Differences
This shows you the differences between two versions of the page.
unifi-usg [2021/10/05 20:55] rafi created |
unifi-usg [2022/01/18 08:44] (current) rafi |
||
---|---|---|---|
Line 1: | Line 1: | ||
==== Configuring at the UniFi USG Interface ==== | ==== Configuring at the UniFi USG Interface ==== | ||
- | === Experimental, | + | === Setting up the Privatise Tunnel |
- | Please reach out to support for required information | + | 1. Go to Site to Site under the Managed Company Portal. |
+ | |||
+ | 2. Add the Remote Gateway IP. This is the public IP of your Unifi location. | ||
+ | |||
+ | 3. Add the Remote Network IP and Subnet. This is the network IP and subnet of your Unifi location. | ||
+ | |||
+ | 4. IKE version should be IKEv2. | ||
+ | |||
+ | 5. Add your preshared key. You can create one on by searching for a psk generation website. Make sure to save it to a location as you'll need it later for your Unifi box. | ||
+ | |||
+ | 6. Key lifetime should be 20000 | ||
+ | |||
+ | 7. Phase1 and Phase2 should both be AES256-SHA1-D2. | ||
+ | |||
+ | 8. Set aggressive mode to No. | ||
+ | |||
+ | === Configuring UniFi === | ||
Open the UniFi - USG management interface. | Open the UniFi - USG management interface. | ||
Line 12: | Line 28: | ||
Enable this Site-to-Site VPN | Enable this Site-to-Site VPN | ||
- | Remote Subnets: Enter the Privatise ROC Subnet | + | Remote Subnets: Enter the Privatise ROC Subnet. This is 10.8.0.0/16. |
Peer IP: Enter the public IP of the ROC as seen under ROC on Demand. | Peer IP: Enter the public IP of the ROC as seen under ROC on Demand. | ||
Local WAN IP: Enter the public IP of the UniFi SCG. | Local WAN IP: Enter the public IP of the UniFi SCG. | ||
- | Pre-shared key: Support will supply | + | Pre-shared key: Use the preshared key you created in the previous step. |
Enter the name of the VPN Gateway (Privatise for example). | Enter the name of the VPN Gateway (Privatise for example). | ||
Line 21: | Line 37: | ||
**In the Advanced Options fill in the following information: | **In the Advanced Options fill in the following information: | ||
- | Key Exchange Version: | + | Key Exchange Version: |
Encryption: AES-256 | Encryption: AES-256 | ||
Hash: SHA1 | Hash: SHA1 | ||
Line 36: | Line 52: | ||
Create a firewall rule that allows traffic from the Privatise subnet to the LAN Network. | Create a firewall rule that allows traffic from the Privatise subnet to the LAN Network. | ||
+ | |||
+ | If the connection doesn' | ||