I have Unifi setups in Canada, but I also have a relative who is over seas.
What i would like to do is setup the Unifi Express Overseas as a 2 way VPN.
Basically i want to allow the devices connecting to my Unifi Setup in Canada to be able to make their traffic look like its coming from the location overseas.
In the other direction i want to allow the users overseas to connect their devices and have it appear geo located and pass their traffic thru my network in Canada.
I know this can be kind of accomplished by using teleport, but that is limited to Android and Iphone, and I’d like to be able to setup as flexible as possible and allow for using services like Netflix over wifi.
What would be the best way to accomplish this?
Thanks in advance
Hello! Thanks for posting on r/Ubiquiti!
This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.
Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.
If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
Definitely you can use it for that. I have a UDMP in my house with an express at my neice’s house. She used to live with me so she has a VPN back to my place to watch my internet backups I have on my NAS. Works a treat.
As long as there’s no Great Firewall in the way, it should work really really well.
When you setup the express if you add it as a separate site to your UI, and then in Teleport you can join the sites and configure it all in there.
Sounds like a Site to Site vpn, but, essentially you want to force all traffic out the alternate locations WAN as opposed to locally?
Teleport oddly works very well on any flavor of macOS as well.
I would say if you are simply trying to change the geolocation of your other side, why not look at a dns service like nextdns or controld?
If you want them to access resources local to your local network in Canada, then a site to site vpn would be your ticket and you would need a vpn gateway for your other side.
Keep in mind it doesn’t have to be a udm or anything, just something that will support the s2s vpn settings you wish to use for that configuration.
Vpn connections (both inbound and outbound) are slow though. Not sure if it applies to site 2 site tunnelling but I would guess so. You should bé able to divert some traffic and not all though.
“Then in teleport you can join the sites” - you can teleport a whole site? How??
Correct.
I was thinking of site to site. Then creating specific wifi networks and v-lans. But not sure how to force the traffic out of the specific exit points.
I’ve never actually tried it on MacOS Good to know!
I have a mix of both needing the geolocation changed and getting access to devices on both networks.
My relative was in town last week and I had the express laying around so i did a basic quick setup on it and sent it home with them. That’s the reason for wanting to use the Express.
“If you want them to access resources local to your local network in Canada, then a site to site vpn would be your ticket and you would need a vpn gateway for your other side.”
Are you saying that i cant use the express for this purpose? Or am i reading this wrong?
So after a little digging into my system and verifying with some research. It seems like the simplest answer would be to setup a wireguard server on each system, and rhen a wireguard client pointing at the other system. The only problem is if the VPN drops, it will just start using local, unifi doesn’t currently have a GUI way to enact a killswitch, and the cli, as usual, can be wiped out by an update.
You could setup a point to site vpn and use a third party vpn client to make a config to connect to your vpn gateway also. This only gets annoying if you have many remote clients and complicated networks on the local side.