( upbeat luminous music) – Welcome to “Crosstalk Solutions, ” my name’s Chris. And this is UDM-ProComplete Setup, video seven. Where we’re gonna be talking about UniFi Network Client VPN setup. Now, what is client VPN setup? Essentially, that’s whenyou have the ability to use your phone orsome other client device from somewhere else in the world, and VPN, or create a secure network tunnel from that client deviceinto your UniFi network. Now this can be useful forall sorts of different things, including the abilityto connect to resources that you have on your local area network. Like if you have any sortof network server moving or file server that youwanna have access to when you are remotelyaway from your network. That’s what this clientVPN stuff can be used for. Now, for this series, I’m not gonna be settingup a site-to-site VPN. That’s where you’re doing afirewall to firewall connection instead of a design tofirewall alliance. And the reason I’m not doinga site-to-site VPN video is just because there’s somany different differences and flavors of site-to-site VPN possible.We could be doing UniFi to UniFi, or UniFi to periphery router, or UniFi to Cisco, right? And so there’s just space too many to cover. And they all have their own little kind of inconsistencies and subtleties. So for this series, we’re just gonna stick to asimple L2TP client to server or client to firewall VPN. Now, before we get into that, if you guys are enjoyingthis video succession, make sure you give me a like down below and subscribe to “CrosstalkSolutions” for more videos just like this one.It’s absolutely free and it truly, reallyhelps out the direct. Too, recollect to follow”Crosstalk Solutions” on Twitter, @CrosstalkSol. If you’re looking at really buy me a beer, well, you can do thatwith the link down below in the description. Okay, so, now we areat the UniFi dashboard. And in the last video, we had done a dual WAN failover setup where I was using twodifferent Natted IP addresses in my UniFi interface.The reason that I was doingthat for my primary WAN is mostly because I don’twanna have to mask out my WAN IP address for theentire video lines, right? So having an internalnon-WAN routable IP address is just easier for me in terms of editing. But for this video, I had to set a static IP address on the outside interface of my UDM-Pro. As you can see here, WAN IP 1 concludes with a. 29. So that is a WAN IP address ceasing. 29, which we’re going to useas part of this video. Now, if your own UDM-Pro has a DHCP IP address from your ISP, you wanna make sure that itis not a private IP address. You wanna make sure that you are in what’s called Bridge Mode with your ISP. So the actual routable WAN IP address that your ISP is giving out to you, whether it’s a static IP or a dynamic IP is on the actual external boundary of your UDM-Pro. Or you have to know howto port forward through to the UDM-Pro. So we’re getting a littlebit more complicated than I wanna cover in this video, bottom line is if you’rerunning a UDM-Pro, your WAN connection should be in a routableinternet IP address and not a private IP address where there might be a dual NAT situation going on with your network.And if you’re not sure what I intend, really look up Bridge Mode onGoogle with your ISP’s name, and you can very quickly determine whether you are in bridge mode or not. Okay, so to set up our WAN, we’re gonna wanna create a brand-new structure. So let’s go over here to Settings, and then we’re gonna click Networks, and we wanna say, Add New Network. So right now we have our three systems. We have our LAN, our guestnetwork, and our IOT network. We’re now adding a new network. So we’re gonna say, Add New Network. We’re gonna bawl this Client VPN. And then under VPN names, we wanna choose Remote Access. And it says, Enablesusers to securely connect to your structure from a remote orientation. So let’s go ahead and click that. For the VPN protocol, go ahead and select L2TP. In fact, that’s your only alternative so you might as well choose that one. And then we need a pre-shared secret key.In my occurrence, I’m just gonnado all lowercase, iloveunifi. Next, you can select the WAN IP address that is going to be hostingyour VPN connection. In my case, I am choosingmy WAN1 IP address. And then scrolling down even further, we get to User Access. Now, for the RADIUS profile, we’re just gonna choose Default. And generate a something other than the default RADIUS profile is gonna be beyond the scope of this video lesson sequences. In most cases, exactly usingthe default user access list or the default value RADIUS profileis gonna be perfectly fine. But under User List, we wanna add useds. So now, I previously have a user contributed’ begin I’ve been already messing around with the client VPN stuff. But let’s say I didn’t have any consumers. I’mma create a new used here. We’re gonna bawl this sherwood2, and then we’ll impart ourselves a password. Once you’ve done that, justsimply sounds Create User.And you’re gonna wanna takenote of this information because the users that you form here are the users that aregoing to be able to connect in to your remote patient VPNfrom their whatever devices. If we open up the Advanced section, we can see the subnetthat we are being given for this client VPN. In this case, it’s 192.168.2, which is totally fine. The system length says 24. It’s a flog, 24 is what that means, or a subnet of 255.255.255.0. And it says that it’sgiving us 248 usable multitudes. You can limit that down if you miss, but for the purposes of this video, that’s gonna be perfectly fine.Everything else down now, I am just going to leave default as I just wanted to do the mostbasic client VPN setup that we can possibly do. I’mma now sounds Add Network. Okay, so, successfullysaved network patron VPN. And we can see here that Ihave a 192.168.2.0/ 24 subnet. And under VPN, there is a checkbox to indicate that this is a VPN network. The next thing that we need to do is set up our client device to connect into this VPN network remotely. And that’s what we’re gonna do next right after this text from our sponsor.This video is broughtto you by the fine kinfolks over at VoIP.ms. Now, here at “Crosstalk Solutions, ” we have curated a index ofthree main SIP providers that we recommend to our consumers. One of those SIP providers is VoIP.ms. VoIP.ms provisions metered payas you go SIP trunking business the hell is cost-effectiveand easy to set up. You can start moving callsin as little as five minutes. VoIP.ms has more than 50 PAP strategically unearthed around the world and they can get DIDsin over 60 countries. Their platform are supportive of more than just simple SIP trunking, they can do SMS and MMS. They even have their ownhosted PBX capability that allows you to connectyour telephones and devices immediately to their services. We recommend VoIP.ms to our customers because their service is really solid and because the trunks aresuper easy to set up and use.You can even check outmy video on how to set up and configure VoIP.ms SIP trunking consuming PJSIP on FreePBX. So be sure to check out VoIP.ms. There’s a tie below in the description. All title , now back to the video. Okay, thank you very much for that. And now on to our client device setup. Okay, so I am going to be doing this L2TP client VPN set up from my iPhone, but it should be a very similar process , no matter what kind ofclient device you’re using. If it’s a Windows computerthat’s somewhere remote, or an Android phone, or a tablet, or something like that, it should all be relatively similar. So, from the iPhone, I’m going to Settingsand I’mma click on VPN.So I’m in VPN and we cansee that the only VPN that I currently have set upis Private Internet Access. So we’re gonna say, Add VPN Configuration. For the type, we’re gonna choose L2TP. For the description, we can say, UDM-Pro. And for the server, you’re gonna wanna put your WAN IP address that we spoke a littlebit earlier in this video. Here is a pro tip, however. If you have a dynamic IPaddress from your ISP, you can use something like dynamic DNS, and then put in a fullyqualified domain name now, like home.whatever.comas a dynamic DNS name. So that if your WAN IPaddress ever converts, since it’s not static, it’s dynamic, if it ever deepens, then the dynamics DNS name should inform, and you should still be able to connect no matter what your WAN IP address is.In my client though, I’m just gonna put in the WAN IP address because it’s static and I know it’s never gonna reform. For accounting, we’re gonnaput in the username that we created in UniFi, and retain, the usernamethat I procreated was sherwood2. And then we wanna input the password that you created for the userthat you created in UniFi. Finally, for secret, this is the pre-sharedsecret that we created when we set up the VPN network. If you remember, I used iloveunifi as the pre-shared secret so we’re gonna register that now. And then we have the optionof sending all traffic. Now, what this conveys is, if we turn Send All Traffic on, all of the web surfing, and Netflix, and everything that we’redoing through our phone while we’re connected to the VPN is going to be goingthrough that VPN tunnel and through the UDM-Pro.If we turn that off, then exclusively trash that is really destined for the UDM-Pro network willgo through this connection. We’re just gonna leave it on though, because turning thisoff is going to require some added routingrules and stuff like that, which is a little bit toocomplex for this video. So we’re just gonna say, Send All Traffic, and we’re gonna say, Done. All liberty, so now we can see that I have two different VPN connections. I’m gonna select UDM-Pro, so we can see the checkboxis next to UDM-Pro.And now we’re going to click, on. Okay, we currently connected. Now, if you look at my phonein the top left-hand corner, we can see that we are on LTE, right? So I am not over WiFiat all with this phone. I am going over LTE andwe experience a little VPN icon to indicate that we are VPN protected, but going over the LTE network. Let’s take a look at our IP address. Here we can see that the IP address that “weve received” is 192.168.2.6. What does that mean? It means that we are successfully in the chasten patron VPN network. If we bring up Net Analyzer, we can also see thatwe are in 192.168.2.6. And if we go to tools, we can ping some stuff. So if I say, ping slashdot.org, start, we are receiving pings from slash.dot org. Which means that DNS is working and the internet is working. Now, how do we know that weare the chasten IP address? If I go to info and I lookat my external IP address, you receive right now, it’s not loaded.I’m gonna sound reload, spurt, and it gave me the WANIP address that concludes with. 29. That is my static WAN IP address. I are also welcome to pull up a websitesuch as WhatIsMyIp.com And here, once again, we can see that I have WANIP address that concludes with. 29. Going back to Net Analyzer, let’s see what else we can ping now. So we should be able toping the WAN IP address of our UDM-Pro, and we certainly can. And let’s actually try to connect to UniFi over this connection. There we go, I amconnected to the UDM-Pro.And this is not through Ubiquitisingle sign-in vapour login, this is through the VPN connection. And we know that because if I click on thelittle hamburger icon now on the upper left, we can see that I havea direct associate. So this is not a cloud-enabled connection, this is a directconnection to the UDM-Pro. Okay, so there you have it. We have successfully set up our consumer to server VPN connection from my iPhone over to the UDM-Pro. There’s a lot more to this. That is a unusually, very basic setup that will help get you going, but of course, there’s also all of thevarious firewall rules that you may wanna lock down the VPN useds from being able to see othernetworks and stuff like that. By default, it is fairly wide open. Okay, hope you guys enjoyed this video and we will see you in the next one.( upbeat bright music ).