My problem
I had a VPN working already quite a time back, but I had to resetup the controller so all VPN-regarding settings were gone. Now I tried to configure the VPN again, but it isn’t working at all. I tried different clients, so I don’t think that the problem is at the side of the clients (Android just says after a long time of waiting “Unsuccessful”, Windows stops connecting during login and says the Server took to long to answer. Linux isn’t working either). I used the official guide for setup. The guide for the new web-UI is very strange, because I don’t even have this VPN menu which the guide is using. So I used the classic UI for setup…
I would be very grateful about every hint, I am tinkering now several hours with this stupid Controller and nothing makes it better. I attached some information about my setup and pictures of my configuration below:
What I alredy tried:
- I did this setup with different guides a dozen times with different passwords
- I restarted VPN and IPsec services in the console and checked wether clients are connected (they are not)
- I reinstalled the firmware of the USG (with the
upgrade command)
- I tried different clients with different client settings (and yes I know about the Windows workaround)
- I tried different Radius and L2TP settings
Controller version: 6.1.71
Firmware version of USG-3P: 4.4.55.5377096
Radius Server settings
Radius User settings
network settings
Hello! Thanks for posting on r/Ubiquiti!
This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.
Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.
If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
I posted this for someone a few weeks ago and it fixed them. Fixed me too. Worth a quick read.
I had the same symptoms. 2 other sites worked fine. One difference was the lack of the option “Configure clients section for whole network” as referenced in this post. Using chrome dev too,s to enable it and check it got me right up and running.
Worth a read.
https://community.ui.com/questions/L2TP-with-USG-Radius-not-working/4e82b542-f165-4356-ba52-d419f29722f8
Edit 2 other sites worked. 1 did not. The 1 that did not did NOT have that option checked nor available.
If someone haves the same problem: With the great help of the Unifi Support I was able to determine the cause for this. Here the content of the mail, the solution actually worked for me:
"I may have found the problem. I see that you have used the “**Try New Settings**” option to configure the RADIUS server. If not this time, It was used earlier.
There is a pending bug that has already been reported to the developers. When you use the “**Try New Settings**” option to enable the RADIUS server, the important section in the config gets missing.
The only way to fix this issue is to create a new site in the controller and then move all the devices to this new site.
### **Note: You need to ensure that you need to configure the same WiFi, WAN, and LAN settings(basically all settings) in the new site as the old site, before moving the USG to the new site in the controller, and do not use “Try New Settings” options again.**
You can refer to this KB article: https://help.ubnt.com/hc/en-us/articles/204952174-UniFi-Configuring-Multiple-Sites#4."
Have you opened the firewall ports needed for L2TP?
I had the same trouble as you a few months ago. After some digging in the command line, there is a service that starts out of order (I can’t remember which one). For me, it also attached to the wrong subnet, since I use 10.0.0.0/24 instead of 192.168.1.0/24.
Ultimately it seems to be a deficiency in the firmware.
I ended up installing WireGuard via the following guides. The first link is good for initial setup, the second works to ensure that the WireGuard package and settings persist through firmware upgrades. I realize this is less than ideal, but WireGuard turns out to be a great VPN protocol.
Link 1: WireGuard on Unifi USG – Systems Lab
Link 2: WireGuard with Unifi Security Gateway Pro 4
https://community.ui.com/questions/L2TP-with-USG-Radius-not-working/4e82b542-f165-4356-ba52-d419f29722f8
Been wrestling with VPN all night and this fixed it for me. God damn Ubiquiti for letting a bug like this go on for so long now.
If we have a list of links somewhere for difficult to fix issues, this needs to be a super duper sticky.
You are THE MAN!! I’ve been struggling for days trying to get this VPN up and running and I was ready to give it up rather than redo this entire site
That link did the job. <3 <3 <3
Aint that some shit. Been struggling with this for hours today. Do you know if it is possible to make this move remotely through cloud key controller?
Maybe the new controller update will overwrite this crap, ill let you know.
Thanks for the reminder, I forgot to mention the firewall: The controller opens all necessary ports itself if you setup a VPN network. I didn’t trust that and opened all L2TP Ports for my own, but that didn’t work either.
thank you very much, it’s great to hear that I am not the only one with this problem. Yeah WireGuard is a great standard but as you say not ideal because the USG is optimized for its own VPN and not Wireguard I think. I will open a ticket at the Unifi Support in the hope it helps and otherwise use your great guides to setup Wireguard
Yes, at the overlay of the Unifi Controller you have to create a new site. Than you have to configure the settings at the new site to be the same than on the original site (the best way to do this is to put two browser windows besides one another and just copy the settings). Then finally you can move the devices to the new site as described in the KB article mentioned in the mail. This at least helped for me
