How to Set Up a VPN Server on UniFi (L2TP)

  • Post author:WunderTech
  • Post published:August 24, 2022
  • Post last modified:October 18, 2024
  • Post category:UniFi
  • Reading time:11 mins read
  • Post comments:0 Comments

In this tutorial, we’re going to look at how to set up a VPN server on UniFi.

There are many different places that you can run a VPN server, however, one of the best places is on your router. Offloading the process from a NAS or Raspberry Pi to a router means that you don’t have to worry about maintaining another device, and in general, if you can run a VPN on your router, you probably should.

One downside to the current UniFi VPN is that it uses L2TP over IPSec as opposed to other popular VPN options like OpenVPN or WireGuard (not that L2TP over IPSec is bad, because it’s not). However, UniFi recently released Teleport for UniFi devices which requires no port forwarding and utilizes the WireGuard protocol. If you’re interested in using that, please check out our tutorial on how to set it up!

Please keep in mind before proceeding that if you do not have a static external IP address, you will have to configure DDNS. A DDNS hostname will track your external IP address and whenever it changes, it will update the DDNS hostname. This ensures that you are ALWAYS connecting to your external IP address.

This tutorial utilizes the Unifi Dream Router, however, it should work on any UniFi devices that support L2TP/IPSec.

How to Set Up a VPN Server on UniFi

As mentioned above, the VPN protocol that we will be using is L2TP over IPSec.

1. Open the UniFi Controller and select Settings.

selecting the settings icon in unifi.

2. In the settings menu, select Teleport & VPN.

selecting the teleport and vpn setting in unifi.

3. Scroll down to VPN Server and Enable the VPN server.

how to set up a vpn server on unifi - enabling the l2tp vpn in unifi.

4. Select create a new user, then enter a username and password at the next screen. When you’re done entering both, you can select create user. This is the username and password that we will use to authenticate with our VPN.

NOTE: If there are a few people that will be connecting to this VPN, you can create multiple user accounts.

creating a vpn username and password.

5. In the Advanced Configuration section, select manual, then modify any of the settings that you’d like. When you’re done altering the settings, select apply settings to save everything.

NOTE: This is also where you’ll change the VPN subnet if you’d like something different than the default value.

manually configuring the subnet to use in unifi.

6. At this point, the VPN configuration is complete! The firewall rule should be automatically completed, but you can confirm by selecting Firewall & Security, then looking for the L2TP over IPSec firewall rule (UDP port 3007).

viewing the firewall rule automatically created.

Connecting as a VPN Client

At this point, the VPN server is configured. However, we need to modify our VPN client in order to connect. I will be utilizing Windows to show how this works, however, you can also use an Android, iOS, or Mac device.

Windows Instructions

1. Search for VPN and launch the VPN Settings application.

selecting vpn settings in windows 10.

2. Select Add a VPN Connection.

adding a new vpn connection in windows 10.

3. Change the settings to match the info below:

  • VPN Provider: Windows (built-in)
  • Connection: UniFi VPN Server
  • Server Name or Address: Enter your DDNS hostname or external IP address
  • VPN Type: L2TP/IPSec with pre-shared key
  • Pre-shared Key: Copy and paste the pre-shared key from the UniFi VPN settings
  • Type of Sign-in Info: Username and Password

Finally, enter the username and password, then Save.

adding the settings for the L2TP VPN in windows 10.

4. After the connection has been saved, you must allow the MS-CHAP v2 protocol. Select change adapter options on the right-hand side.

viewing the adapter options in windows 10.
change

5. Right-click the VPN server we created and select Properties.

viewing the properties of the vpn server.

6. under security, select allow these protocols and ensure that Microsoft CHAP Version 2 (MS-CHAP v2) is selected, then press OK.

allow CHAP v2 in windows.

7. If you head back to the VPN Server settings, you should now be able to connect!

connecting to the VPN server.

UniFi VPN Server Notes

Now that our server has been configured and we’ve successfully connected with one of our clients, there are a few notes that I want to be clear on:

  • If you are not using DDNS and your external IP address changes, you will not be able to connect. Set up DDNS if you have a dynamic external IP address to avoid this issue.
  • Depending on the device that you’re connecting from, settings on the VPN server or client may need to change. Using our Windows example above, we had to enable MS-CHAP v2. Without this enabled, the connection will fail, so be sure that the protocol you’re using to connect is a protocol that the server and client accept.
  • The same username and password can be used on multiple devices, but if different users will be connecting, it’s a good idea to create individual usernames/passwords for them.

Conclusion & Final Thoughts: L2TP VPN on UniFi Devices

This tutorial looked at how to set up a VPN server on UniFi. The server protocol used is L2TP over IPSec, which has its benefits and downsides. You can also set up Teleport on your UniFi device if you’re not interested in using L2TP over IPSec or don’t want to use port forwarding. However, if you do decide to use it, it functions well and will allow you to access everything on your local network.

Thanks for checking out the tutorial on how to set up a VPN server on UniFi. If you have any questions, please leave them in the comments!

WunderTech

WunderTech is a website that provides tutorials and guides on various NAS, server, networking, and infrastructure-related topics. WunderTech is maintained by Frank Joseph, an IT professional with 14+ years of experience in corporate IT and application management. He focuses on sharing his experience with others on his WunderTech website and YouTube page. Frank holds a Bachelor of Science in Computer Information Systems and a master of Business Administration (MBA).

Leave a Reply