Some notes from a Unifi USG SE and a UDM

Making a note of this here because TPG HFC connections uses VLAN 2

TPG HFC NBN Connection – UDM

Note the VLAN ID of 2

Exetel HFC NBN Connection

All it needs is a PPPoE connection with the [ServiceNumber]@vic.exetel.com.au and password. No V LAN ID

WireGuard – Successful connection no traffic

I used Teleport and then disabled it. When I first created the Wireguard VPN I created it with the default 51820 port.

But when connecting using the Windows Wireguard client downloaded from wireguard.com it wouldn’t send any traffic through the tunnel. (I couldn’t ping any hosts behind the USG SE)

The solution was to change the Wireguard server port to a non-defualt I chose 51821.

Change from all traffic going through the remote network to only the necessary remote subnet traffic

Solution: Enable split tunneling by changing the client conf file from this:

Note the 0.0.0.0/0 which basically say route everything over the tunnel

[Interface]
PrivateKey = <privkey here>
Address = 10.16.7.2/32
DNS = 8.8.8.8,1.1.1.1

[Peer]
PublicKey = <pubkey here>
AllowedIPs = 10.16.7.1/32,10.16.7.2/32,0.0.0.0/0
Endpoint = myvpn.dyndns.org:51821

To this:

Notice I am including all subnets on the other side so only they are part of the tunnel routing.

Note here I am also turning off the custom DNS by specifying DNS = undefined

[Interface]
PrivateKey = <privkey here>
Address = 10.16.7.2/32
DNS = undefined

[Peer]
PublicKey = <pubkey here>
AllowedIPs = 10.16.7.1/32, 10.16.7.2/32, 10.90.90.0/24, 192.168.200.0/24, 192.168.30.0/24, 192.168.20.0/24, 192.168.100.0/24
Endpoint = myvpn.dyndns.org:51821