BI, VPN and Unifi USG

DLONG2

Known around here
Joined
May 17, 2017
Messages
763
Reaction score
454
So the BI itself is still working well in the LAN (via the PC app or via the mobile app or via the ui3.htm) but you cannot access it from the WAN via the VPN?

In the mobile app's server settings, are the LAN and WAN server addresses both set up as the LAN address?
 

DLONG2

Known around here
Joined
May 17, 2017
Messages
763
Reaction score
454
So within the home, the BI is working well. Have you turned off port forwarding in order to test the VPN?

The VPN network of 192.168.60.0/24 is setup as a 'Remote User VPN?
The Services/User settings use the same VLAN number as the BI PC uses?
In the Firewall Rules, for LAN IN, did you add a rule to allow the VPN IPs (192.168.60.1, 192.168.60.2, etc) and the BI PC IP (192.168.0.10) to reach each other?
 
Last edited:
Joined
Oct 16, 2018
Messages
1,663
Reaction score
5,470
Location
Florida, USA
So within the home, the BI is working well. Have you turned off port forwarding in order to test the VPN?

The VPN network of 192.168.60.0/24 is setup as a 'Remote User VPN?
The Services/User settings use the same VLAN number as the BI PC uses?
In the Firewall Rules, for LAN IN, did you add a rule to allow the VPN IPs (192.168.60.1, 192.168.60.2, etc) and the BI PC IP (192.168.0.10) to reach each other?
I turned off port forwarding to test.

192.168.60.0/24 is setup as Remote User VPN

Services/User settings use the same VLAN number as the the BI PC uses - don’t think so. Will try tomorrow.

Firewall rules - I think so. I will post tomorrow the rules.

Thank you for your help.
 

bob2701

Getting comfortable
Joined
Jan 7, 2016
Messages
1,009
Reaction score
482
Location
Jersey Shore
Sounds like you are making progress. In my setup I have not set up a VLAN and did not assign one to the Remote User VPN. Everything still on same segment, except the Remote User VPN of course.
 

DLONG2

Known around here
Joined
May 17, 2017
Messages
763
Reaction score
454
Sounds like you are making progress. In my setup I have not set up a VLAN and did not assign one to the Remote User VPN. Everything still on same segment, except the Remote User VPN of course.
Hey Bob, then it sounds like a missing firewall rule?
 

bob2701

Getting comfortable
Joined
Jan 7, 2016
Messages
1,009
Reaction score
482
Location
Jersey Shore
Mike, go over the instruction DLONG2 gave you. Look for the “Mobile_Phones_To_BI” firewall rule he gave you.
 

DLONG2

Known around here
Joined
May 17, 2017
Messages
763
Reaction score
454
Otherwise, your VPN allows you to connect to the home network, to other devices, and when you google your IP address from your mobile while in VPN, it will show the WAN address from your ISP?

In the Unifi controller, on the dashboard, you have the VPN widget running, and it will show 1 active tunnel when you VPN?

In the Unifi Services/Server, you've enabled the Radius Server. In the Services/Users, what did you enter for each user's VLAN?

In Blue Iris, in the Options/Web Server/Advanced, you 'require from all connections: Use a secure session keys and login page' and you don't limit IP addresses (left blank)?
 
Joined
Oct 16, 2018
Messages
1,663
Reaction score
5,470
Location
Florida, USA
Otherwise, your VPN allows you to connect to the home network, to other devices, and when you google your IP address from your mobile while in VPN, it will show the WAN address from your ISP?

In the Unifi controller, on the dashboard, you have the VPN widget running, and it will show 1 active tunnel when you VPN?

In the Unifi Services/Server, you've enabled the Radius Server. In the Services/Users, what did you enter for each user's VLAN?

In Blue Iris, in the Options/Web Server/Advanced, you 'require from all connections: Use a secure session keys and login page' and you don't limit IP addresses (left blank)?
I can connect to my LAN via VPN and I get an IP address of 192.168.60.1 - I am using my iPhone and haven’t tried or even know how to reach other devices on my LAN.

Widget shows 0 active tunnel. iPhone shows VPN.

165F9E98-9691-409C-B8C4-DAE5A10791BB.png

54464F2F-2927-49D7-9F49-D14F9292F8DD.jpeg
 

DLONG2

Known around here
Joined
May 17, 2017
Messages
763
Reaction score
454
When you navigate to this website while on VPN, the IP shown is the same as your ISP WAN IP, yes?

What Is My IP? Shows your real IP - IPv4 - IPv6 - WhatIsMyIP.com®

Or, go to bing.com, and in the search bar, enter in "what is my ip" and hit enter. If it shows the WAN address then you are in your own local network.

I don't have a cloud key, but only use software to run the Unifi controller, so I am unfamiliar with that aspect of the dashboard, or how an iPad would be any different than a webpage. But on my PC where the software controller is running, my dashboard looks different than yours. When I VPN in, I see a tunnel increment. Your dashboard is showing 0, so I am wondering whether your VPN is really connecting or not.

Look for the 'Network Analyzer' app in the iTunes store, by Techet. They have a free and a paid version, and will allow you to ping IPs, show network devices, etc. Might help out.

Also, it never hurts to reboot the iPhone, and maybe stop and restart the Unifi controller.
 
Last edited:

bob2701

Getting comfortable
Joined
Jan 7, 2016
Messages
1,009
Reaction score
482
Location
Jersey Shore
In your BI-VPN group add your WAN address.

vpngroup.JPG


Also check the WAN LOCAL and make sure the rules 3003-3006 are there. They should have been added automatically when you created the Remote User VPN network.

wan local_LI.jpg
 

DLONG2

Known around here
Joined
May 17, 2017
Messages
763
Reaction score
454
Thanks, Bob. I had overlooked the need for the WAN IP in the BI-VPN group. Good catch.
 
Top