Differences
This shows you the differences between two versions of the page.
|
unifi-usg [2021/10/05 20:55] rafi created |
unifi-usg [2022/01/18 08:44] (current) rafi |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ==== Configuring at the UniFi USG Interface ==== | ==== Configuring at the UniFi USG Interface ==== | ||
| - | === Experimental, | + | === Setting up the Privatise Tunnel |
| - | Please reach out to support for required information | + | 1. Go to Site to Site under the Managed Company Portal. |
| + | |||
| + | 2. Add the Remote Gateway IP. This is the public IP of your Unifi location. | ||
| + | |||
| + | 3. Add the Remote Network IP and Subnet. This is the network IP and subnet of your Unifi location. | ||
| + | |||
| + | 4. IKE version should be IKEv2. | ||
| + | |||
| + | 5. Add your preshared key. You can create one on by searching for a psk generation website. Make sure to save it to a location as you'll need it later for your Unifi box. | ||
| + | |||
| + | 6. Key lifetime should be 20000 | ||
| + | |||
| + | 7. Phase1 and Phase2 should both be AES256-SHA1-D2. | ||
| + | |||
| + | 8. Set aggressive mode to No. | ||
| + | |||
| + | === Configuring UniFi === | ||
| Open the UniFi - USG management interface. | Open the UniFi - USG management interface. | ||
| Line 12: | Line 28: | ||
| Enable this Site-to-Site VPN | Enable this Site-to-Site VPN | ||
| - | Remote Subnets: Enter the Privatise ROC Subnet | + | Remote Subnets: Enter the Privatise ROC Subnet. This is 10.8.0.0/16. |
| Peer IP: Enter the public IP of the ROC as seen under ROC on Demand. | Peer IP: Enter the public IP of the ROC as seen under ROC on Demand. | ||
| Local WAN IP: Enter the public IP of the UniFi SCG. | Local WAN IP: Enter the public IP of the UniFi SCG. | ||
| - | Pre-shared key: Support will supply | + | Pre-shared key: Use the preshared key you created in the previous step. |
| Enter the name of the VPN Gateway (Privatise for example). | Enter the name of the VPN Gateway (Privatise for example). | ||
| Line 21: | Line 37: | ||
| **In the Advanced Options fill in the following information: | **In the Advanced Options fill in the following information: | ||
| - | Key Exchange Version: | + | Key Exchange Version: |
| Encryption: AES-256 | Encryption: AES-256 | ||
| Hash: SHA1 | Hash: SHA1 | ||
| Line 36: | Line 52: | ||
| Create a firewall rule that allows traffic from the Privatise subnet to the LAN Network. | Create a firewall rule that allows traffic from the Privatise subnet to the LAN Network. | ||
| + | |||
| + | If the connection doesn' | ||