VPNΒΆ
Road warrior VPNΒΆ
Most users donβt require a VPN, as weβre leveraging mTLS for most services. However, there are some services which require a direct office LAN, or VPN connection.
To connect via VPN to the Office network, use the following settings:
Setting |
Value |
|---|---|
Type |
L2TP over IPSec |
Server |
|
IPSec PSK |
Stored as |
Account |
Personal credentials defined in the UniFi Cloud Key |
Important
If youβre using mac OS, you should have a look at the service order of the interfaces, because the DNS resolver depends on it. You might want to lookup an internal hostname to check if everything works properly.
Note
The road warrior VPN is configured in the UniFi Cloud Key under Settings β VPN β VPN Server β Road Warrior VPN.
Site-to-site VPNΒΆ
To inter-connect the datacenter Proxmox, the Office network, and our home networks, weβre using IPsec L2TP site-to-site VPNβs.
Note
The site-to-site VPN at the Office network is terminated on the UniFi security gateway.
Hence the configuration can be found in the UniFi Cloud Key under Settings β VPN β Site-to-Site VPN.
At the datacenter, the site-to-site VPN is terminated on the Proxmox. Thereβs an Ansible role called ipsec which applies the configuration.