• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Unifi over OpenVPN

Scheduled Pinned Locked Moved L2/Switching/VLANs
2 Posts 2 Posters 973 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • E
    eidolontubes
    last edited by Mar 3, 2019, 4:34 AM

    Hi everyone - wondering if someone out there has the key to my puzzle.

    I'm setting up a branch office with a site to site openvpn. Everything with the tunnel so far works okay with the exception of Unifi.

    On the Head office side, I have a Unifi controller with 2 AP and a ubiquiti switch. There are two wifi networks - a guest and a corporate on VLAN id 6 and 7. My main network at the head office is 192.168.2.x and Unifi guest 192.168.6.x , full access corporate on 192.168.7.x. The Unifi controller is on 192.168.2.8. The guest network is not a "Unifi guest network" as we needed custom firewall rules (from the pfsense).

    The main network 192.168.2.x - DHCP is being served by the DC on 192.168.2.2 . All other networks at the head office - DHCP is being served by the pfsense.

    On the branch office side, I have DHCP being served by the branch office pfsense - 192.168.20.x . OpenVPN tunnel works great and on wired devices I can access the head office network perfectly - DNS between subnets is working perfectly also.

    Also at the branch I have a ubiquiti switch and an AP. I was able to get the switch and the AP to connect with the main office unit controller and adopted. The AP at the branch office is broadcasting the correct wifi networks identical to the main office, however, I can't properly connect to those wifi networks at the branch office. I didn't consider this at the beginning: DHCP for the wifi for devices at the branch office will be served from the pfsense at the main office (192.168.6.x , 192.168.7.x). Initially, I thought that DHCP was not traversing the VPN - so I set a static IP address on a wireless device. No connectivity.

    I read this post :
    https://forum.netgate.com/topic/130092/dhcp-relay-over-tun-openvpn/2

    It mentions setting up a TAP OpenVPN instead of TUN mode. I tried this but when I switch to TAP mode, the VPN completely broke for all devices.

    I added the route-gateway x.x.x.x in the custom options, but perhaps I put the wrong IP in there, tried the external IP's of both sites and also the internal IP of the pfsense's.

    If I was on the right track with the TAP OpenVPN... does anyone know how to get this configured properly?

    If I was heading down the right path, can anyone point me in the right direction?

    Much appreciated!!

    Cameron

    1 Reply Last reply Reply Quote 0
    • R
      Rai80
      last edited by Rai80 Mar 12, 2019, 10:30 PM Mar 12, 2019, 10:29 PM

      If you want to use the DHCP server from the Main Office, you need to set a DHCP Relay address on the Branch Office with the IP(s) of the DHCP Server(s) from the Main Office.
      So the branch office will sent the DHCP request to the Main Office.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received