CLI access remotly through the gui then. 

Regular Member
Posts: 757
Registered: ‎04-17-2013
Kudos: 340
Solutions: 37

Re: USG ssh access on WAN version 5.2.7-8740

I don't remember if 5.2.7 has Routing and Firewall enabled under settings, but if it does...

 

Routing and Firewall -> WAN LOCAL -> Create New Rule -> Allow TCP -> Destination -> Create Port / Group -> Port 22, save the whole mess, you're done.

 

Having said that... don't enable passworded SSH on your WAN.

 

 

Linux / Network / ISP / Virtualization Geek for Hire
New Member
Posts: 9
Registered: ‎06-16-2016
Kudos: 2

Re: USG ssh access on WAN version 5.2.7-8740

that did it, thank you!
Established Member
Posts: 923
Registered: ‎12-18-2015
Kudos: 216
Solutions: 30

Re: USG ssh access on WAN version 5.2.7-8740


@PrettyFlyWiFi wrote:

I don't remember if 5.2.7 has Routing and Firewall enabled under settings, but if it does...

 

Routing and Firewall -> WAN LOCAL -> Create New Rule -> Allow TCP -> Destination -> Create Port / Group -> Port 22, save the whole mess, you're done.

 

Having said that... don't enable passworded SSH on your WAN. 


Thanks so much! Was pulling my hair out trying to get port forwarding working, this worked perfect first try!

 

-Jamie M.

New Member
Posts: 2
Registered: 3 weeks ago

Re: USG ssh access on WAN version 5.2.7-8740

[ Edited ]

Strange... I have this same exact rule setup and still nothing.  Unable to ping nor get in via SSH.  Is there something I may be missing?

 

Thanks!

 

-Ricardo

Reply