IPSEC site to site VPN

configure
edit vpn ipsec

# Fase 1
set ike-group unifi key-exchange ikev2
set ike-group unifi lifetime 14400
set ike-group unifi proposal 1 dh-group 14
set ike-group unifi proposal 1 encryption aes128
set ike-group unifi proposal 1 hash sha1

# Fase 2
set esp-group unifi compression disable
set esp-group unifi lifetime 14400
set esp-group unifi mode tunnel
set esp-group unifi pfs dh-group14
set esp-group unifi proposal 1 encryption aes128
set esp-group unifi proposal 1 hash sha1

# IPSEC VPN
# ToDo

Unifi on FreeBSD

Install

pkg install unifi5

Edit /etc/rc.conf

unifi_enable="YES"

Keep in mind that Unifi uses the mongodb package, but run it by it's own, on a different port. So you don't have to start mongodb at boot time.

KPN/XS4All

root@router:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 pppoe2
10.40.3.0       0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.40.10.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1.1010
10.162.80.0     0.0.0.0         255.255.240.0   U     0      0        0 eth0.4
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
194.109.5.227   0.0.0.0         255.255.255.255 UH    0      0        0 pppoe2
213.75.112.0    10.162.80.1     255.255.248.0   UG    0      0        0 eth0.4

Links

• https://freetime.mikeconnelly.com/archives/6373

• https://robpickering.com/working-around-incomplete-ubiquiti-unifi-security-gateway-dns-service/