First I am a network newb. I have a home Ubiquiti system consisting of a USG 3P (4.4.18) and 3 AP-AC pro. My controller is version 5.6.30. Question - I work overseas for 4 weeks at a time and live in a company provided camp. Company IT security does not allow VPN programs within our camp WIFI and it is the only way to connect to internet. Without a VPN all the geoblocking apps prevent me from watching American sports, etc. Is it possible to configure my Ubiquiti system to allow my Android tablet to connect to my Ubiquiti system and then route to internet from my home system? Any help would be appreciated.
I’m a little curious about this part:
“Company IT security does not allow VPN programs within our camp WIFI”
So, how would you connect back to your USG?
Not sure if this will work for you but try this. Setup the USG for L2TP VPN using Radius. Follow the instructions here. https://help.ubnt.com/hc/en-us/articles/115005445768-UniFi-L2TP-Remote-Access-VPN-with-USG-as-RADIUS-Server It’s very straight forward and easy.
1.
When you make your Site-to-Site VPN network, manually set the DNS1 to be your USG IP, and DNS2 to be any public DNS (e.g. Google’s 8.8.8.8 or whatever). This will allow your computer on base to be the streaming system. If your regionally locked Netflix and Hulu etc work on the client, no big deal.
2.
If that doesn’t work, you can try to RDP into one of the workstations at home and watch it from there. However, I’m not sure the bandwidth will be adequate to stream over the connection like that. I just tried the RDP method from my office to my home about 30 miles away. Home network is Verizon FiOS 100Mbps Down and Up. My office network is Comcast Business 50Mbps Down 10Mbps Up. With Youtube TV the stream was pretty clean, audio was sync’d. YMMV across the globe, and it depends on your home’s upload speeds since the stream from you home computer is getting full bandwidth and has to upload a full stream to you.
3.
If THAT doesn’t work, you can try to implement PIA into the USG. However, it seems complicated. PrivateInternetAccess VPN on a Ubiquiti USG (Unifi Security Gateway)
Not possible. Your camp IT folk likely have VPN connections blocked anyway, and if they didn’t they likely monitor use of their network. You’d likely face sanctions.
Edit: I mean technically you could set up an IPSec / OpenVPN connection back to your USG, and rules to forward traffic from that incoming connection back out to the web, but I wouldn’t recommend it. There’s likely more at stake than being in breach of licensing regulations if you’re caught doing it, I imagine.
So the policy is “no VPN allowed” and the connections are blocked during working hours (6AM to 6PM) but magically they stop blocking them at 6PM. Using a program called SurfEasy but apps like Hulu will block saying something like “it appears you are using a VPN program so please close VPN and restart Hulu”. Are these apps like Hulu doing client side checks so it wouldn’t matter if I forward my traffic through my home network?
Update - I set up a L2TP-Ipsec VPN after setting up a RADIUS server and RADIUS user on my USG. Very straightforward after following the link you provided. On my Android tablet I set up a L2TP VPN connection and it easily connected. The only catch is I don’t have a static IP address with my internet provider so will need to update the IP address in my VPN connection whenever it changes. The good thing is I can connect to my Unifi Controller and easily determine my home IP address no matter where I am located in the world.
Ah! Well, if the policy is no VPN use during working hours and they turn off the restriction at 6pm then they’re obviously fine with using a VPN after hours.
I doubt Hulu would be able to tell if you have a straight VPN configured like an L2TP or OpenVPN tunnel. But there might be some client side checking. Not sure.
So, there are a couple of options:
Use your USG to setup and route your VPN. (more difficult to set up but it’s cheap)
Or, buy a VPN service with endpoints all over the world. Easynews has a good one and it’s only a few bucks a month. (Very easy to setup, but it costs)
AFAIK Hulu, Netflix, etc don’t do client checks.
They detect VPN by checking your public IP - if it matches against the known list of VPN exit server IPs used by common VPN services they boot you.
Since your public IP will appear to be the public IP of your “home system” you should be in the clear.
Sign up for dyndns or noip, then just connect to the free domain you chose to link to your dynamic IP.
Then you set the dynamic server on the USG to update the DNS server
Thank you. Will set up a OpenVPN on home network.
you are a real help! Done. Only trick was noip is not in drop down service for Dynamic DNS but use dyndns and dynupdate.no-ip.com as server and bingo it works. Thanks!
Yeah. Use DynDNS for no-ip. I use No-IP myself.
Glad you got it up and running. Now you can enjoy regionally locked streams abroad!