Site to Site VPN For Family Home

S3xyflanders · March 9, 2025, 12:25pm

Hey Everyone,

Wanting to put a small NUC at my in laws so I can put pihole and stuff like that on their home network as they are older and often need help. I’d like to be able to manage this remotely and want to do it securely normally I’d just put PFSense as the router in a VM and call it a day but I’ve already hooked them up with a Amplifi mesh system.

I’d like to setup a simple, secure ipsec site to site VPN without spinning up an entire router or anything crazy I know of two possible options being Strongswan and OpenVPN but the latter costing money unless there is a free opensource version.

Thanks for reading.

Edit: forgot to mention I have a UDM PRO to terminate the vpn tunnel at my house.

BinkReddit · March 9, 2025, 12:25pm

Why can’t you set up pfSense if you’re also running AmpliFi? You have a lot of options in the open source space for a router or VPN. My preference would be something employing IPsec or WireGuard.

void_nemesis · March 9, 2025, 12:25pm

Why not run Wireguard on the NUC itself? If you set it up to start automatically it’ll come up extremely quickly after boot. No need for port forwarding at your in-laws’ place, just at wherever you’re hosting the VPN server.

gordonthree · March 9, 2025, 12:26pm

So you can’t get into the amplfi router and setup a tunnel like you can with USG and similar UI products?

kilod0g · March 9, 2025, 12:26pm

Is Wireguard a No-Go?

joeschmoe10 · March 9, 2025, 12:26pm

I currently running openvpn (which is free if you host it) off of a raspi which works perfectly for me. There is an installer called pivpn which makes the setup process super easy.

petebzk · March 9, 2025, 12:26pm

Setup Wireguard on the NUC as a client connecting to your network. No need to configure anything on the Amplifi this way. You can also put PFSense in a VM and just disable all the services except VPN.

Anonymous · March 9, 2025, 12:26pm

I’m not an expert but ZeroTier has been working for me.

nikowek · March 9, 2025, 12:26pm

OpenVPN is free to use. Look at community version!
WireGuard will give you the best performance and it’s easy to setup. We use centralized setup, where one peer works as server, but you can go meshy if you wish too.
ZeroTier is good, even only as backup connection. It does have nice NAT punching features and interface on cloud which allows you for plenty networks.

davokr · March 9, 2025, 12:26pm

+1 on this method

I’m using Opnsense with ZeroTier

S3xyflanders · March 9, 2025, 12:26pm

Per ubquiti help page

The AmpliFi mesh system does not support any VPN software configurations on the router itself besides what AmpliFi Teleport offers. However, VPN software configured on your mobile devices or computers and not through the router itself should work on the AmpliFi network

My thought was prestige everything then ship and have it plugged in.

gordonthree · March 9, 2025, 12:26pm

Sheesh, even fewer features than a cheapo Linksys or D-Link all in one.