USG OpenVPN site-to-site parameters

You know that I’m using my blog as my personal “friendly reminder” and this article is no difference 🙂

I wanted to connect my brand new Ubiquiti Security Gateway (USG) to a PF Sense and a Linux router using OpenVPN site-to-site. This is no big deal. There are a bunch of articles out on how to do that, but many of them involve customisation of the USG configuration file on the controller, i.e. creating a config.gateway.json as described here

However, I wanted a configuration as clean as possibile, as I do have many VPNs to which I’m connecting from home and creating a config file with all these connections will be such a mess. Anyway, I found out that USG OpenVPN encryption/auth/compression parameters are somehow not “standard” as pfsense and standard openvpn would accept. Through debug, I found out that these are the OpenVPN parameters that USG will use when setting a Site-to-Site VPN using OpenVPN.

Protocol: UDP
Encryption: BF-CBC
Auth digest: SHA1
Compression: omit preference (leave openvpn default)

Mind that secret key is the shared secret, without START and END line, all on a single line and without spaces.

The above encryption algorithms are considered very weak and could be easily cracked,. If you use VPN for confidential data, I would highly recommend a customisation of config.gateway.json . My case is easier as I am only using VPN to reach private IPs in another network and have different layers of encryption on top, so kind of easy.

Hope it helps!

%d bloggers like this: