VPN Between Max Transit and Unifi UDM SE?

I’m attempting to establish a VPN tunnel between a Max Transit Duo and a remote Unifi UDM SE router. So far, I have not been able to connect by IPsec site-to-site. The Advanced / IPsec VPN / IPsec Profiles page states: “Pepwave MAX IPsec only supports network-to-network connection with Cisco, Juniper or Pepwave MAX devices.” Considering that statement, and before I spend more time trying, is it unlikely that Peplink’s site-to-site IPsec will work with the Unifi?

I also added the OpenVPN client license and tried connecting the OpenVPN WAN connection (from the WAN settings) to an OpenVPN server setup on the Unifi UDM. That has also failed to connect.

I want to securely connect a single device on the Peplink LAN to another single device on the remote Unifi LAN. I am currently doing it with port forwarding on the Unifi, without a tunnel. I have a static, public WAN IP on the remote Unifi end, and static public IP’s on the two Peplink LTE WAN’s (ATT FirstNet and VZW Frontline - perhaps they are CGNAT, but the IP’s do appear to function as public). For my attempts, I have been limiting the Max Transit to a single LTE WAN.

Is anybody else doing this between a Peplink router and a Unifi router and willing to share your successful configuration?

The Peplink is a Max Transit Duo with 8.3.0 FW, locally managed (no Incontrol or SpeedFusion), with the OpenVPN Client license active.


That’s a customer support restriction not a technical one.

Whenever I need to do something like this, I prefer to host a Fusionhub in the cloud, using speedfusion bonding from the transit to the fusionhub then build an IPSEC from the fusionhub to the other IPSEC enabled devices.

That said, there is no good reason why OpebVPN WAN shouldn’t be able to connect to your UDM.

What errors do you see at either end? What’s in the logs?

1 Like

Thanks for the reply Martin,

The OpenVPN WAN on the Peplink side attempts to connect, but remains disconnected. The Unifi UDM never shows signs of a connection, but I’ll see what logs there might be on the UDM.

In the Peplink Event Logs, I see WAN configuration changes applied, but no entries for OpenVPN WAN connection attempts or failures. I see that Session Logging is not enabled - perhaps I need to enable that.

I would like to achieve this without Speedfusion, if I can. It sounds like this should work in theory, so I will continue. I will create a new OpenVPN server on the Unifi and reconfigure the OpenVPN WAN on the Peplink later today and report the details.

Good luck! If you are not seeing any attempts on the UDM I would try doing a network capture at the side and verify the OpenVPN incoming traffic.

1 Like

@srk Wondering if you ever had any success with this? I am in a very similar situation at the moment (trying to use OpenVPN Client from BR1 Mini back to a UXG-Max) and seeing the exact same behavior.

Without being able to view the logs, its very difficult to troubleshoot.

I had to drop the project for a while and have not yet returned to troubleshooting. I hope to resume soon and will look on the UDM side for any clues in the log. Please post if you discover any obvious points of failure.

Happy to say I was able to figure this out with the help of support!

The Unifi-generated .ovpn file adds these files by default:

user nobody
group nogroup

Just comment those out using #, and the connection will come up!

I was finally able to revisit this project and I am happy to confirm this solution! That part of the config file did not stand out to me. Thanks for passing along the information.