Setting Up a VPN


1 Like

OK, back to this VPN thread as that other thread settles a VPN is needed.

AFAIK a quality VPN is the safest way to allow access to your home network when you're away.

Is a VPN via my Asus router "a quality VPN"? If so, which of the four options is recommended?

If you wanted general access to your home network that is the way you should go.

I do not need general access to my home network. I ONLY want to see the Hubigraphs in my Hubitat Android app dashboard. Will I need to load any apps on my phone to see the Hubigraphs on the Hubitat Android app dashboard via VPN?

I experimented with Cloudflare and another similar option that I can't remember name and both seemed like great options if I didn't already have Wireguard VPN.

I am also using WireGuard - because I already have an RPI running 24/7, and it is straightforward to set up and use.

1 Like

+1 for Tailscale.
Have to say it wasn't as easy as click and go, eventually got it working.
Running it on my Qnap using Virtualization Station.
Tried setting it up using a container but that was way over my screwing around tolerance. :crazy_face:

A few years ago I was using a Linux box with iptables for my firewall and I setup both openvpn and wireguard on it to see which I liked better. Wireguard turned out to have something like 15% less throughput so I ditched it. Last year I replaced the Linux box with an OPNsense box and setup openvpn on it. It's been rock solid. YMMV

I use my VPN on every device away from home so that all my traffic is routed through my pihole for it's blocking of BS traffic. I expected to "feel" a slightly slower connection but it's turned out to be indistinguishable from being connected to my wifi at home.

Yes. If Wireguard is one of the four VPN Server options, that would be my choice.

I run Wireguard on my UniFi Dream Machine SE. It works great for remote access to my home network.


Wow, I did notice a flurry of posts during the hours that after I posted (went to bed)...

My lazy self would revert back to the WireGuard setup I have had issues with.... But I may dabble in some others based on comments here along with other forums.

Thanks to those who have posted so far, don't let my post stifle the conversation... :slight_smile:

Could you point me in the direction of the instructions that you used to do so? Last time I looked over an year ago, I was confused by instructions that I found.

Sure. To be clear. Wireguard supports the Edgerouter. The Edgerouter does not come with it built in. I started with this article which got me about 90% of the way.

VERY IMPORTANT: Take notes and copy your keys off to somewhere secure but assessable like a password manager because the peer configuration will get wiped every time you do a firmware update on the Edgerouter. I simply saved the console commands so that I could replay them when necessary. Not a big deal, if you have the notes. It takes me less than 5min to do it after a firmware update. Just something I have to remember to do.

If you figure out a way around this, please let me know.

Unifi has a zero configuration VPN called Teleport. Up until now it's been mobile devices only. They're releasing beta computer clients now. Currently Mac and Linux are available.

FYI (and tagging @chowell), the EdgeRouter line now supports Wireguard VPN natively in most recent FW releases...


EdgeRouter 3.0.0-rc.3 & onward includes a new redesigned web interface and adds support for WireGuard VPN.

Early Access (e.g., beta):

That could/should (?) make it easier to set up? I haven't updated to the new FW yet so haven't investigated migrating my existing WireGuard setup on my ER12 to the new built-in support on the new FW. One of the things I have to check into is whether you can update the WG version independently of the Edgemax FW updates.

For less setup work overall you can also use the Tailscale WG option...

1 Like

Nice! I'll be looking forward to that!

I have Wireguard currently running on a Raspberry pi 4. Would there be any performance gain (or loss) if I was able to get it running on my EdgerouterX?

I would expect negligable difference, but of course I've never compared. Having it on the Pi may give you additional flexibility (i.e., not tied to Unifi/Ubiquiti FW updates).

I understand and I was using what you linked. I got stuck. If you go into the comments and look to about a year ago, you'll see my name on that page. :grinning: Since it's working fine on the Raspberry pi, I didn't pursue.

1 Like

I did run Teleport for a while but it's limited on configuration. Depending on which version of UNIFI you are on. There's also wireguard which I am running right now.

I have looked at tail scale, and maybe I'm really dense, but I just can't seem to figure out where to even begin to set it up. In my case, I would be looking to use VPN into my router to access my hubs. Currently, I use Asus InstantGuard for that. Previously I used Open VPN, and the results from that were mixed at best.

Can your router use the Asus Instant Guard App (by the name you wouldn't actually know it's a VPN app)? That is what I currently do, and it works pretty well.

Just a note. As far as I know, only IPsec on an edgerouter takes advantage of the hardware acceleration. It can perform the same as WireGuard for vpn throughput but is way less demanding on the cpu. And L2TP over IPsec is built in.

So my question is why would you use something else? Just curious what I am missing.

Tests here showed WG faster than IPSEC w/HW acceleration on Edgerouter

My personal experience is that I've been able to watch streaming services across the country from my home via my Wireguard VPN running on ER12...I've literally never seen a bandwidth issue using it.

Plus it's new & shiny. :wink: