Ubiquiti UDM and UDM Pro users... Teleport VPN is near!

Joined
May 1, 2019
Messages
2,087
Reaction score
3,198
Location
Reno, NV
One gripe I've had about this Ubiquiti UDM that had me considering another router (MicroTik, I believe, was going to be my goto choice), the VPN service. For a couple years...could ONLY do L2TP VPN service which is....well, kinda ancient. Could not add any other VPN service, like I could on my previous router: Asus nighthawk with OpenVPN.
By happenstance, I came across some posting revealing that Ubiquiti has finally integrated Teleport VPN in some of their machines (I only concentrated on my Ubiquiti UDM), which uses the more faster up to date Wireguard VPN service. I am no VPN guru but from all the reviews I came across, Wireguard is 2x's or sometimes 3x's faster than OpenVPN with better security and less coding (OpenVPN was....57 pages long, Wireguard is only 7?).
The downside? It's not yet included in the "official" Ubiquiti firmware. It is in Early Access and you have to sign up at Ubiquiti to get access to that.
I couldn't wait so I installed it. Super fast configuration (3 minutes?). And it works! I have access to all my network machines while using my smartphone cell phone plan.

Prior...for the last 3-4 weeks, I've been trying to get Wireguard VPN installed on my UDM purely through github links & putty console. It...just wouldn't function as I am sure there was user error involved.

And yes...."VPN always on" is an option too. I can finally use my Blue Iris mobile app when out & about! And UI3! Oh...and maybe now can look into this geofencing.
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
11,941
Reaction score
12,253
Location
USA
That is excellent. Mikrotik RouterOS is really powerful supposedly, but the learning curve is like a brick wall and requires a very strong foundation in ... well basically you've got to be a network engineer. UDM routers are absolutely the better choice for almost everyone. Especially if you use their wifi and switches too, it gives you such a great view of what is on your network. I unfortunately only use their stuff for wifi because I want more powerful router software (went with pfsense myself about a year back).

So, do they make you use their own client software for the "Teleport VPN" or can you use the standard wireguard client apps?
 
Joined
May 1, 2019
Messages
2,087
Reaction score
3,198
Location
Reno, NV
That is excellent. Mikrotik RouterOS is really powerful supposedly, but the learning curve is like a brick wall and requires a very strong foundation in ... well basically you've got to be a network engineer. UDM routers are absolutely the better choice for almost everyone. Especially if you use their wifi and switches too, it gives you such a great view of what is on your network. I unfortunately only use their stuff for wifi because I want more powerful router software (went with pfsense myself about a year back).

So, do they make you use their own client software for the "Teleport VPN" or can you use the standard wireguard client apps?
I am very much leaning to going the pfsense route myself eventually as I have grown tired of....software limitations & firmware fixes and this and that. But for now I have too much on my plate to learn a while new router OS (be it Mikrotik or pfsense). I mean really...once I upgraded to the EA firmware (Early Access...not for the general public which uses the official release still) for Ubiquiti, it took a whole 2 minutes to work 100%. Plus...it's Wireguard VPN, not OpenVPN (better in all ways). So a win win. Because it's Early Access, there are issues (something about FQDN not working?) but folks are hoping it will get ironed out. Will this keep me on the UDM forever? Not sure. I do not ask much of my router other than VLAN's, SUBNETS's, and firewall rules. WireguardVPN is icing on the cake. So who knows. I mean, there still is a download bandwidth limitation under 1Gb but I'm only at 400mb down so that doesn't affect me (yet). It would if I had fiber to the house though.
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
11,941
Reaction score
12,253
Location
USA
I like pfsense, but I think its days are numbered as they are shifting things away from the old open source model and it might not remain free for much longer. Opnsense is the open-source answer to that. Honestly I would probably have gone with Opnsense instead of pfSense back when I was switching routers, but at the time I didn't know anything about it and pfSense had all the name recognition. Now I have already invested the time learning and configuring pfsense and I don't want to do it all over again. Especially since people whine when there's internet downtime :)
 

kklee

Pulling my weight
Joined
May 9, 2020
Messages
181
Reaction score
190
Location
Vancouver, BC
I've been using the new Teleport VPN since it was introduced into the beta stream on my UDM Pro. I was previously using OpenVPN on a Synology NAS because of the L2TP limitation.

Other than some teething pains at the very beginning, it's been working nicely with the recent release. It's been part of their Amplifi product line for a while, so I expected it to be fairly stable.

My biggest complaint is that it's not configurable, it creates a subnet automatically, picking the next highest subnet out of the defined networks on the UDM, which is annoying when you have multiple subnets using totally different IP addresses.
 
Joined
May 1, 2019
Messages
2,087
Reaction score
3,198
Location
Reno, NV
I've been using the new Teleport VPN since it was introduced into the beta stream on my UDM Pro. I was previously using OpenVPN on a Synology NAS because of the L2TP limitation.

Other than some teething pains at the very beginning, it's been working nicely with the recent release. It's been part of their Amplifi product line for a while, so I expected it to be fairly stable.

My biggest complaint is that it's not configurable, it creates a subnet automatically, picking the next highest subnet out of the defined networks on the UDM, which is annoying when you have multiple subnets using totally different IP addresses.
yep. It picked a 192.168.7.x subnet for my VPN. I have .1 - .5 subnet already. Not sure why it picked .7 instead of .6 but eh.... maybe something I did in my history that I had a .6 but deleted it.
I have the same problem I had with L2TP Radius server: when out and about on mobile data...the VPN works perfect. However, when I get home into my home WiFi, I have to turn it off to reach local subnets. Pain in butt.
 
Top