UniFi Identity - Troubleshoot VPN Issues
No Users Can Connect to One-Click VPN
If all your users cannot connect to One-Click VPN, please follow the steps below to troubleshoot the issue:
-
Ensure your UniFi Console’s WAN IP is a public IP. To view your console’s WAN IP, go to your OS Settings > About > WAN IP.
- If the console's WAN IP is not a public IP but its higher-level router has a public IP, configure port forwarding on the higher-level router. You may need to contact your ISP for assistance.
- Ensure your public IP is not within the CGNAT IP range. You may need to contact your ISP for more information.
If your WAN IP is a public IP and your public IP is not within the CGNAT IP range, and the issue persists, please contact uid.support@ui.com with the following information.
- The support files of UniFi Console and Identity Endpoints for mobile and desktop.
- UniFi Console: OS Settings > Console Settings > Download Support File.
- Identity Endpoint for iOS and Android: Tap your upper-right profile picture > Export Support File.
- Identity Endpoint for macOS and Windows: Click the Gear icon > Export Support File.
- The time and time zone when the connection failed.
The message "System Extension Blocked" prompted on a macOS device
The Identity Endpoint needs a system extension to connect to Wireguard VPN. Follow the steps below to allow the app to load a new system extension.
macOS 15 Sequoia
-
Click Open System Settings in the popup and go to General > Login Items & Extensions.
-
Click the information "i" icon beside Network Extensions.
- Go to Identity and toggle its switch to the right to enable the extension.
- Click Done.
macOS 13 Ventura and macOS 14
-
Do either of the following:
- Click Open System Settings in the popup to go to the Privacy & Security page.
- Go to your Apple menu > System Settings > Privacy & Security.
-
Go to System software from application ''Identity'' was blocked from loading and click Allow.
-
Verify your identity using Touch ID or password and click Unlock to unlock Privacy & Security settings and allow the Identity Endpoint to add a system extension.
macOS 12 Monterey and Below
-
Do either of the following:
- Click Open System Preferences in the prompt to go to the Privacy & Security page.
- Go to your Apple menu > System Preferences > Security & Privacy > General.
-
Click the Lock icon.
-
Verify your identity using Touch ID or password and click Unlock to unlock the Privacy & Security settings.
-
Go to System software from application ''Identity'' was blocked from loading and click Allow.
The message “Identity Would Like to Add VPN Configurations” prompted on a macOS device
Identity Endpoint needs to add VPN configurations to allow VPN connections. Click Allow when the message below prompts. Once VPN configurations are added, all network activities on the device will be filtered and monitored when connecting to the VPN.
I Cannot Allow Identity Endpoint to Load New System Extensions
If the message “Click System Preferences and allow Identity to load a new system extension” shows on your Identity Endpoint for macOS, but no window prompts after clicking System Preferences, please check if your device is enrolled in MDM. Also, check if your admin has deployed System Extensions MDM payload settings that restrict users from approving additional system extensions not explicitly allowed by configuration profiles. Please see Apple’s help article for details.
If the System Extensions MDM payload settings have been deployed, your admin can add the following configuration to your MDM settings.
- Team Identifier:
4P645293E8
- Bundle identifier:
com.ui.uid.standard-desktop.network-extension