Advanced Manual
Table Of Contents
- Chapter 1: Software Installation
- Chapter 2: UniFi Cloud
- Chapter 3: Using the UniFi Controller Software
- Chapter 4: Dashboard
- Chapter 5: Map
- Chapter 6: Devices
- Chapter 7: Clients
- Chapter 8: Statistics
- Chapter 9: Insights
- Chapter 10: UniFi Security Gateway Details
- Chapter 11: UniFi Switch Details
- Chapter 12: UniFi Access Point Details
- Chapter 13: UniFi VoIP Phone Details
- Chapter 14: Client Details
- Chapter 15: Hotspot Manager
- Appendix A: Portal Customization with Legacy JSP
- Appendix B: UniFi Discovery Utility
- Appendix C: UniFi Mobile App
- Appendix D: UniFi EDU Mobile App
- Appendix E: Controller Scenarios
- Appendix F: Contact Information
26
UniFi Controller User Guide
Ubiquiti Networks, Inc.
Chapter 3: Using the UniFi Controller Software
Site-to-Site VPN
The UniFi Security Gateway is required for this option.
• VPN Client (Beta) Select the appropriate option:
- Auto Auto is the default.
• Remote Site Select the appropriate site from the
drop-down list.
Note: If you have admin privileges for the local and
remote sites, then you can view and select sites.
- IPsec VPN Select this option create a VPN that uses
IPsec (IP security protocol).
• Enabled Select this option to create an IPsec VPN
tunnel over the Internet between two peer routers.
(The UniFi Security Gateway is the local peer router.)
• Remote Subnets Click Add Subnet to add an
address for a remote network.
• Add Subnet If you have another remote subnet,
click this option and enter its network address.
• Peer IP Enter the IP address of the peer router.
• Local WAN IP Enter the Internet IP address of the
UniFi Security Gateway.
• Pre-Shared Key Enter the pre-shared secret key.
Both peer routers must use the same pre-shared
secret key for authentication.
• IPsec Profile Select the appropriate option:
• Customized Select this option to customize your
settings.
• Azure dynamic routing Select this option if you
are using Microsoft Azure with dynamic routing
for a route-based VPN.
• Azure static routing Select this option if you are
using Microsoft Azure with static routing for a
policy-based VPN.
• Advanced Options Click to access the advanced
configuration.
• Key Exchange Version Both peer routers must
use the same Internet Key Exchange (IKE) version.
Select the appropriate version: IKEv1 or IKEv2.
• Encryption Both peer routers must use the
same encryption method. Select the appropriate
encryption method: AES-128, AES-256, or 3DES.
• Hash Both peer routers must use the same hash
algorithm. Select the appropriate hash algorithm:
SHA1 or MD5.
• DH Group The DH (Diffie-Hellman) group
specifies the strength of the DH encryption key
for the key exchange. Both peer routers must use
the same DH group. Select the appropriate DH
group: 2, 5, 14, 15, 16, 19, 20, 21, 25, or 26. The
default is 14.
• PFS Select this option to enable PFS (Perfect
Forward Secrecy), which helps enhance the
security of keys.
• Dynamic Routing Select this option to enable
dynamic routing over the VPN tunnel.
Note: If you selected Azure dynamic routing or
Azure static routing, then the defaults of the
Advanced Options will also change accordingly.
- OpenVPN Select this option to create a VPN that
uses the OpenSSL (Secure Sockets Layer) library and
SSL/TLS (Transport Layer Security) protocols.
• Enabled Select this option to create an OpenVPN
tunnel over the Internet between two peer routers.
(The UniFi Security Gateway is the local peer router.)
• Remote Subnets Click Add Subnet to add an
address for a remote network.
• Add Subnet If you have another remote subnet,
click this option and enter its network address.