UniFi Gateway - OpenVPN Site-to-Site – Ubiquiti Support and Help Center

OpenVPN is a Site-to-Site VPN found in the Teleport & VPN section of your Network application that allows you to connect a UniFi gateway to a remote location.

Requirements

A UniFi gateway or UniFi OS Console with an integrated Next-Gen gateway.

How does it work?

OpenVPN Site-to-site VPN uses a 2048 bit static key for authentication. After generating the key, edit out any line breaks and insert it as a 512 character string in the Pre-shared Key field.

Additionally, the following information is required:

Shared Remote Subnets: Network(s) used at the remote location.
Remote IP Address: Public IP address or hostname of the remote location.
Local and Remote Port: This will generally be UDP port 1194.
Local and Remote Tunnel IP Address: IP addresses used inside the VPN tunnel.

Note: For the Tunnel IP Address, we recommend using private IP addresses that do not overlap with any other networks.

Frequently Asked Questions

It is recommended to use IPsec as it provides higher throughput.

OpenVPN encrypts your traffic and secures the VPN connection. It also uses a 2048 bit static key for authentication.

IPsec provides higher throughput than OpenVPN. Both VPNs can be used simultaneously.

If the UniFi gateway is behind NAT, then the port used for OpenVPN needs to be forwarded by the upstream router.

We recommend to use OpenVPN on a UniFi gateway that has access to a public IP address. Any performance or port forwarding issues on the upstream router can cause the VPN to disconnect.

See the OpenVPN documentation page for more information.