vpn between unifi gateway and firewalla purple
Hi! I have a problem setting up an s2s tunnel with 3rd-party:
Site 1 - Firewalla Purple (FWP) in router mode,public IP
Site 2 - Unifi Gateway Lite (UXG) in router mode, behind ISP NAT
I would like to set up a s2s VPN between the two sites, but have not found a way due to the following hurdles:
Wireguard: FWP as VPN server, UXG as VPN client - can import profile, connection established, but there is no way on the FWP side to create a static route through the tunnel for the remote IP network - only for OpenVPN i can see an interface.
OpenVPN: FWP as VPN server, UXG as VPN client - can import profile, but cannot finish setup because username and password are missing.
OpenVPN Site2Site: on the FWP I only found an option to set up a s2s-vpn with another firewall and on the other side UXG asks for a pre-shared key which I cannot provide/find.
IPSec Site2Site VPN: not supported by FWP
So how can this be accomplished if only the FWP site has a valid public IP and the UXG needs to establish the VPN tunnel and therefore can not act as a VPN server?
-
Hi guys, I finally found a solution to my problem.
Fortunately, there was a well-hidden option in the Site 2 ISP product to get a dynamic public IP address, not just a carrier grade NAT IP.
Therefore, I was able to set up 2 wireguard VPNs without any problems. The first to connect from Site 1 to Site 2 and the second in the reverse direction.
The routing on the Firewalla side could be done by adding a "route" for the IP range of Site2 and pointing to the VPN interface of Wireguard (UXG client).
On the Unifi side by adding a "traffic route" for the IP range of Site1 and referencing the VPN interface of Wireguard (FWP client).
Please sign in to leave a comment.
Comments
5 comments