Trying to set up a VPN connection through UDM-Pro!

Published by Juan David on 2nd Feb 2024

Greetings, fellow tech enthusiasts! Today, I'd like to share an interesting experience from a recent support session where we successfully tackled a VPN configuration issue on Ubiquiti's Dream Machine Pro (UDM-Pro). Strap in, and let's dive into the nitty-gritty details!

The Challenge: Our customer, let's call him Mr. Flytec #1 Fan, reached out with a rather common yet vexing issue—setting up a VPN connection through the UDM-Pro. Despite his best efforts, the VPN tunnel stubbornly refused to establish a stable connection.

Q: “I’m trying to set up a VPN connection through the UDM-Pro but I can’t seem to make it work.”

Initial Analysis: Upon receiving Mr. Flytec #1 Fan's support ticket, I initiated the troubleshooting process. I kicked off with a set of probing questions to gather details about his network setup and the specific configurations applied to the UDM-Pro.

Q: What type of VPN are you trying to configure on your UDM-Pro?

A:I am trying to set up an L2TP VPN.

Q:Have you modified any default settings in the UDM-Pro's VPN configuration?

A:Yes, I tried adjusting the encryption settings based on a guide I found online.

Q: Are there any specific error messages or codes displayed when the VPN connection fails?

A: It often says, 'Authentication Failed' or simply 'Connection Timeout.

The initial analysis indicated that we were dealing with a classic misconfiguration scenario—a mismatch in authentication parameters within the VPN settings.

Remote Assistance: To expedite the resolution process and provide a more hands-on experience, I suggested a remote session. Mr. Flytec #1 Fan agreed, and in no time, I was peering into the UDM-Pro's configuration interface.

Identification of the Culprit: It didn't take long to spot the culprit—a misconfiguration in the authentication parameters. I explained to Mr. Flytec #1 Fan the intricacies of each setting and how they influenced the VPN tunnel's establishment.

Guided Configuration Adjustment: This is where the rubber met the road. I meticulously walked Mr. Flytec #1 Fan through the necessary steps to adjust the configuration. It's always crucial to ensure that we not only resolve the immediate issue but that we help our customers understand the reasoning behind each solution we provide.

We navigated to the VPN sections in the settings and selected L2TP.

I Prompted him to create the VPN Name and Pre-shared key and select his WAN port on the Server address.

We then did Manual configuration and selected default for Radius Profile, then we selected a network from private IP ranges for the Gateway/Subnet.

Finally, we typed our preferred DNS server and enabled both the Require Strong Authentication and Weak Ciphers