Join Log in
Score:0
avatar Server

UniFi Security Gateway (Strongswan) site to site VPN with branch side has no real IP at all (e.g. 4G connections) and dual WAN fallback

mx flag
William Yeung

As title described, here is the scenario I have:

  1. HQ - USG Pro (Unified Security Gateway Pro) with static public IP
  2. Branch Office - USG with dual WAN, either one or both of the WAN port has no real IP due to using mobile 4G Network (the public IP is a 10.x.x.x Class A private network)

Ideally I would like to configure a site-to-site VPN setup but leveraging dialup client for the branch office so that it will work without a real IP. It would be great if I can get it work directly using Unifi controller (I have one on the cloud, with all the equipment provisioned using L3 IP based approach), however if it is impossible I can also use underlying configuration hack directly using the gateway json override trick:

https://help.ui.com/hc/en-us/articles/215458888-UniFi-USG-Advanced-Configuration-Using-config-gateway-json

104
0 + 0
vpn
us flag
Roy
Not a real answer to your question, but it may help you to know that many carriers offer a separate APN that will give you a dynamic public IP. Other carriers offer the purchase of a static public IP, although some of those ask silly amounts of money for the service (ie. $500 from Verizon).
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.