Configure VPN for Ubiquiti UniFi Dream Machine Router

About the Ubiquiti UniFi Dream Machine

The Ubiquiti UniFi system covers a range of powerful yet affordable network management devices, suitable for home office users up to small-medium sized businesses.

On this page, you can find the key specification for the UniFi Dream Machine as well as step by step information on how to set up a VPN server on your UniFi device.

Technical Specification

Series: Ubiquiti UniFi

Model: Dream Machine

Recommended for: Home Office / Small Business (5 - 20 users)

Supported VPN Protocols: L2TP, PPTP

Built in WiFi: Yes

Key Features: 1.7 GHz quad-core processor, 2 GB RAM, Scalable UniFi Network Controller

Device Status: Active

What you need to configure VPN on a UniFi Dream Machine

Configuring a VPN server requires a public IP address which you can obtain from your ISP. For private users, a static IP address usually comes at an extra cost, however, if you have a dynamic IP address, setting up a Dynamic DNS hostname is another easy option which is often available free of charge. Find out more.

This guide assumes that your UniFi Dream Machine has internet access and that a LAN network has already been configured.

Configuration of the device is done entirely using the “UniFi Controller” software. This guide applies to UniFi Controller versions 7.0.23 or newer.

Configuration checklist

Throughout this guide, certain connection information is referenced which you will need to set up the VPN in your VPN client software. Please refer to this list:

1. IP address or host name of your UniFi device* (find this under Settings > Internet)
2. Pre-shared Key
3. Account Name (i.e. username)
4. Password

*Note: If your UniFi is behind another router and not establishing a connection directly, you'll need to reference the WAN IP of that device.

Configure VPN on UniFi Dream Machine

Step One: Enable L2TP VPN server

• Go to Settings > VPN (also referred to as Teleport & VPN on compatible devices) > VPN Server and check to enable the VPN Server
• For VPN Protocol, select L2TP from the dropdown menu
• Enter a Pre-Shared Key (this will be the password for your new connection)
• Server Address: Enter the network address the VPN server will use (e.g. 192.168.130.21) Please ensure this is a network range which is not already in use!

Check to enable the L2TP VPN server

Step Two: Add a new user

• By User Authentication, click the + to Create a new user
• Enter a new Account Name (e.g. vpntracker) and Password - keep note of these credentials, as you will need them to access your connection in the VPN client

Create a new VPN user

Step Three: Advanced Configuration (optional)

Users have the option to manually configure connections settings for your VPN (e.g. network size, DNS search domains.) Please note, any manual changes will also need to be reflected in the VPN client configuration.

If you would prefer to keep to the standard settings of your UniFi device, you can remain in the Auto configuration tab and skip this step.

Stick to Auto Configuration if you don't wish to add custom connection settings

• Under Advanced Configuration, switch to the Manual tab
• Gateway/subnet: Here you can determine the network size for your new VPN server
• Name server: Specify private and public DNS servers
• Click Apply changes when finished to complete the setup

Configure advanced VPN server settings