VPNΒΆ

Road warrior VPNΒΆ

Most users don’t require a VPN, as we’re leveraging mTLS for most services. However, there are some services which require a direct office LAN, or VPN connection.

To connect via VPN to the Office network, use the following settings:

Setting

Value

Type

L2TP over IPSec

Server

vpn.confirm.ch

IPSec PSK

Stored as VPN PSK item in Vaultwarden

Account

Personal credentials defined in the UniFi Cloud Key

Important

If you’re using mac OS, you should have a look at the service order of the interfaces, because the DNS resolver depends on it. You might want to lookup an internal hostname to check if everything works properly.

Note

The road warrior VPN is configured in the UniFi Cloud Key under Settings β†’ VPN β†’ VPN Server β†’ Road Warrior VPN.

Site-to-site VPNΒΆ

To inter-connect the datacenter Proxmox, the Office network, and our home networks, we’re using IPsec L2TP site-to-site VPN’s.

Note

The site-to-site VPN at the Office network is terminated on the UniFi security gateway. Hence the configuration can be found in the UniFi Cloud Key under Settings β†’ VPN β†’ Site-to-Site VPN.

At the datacenter, the site-to-site VPN is terminated on the Proxmox. There’s an Ansible role called ipsec which applies the configuration.