Unifi Dream Machine SE – Australian HFC Connection settings & Wireguard Full and Split Tunneling

Written by James McDonald

December 18, 2023

Some notes from a Unifi USG SE and a UDM

Making a note of this here because TPG HFC connections uses VLAN 2

TPG HFC NBN Connection – UDM

Note the VLAN ID of 2

Exetel HFC NBN Connection

All it needs is a PPPoE connection with the [ServiceNumber]@vic.exetel.com.au and password. No V LAN ID

WireGuardSuccessful connection no traffic

I used Teleport and then disabled it. When I first created the Wireguard VPN I created it with the default 51820 port.

But when connecting using the Windows Wireguard client downloaded from wireguard.com it wouldn’t send any traffic through the tunnel. (I couldn’t ping any hosts behind the USG SE)

The solution was to change the Wireguard server port to a non-defualt I chose 51821.

Change from all traffic going through the remote network to only the necessary remote subnet traffic

Solution: Enable split tunneling by changing the client conf file from this:

Note the 0.0.0.0/0 which basically say route everything over the tunnel

[Interface]
PrivateKey = <privkey here>
Address = 10.16.7.2/32
DNS = 8.8.8.8,1.1.1.1

[Peer]
PublicKey = <pubkey here>
AllowedIPs = 10.16.7.1/32,10.16.7.2/32,0.0.0.0/0
Endpoint = myvpn.dyndns.org:51821

To this:

Notice I am including all subnets on the other side so only they are part of the tunnel routing.

Note here I am also turning off the custom DNS by specifying DNS = undefined

[Interface]
PrivateKey = <privkey here>
Address = 10.16.7.2/32
DNS = undefined

[Peer]
PublicKey = <pubkey here>
AllowedIPs = 10.16.7.1/32, 10.16.7.2/32, 10.90.90.0/24, 192.168.200.0/24, 192.168.30.0/24, 192.168.20.0/24, 192.168.100.0/24
Endpoint = myvpn.dyndns.org:51821

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

PHPSECLIB3 Client Algorithms

Recently our EDI supplier notified that they were changing their SFTP encryption and data integrity algorithms I use...