×

Create Account

Join us today and get started!

Continue with Google
or use email

6-digit security PIN (required for new accounts).

Need to sign in? Sign in

×

Sign In

Welcome back. Sign in to your account.

Continue with Google
or use email

Need to create an account? Create Account

VPN and Remote Access with UniFi

UniFi OS Guide

← Back to Resources

Compare Teleport, UniFi VPN, and port-forward approaches for secure remote admin and user access.

VPN and Remote Access with UniFi

Remote access should be encrypted — avoid exposing admin ports to the open internet.

Options overview

Method Best for Notes
UniFi Teleport (where supported) Quick user VPN on gateways that offer it Easy mobile setup
UniFi VPN / L2TP / IPsec Site-to-site or road warriors Configure on gateway
WireGuard / third-party Advanced users May run on separate appliance
Port forward to controller Not recommended High risk — use VPN instead

Your hosted i2unifi controller is already remote — admins use HTTPS to i2unifi. Site VPN is for reaching on-site LAN resources (files, cameras, RDP to PCs).

Teleport (if available on your gateway)

  1. Enable in UniFi OS gateway Teleport settings.
  2. Invite users via app / email.
  3. Test access to a LAN resource (printer IP, file share).

Site-to-site VPN

  • Connect branch office to HQ gateway.
  • Ensure no overlapping subnets (both sides using 192.168.1.0/24 fails).
  • Document Phase 1/2 or WireGuard keys outside UniFi for disaster recovery.

Accessing UniFi controller remotely

  • Use your i2unifi controller URL — no need to port-forward UniFi ports to the internet.
  • Protect admin accounts with strong passwords and 2FA.

Security practices

  • Deny WAN → LAN admin ports in firewall.
  • Use RADIUS or SSO for WiFi where scale requires it.
  • Revoke VPN users when staff leave.

Troubleshooting

  • VPN connects but no LAN access: check firewall rules and DNS pushed to clients.
  • Double NAT breaks VPN — bridge ISP modem when possible.