44Net Connect on UniFi Network

From 44Net Wiki


Use this guide to import a 44Net Connect WireGuard configuration into UniFi Network and create a tunnel on a UniFi gateway.

What you need

  • A 44Net Portal account
  • A verified amateur radio callsign
  • A 44Net Connect tunnel created in the Connect dashboard
  • A UniFi gateway managed in UniFi Network
  • A computer with a web browser and a plain-text editor

If you still need to create your account, verify your callsign, or create your first Connect tunnel, start with Get Started and 44Net Connect Quick Start.

Note
Ubiquiti updates the Network application frequently, so the steps and screenshots in this guide may not match exactly with the current version of UniFi Network. The general process should still be similar, but if you have trouble following these instructions, refer to the UniFi Network documentation or support resources for the most up-to-date information on creating a WireGuard VPN client. You can also ask a question the 44Net Connect mailing list.

Before you upload the configuration

UniFi Network does not currently accept the IPv6 address included in the Address line of the WireGuard configuration generated by the Connect dashboard. The configuration must be edited to remove the IPv6 address before it can be imported into UniFi Network.

Copy and paste the wg-quick configuration from the Connect dashboard to a plain-text file, then edit the Address line so it contains only the IPv4 address.

For example, change: 

Address = fe80::dca1:c755:aa1:28f2/128, 44.27.128.48/32

to: 

Address = 44.27.128.48/32

Save the file before continuing.

Configure UniFi Network

Step 1: Open UniFi Site Manager

  • On a computer, open a web browser.
  • For cloud-connected gateways, go to unifi.ui.com.
  • For local-only gateways, go to the gateway's local IP address instead.
  • Sign in and select the site that contains the gateway you want to configure.

Step 2: Open the Network application

  • From Site Manager, open the Network application for the selected gateway.
  • Wait for the gateway and site settings to finish loading before creating the VPN client.

Step 3: Start a new WireGuard VPN client

  • In UniFi Network, click the Settings (gear) icon.
  • In the Settings sidebar, click VPN.
  • In the VPN Client section, click Create New.
  • In the details pane:
 * Under Type, select WireGuard.
 * Under Name, provide a name for the VPN client, like 44Net Connect.
 * Under Setup, choose File.

Step 4: Upload the 44Net Connect configuration file

  • In the details pane, click the Upload Configuraton File button.
  • Navigate to the file you saved in the previous section and select it for upload.
  • Select the plain-text file you saved from the Connect dashboard (after removing the IPv6 address from the Address line).
  • Review the imported settings to confirm the endpoint, keys, and IPv4 address were accepted.

Step 5: Create the tunnel

  • Click the Create button to create the VPN client and tunnel.

Verify operation

After the tunnel is created:

  • Confirm the VPN client shows as connected in UniFi Network.
  • Confirm the tunnel shows "Connected" in the Connect dashboard.

You may need to reload the page or wait a few moments for the status to update from "Connecting" to "Connected".

Troubleshooting

If the import fails, re-open the configuration file and confirm the Address line contains only the IPv4 address. Re-import it if necessary.

If the tunnel fails to connect, confirm the public key and endpoint in UniFi Network match the values shown in the Connect dashboard.

In UniFi Network, you can also check the gateway's logs for any error messages related to the VPN client. Click the Logs (clipboard) icon, then check the "VPN" box to filter for VPN-related log entries.

Explore further

Routing

UniFi Network does not automatically route traffic through the VPN tunnel. You can create a “Policy-based Route” that directs traffic to the tunnel based on criteria like source IP address or destination IP address. For example, you could create a policy that sends all traffic through the tunnel, or only traffic destined for 44Net IP addresses.

Subnets

With just a tunnel configured, the gateway will use NAT to send traffic from your network through the tunnel. If you want to use 44Net IP addresses directly on devices in your network, you can request a subnet from 44Net Connect and configure it in UniFi Network.

  1. In the 44Net Connect dashboard, request a Network Allocation.
  2. Once the allocation is approved, note the IPv4 subnet assigned to you.
  3. In UniFi Network, go to Settings > Networks and create a new network.
  4. Un-check Auto Scale Network.
  5. In the IPv4 Address field, enter the first address in the assigned subnet. For example, if your assigned subnet is 44.27.30.112/29, enter 44.27.30.113.
  6. In the Netmask field, enter the prefix length for the assigned subnet. For example, if your assigned subnet is a /29, choose 29.
  7. In the VLAN ID field, enter any VLAN ID not already in use on your gateway. You can accept the suggested VLAN ID or choose a different one.
  8. You can accept the Auto settings provided, or click Manual and adjust DHCP and other settings as needed.
  9. Click Create to create the network.

To route traffic from this subnet through the tunnel, create a policy-based route that matches the new subnet as the source and the VPN client as the next hop.

To use this Network/VLAN for devices in your local network, connect them to the new VLAN you created. This can be done by configuring switch ports or Wi-Fi networks to use this Network as the “native” network, or by configuring devices on your LAN to use this Network’s VLAN ID.

For more configuration options and details, see the UniFi Network documentation:

Related pages

Retrieved from "https://wiki.ampr.org/w/index.php?title=44Net_Connect/UniFi&oldid=2445"