Overview
You can configure a Ubiquiti router to connect as a VPN client to your Access Server. Follow these steps to complete the configuration.
Important Note: At the time of writing, Ubiquiti (EdgeMAX/EdgeOS) routers do not support TLS-Crypt v2 for control channel security. Ensure your Access Server is configured to use TLS-Crypt, TLS-Auth, or no control channel security. You can adjust this in the Advanced VPN Settings page of the Admin Web UI.
Step 1: Create a user for the Ubiquiti router
- Sign on to your Access Server Admin Web UI.
- Click User Management > User Permissions.
- Under New Username, enter a username for your Ubiquiti router (e.g., "Ubiquiti"):
- Check the Allow Auto-login option.
- Click Save Settings and Update Running Server.
Step 2: Download a connection profile (.ovpn file) for the Ubiquiti router
- Click User Management > User Profiles:
- Select your Ubiquiti User and click New Profile:
- Choose Autologin, and ensure the TLS-Crypt v2 option is disabled, then click Create Profile.
- The connection profile (.ovpn file) downloads to your computer.
- The connection profile (.ovpn file) downloads to your computer.
- Rename the downloaded file to "Ubiquiti.ovpn" for easy management:
At this point, Access Server configuration is complete. Next, configure the Ubiquiti router.
Step 3: Configure the Ubiquiti router
At the time of writing, Ubiquiti routers don't support configuring OpenVPN as a VPN client through the GUI. Instead, use the command-line interface (CLI) embedded in the Ubiquiti GUI or via SSH.
- You can use the embedded CLI from the Ubiquiti GUI:
- Or connect using SSH if you have this allowed in your router:
Steps:
- Use the embedded CLi in the Ubiquiti GUI or connect via SSH if enabled.
- Open the connection profile (Ubiquiti.ovpn) and copy the entire contents of the profile.
- Run the following commands on the Ubiquiti command line:
sudo su
vi /etc/openvpn/Ubiquiti.conf- Ensure the filename ends with .conf. You will see something like this:
- Ensure the filename ends with .conf. You will see something like this:
- Press the i key on your keyboard to enter insert mode in the CLI.
- Paste the content of your connection profile (Ubiquiti.ovpn):
- Press the ESC key on your keyboard.
- Type :wq! on your keyboard to exit.
- Run the below command to connect to the VPN:
systemctl start openvpn@Ubiquiti
- Where Ubiquiti is the name of the OpenVPN profile in the /etc/openvpn/ folder.
- Check the VPN connection status:
systemctl status openvpn@Ubiquit
- To ensure the VPN connection is re-established automatically after a reboot, run:
systemctl enable openvpn@Ubiquiti
- You can also verify the router's connection in the Access Server Admin Web UI:
If you have additional questions, please submit a ticket.
Comments
0 comments
Please sign in to leave a comment.