I have a Dream Machine Pro at my parents’ house and a Cloud Gateway Ultra at my place. I also have a Synology NAS at my location, which I want to back up to a Synology NAS at my parents’ house. I’d prefer not to open any ports on my parents’ firewall or use something like Cloudflare Relay.
My goal is to have only the backup application traffic on my NAS use a site-to-site VPN, while all other traffic on the NAS should use the LAN. The backup service will utilize a specific domain via DDNS and operates on a specific port.
Is there a way to set this up, or should I consider other options?
This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.
Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.
If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!
On UDM create a client WireGuard to connect to your other sites network. This will show up as an interface for policy based routing. From here it depends on your NAS; for me my NAS has dual NICs that I keep on different VLANs. So I can route one VLAN through a VPN and the other for my regular network. If you don’t have two NICs you can try to keep your backup application on a VM and just use device based routing for that VM only, or do it by IP or Domain.
On your NAS you can route a specific docker application or VM through a WireGuard VPN to your other site. For example in Unraid you can create a VPN network and assign dockers to go through it.
For me, I have a complicated setup that involves WireGuard & Tun2Socks (wiresocks), and a Socks client (v2ray) that allows me to use UDM policy based routing and tunnel it through a socks proxy for specific outbound properties I set up.
Site to Site VPNs in Unifi do not expose themselves to policy routes. You would have to make a client vpn from UDMP to remote Site. This vpn connection then will show up as an interface to be used in the policy route. This is what I do for my daughters TV traffic to flow through to my network so that she can watch our local teams play on YouTube TV.
Understood. Wasn’t aware that YouTube TV had authorized users outside of the home. I share my cable subscription with family members via Plex and a HDHR Prime.
It’s the best part. 5 accounts with 3 simultaneous streams. I got rid of my HDHR Prime when I ditched Comcast for Fios, this was a much better solution without all the nickel and diming fees and surcharges. Don’t have to deal with vpn clients to connect to Plex (stopped port forwarding after hack). Now I just Plex server for hosting backups of all our PCs since we are all on Fios with symmetrical up and downs, it’s like have a LAN connection to all of my family members.
Edit: Nevermind I got this to work. Do you have any issues with speed / performance? 1GB links on both sides and assuming you used OpenVPN as the Client / Server configuration?
