Unifi UDM to Azure Site to Site VPN Notes

Written by James McDonald

October 24, 2021

The GUI doesn’t keep some of the settings you set. But these worked for me. This doesn’t include the Azure setup.

Settings for UDM

Name: TGN-MEL-AZR

Name can be anything you want. I like to do <company prefix ><local site><remote site> e.g TGN is Toggen, MEL is Melbourne Office and AZR is saying the VPN terminates in Azure

Enabled: checked

Remote Subnet: 10.99.99.0/24 <= One or more CIDR denoted subnets or whatever VNet subnet or nets you are trying to communicate with

Route Distance: 30 (I left this as the default. I think)

Peer IP: Your Virtual network gateway Public IP from Azure

Local WAN IP: Your local network gateway Public IP

Pre-Shared Key: Copy this from your Connection setup in Azure

IPsec Profile: Azure dynamic routing

Advanced Options

Key Exchange Version: IKEv2

Encryption: AES256

Hash: SHA1

IKE DH Group: 2 (after setting it changes back to 14 in the UI)

PFS: Uncheck (after setting it changes back to checked)

ESP DH Group: Unchecked (PFS unchecked should disable this anyways but it changes back to checked)

Dynamic Routing: Unchecked (after setting it changes back to checked)

IMPORTANT!!!: Set the correct settings above and then REMEMBER don’t resave the bad settings over the top

UDM cli Command to Check Connection

Login with SSH

ssh -lroot IP_OF_UDM

To restart ipsec

ipsec restart

To check for configured connections (this will list configured connections but they may not all be working)

swanctl --list-conns

To check for successful associations

swanctl --list-sas

Reboot the UDM

reboot

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

You May Also Like…