GoodAccess WebsiteRequest Free TrialDownload App

UniFi USG

This guide will show you how to connect your UniFi device to the GoodAccess Gateway via a site-to-site connection using the IPsec protocol.

Step 1 - Creating a new branch connection

Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.

Click + Add new, enter the Branch name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

You may return to the configuration via the Edit button of your Branch at any time.

Example of configuration (Default preset):

  • Cloud/Branch subnet - Subnet of your local network

  • Shared Secret - Create a new strong password

  • Public IP - IP of your UniFi

  • IKE Lifetime (Phase 1) - 8 hours (28800 seconds)

  • Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)

  • Dead Peer Detection Delay - 30 seconds

  • Encryption (Phase 1) - aes256

  • Encryption (Phase 2) - aes256

  • Integrity (Phase 1) - sha256

  • Integrity (Phase 2) - sha256

  • Diffie-Hellman Groups (Phase 1) - 16 - modp4096

  • Diffie-Hellman Groups (Phase 2) - 16 - modp4096

Step 2 - Creating a new site-to-site connection

Log in to the UniFi management interface, and go to Settings > VPN > Site-to-Site VPN.

Give the VPN a name and set the configuration as follows:

  • VPN Type - IPsec

  • Pre-Shared Key - Shared Secret (Step 1)

  • Remote IP / Host - IP of your GoodAccess Gateway

Network Configuration

  • VPN Type - Route Based

  • Remote Network(s) - Static + Subnet of your GoodAccess Gateway

Advanced

Must match configuration from GoodAccess (Step 1).

Switch to Manual, and set the configuration as follows:

  • Key Exchange Version - IKEv2

  • IKE (Phase 1)

    • Encryption - AES-256

    • Hash - SHA256

    • DH Group - 16

    • Lifetime - 28800

  • ESP (Phase 2)

    • Encryption - AES-256

    • Hash - SHA256

    • DH Group - 16

    • Lifetime - 3600

  • Perfect Forward Secrecy (PFS) - Enabled

Click Add.

You have now successfully connected your device to GoodAccess.

UniFi automatically creates the necessary firewall rules and static routes.

You may check the status of the connection in:

  • GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection

  • UniFi - Settings > VPN > Site-to-Site VPN

PreviousSonicWallNextZyxel Nebula Control Center

Last updated

Was this helpful?