Unifi Magic site to site
Vložit
- čas přidán 6. 08. 2024
- In this video I demonstrate how to create a Magic site-to-site VPN. This is a brand new feature that was introduced in Unifi OS 3.1
Introducing magic site to site vpn
community.ui.com/questions/In...
▶ Hire us on our website
mactelecomnetworks.com/
▶ Join our Discord Channel:
/ discord
------------------------------------------------------------------------------------
Affiliates I use:
▶ VOIP.MS
www.voip.ms/en/code/Mactelecom
▶Canadian Amazon Store front:
www.amazon.ca/shop/mactelecom...
▶USA Amazon store front:
www.amazon.com/shop/macteleco...
------------------------------------------------------------------------------------
▶ Find us on social media:
▶ Instagram:
/ mactelecomnetworks
▶ Facebook:
/ mactelecomnetworks
▶ Twitter:
/ mactelecomn
▶ TikTok:
/ mactelecomnetworks
▶ Linkedin:
/ cody-maccallum-29311b6b
▶ Twitch:
/ frozil3
0:00 Intro
0:33 Reading Magic site-to-site features
1:40 configuring Magic Site-to Site VPN
3:00 Testing site to site vpn
3:34 Final thoughts - Věda a technologie
Didn`t think I`ll be thinking about getting another Unifi console till now, yes, I`ll order UDR now just because of 😁this new feature Thank you
I'm glad they brought back this feature. I had to do a different way for the site to site as they couldn't get a static IP
Looking forward to the full build video!
Wow, great stuff, makes connecting to branch and remote offices easier, thanks
Great feature! That makes site to site very easy
Such a great feature. Love how simple and brilliant it is
Problem is it's going to spawn a legion of network admins who think you can just click buttons and never have to understand anything or the reason why things work. Which is fine, until things stop working.
So it has to be complicated or it's a bad idea? That's like all the admins that refuse anything with a GUI cuz it has to be more complicated in CLI
Hi, when you do the full build videos please go detailed into the firewall rules.
Hi, nice video! For the full setup it would be nice that when you create firewall rules that you show how do you would drop any connection or allow only a few services from your NAS to the Internet and accept only a Plex Media Server. And also a short view about Port Forwarding for a Plex Server.
Great video, super helpful. Would be great to see how to leverage Site Magic in a home setting, where you have two sites, but you want the Apple TV in site 1 (UDM PRO) to access the site 2 (UDM PRO) internet gateway to avoid country content restrictions
This is exactly wat I need as well!
Sounds like you want a full tunnel. Generally just firewall rules to the remote site sending all traffic there.
Excellent feature thanks for sharing.
Great explanation. Thanks
That's looking great! (One question, will name resolution across the VPN/subnets work automatically also?)
You are the best!!!
On the full setup video, please include setting up Talk VLAN and port profiles. I am having issues getting the phone to be on one VLAN and the other Ethernet port on the phone (used to hook up a computer through the phone) to be on a different VLAN.
Do you know if the wireguard vpn config is full tunnel or still split tunnel such as the site to site vpn config was before this magic vpn setup?
I wonder if it will use the secondary WAN in a failover scenario. Seems cool though, nice feature.
Hi always love the videos. Do you have anything with udm se vpn speeds for ipsec and any other vpns. I can't find much information on the speed it runs. Many thanks
I do some smart home consultancy and I would like to learn more about the Unifi capabilities for local dns stuff and restructuring network access for certain types of smart home devices.
Hi - the most requested feature I think people would love you to cover is using this site to site auto vpn BUT crucially allowing the internet to breakout from one site. i.e. if you have 1 main site and 2 additional sites and you would like the additional sites internet to not breakout locally but instead breakout of the main site
So you're talking about a split tunnel vs full tunnel?
Hi - hopefully this explains the requirement more. We have a main site in the UK and multiple other smaller sites outside of the UK. All have UDP Pro SE. At each sites there are various vLANs. We would like to add one vLAN at each abroad site to route all traffic on that vLAN back to the UK site including internet traffic.
The requirement / use case is for a specific vLAN at an abroad site to breakout their internet connection from the UK, not locally.
@@andybarber1620 Ah yep you want a full tunnel. A split is where only the related traffic goes through the VPN
@andybarber1620 hey I'm in a similar boat. Did you figure out an answer for that?
Hi Cody. Do you think the UniFi NVR could be shared across two sites when using site magic? Synchronous gigabit internet to both locations and 6-10 cameras at each site with a doorbell at each. I don’t know the latency between the two sites yet.
Screw Unifi magic, YOU are the magic here my friend! Thanks for the tips. Question: I set up a site to site VPN as per your direction. Everything is working fine as I can access the subnets on either remote network. My question to you is: Is it possible to set up a teleport to one of the networks and have access the remote network that I have site to site set up with? Hope this makes sense and Thank you!
Awesome, can you do a video on setting up 1:1 NAT?
Thanks
Can you please do a video where you send the internet traffic through another site connected through the Magic feature? Assuming it requires some allow rules at the internet site.
Is there a way to restrict VPN access to only certain devices, when this is enabled.
Would love to know if this is possible now... Having to office sites each one with her own internet, but routing internet traffic from specific wired or wireless clients through the remote internet at the primary site. This is specifically useful when you have to have allowed IPs for client work.
thanks for the good explanation. is it possible to connect 2 synology nas together with side to side using of 2 UDM ? i am not able to set up a VPN because 1 of the modem is use can't be in bridge mode.
Hey Cody,
Thank you very much 😊
I have a problem i need help with, my UDM-Pro Site to Site VPN isn’t working and I’ve gone through your Site to Site video in detail.
Both of my sites have a double NAT and both site have been configured to run in bridge mode. My VPN is not connecting what so ever
Question: Would this situation allow 3 remote devices to be on the same VLAN? Although not a typical use case. In the UK our Satellite Provider has a main device. Additional hubs as such can connect to that and they communicate across on the same network rather than direct via satellite. They can see the main hub to access, place recordings and access the live tv rather than downloading natively through the WWW.
So my question is - would this feature allow me to setup a singular VLAN accessible across my two sites using magic-magic so that we can trick the system to thinking on the same network despite being remote completely from the main interface. Obviously this would be a case that Satellite provider can't detect this and would need testing but the principal - possible?
Hi, Would I be able to configure ports? example i need to connect VIOP from secondary to primary and have to switch the port profile network to the one in the primary?
Hi mate , I watch your videos all the time and I watch a lot of Unifi videos but I can’t find one to help me with my issue , I have AP pro upstairs and one down stairs in my home but no matter how I configure them they always seem to interfere with each other , any advice would be great and keep up the great videos, thank you
if we have 4 different buidling should we have a udm on each building>?
Would love to see a setup of routing internet traffic from one site through another sites ip.
Perfect for streaming applications that require a home ip address (cable, Netflix, etc.) Cable know your ip and check for vpns running on device so having my phone connect to a wifi network at a second location that routes through my home networks ip would be great
That's full tunnel
How does it work with the DNS servers?
Can you make a video where one can make Wifi network on Site A that will use the network of Site B or vice versa ? (using the Unifi Magic feature)
What about the vpn clients/users connected to lets say Site A, will they be able to reach Site B after Magic Site vpn ist established?
On your 2023 build guide please don’t forget VLANs and Traffic Management. Thanks 🙏
I have a double NAT, which my unifi express in on the lower NAT. I have a “subnet is forbidden” for the subnet I want to communicate with (probably because it’s in a different router). How do I get it to communicate with that subnet?
I’ve been using site to site VPN for a while but I’ve always had issues. For example, I could access computers on the two external sites I connect, it I couldn’t do it if I was coming in on a VPN (IPsec or WireGuard). This has happened a few times if I was out of my house and my mother or my aunt (who have the other networks I manage) had problems. I’m hoping this new feature solves this problem. And I assume I should erase the current site to site configuration before doing this.
Firewall rules maybe
Question if I use magic site to site - Can I set an exit point e.g. Site 1 connected to Site 2, but all traffic to the internet goes out via Site 2
does the public IP need to be a static IP? I imagine this would limit it to commercial applications as opposed to homelab, since residential static IP isn't really a thing. Trying to see if this would work to connect two homes together on residential gigabit internet, but neither has commercial public.
Cool feature
Hello, I am curious as to how long it takes for the Magic Site-to-site VPN to establish a connection. I can get my networks to the connecting portion with the orange light - but after waiting 15 minutes it never connected. Is it worth giving it a longer time?
Thanks
Hi, with this VPN, can we create one hotspot on Head Office UDM for multiple Sites ? I need advice on that.
Is it possible to have a specific device on Site A to appear as if it’s located at site B
Anyone have any idea of what speed limitations there are between sites?
Will it work on if one there are two owners but the owner is invited to the other site?
Can i connect a Camera on a diffrent site to my UDM Pro with site magic?
I want to use Unifi Talk for my home office, but I have a nonpublic IP due to using a 5G connection. I've tried talking before and had issues that couldn't be resolved. With this S2S to another location with a public IP, could this be my solution to get talk working?
Can I add a route rule to route specific traffic to the vlan magic site created? cause I didn't see that in the interface selection box
Question: does the device with the public facing ip need to be a fixed ip? or can it be dynamic? thanks for the information!
As far as I understand, the 1 public ip can be dynamic as it uses the unifi cloud to update the Wan address.. vpn traffic does not go through the unifi cloud, it only acts as a dynamic DNS service...
Can it be a public FQDN or does it still have to be an IP address?
Please add a full setup of a guest hotspot and captive portal!
Will this work if you have a DHCP assigned External IP, or does it require a static external IP?
I have a UniFi network at home and one at lake house. Would this setup allow me to use my Netflix account at both locations?
I would love to see the best way to configure firewall rules for a webserver where only IP's in the USA are allowed to hit it.
you can restrict by county, just block everything other than US
I'm missing something, I tried this on multiple sites and it won't work. Everything is updated and had existing connections that work on the manual version.
Hello!
my question is: in case i want to use that with a selfhosted controller on a vps for bypassing cgnat. Is that possible? That would be an absolute dream!
and maybe the firewall rules between sites?
can you do firewall ruls for site to site vpn firewall rules to only allow nas or others
If you already have a site-to-site VPN among two or more sites you plan to use Magic VPN with, will the Magic auto config disable those for you or do you need to remove them first?
Makes you remove any pre-existing subnets that would be "overlapping" with a subnet used by Site Magic.
Is it possible through magic to receive dhcp from a vlan of another site?
Hello i have 2 udm et one udr and i Can see just 1 item. I'm the owner of the 3. I don't know how to do
Oye y cómo puedo hacer pasar una Vlan de tercero por la VPN site to site
please do a Full 2023 video with
- VLANS based on Security
- VLANS based on ports (meaning that i want this PC in VLAN 2 to be able to send / receive data on this specific port 8123 to that vlan 40 to that pc ip)
- VLANS where the default network can access everything in a vlan (30) but the vlan 30 cannot access anything else from any other vlan
- WiFi optimization practises based on UniFi products
- VPN from Windows laptop to UniFi (something like the WiFi man for android)
these are some ideas.
How did you get this portal? mine doesnt have that green stats bar under each device. Thanks
Hi u must do an upgrade
Magic Site to Site requires 1 router to have a Public IP. How do I do this on UDM-SE?
Watching the video from Unifi about this it seems you can have overlapping subnets....
Is it possible to configure site-to-site VPN from a Dream Machine Pro to a Unify Express? Does it both work with Site Magic?
Yup you can do either way
And suddenly having multiple UXG's became useful. Unfortunately this needed to be back ported to the USG's so that you can migrate auto site-to-site VPN's to magic site-to-site VPN's.
magic vpn is supported on UniFi Dream Router also?
It is
Does anyone know how to get this to work? They are connecting perfectly in site magic. However, I can not ping the remote network or anything on it. Thought it might be a firewall issue, but nothing. Super frustrating to watch 10 people do the same thing I’m doing with connecting them via site magic and immediately ping the remote network. 😡😡
Hi,
I would like to see how I can put an ASUSTOR NAS at my sister her house, so I can backup my ASUSTOR NAS in my house over internet to her NAS. So that would involve a VPN and firewall rules I suppose 😜. I would like a detailed schema so I can just swap out your IP stuff with mine and sister ones lol... I have UDM-Pro, she has nothing Unifi, just stock ISP router (Belgium)
Then you want Zeroteir on a device at each location for super easy remote network sharing or Tailscale for something but little more configuration
@@mrmotofy well ASUS has their NAS to NAS things... it's just that I understand it to copy/paste between 2 NASses on the same local network, just not over the internet with all those FW rules and VPN stuff... But I'll take a look at ZeroTier
@@ASUSfreak Zeroteir makes it extremely easy and seamless to connect 2 networks over the internet...just slower than local due to normally slower upload speeds for residential internet. No vpn setup stuff, no ddns needed, no complicated settings...just connect the 2 and poof connected it's crazy easy
Ugh, it requires v3, and of course the regular udmp are still stuck on v2…
They are all on 3.0 you need to update
Does this work with the USG?
It does not
Hello bro i tired to contact you for site to site vpn configure but no feedback from ur end please if u can support i can provide details. I have udm setup my home and showroom i have multiple g4 g5 cameras need to be view at home.
Hey I am on vacation until august 1 and will be out of the country
Damn, has to be same owner, not just admin?
Full ownership . Not sure if this will change in the future
1000 or 15 sites?
Eventually it’s suppose to be 1000
@@MactelecomNetworks Thanks, nice video. No ETA on a 1000 sites
SIP trunk behavior
This isn't as much site to site VPN as it is sites to sites VPN.