Unifi over OpenVPN



  • Hi everyone - wondering if someone out there has the key to my puzzle.

    I'm setting up a branch office with a site to site openvpn. Everything with the tunnel so far works okay with the exception of Unifi.

    On the Head office side, I have a Unifi controller with 2 AP and a ubiquiti switch. There are two wifi networks - a guest and a corporate on VLAN id 6 and 7. My main network at the head office is 192.168.2.x and Unifi guest 192.168.6.x , full access corporate on 192.168.7.x. The Unifi controller is on 192.168.2.8. The guest network is not a "Unifi guest network" as we needed custom firewall rules (from the pfsense).

    The main network 192.168.2.x - DHCP is being served by the DC on 192.168.2.2 . All other networks at the head office - DHCP is being served by the pfsense.

    On the branch office side, I have DHCP being served by the branch office pfsense - 192.168.20.x . OpenVPN tunnel works great and on wired devices I can access the head office network perfectly - DNS between subnets is working perfectly also.

    Also at the branch I have a ubiquiti switch and an AP. I was able to get the switch and the AP to connect with the main office unit controller and adopted. The AP at the branch office is broadcasting the correct wifi networks identical to the main office, however, I can't properly connect to those wifi networks at the branch office. I didn't consider this at the beginning: DHCP for the wifi for devices at the branch office will be served from the pfsense at the main office (192.168.6.x , 192.168.7.x). Initially, I thought that DHCP was not traversing the VPN - so I set a static IP address on a wireless device. No connectivity.

    I read this post :
    https://forum.netgate.com/topic/130092/dhcp-relay-over-tun-openvpn/2

    It mentions setting up a TAP OpenVPN instead of TUN mode. I tried this but when I switch to TAP mode, the VPN completely broke for all devices.

    I added the route-gateway x.x.x.x in the custom options, but perhaps I put the wrong IP in there, tried the external IP's of both sites and also the internal IP of the pfsense's.

    If I was on the right track with the TAP OpenVPN... does anyone know how to get this configured properly?

    If I was heading down the right path, can anyone point me in the right direction?

    Much appreciated!!

    Cameron



  • If you want to use the DHCP server from the Main Office, you need to set a DHCP Relay address on the Branch Office with the IP(s) of the DHCP Server(s) from the Main Office.
    So the branch office will sent the DHCP request to the Main Office.


Log in to reply