UniFi Gateway - OpenVPN Client

OpenVPN Client is found in the VPN section of your UniFi Network Application that allows you to connect the UniFi Gateway to a VPN provider and send internet traffic from devices over the VPN.

For more details on setting up WireGuard instead of OpenVPN, see WireGuard VPN Client.

Requirements

How does it work?

The OpenVPN Client connection to the VPN provider is set up by uploading a configuration file and filling in the credentials. The file is generally supplied by the VPN provider.

Note: Your VPN provider login credentials may not be the same as the ones used for authentication. Verify with your provider as to which username and password need to be used.

How can I send traffic over the VPN?

After uploading the configuration file, apply the changes and the VPN Client connection will automatically establish. Traffic from devices is not automatically sent over the VPN however.

To send traffic from devices over the VPN, add a Traffic Route.

Configuration File Validation

The content of the configuration file is validated to determine if it is correct. The OpenVPN configuration file can be opened with a text editor and looks similar to:

client
dev tun
proto udp
remote host.example.com 1194

<ca>
-----BEGIN CERTIFICATE-----
aBcDeFgHiJkLmNaBcDeFgHiJkLmNaBcDeFgHiJkLmNa
-----END CERTIFICATE-----
</ca>

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
aBcDeFgHiJkLmNaBcDeFgHiJkLmNaBcD
-----END OpenVPN Static key V1-----
</tls-auth>

<cert>
-----BEGIN CERTIFICATE-----
aBcDeFgHiJkLmNaBcDeFgHiJkLmNaBcDeFgHiJkLmNa==
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
aBcDeFgHiJkLmNaBcDeFgHiJkLmNaBcDeFgHiJkLmNa=
-----END PRIVATE KEY-----
</key>
  • Protocol - This is the protocol used by the OpenVPN connection, either UDP or TCP.
  • Remote - This is the IPv4 address or hostname of the OpenVPN server followed by the port.
  • CA Certificate - This is a long string listed inside the <ca> to </ca> section.
  • Static Key - This is a long string listed inside the <tls-auth> to </tls-auth> section.
  • Certificate - This is a long string listed inside the <cert> to </cert> section.
  • Private Key - This is a long string listed inside the <key> to </key> section. 

There are more OpenVPN options that can be added to the configuration file, see the OpenVPN documentation for more information.

Frequently Asked Questions

1. Which VPN Client types are supported on UniFi Gateways?
Both WireGuard and OpenVPN are supported.
2. Which VPN providers are supported?
Any provider that supports OpenVPN will work.
3. My VPN provider does not have a configuration file. What should I do?
Your VPN provider should be able to provide you with the certificates, keys, and other information needed to connect. The file can then be manually created using a text editor. See the OpenVPN documentation for more information.
Was this article helpful?
47 out of 138 found this helpful