Unifi UDM to Azure Site to Site VPN Notes

by | Oct 24, 2021 | IT Tips | 0 comments

The GUI doesn't keep some of the settings you set. But these worked for me. This doesn't include the Azure setup.

Settings for UDM

Name: TGN-MEL-AZR

Name can be anything you want. I like to do <company prefix ><local site><remote site> e.g TGN is Toggen, MEL is Melbourne Office and AZR is saying the VPN terminates in Azure

Enabled: checked

Remote Subnet: 10.99.99.0/24 <= One or more CIDR denoted subnets or whatever VNet subnet or nets you are trying to communicate with

Route Distance: 30 (I left this as the default. I think)

Peer IP: Your Virtual network gateway Public IP from Azure

Local WAN IP: Your local network gateway Public IP

Pre-Shared Key: Copy this from your Connection setup in Azure

IPsec Profile: Azure dynamic routing

Advanced Options

Key Exchange Version: IKEv2

Encryption: AES256

Hash: SHA1

IKE DH Group: 2 (after setting it changes back to 14 in the UI)

PFS: Uncheck (after setting it changes back to checked)

ESP DH Group: Unchecked (PFS unchecked should disable this anyways but it changes back to checked)

Dynamic Routing: Unchecked (after setting it changes back to checked)

IMPORTANT!!!: Set the correct settings above and then REMEMBER don't resave the bad settings over the top

UDM cli Command to Check Connection

Login with SSH

ssh -lroot IP_OF_UDM

To restart ipsec

ipsec restart

To check for configured connections (this will list configured connections but they may not all be working)

swanctl --list-conns

To check for successful associations

swanctl --list-sas

Reboot the UDM

reboot

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.