BI, VPN and Unifi USG

From your phone with the VPN turned on open your browser and try the “what’s my ip”. You should get the wan address of your system.
 
Hi Mike,

The iPhone's VPN has?:

Type: L2TP
Server: (WAN address)
Account: (Name of user set up in the Services/User)
RSA SecurID: Off
Password: (User password as set up in the Services/User)
Secret: (Secret as set up in the Services/Server)
Send All Traffic: On
Proxy: Off

The Services/Server has?:

Enable: On
Secret: (filled in)
Clients: Checked
Authentication Port: 1812
Accounting Port: 1813
Account Interim Interval: 600
Tunnelled Reply: Off
 
Really do appreciate the help. I have no port forwarding enabled and all apps that need to “talk” to home work with the VPN.

Does anyone know how to start the VPN after the iPhone reboots?

Thanks,

Michael
 
Huzzah!
 
With the help of @DLONG2 and @bob2701, I was able to create a working VPN to our home network using UniFi equipment. Using the native iOS VPN wasn’t working for us - it would disconnect at times and then stay disconnected until a manual reconnect. I wanted an always on VPN so it would be transparent to my wife. After all, WAF is important.

I went hunting on the UniFi forums and found a piece of software from here:

https://community.ubnt.com/t5/UniFi-...492465#M107742

This allowed me to set an always on VPN connection to our home network. If it disconnects, it will immediately reconnect.

We’ve only been using it for a couple of days so I don’t yet know if there are any downsides. I can say that PHLocation and Blue Iris work as expected.

And, it is comforting to know we have no port forwarding.

@DLONG2, are you an HS3 user?
 
Last edited:
  • Like
Reactions: bob2701
Hi guys,

I just finally got all my hardware to start installing and would appreciate some of your help.

I’m going to make a diagram of what I currently have with my UniFi System and would appreciate if you guide me to add my new PC with BI and some Dahua I bought from Andy.

Currently I already got a USG, US-16-150W, UC-CK, AP). I’ll be posting the diagram soon.



Sent from my iPad using Tapatalk Pro
 
@DLONG2, are you an HS3 user?
Click to expand...
Yes, I dabble a bit in HS3. To me it is daunting to figure out, but I got a few events working well.
 
DLONG2 said:
Yes, I dabble a bit in HS3. To me it is daunting to figure out, but I got a few events working well.
Click to expand...

If you want some help, just ask...I have:


HS3 Pro 3.0.0.470 | 849 devices | 349 events | OpenSprinkler | BLShutdown | EasyTrigger | NetCAM | Harmony Hub | Sonos | SDJ-Health | BLUPS | PHLocation | BLBackup | BLLock | Z-Wave 3.0.1.243 | weatherXML | Pushover 3P | Blue-Iris | AirPlaySpeak
 
9ec83bd317aa6179862f818630702fd8.jpg


This is what I have so far. I was planning to add the BI PC as well as the cameras to the 16 port POE switch but I don’t know if that way I can isolate them.

I will appreciate your help.


Sent from my iPhone using Tapatalk Pro
 
Curious about the reason you wish to segment the cameras, because if you just wish to block the cameras from reaching the WAN then you can create firewall rule for that, which is simply done.

Otherwise, in order to segment the cameras and the BI PC, you'd want to add a new network in the USG settings, then assign that network to the switch ports used by the cameras and PC. There would be other rules needed, then, if you also wanted, say, a smart TV, firestick, xBox, or home-located mobile device to access the BI server for the UI3.htm page or the use of the app. There would also be a change needed for the radius server for the VPN to work for away-from-home access to the app.

If you want to create a Blue Iris VLAN in your system then please follow the steps I had outlined in the first page of this thread, and let us know if you have any questions.
 
Last edited:
  • Like
Reactions: bob2701 and luisrodz
DLONG2 said:
Curious about the reason you wish to segment the cameras, because if you just wish to block the cameras from reaching the WAN then you can create firewall rule for that, which is simply done.

Otherwise, in order to segment the cameras and the BI PC, you'd want to add a new network in the USG settings, then assign that network to the switch ports used by the cameras and PC. There would be other rules needed, then, if you also wanted, say, a smart TV, firestick, xBox, or home-located mobile device to access the BI server for the UI3.htm page or the use of the app. There would also be a change needed for the radius server for the VPN to work for away-from-home access to the app.

If you want to create a Blue Iris VLAN in your system then please follow the steps I had outlined in the first page of this thread, and let us know if you have any questions.
Click to expand...

I just want to protect the system from internet. So I should follow your VLAN instructions then.

I’ll try during the week and keep you posted. Thank you for your feedback.


Sent from my iPhone using Tapatalk Pro
 
I’m currently trying to bench test all cameras before I make changes to the network and I’m unable to find the camera.

I’m connecting the BI PC as well as the camera to one of the US8 switches (port 8 with pass through). I don’t know what I’m doing wrong.


Sent from my iPad using Tapatalk Pro
 
Not sure about multiple switches, but it seems that if all devices are on the same LAN and if you have static IPs on the cameras then the cameras should be found. Have you tried to ping them? Do they show up on the network topology map?
 
You must log in or register to reply here.
Top Bottom