 I'm here from Lawrence Systems and my goal is to educate you on how Unify implements VPN. Now Ubiquiti doesn't do it in a normal way with their Unify line of products and I think that matters quite a bit because unfortunately people, well, and I'm hoping you're watching this before you bought one of these, run into the problem of seeing that it says it has wire guard support or open VPN support and assume that it's just normal wire guard or open VPN support. And well, because Ubiquiti went a different way, there's some nuances to how Unify implements VPN. Now, we're going to be doing this with Unify network application 7.2.92. There could be a future date where a new version is out and it has better support and doesn't require open VPN to tie it to UUID or wire guard to be tied to teleport and intertwined with the Unify cloud applications. But that's not the date we're at today. This is August of 2022. And this is the current status. Hopefully you're watching this before you buy, because I like to educate people before they buy a product. Unfortunately, many find out after they bought the product, they reach out to us for consulting, hoping to get some of these remote access features set up and realize that it's done in a very different way that may or may not fit their use case. So that's what we're going to be covering today, the current way you implement those VPNs on the Unify dream machines and somewhat on some of the USGs as well. So we'll touch on both of these in this particular video before we dive into the details. Let's first are you an individual or company looking for support on a network engineering storage or virtualization project? Is your company or internal IT team looking for someone to proactively monitor your system security or offer strategic guidance to keep your IT systems operating smoothly? Not only would we love to help consulting your project, we also offer fully managed or co managed IT service plans for businesses in need of IT administration or IT teams in need of additional support. With our expert install team, we can also assist you with all of your structured cabling and Wi-Fi planning projects. If any of this piques your interest, fill out our hire us form at laurancesystems.com so we can start crafting a solution that works for you. If you're not interested in hiring us but you're looking for other ways you want to support this channel, there's affiliate links down below to get you deals and discounts on products and services we talk about on this channel. And now back to our content. Now let's start here with the ubiquities documentation and this will be linked down below so you can read further details on this. Unify network configuration for remote access VPN. We're going to talk about what does work and what we have here is how to set up and configure clients for the L2TP VPN. Now they recommend you just use your native client, whether it's Mac OS or Windows to get these connections. And this is a working way to get remote user VPN access so an external user remoting in to be able to connect. But there's a problem with this. The real big issue and the reason L2TP is not the most popular VPN compared to people who use OpenVPN or WireGuard is because one of the challenges is is each person may be coming from the same network as in the same public WAN IP to people in the same location, same building, same home, and they both try to VPN in and it will drop one of their connections because L2TP has some trouble handling that. Now there are some updates to get workarounds on there and to my knowledge. And if I'm wrong, leave a comment in the link to the updated documentation on this. But as of right now in August of 2022, to my knowledge, it has not been implemented inside of the ubiquities version of L2TP. That means if you have those two users, they're not going to be able to connect. But if you only have one user, this is a perfectly fine it is a secure VPN to be able to use your remote back in there. But also of note L2TP sometimes is blocked or has trouble with NADID networks or double NADID networks that you may run into. This is one of the reasons that WireGuard and OpenVPN which implement things very different than L2TP works so well to punch through all those different interesting network issues you may run into. Now let's talk about WireGuard support or as Ubiquiti calls it get to know teleport. Unify's integrated VPN, take a look at this brief overview and all the information of how to get started. Now the requirements for this to work at all is going to be a dream machine, dream machine pro, dream router, dream machine pro specification, the versions here. The Wi-Fi man mobile app because the only way teleport works with WireGuard is to create a link that you then connect with the teleport app on the phone, not your computers, not your Linux laptop or desktop, not your Windows laptop or desktop or your Mac. Just your phone can remote in via WireGuard. So to say they have WireGuard support is not wrong to say how they implemented it is why the details matter so much. So let's actually show you how this works. We go over here in our unified dream machine pro, we go over to teleport VPN and we hit generate link. We can keep clicking this and it's one link per device we want to connect and we hit copy. And then we paste that link. Now please note this link is teleport dot UI dot link. So it's telling your dream machine to communicate with Ubiquiti to create a magic link that will then create credentials and bring them in and tie these things together. This is an odd way to do it because you're not downloading anything or setting anything up related to WireGuard directly inside of the dream machine. You're just relying on their unique and proprietary way to do this. So there's not any other options. Well, you can do the invitation history because I created us a few of them right now. But that's it. You can revoke the invitation. So I mean, from a simplicity standpoint of getting my phone connected, they have made this really easy to do. So they can now say they have WireGuard support, but they have WireGuard support via their essentially proprietary way of doing this. It only works with a single app. So that's as far as that goes. Now what about open VPN support via UID? This is yet another strange way Ubiquiti has done things. UID is identity as a service platform that provides cloud based identity authentication and management services to enterprise. Well, yeah, you can use it for enterprise. You could use it for some home users here. But here's the weird part. One to use UID. This is not supported on their USGE, USGE Pro line. This is only for Dream Machine Pro, Dream Machine Special Edition. And we have the UID VPN. Now it doesn't mention open VPN, but it actually is. And to get this working, you tie your unified Dream Machine Pro to their UID. You register it there so that two are talking. There's an application they have the load on there. It's all the instructions. It's actually relatively easy to set up. Then we go over here and we create users and I have the user's directory set up. But let's jump to the download and see what works there. We're going to scroll down to the bottom, maybe zoom in a little, make it easier to find. And we want to connect to UID Wi-Fi VPN on Linux. Connect. And then we scroll down a little bit and we'll say, hey, let's download that config file. And we have the LTS open VPN that we set up. We now have an open VPN config file. But this is still kind of strange to me. And it has the keys, the auth and don't worry, I destroy and rebuild this. So if you were able to grab those keys, not a big deal, but it's confusing because normally most firewalls, PF sense is an easy example. And others do the same thing. You go into the firewall, you generate the open VPN config file, you distribute it through different means to your clients and can just use a standard open VPN client. Now I like the ability to download it from the UID, but it seems weird that the only way to get this to work is to have the Dream Machine talking to the UID system, then to tell it to generate the file. And then from there, you go on UID and download it. Now, because it's actually giving the remote IP address that I have redacted here to connect to, it's not looping through UID back over to your unified Dream Machine. So it's not playing man in the middle, it just generates it by having it connected to your cloud, which to me is just kind of strange. Now, while it's my opinion that this is a weird way to implement these forcing you to use ubiquities cloud register with it to get the UID and open VPN, or relying on the cloud to create the teleport links, they do make things relatively easy to set up. So it comes down to what is your use case? If you want remote access, are these things that you have no problem with, that you're fine with using their application for their version of WireGuard? So it works for what you want to do, because the only thing you wanted was to have your phone going in there. And maybe you're fine also with using the open VPN config tool via the UID and has more features than just that. I just wanted to narrow in on the VPN feature and how it's implemented in there. And maybe those things absolutely fit your use case. My goal is to educate people on how that works so they can understand that even though it has WireGuard, it's done in a proprietary way, even though it has open VPN, it's done via their cloud. Now, these are VPN tools to get into your network when you're external. If you wanted to use a privacy VPN to tunnel your network or do selective tunneling of traffic, and I've done videos on PF Sense and how to do this, this is not officially supported within Unify at all, not through any of the apps I had mentioned and not to my knowledge on any of their roadmap. If that changes, let me know and DM me the link to where they plan on implementing it. I haven't seen anything or heard anything that they plan to do that. Privacy VPNs are very popular for many reasons, but they're not something that's easily put into ubiquity. And I say easily because there are and I don't want to discount this third party applications to do this. So third party, yes, you can have to modifications made to the underlying OS to take advantage of WireGuard, take advantage of open VPN, manually configure things and get it working. It's not going to be through the official user interface to do this. And it's officially not supported by ubiquity, which means any update could lead to breakage of it. Therefore, it's not officially supported. It's not something we help people do or support when we're doing any of the consulting. So I'm aware of it being out there, but it's really, I don't know, comes down to your use case. Maybe you're fine with going away and not using the UI and just modifying everything from the command line to get it to work the way you want. Either way, my goal is always to educate people on these products to make sure they understand how they work, understand how to implement them, and let you decide ultimately if it fits your use case and what you want to do with this particular system. Links to the documentation I mentioned are down below and thank you. And thank you for making it all the way to the end of this video. If you've enjoyed the content, please give us a thumbs up. If you would like to see more content from this channel, hit the subscribe button and the bell icon. If you'd like to hire a short project, head over to laurancesystems.com and click the hires button right at the top. To help this channel out in other ways, there's a join button here for YouTube and a Patreon page where your support is greatly appreciated. For deals, discounts, and offers, check out our affiliate links in the description of all of our videos, including a link to our shirt store where we have a wide variety of shirts that we sell and designs come out well randomly, so check back frequently. And finally, our forums. Forums.LauranceSystems.com is where you can have a more in-depth discussion about this video and other tech topics covered on this channel. Thanks again for watching and look forward to hearing from you.