Jump to content

For you Unifi guys

mastrmind11

By mastrmind11
in Hardware

 Share

Recommended Posts

Swynol

Swynol   375

Posted
Posted

The USG pro should be able to handle much better speeds over VPN than that. Take it to the unifi forums, theres quite alot on there about speeds.

Link to comment
Share on other sites
Guest asrequested

Guest asrequested  

Posted
Posted

There aren't any options. Another reason for building a gateway is that using Torguard's client I get much better encryption. And they update it, regularly. It gives me much more control. I can run Ubuntu, so it'll be stable.

Link to comment
Share on other sites
Guest asrequested

Guest asrequested  

Posted
Posted (edited)

I posted my question in the Unifi forum, and it looks like the gateway doesn't have enough juice for the encryption. The most anyone is getting is 25Mb/s. So now I have a new project. Build my own gateway to add to my network

 

 https://community.ubnt.com/t5/UniFi-Routing-Switching/Configure-VPN-client-for-USG/m-p/2163268#M68689

Edited by Doofus
Link to comment
Share on other sites
Guest asrequested

Guest asrequested  

Posted
Posted (edited)

I've got a spare i5 and motherboard. So I'm planning to build a 2u Linux machine. Then I can run Torguard's client and maybe some other security.

Edited by Doofus
Link to comment
Share on other sites
Guest asrequested

Guest asrequested  

Posted
Posted

well that sux. going pfsense or sophos UTM?

Maybe I'll take a look at the sophos utm. It's its own OS, correct? Does it have a VPN client and good encryption?

Link to comment
Share on other sites
mgworek

mgworek   121

Posted
Posted

It does have vpn client. I can't speak for the encryption. I used sophos for years both personally and professionally but I wasn't happy with some of their business decisions and I wanted to go fully Unfi. Sophos Access Points were nothing compared to Unfi AP's.

 

For the vpn client, its just config files you download to your OS or your phone and you use your preferred vpn client. I think windows has its own client, in OSX I use tunnelblick.

 

One thing I noticed when sophos for the firewall/router is you don't get full internet speed. It slows it down a little bit. It's close to full but its not.

Link to comment
Share on other sites
Guest asrequested

Guest asrequested  

Posted
Posted

It does have vpn client. I can't speak for the encryption. I used sophos for years both personally and professionally but I wasn't happy with some of their business decisions and I wanted to go fully Unfi. Sophos Access Points were nothing compared to Unfi AP's.

 

For the vpn client, its just config files you download to your OS or your phone and you use your preferred vpn client. I think windows has its own client, in OSX I use tunnelblick.

 

One thing I noticed when sophos for the firewall/router is you don't get full internet speed. It slows it down a little bit. It's close to full but its not.

I have all unifi components, too. But the gateway is choking my bandwidth. I need to do some research on pfsense. I may still run Linux and use Torguard's client. It gives me much more flexibility to do it that way.

Link to comment
Share on other sites
mastrmind11

mastrmind11   717

Posted
  • Author
Posted

I am also interested in doing this after @'s experience w/ the USG.  I figured it wouldn't have the cycles to do the encryption and planned on setting up my own openVPN gateway.  I'm curious how you get on w/ this.  I have a shitload of juiced up ARM devices sitting around since I quit Kodi and would love to put one (or more) to use.  What I don't want is to have to set up every client w/ an openVPN token... I just want everything to go through the tunnel automatically.  There are docs out there, but I'm always up for first hand reviews.  What I'm unclear about is the cycles required to do the encryption.  I plan to start reading, but again, love me some first hand reviews.  

Link to comment
Share on other sites
Guest asrequested

Guest asrequested  

Posted
Posted

Yeah, I want a simple and flexible setup. Using the services own client, ensures compatibility and is kept up to date with their servers. And I can easily manipulate it without complicated CLI configs. Of course I'll need to experiment to see what works best, but I'm favoring the Linux OS with the service's own client for the VPN and route all internet traffic through it. And then it'll pass through the unifi gateway on the way to the network. This way I can also add security measures, should I wish to. I may even chuck my i7 6700k in there and strong arm this thing.

Link to comment
Share on other sites
mastrmind11

mastrmind11   717

Posted
  • Author
Posted (edited)

Yeah, I want a simple and flexible setup. Using the services own client, ensures compatibility and is kept up to date with their servers. And I can easily manipulate it without complicated CLI configs. Of course I'll need to experiment to see what works best, but I'm favoring the Linux OS with the service's own client for the VPN and route all internet traffic through it. And then it'll pass through the unifi gateway on the way to the network. This way I can also add security measures, should I wish to. I may even chuck my i7 6700k in there and strong arm this thing.

I'm with you.  But with an 1-2 hours free on any given Sat/Sun, I need to be a keyboard commando as efficiently as possible.  GL, I'll keep reading, perhaps this can be accomplished w/ a docker container.

Edited by mastrmind11
Link to comment
Share on other sites
Swynol

Swynol   375

Posted
Posted

i've used sophos utm, it has a vpn client built and does encryption.

 

i ran it with everything turned on, so virus scanning, IPS, firewall, threat stuff. an i3 with 8gb was fine for my 100/20 line. cpu would sit at around 3% and max 10%.

Link to comment
Share on other sites
Guest asrequested

Guest asrequested  

Posted
Posted

i've used sophos utm, it has a vpn client built and does encryption.

 

i ran it with everything turned on, so virus scanning, IPS, firewall, threat stuff. an i3 with 8gb was fine for my 100/20 line. cpu would sit at around 3% and max 10%.

But your VPN is site to site, isn't it?

Link to comment
Share on other sites
Mr.Mac

Mr.Mac   7

Posted
Posted (edited)

Take a look at Pfsense. Piece of cake to setup your VPN on it. I use PIA and it works great.

 

Plenty of guides around too for setting up Torguard on it.

Edited by Mr.Mac
Link to comment
Share on other sites
Guest asrequested

Guest asrequested  

Posted
Posted

Take a look at Pfsense. Piece of cake to setup your VPN on it. I use PIA and it works great.

 

Plenty of guides around too for setting up Torguard on it.

Just as long as I don't have to use the command line. If I can't do it in a UI, I won't be using it. I just want to enter my details and be done. That's why I'm thinking about just running Ubuntu and using the Torguard client. I need it to be that simple.

Link to comment
Share on other sites
Guest asrequested

Guest asrequested  

Posted
Posted (edited)

 

Sweet! Then I'm totally gonna mess with that. Thank you!

 

The only possible issue with that, is that it's for OpenVPN. When I use OpenVPN in their client, I get terrible bandwidth. I have to use openconnect. Hmmmmm....

Edited by Doofus
Link to comment
Share on other sites
Guest asrequested

Guest asrequested  

Posted
Posted

Taking a closer look at all the settings I would have to go through, it's not what I want. I'm just going to use the TG client

Link to comment
Share on other sites
  • 2 months later...
mastrmind11

mastrmind11   717

Posted
  • Author
Posted

FYI

 

https://community.ubnt.com/t5/UniFi-Stories/New-Beta-UniFi-Intrusion-Prevention-System-stops-hack-attempt/cns-p/2169344

 

Apparently the older models of the USG are going to have a hard time w/ IPS du to the lack of CPU juice, but they're supposedly building a custom USG at the same price point as the existing USG-3P but w/ more juice specifically for IPS.  Sure beats having to shell out $900 for an XG for sure.  Anyway, looks pretty interesting.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...