Do you know what is Smart Home with bad Wi-Fi the answer was my home until very recently. Now I bought the UniFi Dream Machine and I hope that everything is going to change for good.
Table of Contents
What you will see in this article?
In todays article I will show you the brand new UniFi Dream Machine or UDM for short, then I will show you how you can setup the device.
After that I will show you some Pros and Cons of the product from my point of view.
And for dessert I will show you how to configure a VPN natively from the UniFi controller, so we can connect to our Smart Home from the outside. Using the native Desktop and Phone VPN clients.
What is UniFi Dream Machine?
Wait a minute here! You may ask what is actually a UniFi Dream Machine?
And the simple answer is: The UniFi Dream Machine is not very cheap wireless router from a very popular brand named Ubiquiti.
But if we go a little bit deeper we will see that UniFi Dream Machine can replace four Ubiquiti products namely:
- UniFi Security Gateway which Is a wired router and FireWall, and it is older and slower than UDM,
- UniFi Cloud Key – this is a controller allows you to manage all of your network equipment,
- Also a 4-ports switch – The closest one is the 5 port switch or 8-port switch,
- Last, but not least – Wi-Fi Access Point, but not the cheapest AP that Ubiquiti have. More like the UAP nanoHD one which cost by itself more than the half of the Dream Machine price.
From that perspective the UniFi Dream Machine looks like a steal and this is exactly how the Ubiquiti catch me in their net.
And before we go further I just want to share that this article is not sponsored by Ubiquiti, so everything you will see here is purely my opinion and experience with the Dream Machine.
Of course you can sponsor me by hitting the Subscribe, so hard that you will break the button. Actually I don’t recommend to hit anything, just a gentle click on the button will be OK.
[sibwp_form id=2]
Setting Up UniFi Dream Machine
The diagram below is showing how to initially set up a UniFi based Home or SOHO network and includes: UniFi Access Point (UAP), UniFi Switch (USW), UniFi Security Gateway (USG) and UniFi Cloud Key (UCK).
All of these four devices can be replaced with the one UniFi Dream Machine as you can see from the following diagram.
Of course there are some limitations in this setup for example:
UniFi Dream Machine is not designed to be mounted on the wall/ceiling or staying outdoor like some of the UniFi Access Points, but I’m pretty sure someone, somewhere will try some of these things.
But let’s see all of the Pros and Cons based on my humble opinion.
UniFi Dream Machine Pros and Cons
Time for Pros and Cons. I will start with the Cons, as I want to end this positively.
UDM Cons
- No PoE ports – There are no PoE ports, at least one would be great, but no luck here.
- No Wi-Fi 6 support – so this device is not so future proof that I wanted to be.
- Not perfect initial setup – I had several issues on the last step, so I have to start all over again 3 times and last one worked after power cycling the UDM. But I believe they will fix this with the future firmware updates that will come.
- No possibility to do a MAC address clone – If your Internet Service Provider like mine is locking your MAC address and when you change your router you either have to call them or you have to clone the MAC address from your old router.
Well as of now with UDM your only option is to do that call your ISP, because MAC address clone/spoofing is not possible. - Fan inside UDM – There is a fan somewhere inside UniFi Dream Machine.
For now I can only hear it when the UDM start and doing some initial checks. But you know what they say: “when there is a fan there are problems or at least noise”. I hope I’m not right here, but we will see.
(I really don’t know if someone besides me is saying that about the fans, so you may not know what they say, because I just invented that, never mind let’s just continue the article). - No JSON support to separate VLAN on WAN port yet! (Thanks Mark de Vaal from the YouTube channel for that)
I’ll stop with the cons list for now, but I will continue to add more in the video description and here in my website if they arise.
Let’s go to Pros now:
UDM Pros
- WiFi coverage and speed is a real beast. 2 floors, Partially 3th floor and not big yard here all covered with a single Dream Machine. I’m amazed with that – hats down Ubiquiti you did a really good job here.
My former routers (Linksys WRT 54gl (tomato fw), TP-LINK 1043 (openwrt fw), TP-LINK 4300 (openwrt fw) and my UniFi Ac Pro Access Point are not even close compared with the Deam Machine. - 4 in 1 – The UniFi Dream Machine (UDM) offers an all-in-one solution setup which includes access point, security gateway, switch and Cloud Key capabilities. So you can simplify your network without loosing functionality and for better price.
- 24/7 Global Support, articles, community – I know this is valid for all Ubiquiti products, but it’s worth to mention, because you receive free support great community and articles about everything you think of. You want VPN, no worries there is a very easy to follow official article, static IPs for the clients- yes, article, VLANs of course, connecting to your neighbor’s Wi-Fi – article. Come on Ubiquiti who does that?
If I put joking aside it feels like really top notch premium experience that totally worth the few extra bucks that you have to pay for the Dream Machine. - Lack of major Cons – And One of the biggest Pros Is the lack of major cons. At the end of the day there are no major show stoppers and drawbacks at least for me. Also I knew about most of them before I buy the product and still this doesn’t stop me to buy it after all.
Buying the UniFi Gear
If you are interested in buying any of the gear that I used in this video/article please consider using the affiliate links down below. I will receive a small commission with no additional cost for you.
- UniFi Dream Machine – https://amzn.to/3duBodd
- UniFi AP HD – https://amzn.to/2zWaBIj
- UniFi switch 8 port – https://amzn.to/2zP7WAi
- UniFi switch 8 port 60W PoE – https://amzn.to/2XWyDeb
- UniFi Cloud Key – https://amzn.to/36UcYYl
- UniFi Security Gateway – https://amzn.to/3gLJss5
Or look at my All in 1 page – https://www.amazon.com/shop/kpeyanski
Setup a UniFi Dream Machine VPN server
Let’s setup a VPN server right from the UniFi web interface which is actually very easy to do. If you are using the New (Beta) settings of the UniFi controller switch back to the Classic Settings.
Go to Settings > click on the Classic Settings in the upper part of the screen.
Go to Settings > Services > Radius > Server tab > Enable RADIUS server and enter a Secret.
Next, go to the Users tab > Create New User and create at least one user with the following settings:
After that go to the Settings > Networks > Create New Network > and select Remote User VPN to create the UniFi Dream Machine VPN and L2TP server.
Add the following in the corresponding fields:
Name: WHATEVER_YOU_WANT Purpose: Remote User VPN VPN Type: L2TP Server Pre-Shared Key: <shared-secret> Gateway IP/Subnet: 10.0.10.1/24 Name Server: Auto RADIUS Profile: Default MS-CHAP v2: Unchecked
Have in mind that the The pre-shared key is a common password used to authenticate all VPN users to the UniFi Dream Machine VPN / L2TP Server.
That’s it, you now have a UniFi Dream Machine VPN Server and you can test it from your Desktop or your Phone, as I will show you in a minute (next sections).
Question for You!
What is your router model and brand that you are currently using?
Let me know your answers in the comment section below. Bonus points if you say that if you are happy with it or not so.
Native MacOS VPN Client Setup
I will use the native macOS client to connect to the UniFi Dream Machine VPN server now. Of course you can use the Windows or the Linux one without any issues.
1. Simply go to System Preferences > Network on your computer.
2. Click the + button.
2.1 Interface: VPN
2.2 VPN Type: L2TP over IPsec
3. In Authentication settings enter the preshared key.
L2TP VPN doesn’t have a route distribution method. If the setting on the client device to route “all” traffic through the tunnel is not enabled, it will be necessary to add the manual routes on the client, to point to the UniFi Dream Machine local networks.
Or in other words just enable “Send all traffic over VPN connection” option in the “Advanced…” menu.
Native Windows VPN Client Setup
If using a Windows machine to connect to UniFi Dream Machine L2TP VPN (same is valid for USG), follow these steps to set it up in Windows 10 and probably in Windows 8.1
1. Go to Settings
2. VPN > Add VPN connection
3. See the following screenshot and fill the information requested.
 |
Windows Authentication Setup
- Go to Control Panel > Network & Sharing settings > Change Adapter Settings.
- Right-click the L2TP adapter, then go to Properties > Security.
- Under Type of VPN, select Layer 2 Tunneling Protocol with IPsec.
- Click Advanced Settings. Select preshared key for authentication and enter it.
- Make sure to have the option of Allow these protocols enabled and mark the checkbox for Check Microsoft CHAP Version 2 (MS-CHAP v2), as shown in the screenshot below.
Windows requires a registry tweak in order to use L2TP w/ PSK.
So open your Command Prompt as Administrator and add the following key:
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
And then reboot your Windows.
Native iOS VPN Client Setup
Let’s also try to connect to the VPN from an iOS device.
Go to Settings > VPN > Add VPN Configuration.
For the Type select L2TP and enter you Server, Account, Password and shared Secret.
When you are ready click Done. And try to connect. If it stays green and you can able to reach your Home stuff while you are on mobile data, then everything is fine and you are in the VPN game.
Support My Work
Any sort of engagement on this website or with my YouTube channel does really help out a lot, so make sure you hit the subscribe, Like and Bell buttons If you enjoy the video.
Also feel free to add me on Twitter by searching for @KPeyanski. You can find me on my Discord server as well.
I really hope that you find this information useful and you now know what is UniFi Dream Machine, how to setup it, how to configure a VPN natively, and the pros and cons of this device.
Thank you for reading, stay safe and see you next time.
Good write up! Handy to have the screenshots of the VPN setup, I should have done that too. Cheers.
Thank you Evan, Glad you like it. If you have some issues with the VPN setup – write here or in my Discord server. I will try to help.
Thanks! Maybe I should have been clearer, I was referring to my own review here: https://www.evanmccann.net/blog/unifi-dream-machine-review
I wish it wasn’t limited to just L2TP, and I wish the reporting of VPN users/usage/etc was better in the controller, but I’m still loving my UDM so far. Cheers.
Very nice article! I can put a link to it in my article if you do the same in yours 😉 I also love the blog will look around in details later.
Great write up, thanx for the detail and the screen shots! I’ve gotten everything to work so I can access my Windows desktop from iOS via VPN but, oddly enough, I can’t get the same thing to work from my Windows laptop. The VPN connection comes up, but the RDC connection fails. It looks like there’s some kind of routing problem (i.e., the desktop is on 192.168.1.x while the VPN subnet is 192.168.5.x — name resolution works because the VPN gateway is also the LAN DNS server but I suspect the connection isn’t jumping across. Any idea how to fix that?
You can try to increase the VPN network priority. Set the metric to 1 for example or lower number than your other networks – https://www.windowscentral.com/how-change-priority-order-network-adapters-windows-10
I was using a Linksys WRT1900ACS with a 1Gbps fiber connection. Now testing the UDM, mainly because of IDS / IPS integration and the faster processor.
Good, are you happy with the results so far?
Is there an article that explains the process of adding in the UDM to an existing network with a USG and cloud key and then how to remove those devices?
I was looking at this, the USG or the EdgeRouter. My main concern here is the fan, with secondary concern the lack of support for those JSON files. How have you found getting on with yours? Do you have it in a place where fan noise may be a problem?
Fan is not a problem on UDM at least for now. I’ve heard it just 4-5 times till the moment when the room temp was very hot and under heavy load transferring 200-300GB of small files over the network.
Does the VPN provide the same security and privacy as say Express VPN? Is this the same concept?
Yes it does. And yes the concept is the same. The only difference in my opinion is that some paid VPNs offer possibility to change your location. For example to simulate that you are in the USA when you’re actually somewhere in Asia.
Thanks for the VPN instructions. I followed your steps for the vpn setup through the controller and I got to step 3, but on my settings there is no VPN section….. Have UNIFI taken away this feature?
Hi Patrick, it seems that UniFi constantly update their new (beta) settings.
I have updated the article with the classical settings and now the VPN part should be OK
Hi, I was wondering if you have similar instructions to setup the UDM with the use of any of the standard VPN providers (i.e. NordVPN, ExpressVPN, etc).
Hi Juan, I don’t have instructions for NordVPN or ExpressVPN, but I believe that you can contact the support of these products. They should be happy to help as you actually paying them for their service. That is the best advice that I can think of. Good luck.
Nice tutorial. One hiccup– in the setting up of the VPN user, the values for the fields that you list is Gateway IP/Subnet: 10.0.10/24. It should be Gateway IP/Subnet: 10.0.10.1/24. You dropped the ‘1’ before the slash..
Hi Ken, thank you very much about the good words and the hiccup – it is fixed already. BTW did this article manage to help you to set the VPN?
Hey man. Thanks for the great setup tips. I believe I have everything setup right but I am getting a connection error from my laptop when trying to access the VPN. Specifically, “attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.” I am not sure I have the host name correct. Any ideas would be helpful. Thanks!
Hey Matt, hostname is very important and could be the reason why you cannot connect. Can you try with IP instead of hostname or to double check the hostname?
Regarding VPN set up, is it possible to make it work behind Nat? I’m forced to use isp modem/router.
I have forwarded ports 1812 1813 500 4500 but still cannot make it work…
When scanning ports none of mentioned ones is open on udmp.
The ports should be opened and your IP accessible from any remote networks (Internet) in order the VPN to work.
Good write-up. But you only need the registry change if the VPN server is behind NAT. Not related to PSK.
Can you share a link where I can see/read that 🙂 Thanks in advance.
Hey! Wanted to check if the results I’m getting are similar to yours. Using VPN L2TP on my UDM – latest firmware and controller. Connection is working fine but I’m only getting speeds up to 15mbs while my connection is 600/60mb. I was expecting speeds limited by my upload speed 60mbs. Device I am using VPN client on is on gigabit network so it shouldn’t be limiting the connection. What am I missing? Ubiquity boasts much higher speeds capable by UDM.
I don’t know how I can test this right now as I’m working from home these weeks and even if I go to the office I can’t connect to my VPN because all ports except 80/443 are closed.
I’ve just installed a dream machine pro and so far I’m really happy with it. I’m running in one issue: I want to use a printer (that uses Bonjour as protocol to be found) from my VPN client. Is there any way to do this? Bonjour doesn’t advertise (by default) via a L2TP VPN as far as I know.
Erst mal Danke für die Anleitung, hilft sehr. Aber: nach dem Setup gemäss Anleitung kommt die VPN-Verbindung zustande, ich kann den Router auf 192.168.0.1 anpingen und auch unseren Windows-Server auf .0.2, aber der Rest des Netzwerks bleibt unsichtbar für Ping oder Remote Desktop.
Bisher hatten wir einen Router ohne VPN, auf dem Server waren Routing und RAS Dienst aktiv mit entsprechendem Forward vom Router aus.
Irgendwo ist jetzt der Wurm drin, was haben wir übersehen?
Sorry, lost in translation yesterday as it seems. This is what I wrote:
We set up a new dream machine yesterday. Before that we had the server (windows server 2016) run RAS&Routing to do the VPN stuff. Now with VPN set up on the dream machine and RAS&Routing deactivated on the server, I get a connection from the outside and I can reach the router as well as the server via ping. The rest of the network remains unvisible, I can’t ping and can’t connect via RDP anymore.
What have we missed?
That is strange to me and I don’t know what could be the reason. Maybe someone can jump in and give you a good advice.
Have you set up a VPN on the Dream Machine Pro? I struggled with the setup firstly and then how to connect from home. see my post from today about connections to the Dream Machine using the built-in VPN on Windows 10. We originally had a microsoft remote webpage that we logged on to virtual machines at the church. That died and we got the Dream Machine and it was a steep learning curve. We finally prevailed and now everything works as planned and we can connect to the church servers via the Dream Machine VPN
I’ve tried retyping the shared secret and user password in both the server and the client multiple times, but I always get authentication failed. I must be missing something. I suspect it has something to do with the “secret” (as opposed to the shared secret). I just made up a secret, like I did for the shared secret, but it’s not entered anywhere else. Is it supposed to be the same as the shared secret? And instead of using a dynamic DNS, I’m just using my ISP’s assigned (current) IP address. I think that’s OK, because I get different errors if I use the wrong IP address in the client. Obviously, I’m a network novice. Is there some reading between the lines I’m not getting?
As I mentioned in my previous comment (which I don’t see yet). I tried multiple times and could not authenticate. So I tried going through the new interface using the instructions here: https://help.ui.com/hc/en-us/articles/115005445768-UniFi-USG-UDM-Configuring-L2TP-Remote-Access-VPN#2
…and it worked. I used essentially the same settings as in your article. I wonder if the latest firmware makes these instructions obsolete?
Hi Rob, Ubiquiti is constantly changing the interface and I really hope that they will stay finally with only one that is working good and to disable everything else as it is getting so confusing lately. Thanks for the tips.
will this work with Starlink?
Yes, why not! I see no reason not to work!
I thought I’d pass along some information that eluded me for a couple of months. I was having problems using the VPN feature on the Dream Machine Pro. After many hours and multiple tries, I finally stumbled upon the reason for my failure. I was able to login from my desktop at home to the Dream Machine using the same login for our onsite server but never able to replicate that login for my compatriot at the church. Additionally, my server login would not work on the VPN and neither would his…..after many tries, it finally dawned on me to type the server user name and a different password than the internal server and now the VPN magically works for every new user. And I’m not too sure but apparently the passwords on the Dream Machine Profiles cannot be duplicated so every one must be different. I’m guessing you have noticed I’m not a professional networking specialist and the online tutorials don’t mention any of these issues. Maybe this post will help someone like me who is struggling with the VPN hookup
Thanks
Bob
How to improve Network Control?