Unifi Controller as a VPN server (AWS hosted)

Hi Guys,

I am managing a small office where we were having a privilege to have UDM pro as our router.
During last few years I have set the whole network and became Unifi addict (I even got Ubiquiti hardware for my home network).

With Covid had to switch to working from home so in no time at all I have configured VPN to allow secure access to our IP restricted services.
This worked well and since then I have set quite a lot of users with VPN profiles.

Now, since no one wanted to go back to the office the business decided to scale down and get rid of the big office.
We moved our operation to a small office in a hot desk shop where we do not have our own dedicated IP.

As I need to set VPN again, I thought that It would be perfect if I could use my existing userbase so I wonder if it is possible (and if it is feasible) to setup Unifi controller on AWS and deploy the configuration from the UDM pro so I don’t have to set users again?

The purpose of the VPN is just to get a static IP which can be whitelisted for access to IP restricted services the business is using.

Did any of you went that way?

Hello! Thanks for posting on r/Ubiquiti!

This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.

Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.

If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

You can not virtualize an ubiquiti gateway/firewall device. The ubiquiti controller application you can download is only for managing UniFi Hardware like switches or accesspoints. You have to use something like a virtual opensense in cloud or use dyndns for your udm

The controller doesn’t host the VPN server. The controller tells whatever Unifi gateway you have what settings to use as a VPN server.

Your options are:
Dynamic DNS
Get an ISP that will sell you static IPs
Cloud VPN solutions like Tailscale or Zerotier.

That would explain why I couldn’t find any documentation for it - thanks for taking time to reply here.
I will need to figure out other solution for this…

Thanks for the reply.

We can’t get Static IP (the company won’t pay for a dedicated ISP provider for office with three desks when there is Internet available with the lease of the small office we have).
Dynamic DNS also wont work as our UDMp is behind NAT (we use it as an internal network in the office - but it has no public IP).

I will need to find other solution for this purpose.

Then tailscale or zero tier are your solution. The endpoint is in the cloud and all your remote users and sites connect to it.

Yeah, I was looking at it - the thing is to get approval for extra costs it brings :wink:

Currently I am looking at hosting WireGuard VPN server on AWS EC2 (we are already using AWS for other purposes) and setting up clients to tunnel traffic via WG to get the IP.