Menu
▾
▴
Re: [Astlinux-users] Ubiquiti Unifi
|
From: Michael K. <li...@mk...> - 2024-03-07 12:21:13
|
Hi Michael, I only used StrongSwan with the AVM Fritzbox router/DSL modem models, which are widely used in Germany. You'll have to create a textfile, which has to be imported into the Fritzbox via the WebGUI. Luckily the newer Fritzbox models now support WireGuard. Never used Unifi for VPN. I thought you wanted to use Gl.inet routers … Michael http://www.mksolutions.info > Am 07.03.2024 um 12:52 schrieb Lonnie Abelbeck <li...@lo...>: > > Hi Michael, > > Unifi access points and switches have played well with others over the years. > > Unifi routing products, while based on linux, never had a good track record of interoperability, particularly with VPNs. > > It would seem straightforward for Unifi to support sourcing manual Wireguard configs in addition to the pretty GUI Wireguard configs ... maybe someday. > > Personally, I would not even try to get AstLinux Strongswan to work with Unifi's IPsec. > > Lonnie > > > >> On Mar 7, 2024, at 12:17 AM, Michael Knill <mic...@ip...> wrote: >> >> Noone 🙁 >> >> Regards >> Michael Knill >> From: Michael Knill <mic...@ip...> >> Sent: Friday, 23 February 2024 2:50 PM >> To: AstLinux List (ast...@li...) <ast...@li...> >> Subject: [Astlinux-users] Ubiquiti Unifi >> >> Im kicking and screaming all the way, but I will probably be moving to the Ubiquiti Unifi ecosystem (we already use their WAP’s). >> As part of this, I will be implementing some of their gateways (routers) which I really need to connect via VPN to Astlinux in the cloud. >> They now support Wireguard but only as a client or server and not as a site to site VPN which they support Open VPN and IPsec only. In the Wireguard client configuration they emulate a mobile client so all traffic is from the gateway address (NAT). >> >> So just wondering if Im going to be able to get this working with OpenVPN as per below: >> >> <image002.png> >> >> Looks like it only support Pre-Shared Key and not certificates? >> >> Could probably use Strongswan with IPsec but would rather not unless someone has got this working or something similar. >> >> Regards >> >> Michael Knill >> Managing Director >> >> D: +61 2 6189 1360 >> P: +61 2 6140 4656 >> E: mic...@ip... >> W: ipcsolutions.com.au >> >> <image001.png> >> Smarter Business Communications |
