Support for Unifi Routers in Site-to-Site mode?

[maurera]

First - fantastic job documenting and putting together this project! This was so easy to follow and set up.

Checklist

• [X] I searched existing Issues, and did not find a similar enhancement request
• [X] This enhancement request is about the VPN setup scripts, and not IPsec VPN itself
• [X] I read the README
• [X] I read the Important notes
• [X] I followed instructions to configure VPN clients
• [X] I checked IKEv1 troubleshooting, IKEv2 troubleshooting and VPN status

Describe the enhancement request I would like to request adding to the docs how to get this working with Unifi routers as a Site-to-Site VPN. I've been trying to follow some docs to modify the Libreswan config to work in site-to-site mode, but without success so far. It seems relatively straightforward, but I haven't been able to get it working.

Is your enhancement request related to a problem? Please describe. Yes - I can't successfully get the Site-to-Site connection working from the Unifi router. I have an IPTV box in Location B that I can't directly add as a client, so I want to add the Unifi router as a client, which passes through the IPTV box from Location B to Location A. I know that the vpn is at least working per the quickstart guide, since I can add a macbook client and successfully connect through the ipsec vpn.

Additional context I have a Unifi UDM router and would like to establish a site-to-site connection from my house to vacation house. I successfully set up the ipsec vpn server in my house and I can connect from a macbook client in vacation house. However, I want an iptv box in vacation house to connect through the vpn.

For reference, the following screenshot is the config screen from the Unifi router. Note that there's no option to add a user, like what's done in the clients that you've documented so far.

[hwdsl2]

@maurera Hello! Thank you for describing your use case with details. Please refer to the following links: https://medium.com/@earlg3/setting-up-an-ipsec-vpn-to-google-cloud-with-libreswan-ubiquiti-edgerouter-39f064559fcb https://libreswan.org/wiki/Configuration_examples

The linked article provides detailed example steps for setting up Libreswan for use with Ubiquiti EdgeRouters. The second link points to the Libreswan wiki where you can find some configuration examples for different scenarios. If you are able to get this to work, you may optionally let us know in this issue.

[maurera]

Thanks for the super fast reply with references! I'll give that a try.

I should have also asked - will this support multicast traffic? Ie - the IPTV box in vacation house needs to be able to receive multicast traffic to work properly (that's the whole reason I'm trying this - because I've heard that multicast traffic somehow works over an IPsec site-to-site VPN, but not over a standard wireguard vpn like I'm using now).

[hwdsl2]

@maurera AFAIK, multicast might not work over an IPsec VPN. References: [1] [2] [3].