UniFi Gateway - OpenVPN Client
OpenVPN Client is found in the VPN section of your UniFi Network Application that allows you to connect the UniFi Gateway to a VPN provider and send internet traffic from devices over the VPN.
For more details on setting up WireGuard instead of OpenVPN, see WireGuard VPN Client.
Requirements
How does it work?
The OpenVPN Client connection to the VPN provider is set up by uploading a configuration file and filling in the credentials. The file is generally supplied by the VPN provider.
Note: Your VPN provider login credentials may not be the same as the ones used for authentication. Verify with your provider as to which username and password need to be used.
How can I send traffic over the VPN?
After uploading the configuration file, apply the changes and the VPN Client connection will automatically establish. Traffic from devices is not automatically sent over the VPN however.
To send traffic from devices over the VPN, add a Traffic Route.
Configuration File Validation
The content of the configuration file is validated to determine if it is correct. The OpenVPN configuration file can be opened with a text editor and looks similar to:
client
dev tun
proto udp
remote host.example.com 1194
<ca>
-----BEGIN CERTIFICATE-----
aBcDeFgHiJkLmNaBcDeFgHiJkLmNaBcDeFgHiJkLmNa
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
aBcDeFgHiJkLmNaBcDeFgHiJkLmNaBcD
-----END OpenVPN Static key V1-----
</tls-auth>
<cert>
-----BEGIN CERTIFICATE-----
aBcDeFgHiJkLmNaBcDeFgHiJkLmNaBcDeFgHiJkLmNa==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
aBcDeFgHiJkLmNaBcDeFgHiJkLmNaBcDeFgHiJkLmNa=
-----END PRIVATE KEY-----
</key>
- Protocol - This is the protocol used by the OpenVPN connection, either UDP or TCP.
- Remote - This is the IPv4 address or hostname of the OpenVPN server followed by the port.
-
CA Certificate - This is a long string listed inside the
<ca>
to</ca>
section. -
Static Key - This is a long string listed inside the
<tls-auth>
to</tls-auth>
section. -
Certificate - This is a long string listed inside the
<cert>
to</cert>
section. -
Private Key - This is a long string listed inside the
<key>
to</key>
section.
There are more OpenVPN options that can be added to the configuration file, see the OpenVPN documentation for more information.