Set Up UID VPN

Requirements

Notes

If you have already set up UID OpenVPN, it must be deleted before WireGuard VPN can be set up.

VPN Type	Device Requirements	Application Requirements
OpenVPN	Dream Machine (UDM) Dream Machine Pro (UDM Pro) Dream Machine Special Edition (UDM SE)	N/A
WireGuard VPN	Dream Machine (UDM) Dream Machine Pro (UDM Pro) Dream Machine Special Edition (UDM SE) Cloud Key Gen2 Plus (CKP) UniFi Dream Wall (UDW) (EA)	UID Agent: v1.51.1 or later UI mobile app for Android: v0.55.2 or later UI mobile app for iOS: v0.55.4 or later UI desktop app for macOS: 0.55.1 or later UI desktop app for Windows: 0.55.1 or later

VPN Type

Device Requirements

Application Requirements

OpenVPN

Dream Machine (UDM)
Dream Machine Pro (UDM Pro)
Dream Machine Special Edition (UDM SE)

N/A

WireGuard VPN

Dream Machine (UDM)
Dream Machine Pro (UDM Pro)
Dream Machine Special Edition (UDM SE)
Cloud Key Gen2 Plus (CKP)
UniFi Dream Wall (UDW) (EA)

UID Agent: v1.51.1 or later
UI mobile app for Android: v0.55.2 or later
UI mobile app for iOS: v0.55.4 or later
UI desktop app for macOS: 0.55.1 or later
UI desktop app for Windows: 0.55.1 or later

Set Up One-Click VPN

Go to Applications > UID Manager Portal.

Select a site from the drop-down menu in the top left corner.

Go to the dashboard.

Click One-Click VPN.

Click Set Up on the following page.

Configure the VPN settings as needed (see the table below for more information).

Setting	Action
Name	Enter the network name.
Assign to all users of the current site	Enable to automatically assign this VPN to all users of the selected site.
Deploy on	Select the UniFi OS Console that will host the VPN.
Type	UID currently supports OpenVPN and WireGuard VPN.
VPN Server	Sync with the Public IP of UniFi OS Console: When enabled, the VPN server will auto sync with the public IP address of UniFi OS Console. It's suggested to enable this option if you are using dynamic IPs. Option1: Enable Sync with the Public IP of UniFi OS Console. Option2: Disable Sync with the Public IP of UniFi OS Console, and enter the public IP address of UniFi OS Console.
Protocol	Select the network's protocol.

Setting

Action

Name

Enter the network name.

Assign to all users of the current site

Enable to automatically assign this VPN to all users of the selected site.

Deploy on

Select the UniFi OS Console that will host the VPN.

Type

UID currently supports OpenVPN and WireGuard VPN.

VPN Server

Sync with the Public IP of UniFi OS Console: When enabled, the VPN server will auto sync with the public IP address of UniFi OS Console. It's suggested to enable this option if you are using dynamic IPs.

Option1: Enable Sync with the Public IP of UniFi OS Console.
Option2: Disable Sync with the Public IP of UniFi OS Console, and enter the public IP address of UniFi OS Console.

Protocol

Select the network's protocol.

Notes:

You cannot modify an outer VPN port if your console's public IP is the same as the WAN IP.
If your public IP and the WAN IP are different, you will need to create a port forwarding rule. For more details, see Network Deployment.

8. Click Show Advanced Settings to configure the following settings (Optional).

Setting	Action
Gateway IP/Subnet	Enter an IP address.
DNS Server 1	Enter an IP address for the primary DNS server.
DNS Server 2	Enter an IP address for the secondary DNS server.
Default DNS Suffix	Enter the DNS Suffix. Default DNS Suffix allows administrators to set a DNS suffix that is automatically filled following the hostname element. This means that Windows clients only need to enter the hostname element to access resources through their FQDNs.
Custom Routing	Specify which IP address or subnet will be routed through the UID VPN tunnel when VPN Proxy is set to the Intranet mode. Custom routing allows the configured IP addresses or subnets to still go through the UID VPN tunnel when the client is set to the Intranet mode. Without the need to route all traffic through the UID VPN tunnel, employees working remotely can use UID VPN to simply access the resources that are accessible only from the company network. The Intranet mode can significantly reduce the bandwidth usage coming from the UID VPN-connected clients, and in turn increase the internet speed of UID VPN. Note: This function only applies to clients using the Intranet VPN Proxy mode, the Global mode will still route all traffic through the VPN tunnel.
Maximum Connection Time	Specify the VPN session duration.

Setting

Action

Gateway IP/Subnet

Enter an IP address.

DNS Server 1

Enter an IP address for the primary DNS server.

DNS Server 2

Enter an IP address for the secondary DNS server.

Default DNS Suffix

Enter the DNS Suffix.
Default DNS Suffix allows administrators to set a DNS suffix that is automatically filled following the hostname element. This means that Windows clients only need to enter the hostname element to access resources through their FQDNs.

Custom Routing

Specify which IP address or subnet will be routed through the UID VPN tunnel when VPN Proxy is set to the Intranet mode.
Custom routing allows the configured IP addresses or subnets to still go through the UID VPN tunnel when the client is set to the Intranet mode. Without the need to route all traffic through the UID VPN tunnel, employees working remotely can use UID VPN to simply access the resources that are accessible only from the company network. The Intranet mode can significantly reduce the bandwidth usage coming from the UID VPN-connected clients, and in turn increase the internet speed of UID VPN.
Note: This function only applies to clients using the Intranet VPN Proxy mode, the Global mode will still route all traffic through the VPN tunnel.

Maximum Connection Time

Specify the VPN session duration.

Click Continue. A setup confirmation message will appear.

Click OK.

Set Up UID VPN

Requirements

Set Up One-Click VPN

Related articles

What's Next