Setting Up RADIUS Authentication for VPN Users on the UXG-PRO: A Complete Guide for Secure, Cloud-Free Access
Published by Juan David Ramirez on 12th Dec 2024
Hey UniFi fam! Juan David here, Flytec’s Tech Lead Support and UniFi certified Trainer, ready to dive into a question that’s been popping up a lot: Does the UXG-PRO support RADIUS authentication for VPN users?
The short answer? Yes! If you're running a VPN server, like Open VPN, you can indeed configure a RADIUS server to manage VPN authentication for your UXG-PRO. This setup is super handy for those who want secure, centralized authentication for network access without involving any cloud services. Now, let’s get into the steps and details to make sure you’re set up smoothly.
Setting Up RADIUS Authentication on Your UXG-PRO for VPN Users
Step 1: Configure the Built-In RADIUS Server
UniFi gateways, including the UXG-PRO, come with a built-in RADIUS server, which is compatible with the 802.1X standard. This enables secure, reliable authentication for VPN and network access.
What’s 802.1X?
802.1X is an access control standard that authenticates devices on a network, giving you a robust framework for network security. Here’s a quick rundown of its key components:
- Supplicant: The device requesting access.
- Authenticator: The device that sends requests to the Authentication Server.
- Authentication Server: The RADIUS server that validates the user’s credentials.
- Accounting Server: (Optional) Records session information, such as login/logoff times and session duration.
The 802.1X process goes as follows:
- The client (e.g., your VPN user) is prompted for credentials.
- The client sends the credentials to an authenticator, which forwards them to the RADIUS server.
- The RADIUS server responds:
- Access-Reject: Denies access.
- Access Challenge: Requests additional info (for multi-factor authentication).
- Access-Accept: Grants access.
Step 2: Enabling the RADIUS Server on the UXG-PRO
- Navigate to Settings > Profiles > RADIUS in your UniFi Network Application.
- Enable the RADIUS Server:
- Secret: Enter a shared key for authentication between the authenticator and RADIUS server.
- Authentication Port: Define the port for authentication messages.
- Accounting Port: Define the port for accounting messages if you want to log user sessions.
- Interim Interval: Sets how often the session info updates (useful for ongoing accounting).
This RADIUS server collects data from the authenticator on each session, giving you insights into network activity and connection status.
Step 3: Create RADIUS Users
- In Settings > Profiles > RADIUS, select Create a New RADIUS User.
- Enter User Details:
- Username: Choose a unique ID for each VPN user.
- Password: Set a secure password.
- VLAN: Assign specific VLANs if needed.
- Tunnel Type & Medium Type: Choose based on your network setup.
For dynamic VLAN assignments, enable RADIUS Assigned VLAN Support to route users to specific VLANs automatically.
That’s it! With these steps completed, your UXG-PRO is now configured to use RADIUS authentication for VPN users. Your network is set up for secure and centralized access management.
Quick Recap
The UXG-PRO fully supports RADIUS authentication for VPN users, letting you keep everything locally managed and secure. With RADIUS, you get powerful, centralized control over VPN access, plus the added security of 802.1X standards.
So, if you’re working with a self-contained setup and want a secure way to manage VPN user access, the UXG-PRO with RADIUS is an excellent choice. This configuration keeps your network secure, flexible, and cloud-free—perfect for those who value local control.
Stay connected, stay secure, and keep the questions coming!