UniFi Gateway - OpenVPN Site-to-Site

OpenVPN is a Site-to-Site VPN found in the Teleport & VPN section of your Network application that allows you to connect a UniFi gateway to a remote location.


Requirements


How does it work?

OpenVPN Site-to-site VPN uses a 2048 bit static key for authentication. After generating the key, edit out any line breaks and insert it as a 512 character string in the Pre-shared Key field. 

Additionally, the following information is required:

  • Shared Remote Subnets: Network(s) used at the remote location.
  • Remote IP Address: Public IP address or hostname of the remote location.
  • Local and Remote Port: This will generally be UDP port 1194.
  • Local and Remote Tunnel IP Address: IP addresses used inside the VPN tunnel.

Note: For the Tunnel IP Address, we recommend using private IP addresses that do not overlap with any other networks.


Frequently Asked Questions

1. Should I use IPsec or OpenVPN Site-to-Site VPNs?

It is recommended to use IPsec as it provides higher throughput. 

2. Is OpenVPN secure?

OpenVPN encrypts your traffic and secures the VPN connection. It also uses a 2048 bit static key for authentication.

3. How does OpenVPN compare with IPsec Site-to-Site VPNs, and can you use them simultaneously?

IPsec provides higher throughput than OpenVPN. Both VPNs can be used simultaneously.

4. Can OpenVPN be used when the UniFi gateway is behind NAT?

If the UniFi gateway is behind NAT, then the port used for OpenVPN needs to be forwarded by the upstream router.

We recommend using OpenVPN on a UniFi gateway that has access to a public IP address. Any performance or port forwarding issues on the upstream router can cause the VPN to disconnect.

5. How can I generate the OpenVPN key?

See the OpenVPN documentation page for more information.

Was this article helpful?
10 out of 47 found this helpful