What firewall are you using? Many people have gone away from Unifi for VPN due to such limited support for secure protocols. PfSense firewalls seem to be popular.

Everyone has unifi?? I don't. pfSense and openvpn or wireguard.

I'm using the firewall from unifi , I use VPN to access my network home

Sent from my SM-S906U using Tapatalk

USG-3P? UDM? UDM-Pro? EdgeRouter?

I'm stuck in the same boat with Android dropping support for L2TP in the vpn client, and UniFi years behind on vpn protocols. USG Pro 4. I plan to move to pfsense but for the time being I've set up wireguard on an rpi for remote access using Wireguard Android client. Works well and connection is lightening fast.

While I love the Unifi ecosystem (have multiple APs, LAN switches, controller), their firewall implementation lacks many things. Like kenm mentioned, I opted for a pfSense setup to do both my firewall and routing between VLANs/subnets. Wish I could be of more help.

Edgerouter here with Wireguard installed and setup. Works great had L2TP setup on it before. Wiregurad better and faster.

VPN from oversea while on travel forHomeSeer and Blue Iris.


Sent from my iPad using Tapatalk

Thank you all for your feedback. How challenging would be to setup wireguard? The USG pro 4 router has 3 options, any of those can be used for vpn ?

Sent from my SM-S906U using Tapatalk

Why are posts being deleted from this thread??

@alphatech

Noticed last that the Android OpenVPN clients needed to be updated sometime last year with an update to my Android phone. I just deleted the client and installed newest version of the OpenVPN client on the Android phone. The Windows and Linux OpenVPN client continue to function fine.

Here utilize VPN Server on PFSense. There are three flavors that I utilize.

1 - IPSec / L2TP VPN server is the oldest and works fine today.
2 - OpenVPN server - easiest to utilize with client wizards to generate configuration files
3 - Wireguard VPN - fast and easy.

OpenVPN server has client wizards which create ovpn files that you can transfer over to whatever OS client you want to use. I see newest routers today have OpenVPN server options and client wizards.

Give this a try...

1 - save current OpenVPN client configuration generated by your firewall and send it to your android phone.
2 - remove the current OpenVPN client installed on your Android phone
3 - install the current OpenVPN client on your Android phone
4 - run the OpenVPN client on your Android phone and use the ovpn client configuration you saved from your Ubiquiti device.

Pete This is about Unifi VPN, do they use OpenVPN? Pretty sure they don't unless that changed.

Really , rally appreciate everyone help. I will review everyone posting and test these solutions out. In the meantime, i want to male sure I'm clear on what I'm looking for. Bifore i changed my phone and my old vpn setup disappeared , I has the vpn setup on my uniti and phone. I would on my phone select connection to vpn and then use the local IP addresses to connect to my local network. The i would use the local IP to access homeseer, tinycam and etc. That is pretto much my need.

Sent from my SM-S906U using Tapatalk

What vpn client do you use?

From my research, there's no way to configure remote access vpn on the USG Pro 4 that is compatible with the latest release of Android. Ubiquiti seems to be trying to drive users to their newer equipment (Dream Machine Pro etc) and their proprietary vpn technology, both of which are needed to make it work within the UniFi ecosystem. I have little understanding of the details of vpn technology, but from reading it sounds like adding current, more secure protocols to the USG wouldn't be difficult, they're just not doing it. This is a significant departure from Ubiquiti's more open approach of the past and driver of my decision to move to pfsense for my firewall as I find the time. Disappointing, as I've otherwise been very happy with UniFi.

The Wireguard server is fairly simple to set up on an rpi or other linux-based box on your existing network, behind the USG router. As I wrote above that's my stop-gap until I'm able to move to pfsense. Check Wireguard's website for options and how-tos if you want to give it a try.