VPN Between Max Transit and Unifi UDM SE?

I’m attempting to establish a VPN tunnel between a Max Transit Duo and a remote Unifi UDM SE router. So far, I have not been able to connect by IPsec site-to-site. The Advanced / IPsec VPN / IPsec Profiles page states: “Pepwave MAX IPsec only supports network-to-network connection with Cisco, Juniper or Pepwave MAX devices.” Considering that statement, and before I spend more time trying, is it unlikely that Peplink’s site-to-site IPsec will work with the Unifi?

I also added the OpenVPN client license and tried connecting the OpenVPN WAN connection (from the WAN settings) to an OpenVPN server setup on the Unifi UDM. That has also failed to connect.

I want to securely connect a single device on the Peplink LAN to another single device on the remote Unifi LAN. I am currently doing it with port forwarding on the Unifi, without a tunnel. I have a static, public WAN IP on the remote Unifi end, and static public IP’s on the two Peplink LTE WAN’s (ATT FirstNet and VZW Frontline - perhaps they are CGNAT, but the IP’s do appear to function as public). For my attempts, I have been limiting the Max Transit to a single LTE WAN.

Is anybody else doing this between a Peplink router and a Unifi router and willing to share your successful configuration?

The Peplink is a Max Transit Duo with 8.3.0 FW, locally managed (no Incontrol or SpeedFusion), with the OpenVPN Client license active.

Shawn

That’s a customer support restriction not a technical one.

Whenever I need to do something like this, I prefer to host a Fusionhub in the cloud, using speedfusion bonding from the transit to the fusionhub then build an IPSEC from the fusionhub to the other IPSEC enabled devices.

That said, there is no good reason why OpebVPN WAN shouldn’t be able to connect to your UDM.

What errors do you see at either end? What’s in the logs?

Thanks for the reply Martin,

The OpenVPN WAN on the Peplink side attempts to connect, but remains disconnected. The Unifi UDM never shows signs of a connection, but I’ll see what logs there might be on the UDM.

In the Peplink Event Logs, I see WAN configuration changes applied, but no entries for OpenVPN WAN connection attempts or failures. I see that Session Logging is not enabled - perhaps I need to enable that.

I would like to achieve this without Speedfusion, if I can. It sounds like this should work in theory, so I will continue. I will create a new OpenVPN server on the Unifi and reconfigure the OpenVPN WAN on the Peplink later today and report the details.

Good luck! If you are not seeing any attempts on the UDM I would try doing a network capture at the side and verify the OpenVPN incoming traffic.