BI, VPN and Unifi USG

[DLONG2]

So the BI itself is still working well in the LAN (via the PC app or via the mobile app or via the ui3.htm) but you cannot access it from the WAN via the VPN?

In the mobile app's server settings, are the LAN and WAN server addresses both set up as the LAN address?

 

[JNDATHP]

Correct, port forwarding still works. Yes, the WAN and LAN address is 192.168.0.10:81 when I attempt to access BI via VPN.

 

[DLONG2]

So within the home, the BI is working well. Have you turned off port forwarding in order to test the VPN?

The VPN network of 192.168.60.0/24 is setup as a 'Remote User VPN?
The Services/User settings use the same VLAN number as the BI PC uses?
In the Firewall Rules, for LAN IN, did you add a rule to allow the VPN IPs (192.168.60.1, 192.168.60.2, etc) and the BI PC IP (192.168.0.10) to reach each other?

 

[JNDATHP]

So within the home, the BI is working well. Have you turned off port forwarding in order to test the VPN?

The VPN network of 192.168.60.0/24 is setup as a 'Remote User VPN?
The Services/User settings use the same VLAN number as the BI PC uses?
In the Firewall Rules, for LAN IN, did you add a rule to allow the VPN IPs (192.168.60.1, 192.168.60.2, etc) and the BI PC IP (192.168.0.10) to reach each other?

I turned off port forwarding to test.

192.168.60.0/24 is setup as Remote User VPN

Services/User settings use the same VLAN number as the the BI PC uses - don’t think so. Will try tomorrow.

Firewall rules - I think so. I will post tomorrow the rules.

Thank you for your help.

 

[bob2701]

Sounds like you are making progress. In my setup I have not set up a VLAN and did not assign one to the Remote User VPN. Everything still on same segment, except the Remote User VPN of course.

 

[DLONG2]

Sounds like you are making progress. In my setup I have not set up a VLAN and did not assign one to the Remote User VPN. Everything still on same segment, except the Remote User VPN of course.

Hey Bob, then it sounds like a missing firewall rule?

 

[bob2701]

Hey Bob, then it sounds like a missing firewall rule?

Yes, it sounds like he is missing the VPN to BI rule.

 

[JNDATHP]

Thanks guys. Appreciate your help. Need to hit the hay but will post tomorrow in hopes that you can find my error.

Michael

 

[bob2701]

Mike, go over the instruction DLONG2 gave you. Look for the “Mobile_Phones_To_BI” firewall rule he gave you.

 

[DLONG2]

Mike, go over the instruction DLONG2 gave you. Look for the “Mobile_Phones_To_BI” firewall rule he gave you.

And also the 'VPN-to-BI_PC' rule.

 

[JNDATHP]

Here is what I have:

 

[DLONG2]

Otherwise, your VPN allows you to connect to the home network, to other devices, and when you google your IP address from your mobile while in VPN, it will show the WAN address from your ISP?

In the Unifi controller, on the dashboard, you have the VPN widget running, and it will show 1 active tunnel when you VPN?

In the Unifi Services/Server, you've enabled the Radius Server. In the Services/Users, what did you enter for each user's VLAN?

In Blue Iris, in the Options/Web Server/Advanced, you 'require from all connections: Use a secure session keys and login page' and you don't limit IP addresses (left blank)?

 

[JNDATHP]

Otherwise, your VPN allows you to connect to the home network, to other devices, and when you google your IP address from your mobile while in VPN, it will show the WAN address from your ISP?

In the Unifi controller, on the dashboard, you have the VPN widget running, and it will show 1 active tunnel when you VPN?

In the Unifi Services/Server, you've enabled the Radius Server. In the Services/Users, what did you enter for each user's VLAN?

In Blue Iris, in the Options/Web Server/Advanced, you 'require from all connections: Use a secure session keys and login page' and you don't limit IP addresses (left blank)?

I can connect to my LAN via VPN and I get an IP address of 192.168.60.1 - I am using my iPhone and haven’t tried or even know how to reach other devices on my LAN.

Widget shows 0 active tunnel. iPhone shows VPN.

 

[JNDATHP]

VLAN box is blank in Services/Users.

 

[JNDATHP]

I appreciate the help. This VPN configuration is difficult for me. Thanks.

 

[DLONG2]

When you navigate to this website while on VPN, the IP shown is the same as your ISP WAN IP, yes?

What Is My IP? Shows your real IP - IPv4 - IPv6 - WhatIsMyIP.com®

Or, go to bing.com, and in the search bar, enter in "what is my ip" and hit enter. If it shows the WAN address then you are in your own local network.

I don't have a cloud key, but only use software to run the Unifi controller, so I am unfamiliar with that aspect of the dashboard, or how an iPad would be any different than a webpage. But on my PC where the software controller is running, my dashboard looks different than yours. When I VPN in, I see a tunnel increment. Your dashboard is showing 0, so I am wondering whether your VPN is really connecting or not.

Look for the 'Network Analyzer' app in the iTunes store, by Techet. They have a free and a paid version, and will allow you to ping IPs, show network devices, etc. Might help out.

Also, it never hurts to reboot the iPhone, and maybe stop and restart the Unifi controller.

 

[JNDATHP]

My IP when connecting VPN is NOT my WAN IP so this may be the problem. I will look into it tomorrow.

Again, thanks for your help.

 

[bob2701]

In your BI-VPN group add your WAN address.




Also check the WAN LOCAL and make sure the rules 3003-3006 are there. They should have been added automatically when you created the Remote User VPN network.

 

[DLONG2]

Thanks, Bob. I had overlooked the need for the WAN IP in the BI-VPN group. Good catch.

 

[bob2701]

Thanks, Bob. I had overlooked the need for the WAN IP in the BI-VPN group. Good catch.

Hey, everything I know came from you!