Unifi Remote User VPN setup and firewall rules

3 min read 1 hour ago
Published on Nov 25, 2024 This response is partially generated with the help of AI. It may contain inaccuracies.

Table of Contents

Introduction

This tutorial will guide you through the process of setting up a remote user VPN in the Unifi Network Controller version 7.0.23, along with configuring firewall rules to restrict VPN users from accessing certain networks. This setup is essential for maintaining network security while allowing remote access.

Step 1: Create the Remote User VPN

  1. Access Unifi Network Controller:

    • Log in to your Unifi Network Controller.
  2. Navigate to Settings:

    • Click on "Settings" in the sidebar.
  3. Select VPN:

    • Go to the "VPN" section.
  4. Add a New VPN:

    • Click on "Create New VPN".
    • Fill in the required fields:
      • Name: Give your VPN a recognizable name.
      • Type: Choose "Remote User VPN".
      • IP Range: Define the IP range for the VPN users (e.g., 192.168.10.0/24).
  5. Authentication:

    • Set up user authentication:
      • Choose between username/password or certificate-based authentication.
    • If using username/password, ensure to create user accounts for each VPN user.
  6. Save Changes:

    • Click "Save" to apply the VPN settings.

Step 2: Configure VPN on iPhone

  1. Install OpenVPN App:

    • Download and install the OpenVPN app from the App Store.
  2. Import VPN Configuration:

    • Obtain the VPN configuration file from your Unifi settings.
    • Open the OpenVPN app and import the configuration file.
  3. Connect to VPN:

    • After importing, tap on the VPN profile and connect using the username and password you set up earlier.

Step 3: Set Up VPN Firewall Rules

  1. Go to Firewall Settings:

    • In the Unifi Network Controller, navigate to "Settings" and then "Firewall & Traffic".
  2. Create a New Firewall Rule:

    • Click on "Create New Rule".
    • Set the rule to block traffic from the VPN user network to the desired internal networks.
  3. Configure Rule Settings:

    • Action: Select "Drop" to block the traffic.
    • Source: Set this to the VPN IP range (e.g., 192.168.10.0/24).
    • Destination: Specify the networks or devices you want to restrict access to.
  4. Save the Firewall Rule:

    • Click "Save" to implement the firewall rule.

Conclusion

You have successfully set up a remote user VPN and configured firewall rules to control access to your network. This setup enhances your network security while providing the flexibility of remote access. Next steps could include testing the VPN connection and ensuring that the firewall rules are effectively blocking access as intended. For further customization, consider exploring additional Unifi features or consulting the Unifi documentation for advanced configurations.