search
GoodAccess WebsiteRequest Free TrialDownload App

UniFi USG

This guide will show you how to connect your UniFi device to the GoodAccess Gateway via a site-to-site connection using the IPsec protocol.

hashtag
Step 1 - Creating a new branch connection

Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.arrow-up-right

Click + Add new, enter the Branch name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

circle-info

You may return to the configuration via the Edit button of your Branch at any time.

circle-info

Example of configuration (Default preset):

  • Cloud/Branch subnet - Subnet of your local network

  • Shared Secret - Create a new strong password

  • Public IP - IP of your UniFi

  • IKE Lifetime (Phase 1) - 8 hours (28800 seconds)

  • Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)

  • Dead Peer Detection Delay - 30 seconds

  • Encryption (Phase 1) - aes256

  • Encryption (Phase 2) - aes256

  • Integrity (Phase 1) - sha256

  • Integrity (Phase 2) - sha256

  • Diffie-Hellman Groups (Phase 1) - 16 - modp4096

  • Diffie-Hellman Groups (Phase 2) - 16 - modp4096

hashtag
Step 2 - Creating a new site-to-site connection

Log in to the UniFi management interfacearrow-up-right, and go to Settings > VPN > Site-to-Site VPN.

Give the VPN a name and set the configuration as follows:

  • VPN Type - IPsec

  • Pre-Shared Key - Shared Secret (Step 1)

  • Remote IP / Host - IP of your GoodAccess Gateway

hashtag
Network Configuration

  • VPN Type - Route Based

  • Remote Network(s) - Static + Subnet of your GoodAccess Gateway

hashtag
Advanced

circle-info

Must match configuration from GoodAccess (Step 1).

Switch to Manual, and set the configuration as follows:

  • Key Exchange Version - IKEv2

  • IKE (Phase 1)

    • Encryption - AES-256

    • Hash - SHA256

    • DH Group - 16

    • Lifetime - 28800

  • ESP (Phase 2)

    • Encryption - AES-256

    • Hash - SHA256

    • DH Group - 16

    • Lifetime - 3600

  • Perfect Forward Secrecy (PFS) - Enabled

Click Add.

You have now successfully connected your device to GoodAccess.

circle-info

UniFi automatically creates the necessary firewall rules and static routes.

circle-info

You may check the status of the connection in:

  • GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection

  • UniFi - Settings > VPN > Site-to-Site VPN

PreviousSonicWallNextZyxel Nebula Control Center

Last updated

Was this helpful?