How to Run OpenVPN on Ubiquiti

Published onby Iron

Want to lock down your network and access it from anywhere? Running OpenVPN on a Ubiquiti device is a fantastic solution. OpenVPN creates a secure, encrypted tunnel between your device and your network, allowing you to access local resources remotely while keeping your traffic safe from snoopers.This comprehensive guide will walk you through the process of setting up OpenVPN on Ubiquiti devices like the UniFi Dream Machine (UDM), UDM-Pro, or UDM-SE.

Let's dive in!

Table of Contents

Why Run OpenVPN on Ubiquiti?

There are plenty of reasons to run OpenVPN on a Ubiquiti device, and here are some of the most compelling ones:

  • Encryption: All your traffic is encrypted, keeping your browsing activity safe from prying eyes.
  • Remote Access: Access your home network, files, and devices from anywhere.
  • Privacy: VPNs mask your IP address and location, giving you more anonymity online.
  • No Third-Party Trust: You control your VPN — no need to trust third-party VPN providers.

With this setup, you can connect to your home or office network as if you were physically there.

What You Need to Get Started

Before we dive into the setup process, make sure you have the following:

  • UniFi UDM, UDM-Pro, or UDM-SE
  • SSH Client (like PuTTY for Windows or Terminal for macOS/Linux)
  • VPN Client (like OpenVPN for iOS, Android, macOS, or Windows)
  • About 30-60 Minutes of Time

Step 1: Enable SSH Access on Your Ubiquiti Device

SSH (Secure Shell) allows you to access the UDM/UDM-Pro's internal system. This is essential for running commands and managing Docker containers.

Steps to Enable SSH:

  1. Log in to your UniFi Controller via your web browser.
  2. Go to Settings (gear icon) > Advanced Features.
  3. Toggle on SSH Access and set a secure password.
  4. Note down the IP address of your UDM as you'll use it for SSH login.

Step 2: Connect to Your UDM Using SSH

Once SSH is enabled, you can access the device from your computer.

Steps to Connect:

  1. Open your terminal (macOS/Linux) or PuTTY (Windows).
  2. Enter the following command:
    ssh root@<UDM-IP-ADDRESS>
    
  3. Enter the SSH password you set in Step 1.

  4. If connected successfully, you’ll see the command prompt for your UDM.

Step 3: Install Docker on Your UDM

The UDM does not have OpenVPN pre-installed, but you can run OpenVPN using Docker. Here's how to set up Docker on the UDM.

Commands to Install Docker:

unifi-os shell

apt-get update

apt-get install -y docker.io

Once the installation is complete, you’re ready to set up OpenVPN.

Step 4: Run OpenVPN Using Docker

With Docker installed, you can pull and run the OpenVPN container.

Run OpenVPN Container:

docker run -d --name=openvpn -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn

This command pulls the OpenVPN image from Docker Hub and starts it. The container will be set up to listen on port 1194/UDP, the default port for OpenVPN connections.

Step 5: Configure OpenVPN

Now it’s time to configure OpenVPN. This step involves generating the server configuration and creating the security certificates.

Commands to Configure OpenVPN:

  1. Access the OpenVPN container:
    docker exec -it openvpn bash
    
  2. Generate the OpenVPN server configuration:
    ovpn_genconfig -u udp://<YOUR_PUBLIC_IP_OR_DOMAIN>
    
  3. Build the PKI (Public Key Infrastructure) for OpenVPN:
    ovpn_initpki
    

After this step, your OpenVPN server will be configured and ready to authenticate VPN users.

Step 6: Create VPN User Profiles

Each device (user) that wants to connect to the VPN will need a profile. Here’s how to create it.

Commands to Create User Profiles:

  1. Access the OpenVPN container:
    docker exec -it openvpn bash
    
  2. Create a user (replace client1 with the name of your client):

    easyrsa build-client-full client1 nopass
    
  3. Export the OpenVPN client configuration file:
    ovpn_getclient client1 > /etc/openvpn/client1.ovpn
    

This file will be used to connect your VPN client (like OpenVPN for Android, iOS, or Windows) to your VPN server.

Step 7: Download the VPN Configuration File

The client1.ovpn file must be downloaded from your UDM to your computer or mobile device.

Download the OVPN File:

Run this command from your local machine (not the UDM):

scp root@<UDM-IP-ADDRESS>:/etc/openvpn/client1.ovpn ~/Downloads/

Once you have this file, you can use it to configure your OpenVPN client app.

Step 8: Configure Port Forwarding

To access your VPN from outside your home or office network, you need to forward the VPN port.

  1. Log in to your UniFi Controller.
  2. Go to Settings > Port Forwarding.
  3. Create a new port forward rule:
    • Name: OpenVPN
    • Protocol: UDP
    • Port: 1194
    • Destination IP: IP address of the UDM/UDM-Pro.

This will open the VPN port (1194) to external connections.

Step 9: Connect VPN Clients

You’re now ready to connect your devices to the VPN.

How to Connect:

  1. Install OpenVPN Client on your phone, tablet, or laptop.
  2. Import the client1.ovpn file into the OpenVPN client.
  3. Tap Connect and you should be connected to your home network.

Check your IP on WhatIsMyIP to make sure you’re connected via the VPN.

Common Issues & Troubleshooting

If you run into issues, here are a few solutions:

1. VPN Client Can’t Connect?

  • Check if port 1194 is open using Port Checker.
  • Make sure your OpenVPN container is running:
    docker ps
    

2. No Internet Access on VPN?

  • Enable IP forwarding on UDM:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    

3. Client OVPN File Missing?

  • Re-export the configuration file:
    ovpn_getclient client1 > /etc/openvpn/client1.ovpn
    

Security Tips

  • Use Strong Passwords for SSH and VPN users.
  • Limit VPN Access to only essential users.
  • Keep Docker Updated:
    docker pull kylemanna/openvpn
    

Benefits of Using UniHosted

Don’t want to do all this work yourself? UniHosted makes it easier to manage UniFi networks and VPNs. It offers:

  • Simple VPN Configuration: No need to run Docker or configure clients manually.
  • Cloud Management: Full remote access and control.
  • Automatic Backups: Your configuration is always safe.

For a hassle-free VPN setup, check out UniHosted.

Final Thoughts

Running OpenVPN on a Ubiquiti device is one of the best ways to secure your network. You’ll have encrypted traffic, private browsing, and the ability to access your network from anywhere. Sure, it’s a bit technical, but the process is worth it.

If you'd rather avoid the heavy lifting, UniHosted can manage your UniFi Controller and VPN for you. Enjoy peace of mind with secure, remote access. If you would like me to personally walk you through UniHosted, you can schedule a call with me here.

We host UniFi Controllers in the Cloud

Are you ready to take your UniFi Network to the next level? Deploy a UniFi Cloud Controller in minutes and manage your network from anywhere.

Deploy Now

Free tier available

Get the best support

Join 1660+ customers

No credit card required