BI, VPN and Unifi USG

blazin912

Getting the hang of it
Joined
Sep 15, 2019
Messages
168
Reaction score
41
Location
MA
Nope :(
 

blazin912

Getting the hang of it
Joined
Sep 15, 2019
Messages
168
Reaction score
41
Location
MA
I didn't say this, but I am now attempting this via Wifi, through a Unifi AP. So my laptop is:

Laptop -> Unifi AP -> unifi Switch -> USG
 

DLONG2

Known around here
Joined
May 17, 2017
Messages
763
Reaction score
454
In the switch, I would configure any port using BI or cameras to the seprate VLAN, rather than using the default 'All' networks. Then use firewall rules to allow or deny traffic. Please take a look at my post #13 in this thread regarding VPN access to BI.
 

DLONG2

Known around here
Joined
May 17, 2017
Messages
763
Reaction score
454
I didn't say this, but I am now attempting this via Wifi, through a Unifi AP. So my laptop is:

Laptop -> Unifi AP -> unifi Switch -> USG
As long as the WiFi is on the same corporate LAN then it ought not matter. If you choose to use WiFi cameras then I would suggest building a wireless network using the same IPCAM VLAN number for those.
 

blazin912

Getting the hang of it
Joined
Sep 15, 2019
Messages
168
Reaction score
41
Location
MA
I got this working, thanks for your help. I can now access across VLANs is all set. Blocking internet all set.

Do I need to block IP cameras from seeing my LAN now? I want to RDP blue Iris for configuration. I'd also like to be able to view blue Iris streams on wifi devices. How do I accomplish both without breaking the blue Iris part which is working currently?
 

DLONG2

Known around here
Joined
May 17, 2017
Messages
763
Reaction score
454
I got this working, thanks for your help. I can now access across VLANs is all set. Blocking internet all set.

Do I need to block IP cameras from seeing my LAN now? I want to RDP blue Iris for configuration. I'd also like to be able to view blue Iris streams on wifi devices. How do I accomplish both without breaking the blue Iris part which is working currently?
For RDC, I created a group of IPs for the PCs, and then added a rule to allow all PCs to reach each other across the VLANs.

Likewise, you can allow any WiFi device to view, say, the UI3.htm from BI by the use of the same rules. With that rule, I can watch the cameras from any smart TV in the home which has a built-in browser.

For IP cameras, they should only be able to reach the BI machine. Build two new groups; one group is the camera/BI VLAN, the other group is all other VLANs you might have. Then in the LAN IN rules, add a new rule to block all traffic from the camera VLAN to the other VLANs, and set it lower in priority to any rule which allows specific devices to cross the VLAN divide.
 

NickTheGreat

Pulling my weight
Joined
Oct 19, 2017
Messages
140
Reaction score
246
Location
Iowa
So I posted in another thread here about it, but i updated my phone a month or so ago and found out that Android no longer supports the type of VPN that Unifi uses, L2TP. Sounds like this change happened a while ago, but things were grandfathered in.

I can't believe Unifi/Blue Iris would no longer work for half of us out there, so I'm guessing I'm operator error on my end.

Any Android 8.0, Unifi VPN users out there with a quick and easy fix for me? :D
 

DLONG2

Known around here
Joined
May 17, 2017
Messages
763
Reaction score
454
Any wisdom here? Any Unifi and Android dudes out there?
Hi Nick,

I noticed that my Android (via T-Mobile) had started to warn me a while ago that the VPN connection I use from UniFi is not secure. It is an annoying message, but in my case I can still connect okay.
 

NickTheGreat

Pulling my weight
Joined
Oct 19, 2017
Messages
140
Reaction score
246
Location
Iowa
Hi Nick,

I noticed that my Android (via T-Mobile) had started to warn me a while ago that the VPN connection I use from UniFi is not secure. It is an annoying message, but in my case I can still connect okay.
Yeah I had that too, but now with my new phone it just simply doesn't allow that type of connection.
 

NickTheGreat

Pulling my weight
Joined
Oct 19, 2017
Messages
140
Reaction score
246
Location
Iowa
Just a follow up, nearly a year later . . .

I was never able to get anywhere with the Unifi and Android disagreement over VPN's. I ended up going the Tailscale route, by following this video


I am having to use the Blueiris app, and I can't do anything else VPN-wise on my network. But I am able to see my cameras remotely, which was my real goal.
 
Top