I sure hope that with the recent security issue (albeit relatively small in impact, large in architectural transparency) that people will start insisting Ubiquiti make Protect available via VPN i.e. not the Unifi Cloud service.
**Edit** I don’t want to spread misinformation. Some users are commenting that you can actually access Protect through VPN. I have not had that experience because I have my Protect on a separate VLAN. I am using the L2TP VPN Server on my UDMP from my phone. When I do this, connecting to Protect doesn’t happen. I enjoyed using Teleport for a while but in order for that to work, remote access needs to be on. In my opinion, VLANs shouldn’t stop me from connecting to Protect. My network is my network and when I’m using VPN to get back to it, I shouldn’t have a product that prevents me from accessing.
This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.
Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.
If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!
We leak the CCTV subnets from each customer’s site to all the other sites they own, so when they access another site’s NVR it goes via our management network via VPN. Which also makes it faster than waiting for the UniFi proxy to stand up.
Still needs remote access to be enabled on the NVR for it to appear in their account. Would be nice if you could have a “local only” mode so it appears in the app but only works if it’s L3 reachable.
All I want to be able to do is specify the ip address or hostname the protect app connects to manually (like I do with the network app) and that would solve all of these problems. Don’t understand why they insist on having us use their discovery protocol for protect and not provide this basic configuration option in the app (especially since they already have this configuration option available on the network app).
You can access protect over VPN, but it’s with caveats like you cannot receive notifications and you cannot access protect over VLANs. I hope there is enough outrage to pressure them to add these simple features.
Yah definitely big wtf, I recently bit the bullet and picked up a UNVR. I put the UNVR on its own dedicated camera vlan with cameras, doorbell and chime. It took me a little bit to realize that I needed to enable Remote Access to be able to connect via the mobile app…
Most protect users are people asking an installer to do the job, e abuse they don’t know nothing about it. They want something super easy to use. Absolutely not a VPN, beside the huge impact on performances
I have an UNVR and my cameras are on a separate VLAN subnet which has outbound internet access blocked. I also plug in my default VLAN to the SFP+ connection on UNVR so I can access to console/viewer directly and can easily connect via VPN if wanted to.
Before when I had a pfSense and cloud key Gen2+, I had a firewall rule so the camera VLAN could talk to the CK, but there was inter-vlan routing, so to prevent hairpinning I used an OPT port on pfsense to connect to a dedicated switchport on the camera VLAN.
Now that I moved to a UDM Pro, I have 10Gbps DAC to my switch so probably not worry about hairpinning if I wanted to simplify things and just run UNVR off of one NIC.
I DIY’d my Protect notifications through Home Assistant so I don’t have to deal with it. It lets me have more control and rules such as pause notifications for X minutes after first trigger.
Is this only through their vpn product? I am running Pivpn and it’s a no go, haven’t played around too much as up until now i had remote access turned on.
That’s pretty interesting. Was it a lot of effort to setup? My folks are annoyed that they don’t get notifications for their g4 pro but I have refused to enable remote access.
Good point; I am using wireguard through Unifi network. But it should work with pivpn if you connect to the same vlan. If it’s a different vlan then it won’t work (even with proper firewall rules) because their discovery process is borked.