A couple of days ago I got a Ubiquiti UniFi Dream Machine, which is an all-in-one device with an access point, 4-port switch, and a security gateway. After the basic setup, I wanted to connect my Ubiquiti UniFi Dream Machine USG to an Azure VPN Gateway (Azure Virtual Gateway), using Site-to-Site VPN. In this blog post, I am going to show you how you can create a site-to-Site (S2S) VPN connection from your Ubiquiti UniFi Dream Machine to Azure Virtual Network Gateway.
Azure Virtual Network Gateway and Connection
I already have a virtual network in Azure with the address space 10.166.0.0/16, and I also deployed the Azure Virtual Network Gateway connected to that vNet. The next thing I did was to add a connection to the gateway.
Azure VPN Connection
You need the following:
- Name for the connection
- Set Connection type to Site-to-site (IPSec)
- Create a local network gateway (basically the configuration of your local VPN gateway.
- Define a shared secret
Configure Ubiquiti UniFi Dream Machine VPN connection
Now you can switch to your UniFI Dream Machine, which has an UniFI USG integrated. Under settings go to Networks and click on Create new Network.
UniFi Network Azure VPN
Here you configure the following:
- Name of your VPN connection
- VPN Type Manuel IPSec
- Remote Subnets which is the Azure vNet address space (in my case 10.166.0.0/16)
- Peer IP which is the public IP address of the Azure virtual network gateway
- Local WAN IP
- the pre-shared key (shared secret)
- IPSec Profile: Customized
- Key Exchange Version: IKEv2
- Encryption: AES-256
- Hash: SHA1
- DH Group: 2
After that, the VPN will connect and the status of your Azure virtual network gateway connection will change to connected.
Dream Machine Azure VPN Connection
You can now reach your Azure virtual machine using the private IP address range.
Connected Azure VPN