BI, VPN and Unifi USG

bob2701

Getting comfortable
Joined
Jan 7, 2016
Messages
1,009
Reaction score
482
Location
Jersey Shore
From your phone with the VPN turned on open your browser and try the “what’s my ip”. You should get the wan address of your system.
 

DLONG2

Known around here
Joined
May 17, 2017
Messages
763
Reaction score
454
Hi Mike,

The iPhone's VPN has?:

Type: L2TP
Server: (WAN address)
Account: (Name of user set up in the Services/User)
RSA SecurID: Off
Password: (User password as set up in the Services/User)
Secret: (Secret as set up in the Services/Server)
Send All Traffic: On
Proxy: Off

The Services/Server has?:

Enable: On
Secret: (filled in)
Clients: Checked
Authentication Port: 1812
Accounting Port: 1813
Account Interim Interval: 600
Tunnelled Reply: Off
 
Joined
Oct 16, 2018
Messages
1,659
Reaction score
5,464
Location
Florida, USA
Really do appreciate the help. I have no port forwarding enabled and all apps that need to “talk” to home work with the VPN.

Does anyone know how to start the VPN after the iPhone reboots?

Thanks,

Michael
 

bob2701

Getting comfortable
Joined
Jan 7, 2016
Messages
1,009
Reaction score
482
Location
Jersey Shore
Scroll down in settings and you will see VPN, just toggle it on or off.
Glad to hear you got it all to work.
 
Joined
Oct 16, 2018
Messages
1,659
Reaction score
5,464
Location
Florida, USA
With the help of @DLONG2 and @bob2701, I was able to create a working VPN to our home network using UniFi equipment. Using the native iOS VPN wasn’t working for us - it would disconnect at times and then stay disconnected until a manual reconnect. I wanted an always on VPN so it would be transparent to my wife. After all, WAF is important.

I went hunting on the UniFi forums and found a piece of software from here:

https://community.ubnt.com/t5/UniFi-...492465#M107742

This allowed me to set an always on VPN connection to our home network. If it disconnects, it will immediately reconnect.

We’ve only been using it for a couple of days so I don’t yet know if there are any downsides. I can say that PHLocation and Blue Iris work as expected.

And, it is comforting to know we have no port forwarding.

@DLONG2, are you an HS3 user?
 
Last edited:

luisrodz

Young grasshopper
Joined
Apr 4, 2018
Messages
55
Reaction score
20
Hi guys,

I just finally got all my hardware to start installing and would appreciate some of your help.

I’m going to make a diagram of what I currently have with my UniFi System and would appreciate if you guide me to add my new PC with BI and some Dahua I bought from Andy.

Currently I already got a USG, US-16-150W, UC-CK, AP). I’ll be posting the diagram soon.



Sent from my iPad using Tapatalk Pro
 
Joined
Oct 16, 2018
Messages
1,659
Reaction score
5,464
Location
Florida, USA
Yes, I dabble a bit in HS3. To me it is daunting to figure out, but I got a few events working well.
If you want some help, just ask...I have:


HS3 Pro 3.0.0.470 | 849 devices | 349 events | OpenSprinkler | BLShutdown | EasyTrigger | NetCAM | Harmony Hub | Sonos | SDJ-Health | BLUPS | PHLocation | BLBackup | BLLock | Z-Wave 3.0.1.243 | weatherXML | Pushover 3P | Blue-Iris | AirPlaySpeak
 

luisrodz

Young grasshopper
Joined
Apr 4, 2018
Messages
55
Reaction score
20


This is what I have so far. I was planning to add the BI PC as well as the cameras to the 16 port POE switch but I don’t know if that way I can isolate them.

I will appreciate your help.


Sent from my iPhone using Tapatalk Pro
 

DLONG2

Known around here
Joined
May 17, 2017
Messages
763
Reaction score
454
Curious about the reason you wish to segment the cameras, because if you just wish to block the cameras from reaching the WAN then you can create firewall rule for that, which is simply done.

Otherwise, in order to segment the cameras and the BI PC, you'd want to add a new network in the USG settings, then assign that network to the switch ports used by the cameras and PC. There would be other rules needed, then, if you also wanted, say, a smart TV, firestick, xBox, or home-located mobile device to access the BI server for the UI3.htm page or the use of the app. There would also be a change needed for the radius server for the VPN to work for away-from-home access to the app.

If you want to create a Blue Iris VLAN in your system then please follow the steps I had outlined in the first page of this thread, and let us know if you have any questions.
 
Last edited:

luisrodz

Young grasshopper
Joined
Apr 4, 2018
Messages
55
Reaction score
20
Curious about the reason you wish to segment the cameras, because if you just wish to block the cameras from reaching the WAN then you can create firewall rule for that, which is simply done.

Otherwise, in order to segment the cameras and the BI PC, you'd want to add a new network in the USG settings, then assign that network to the switch ports used by the cameras and PC. There would be other rules needed, then, if you also wanted, say, a smart TV, firestick, xBox, or home-located mobile device to access the BI server for the UI3.htm page or the use of the app. There would also be a change needed for the radius server for the VPN to work for away-from-home access to the app.

If you want to create a Blue Iris VLAN in your system then please follow the steps I had outlined in the first page of this thread, and let us know if you have any questions.
I just want to protect the system from internet. So I should follow your VLAN instructions then.

I’ll try during the week and keep you posted. Thank you for your feedback.


Sent from my iPhone using Tapatalk Pro
 

luisrodz

Young grasshopper
Joined
Apr 4, 2018
Messages
55
Reaction score
20
I’m currently trying to bench test all cameras before I make changes to the network and I’m unable to find the camera.

I’m connecting the BI PC as well as the camera to one of the US8 switches (port 8 with pass through). I don’t know what I’m doing wrong.


Sent from my iPad using Tapatalk Pro
 

DLONG2

Known around here
Joined
May 17, 2017
Messages
763
Reaction score
454
Not sure about multiple switches, but it seems that if all devices are on the same LAN and if you have static IPs on the cameras then the cameras should be found. Have you tried to ping them? Do they show up on the network topology map?
 
Joined
Oct 16, 2018
Messages
1,659
Reaction score
5,464
Location
Florida, USA
Since you are using UniFi, you do not need to set the camera ip to a static address. You can go into Clients, the camera, go into Configuration and set a “static IP”.

44B8847D-D857-4D15-BA66-6D4C5DB60CB2.png
 
Joined
Oct 16, 2018
Messages
1,659
Reaction score
5,464
Location
Florida, USA
We have not segmented our LAN into vLans. We do as Dlong2 suggests and have created firewall rules to prevent our cameras from accessing the Internet.

DD0E8582-F52B-4B20-9A5E-D30FB58C6CA0.jpeg
 
Top