Surfshark Ubiquiti

admin

The Ubiquiti EdgeMax Router is a fantastic new high-performance, cheap (base model is ~US$100) router and firewall. It runs EdgeOS, which is based on the open source Vyatta project. This makes it a perfect OpenVPN Client. I recently set one of these bad boys up as an OpenVPN Client, and found there wasn’t a huge amount of information online on how to do this. The main help I got was a forum thread.

  1. Surf Shark Ubiquiti Router
  2. Surf Shark Ubiquiti Pro
  3. Surf Shark Ubiquiti Download
  4. Surf Shark Ubiquiti Wireless

Here’s the procedure I followed to setup my Ubiquiti EdgeMax Lite as an OpenVPN Client:

Setting Up Vpn On Ubiquiti Usg, Cyberghost Kaspersky, Vpn Client Tu Mnchen, vpn mobile applications. Powerful, configurable clients. Servers 80+ Ginp is a New. Surfshark is an award-winning, secure VPN that encrypts your online data to help you stay private & protected every day, hassle-free.

Surfshark is one the cheapest VPN provider supporting unlimited devices, so if you haven’t picked a VPN yet, make sure you check this article! Just like the other two, we need to get an authentication file and configuration file to get started. Create an account at Surfshark.com and click on Devices. Scroll down to Advanced and select Manual.

Note: I’m going to assume you have a bit of router proficiency. A lot of configuration in EdgeOS can be done via the Web GUI, but most of the VPN setup needs to be done via the command line interface.

Step 0: Setup your OpenVPN Server

This guide assumes you already have an OpenVPN Access Server setup and running. I setup one using a Digital Ocean Droplet. The have a great guide on setting up the OpenVPN Access Server using Ubuntu. Before proceeding, please use a desktop client to check the VPN works correctly.

I’m also going to assume you’re on the latest version of the EdgeOS Software. I set mine up using version v1.4.0 (the latest at the time of writing).

Step 1: Get Basic Internet Connectivity Setup

Surf Shark Ubiquiti Router

I followed the Ubiquiti SoHo EdgeMax Example to get basic routing and NAT setup. Ensure you can access the internet via your new router.

Step 2: Download your OVPN File from the Access Server

The OVPN file makes it easy to get your client setup. Login to your Access Server’s Web GUI and download the user-locked file. You need to SSH File Transfer this to your EdgeMax. I used the CyberDuck SFTP Client for Mac. Use the standard “ubnt”/”ubnt” credentials to login. You should upload to: /config/vpn-client1.ovpn

To allow for a username/password login rather than a certificate based login, I needed to modify the OVPN file to add the following directive:

Then create a file called pass.txt. On the first line is your username, and on the second line is your password. Upload this to

Step 3: Configure Ubiquiti EdgeMax

Login to your EdgeMax’s CLI, either via SSH or via the Web GUI. Here’s the commands you need to run:

Reboot your router for good measure, then immediately login to the Web GUI and open the “Log Monitor” (found under tools). You should start seeing openvpn entries.

This means your OpenVPN is now setup. Depending on how your Access Server is configured, you may need to add some routes. The only one I needed to add was to tell it to send all traffic for 0.0.0.0/1 to tun0. This can be setup through the GUI. You’ll also probably need to setup another Source NAT.

Surfshark Ubiquiti

Troubleshooting

If it isn’t working, here are some things to check:

Ubiquiti
  • Does the clock on the EdgeMax match the clock on the Access Server? When a SSL certificate exchange is done, the times must be somewhat accurate in order to work.
  • Can you access the OpenVPN ports, or have they been firewalled? I have had a lot of success running OpenVPN over TCP port 443 (SSL), so perhaps try that.
  • If you are behind a restrictive firewall and/or a proxy you will need to take extra steps in order to get this to work. It is possible. I’ll write about this in an upcoming article.

The Ubiquiti EdgeMax Router is a fantastic new high-performance, cheap (base model is ~US$100) router and firewall. It runs EdgeOS, which is based on the open source Vyatta project. This makes it a perfect OpenVPN Client. I recently set one of these bad boys up as an OpenVPN Client, and found there wasn’t a huge amount of information online on how to do this. The main help I got was a forum thread.

Here’s the procedure I followed to setup my Ubiquiti EdgeMax Lite as an OpenVPN Client:

Surfshark Ubiquiti

Note: I’m going to assume you have a bit of router proficiency. A lot of configuration in EdgeOS can be done via the Web GUI, but most of the VPN setup needs to be done via the command line interface.

Step 0: Setup your OpenVPN Server

This guide assumes you already have an OpenVPN Access Server setup and running. I setup one using a Digital Ocean Droplet. The have a great guide on setting up the OpenVPN Access Server using Ubuntu. Before proceeding, please use a desktop client to check the VPN works correctly.

I’m also going to assume you’re on the latest version of the EdgeOS Software. I set mine up using version v1.4.0 (the latest at the time of writing).

Surf shark ubiquiti pro

Step 1: Get Basic Internet Connectivity Setup

I followed the Ubiquiti SoHo EdgeMax Example to get basic routing and NAT setup. Ensure you can access the internet via your new router.

Step 2: Download your OVPN File from the Access Server

The OVPN file makes it easy to get your client setup. Login to your Access Server’s Web GUI and download the user-locked file. You need to SSH File Transfer this to your EdgeMax. I used the CyberDuck SFTP Client for Mac. Use the standard “ubnt”/”ubnt” credentials to login. You should upload to: /config/vpn-client1.ovpn

To allow for a username/password login rather than a certificate based login, I needed to modify the OVPN file to add the following directive:

Then create a file called pass.txt. On the first line is your username, and on the second line is your password. Upload this to

Surf Shark Ubiquiti Pro

Step 3: Configure Ubiquiti EdgeMax

Login to your EdgeMax’s CLI, either via SSH or via the Web GUI. Here’s the commands you need to run:

Reboot your router for good measure, then immediately login to the Web GUI and open the “Log Monitor” (found under tools). You should start seeing openvpn entries.

Surf Shark Ubiquiti Download

This means your OpenVPN is now setup. Depending on how your Access Server is configured, you may need to add some routes. The only one I needed to add was to tell it to send all traffic for 0.0.0.0/1 to tun0. This can be setup through the GUI. You’ll also probably need to setup another Source NAT.

Troubleshooting

Router

Surf Shark Ubiquiti Wireless

If it isn’t working, here are some things to check:

  • Does the clock on the EdgeMax match the clock on the Access Server? When a SSL certificate exchange is done, the times must be somewhat accurate in order to work.
  • Can you access the OpenVPN ports, or have they been firewalled? I have had a lot of success running OpenVPN over TCP port 443 (SSL), so perhaps try that.
  • If you are behind a restrictive firewall and/or a proxy you will need to take extra steps in order to get this to work. It is possible. I’ll write about this in an upcoming article.