Do you know what is Smart Home with bad Wi-Fi the answer was my home until very recently. Now I bought the UniFi Dream Machine and I hope that everything is going to change for good.

UniFi Dream Machine – Things That No One Told You

What you will see in this article?

In todays article I will show you the brand new UniFi Dream Machine or UDM for short, then I will show you how you can setup the device.

After that I will show you some Pros and Cons of the product from my point of view.

And for dessert I will show you how to configure a VPN natively from the UniFi controller, so we can connect to our Smart Home from the outside. Using the native Desktop and Phone VPN clients. 

What is UniFi Dream Machine?

Wait a minute here! You may ask what is actually a UniFi Dream Machine?

And the simple answer is: The UniFi Dream Machine is not very cheap wireless router from a very popular brand named Ubiquiti.

But if we go a little bit deeper we will see that UniFi Dream Machine can replace four Ubiquiti products namely:

  • UniFi Security Gateway which Is a wired router and FireWall, and it is older and slower than UDM,
  • UniFi Cloud Key – this is a controller allows you to manage all of your network equipment,
  • Also a 4-ports switch – The closest one is the 5 port switch or 8-port switch,
  • Last, but not least – Wi-Fi Access Point, but not the cheapest AP that Ubiquiti have. More like the UAP nanoHD one which cost by itself more than the half of the Dream Machine price. 

From that perspective the UniFi Dream Machine looks like a steal and this is exactly how the Ubiquiti catch me in their net. 

And before we go further I just want to share that this article is not sponsored by Ubiquiti, so everything you will see here is purely my opinion and experience with the Dream Machine. 

Of course you can sponsor me by hitting the Subscribe, so hard that you will break the button. Actually I don’t recommend to hit anything, just a gentle click on the button will be OK.

Setting Up UniFi Dream Machine

The diagram below is showing how to initially set up a UniFi based Home or SOHO network and includes: UniFi Access Point (UAP), UniFi Switch (USW), UniFi Security Gateway (USG) and UniFi Cloud Key (UCK).

UniFi Based Network without Dream Machine
UniFi Based Network without Dream Machine

All of these four devices can be replaced with the one UniFi Dream Machine as you can see from the following diagram.

UniFi Based Network with Dream Machine
UniFi Based Network with Dream Machine

Of course there are some limitations in this setup for example:

UniFi Dream Machine is not designed to be mounted on the wall/ceiling or staying outdoor like some of the UniFi Access Points, but I’m pretty sure someone, somewhere will try some of these things.

But let’s see all of the Pros and Cons based on my humble opinion.

UniFi Dream Machine Pros and Cons

Time for Pros and Cons. I will start with the Cons, as I want to end this positively.

UDM Cons

  • No PoE ports – There are no PoE ports, at least one would be great, but no luck here. 
  • No Wi-Fi 6 support – so this device is not so future proof that I wanted to be.
  • Not perfect initial setup – I had several issues on the last step, so I have to start all over again 3 times and last one worked after power cycling the UDM. But I believe they will fix this with the future firmware updates that will come.
  • No possibility to do a MAC address clone – If your Internet Service Provider like mine is locking your MAC address and when you change your router you either have to call them or you have to clone the MAC address from your old router.
    Well as of now with UDM your only option is to do that call your ISP, because MAC address clone/spoofing is not possible. 
  • Fan inside UDM – There is a fan somewhere inside UniFi Dream Machine.
    For now I can only hear it when the UDM start and doing some initial checks. But you know what they say: “when there is a fan there are problems or at least noise”. I hope I’m not right here, but we will see.
    (I really don’t know if someone besides me is saying that about the fans, so you may not know what they say, because I just invented that, never mind let’s just continue the article). 
  • No JSON support to separate VLAN on WAN port yet! (Thanks Mark de Vaal from the YouTube channel for that)

I’ll stop with the cons list for now, but I will continue to add more in the video description and here in my website if they arise.

Let’s go to Pros now:

UDM Pros

  • WiFi coverage and speed is a real beast. 2 floors, Partially 3th floor and not big yard here all covered with a single Dream Machine. I’m amazed with that – hats down Ubiquiti you did a really good job here.
    My former routers (Linksys WRT 54gl (tomato fw), TP-LINK 1043 (openwrt fw), TP-LINK 4300 (openwrt fw) and my UniFi Ac Pro Access Point are not even close compared with the Deam Machine. 
  • 4 in 1 – The UniFi Dream Machine (UDM) offers an all-in-one solution setup which includes access point, security gateway, switch and Cloud Key capabilities. So you can simplify your network without loosing functionality and for better price.
  • 24/7 Global Support, articles, community – I know this is valid for all Ubiquiti products, but it’s worth to mention, because you receive free support great community and articles about everything you think of. You want VPN, no worries there is a very easy to follow official article, static IPs for the clients- yes, article, VLANs of course, connecting to your neighbor’s Wi-Fi – article. Come on Ubiquiti who does that?
    If I put joking aside it feels like really top notch premium experience that totally worth the few extra bucks that you have to pay for the Dream Machine.
  • Lack of major Cons – And One of the biggest Pros Is the lack of major cons. At the end of the day there are no major show stoppers and drawbacks at least for me. Also I knew about most of them before I buy the product and still this doesn’t stop me to buy it after all. 

Buying the UniFi Gear

If you are interested in buying any of the gear that I used in this video/article please consider using the affiliate links down below. I will receive a small commission with no additional cost for you.

Or look at my All in 1 page – https://www.amazon.com/shop/kpeyanski 

Setup a UniFi Dream Machine VPN server

Let’s setup a VPN server right from the UniFi web interface which is actually very easy to do. If you are using the New (Beta) settings of the UniFi controller switch back to the Classic Settings.

Go to Settings > click on the Classic Settings in the upper part of the screen.

Classic Settings are better to setup a VPN as the new (beta) settings of the UniFi are always changing.
Classic Settings are better to setup a VPN as the new (beta) settings of the UniFi are always changing.

Go to Settings > Services > Radius > Server tab > Enable RADIUS server and enter a Secret.

To enable the UniFi Dream Machine VPN or UDM Pro VPN or USG VPN you have to enable the Radius server.
To enable the UniFi Dream Machine VPN or UDM Pro VPN or USG VPN you have to enable the Radius server.

Next, go to the Users tab > Create New User and create at least one user with the following settings:

Of course the Name for the can be anything you like and not "Smash-the-subscribe" that I'm showing. You will use this in your VPN client to connect to the UniFi Dream Machine VPN.
Of course the Name can be anything you like and not “Smash-the-subscribe” as I’m showing here. You will use this Name in your VPN client to connect to the UniFi Dream Machine VPN.

After that go to the Settings > Networks > Create New Network > and select Remote User VPN to create the UniFi Dream Machine VPN and L2TP server.

Add the following in the corresponding fields:

Name: WHATEVER_YOU_WANT
Purpose: Remote User VPN
VPN Type: L2TP Server
Pre-Shared Key: <shared-secret>
Gateway IP/Subnet: 10.0.10.1/24
Name Server: Auto
RADIUS Profile: Default
MS-CHAP v2: Unchecked
Create a VPN network in UniFi Dream Machine of type L2TP with the Radius profile.
Create a VPN network in UniFi Dream Machine of type L2TP with the default Radius profile.

Have in mind that the The pre-shared key is a common password used to authenticate all VPN users to the UniFi Dream Machine VPN / L2TP Server.

That’s it, you now have a UniFi Dream Machine VPN Server and you can test it from your Desktop or your Phone, as I will show you in a minute (next sections).

Question for You!

What is your router model and brand that you are currently using?

Let me know your answers in the comment section below. Bonus points if you say that if you are happy with it or not so. 

Native MacOS VPN Client Setup

I will use the native macOS client to connect to the UniFi Dream Machine VPN server now. Of course you can use the Windows or the Linux one without any issues.

1. Simply go to System Preferences > Network on your computer.

2. Click the + button.

2.1 Interface: VPN

2.2 VPN Type: L2TP over IPsec

Configuring the native VPN client in MacOS
Configuring the native VPN client in MacOS

3. In Authentication settings enter the preshared key.

Enter the password and the Shared Secret
Enter the password and the Shared Secret

L2TP VPN doesn’t have a route distribution method. If the setting on the client device to route “all” traffic through the tunnel is not enabled, it will be necessary to add the manual routes on the client, to point to the UniFi Dream Machine local networks.

Or in other words just enable “Send all traffic over VPN connection” option in the “Advanced…” menu.

Enabling "Send all traffic over VPN connection" option.
Enable “Send all traffic over VPN connection” option if you have any issues

Native Windows VPN Client Setup

If using a Windows machine to connect to UniFi Dream Machine L2TP VPN (same is valid for USG), follow these steps to set it up in Windows 10 and probably in Windows 8.1

1. Go to Settings

2. VPN > Add VPN connection

3. See the following screenshot and fill the information requested.

Pasted_image_at_2017_09_22_03_39_PM.png
Enter the VPN Credentials in Windows

Windows Authentication Setup

  1. Go to Control Panel > Network & Sharing settings > Change Adapter Settings.
  2. Right-click the L2TP adapter, then go to Properties > Security.
  3. Under Type of VPN, select  Layer 2 Tunneling Protocol with IPsec.
  4. Click Advanced Settings. Select preshared key for authentication and enter it.
  5. Make sure to have the option of Allow these protocols enabled and mark the checkbox for Check Microsoft CHAP Version 2 (MS-CHAP v2), as shown in the screenshot below.
UniFi Dream Machine - Things That No One Told You 1
Enable Microsoft CHAP Version 2

Windows requires a registry tweak in order to use L2TP w/ PSK.
So open your Command Prompt as Administrator and add the following key:

REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f

And then reboot your Windows.

Native iOS VPN Client Setup

Let’s also try to connect to the VPN from an iOS device.

Go to Settings > VPN > Add VPN Configuration.

For the Type select L2TP and enter you Server, Account, Password and shared Secret.

Configuring iOS VPN client to connect to the UDM VPN server
Configuring iOS VPN client to connect to the UDM VPN server

When you are ready click Done. And try to connect. If it stays green and you can able to reach your Home stuff while you are on mobile data, then everything is fine and you are in the VPN game.

Support My Work

Any sort of engagement on this website or with my YouTube channel does really help out a lot, so make sure you hit the subscribe, Like and Bell buttons If you enjoy the video.

Also feel free to add me on Twitter by searching for @KPeyanski.  You can find me on my Discord server as well.

I really hope that you find this information useful and you now know what is UniFi Dream Machine, how to setup it, how to configure a VPN natively, and the pros and cons of this device.

Thank you for reading,  stay safe and see you next time.


40 Comments

Evan McCann · 03/06/2020 at 11:35 pm

Good write up! Handy to have the screenshots of the VPN setup, I should have done that too. Cheers.

    Kiril Peyanski · 03/06/2020 at 11:39 pm

    Thank you Evan, Glad you like it. If you have some issues with the VPN setup – write here or in my Discord server. I will try to help.

      Evan McCann · 04/06/2020 at 1:06 am

      Thanks! Maybe I should have been clearer, I was referring to my own review here: https://www.evanmccann.net/blog/unifi-dream-machine-review

      I wish it wasn’t limited to just L2TP, and I wish the reporting of VPN users/usage/etc was better in the controller, but I’m still loving my UDM so far. Cheers.

        Kiril Peyanski · 04/06/2020 at 8:17 am

        Very nice article! I can put a link to it in my article if you do the same in yours 😉 I also love the blog will look around in details later.

    Mark Olbert · 23/03/2021 at 7:09 pm

    Great write up, thanx for the detail and the screen shots! I’ve gotten everything to work so I can access my Windows desktop from iOS via VPN but, oddly enough, I can’t get the same thing to work from my Windows laptop. The VPN connection comes up, but the RDC connection fails. It looks like there’s some kind of routing problem (i.e., the desktop is on 192.168.1.x while the VPN subnet is 192.168.5.x — name resolution works because the VPN gateway is also the LAN DNS server but I suspect the connection isn’t jumping across. Any idea how to fix that?

am123 · 09/06/2020 at 6:52 am

I was using a Linksys WRT1900ACS with a 1Gbps fiber connection. Now testing the UDM, mainly because of IDS / IPS integration and the faster processor.

    Kiril Peyanski · 09/06/2020 at 7:27 am

    Good, are you happy with the results so far?

Allen · 09/11/2020 at 8:21 pm

Is there an article that explains the process of adding in the UDM to an existing network with a USG and cloud key and then how to remove those devices?

Richard · 05/12/2020 at 4:43 pm

I was looking at this, the USG or the EdgeRouter. My main concern here is the fan, with secondary concern the lack of support for those JSON files. How have you found getting on with yours? Do you have it in a place where fan noise may be a problem?

    Kiril · 07/12/2020 at 12:16 am

    Fan is not a problem on UDM at least for now. I’ve heard it just 4-5 times till the moment when the room temp was very hot and under heavy load transferring 200-300GB of small files over the network.

Will · 13/12/2020 at 2:43 am

Does the VPN provide the same security and privacy as say Express VPN? Is this the same concept?

    KIril · 13/12/2020 at 9:12 am

    Yes it does. And yes the concept is the same. The only difference in my opinion is that some paid VPNs offer possibility to change your location. For example to simulate that you are in the USA when you’re actually somewhere in Asia.

Patrick Slattery · 31/12/2020 at 6:06 pm

Thanks for the VPN instructions. I followed your steps for the vpn setup through the controller and I got to step 3, but on my settings there is no VPN section….. Have UNIFI taken away this feature?

    Kiril · 03/01/2021 at 1:30 pm

    Hi Patrick, it seems that UniFi constantly update their new (beta) settings.

    Kiril · 06/01/2021 at 10:46 am

    I have updated the article with the classical settings and now the VPN part should be OK

Juan · 20/01/2021 at 1:15 am

Hi, I was wondering if you have similar instructions to setup the UDM with the use of any of the standard VPN providers (i.e. NordVPN, ExpressVPN, etc).

    Kiril · 20/01/2021 at 8:44 am

    Hi Juan, I don’t have instructions for NordVPN or ExpressVPN, but I believe that you can contact the support of these products. They should be happy to help as you actually paying them for their service. That is the best advice that I can think of. Good luck.

Ken · 28/01/2021 at 8:47 pm

Nice tutorial. One hiccup– in the setting up of the VPN user, the values for the fields that you list is Gateway IP/Subnet: 10.0.10/24. It should be Gateway IP/Subnet: 10.0.10.1/24. You dropped the ‘1’ before the slash..

    Kiril · 29/01/2021 at 7:40 am

    Hi Ken, thank you very much about the good words and the hiccup – it is fixed already. BTW did this article manage to help you to set the VPN?

Matt · 04/02/2021 at 6:27 pm

Hey man. Thanks for the great setup tips. I believe I have everything setup right but I am getting a connection error from my laptop when trying to access the VPN. Specifically, “attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.” I am not sure I have the host name correct. Any ideas would be helpful. Thanks!

    Kiril · 04/02/2021 at 9:51 pm

    Hey Matt, hostname is very important and could be the reason why you cannot connect. Can you try with IP instead of hostname or to double check the hostname?

Girts · 17/02/2021 at 8:20 pm

Regarding VPN set up, is it possible to make it work behind Nat? I’m forced to use isp modem/router.
I have forwarded ports 1812 1813 500 4500 but still cannot make it work…
When scanning ports none of mentioned ones is open on udmp.

    Kiril · 18/02/2021 at 1:12 pm

    The ports should be opened and your IP accessible from any remote networks (Internet) in order the VPN to work.

FRiC · 20/02/2021 at 5:13 pm

Good write-up. But you only need the registry change if the VPN server is behind NAT. Not related to PSK.

    Kiril · 22/02/2021 at 11:11 pm

    Can you share a link where I can see/read that 🙂 Thanks in advance.

Wojtek · 22/02/2021 at 10:05 pm

Hey! Wanted to check if the results I’m getting are similar to yours. Using VPN L2TP on my UDM – latest firmware and controller. Connection is working fine but I’m only getting speeds up to 15mbs while my connection is 600/60mb. I was expecting speeds limited by my upload speed 60mbs. Device I am using VPN client on is on gigabit network so it shouldn’t be limiting the connection. What am I missing? Ubiquity boasts much higher speeds capable by UDM.

    Kiril · 22/02/2021 at 11:19 pm

    I don’t know how I can test this right now as I’m working from home these weeks and even if I go to the office I can’t connect to my VPN because all ports except 80/443 are closed.

Martin · 15/03/2021 at 7:09 pm

I’ve just installed a dream machine pro and so far I’m really happy with it. I’m running in one issue: I want to use a printer (that uses Bonjour as protocol to be found) from my VPN client. Is there any way to do this? Bonjour doesn’t advertise (by default) via a L2TP VPN as far as I know.

Nico · 17/03/2021 at 5:55 pm

Erst mal Danke für die Anleitung, hilft sehr. Aber: nach dem Setup gemäss Anleitung kommt die VPN-Verbindung zustande, ich kann den Router auf 192.168.0.1 anpingen und auch unseren Windows-Server auf .0.2, aber der Rest des Netzwerks bleibt unsichtbar für Ping oder Remote Desktop.
Bisher hatten wir einen Router ohne VPN, auf dem Server waren Routing und RAS Dienst aktiv mit entsprechendem Forward vom Router aus.
Irgendwo ist jetzt der Wurm drin, was haben wir übersehen?

    Nico · 18/03/2021 at 10:46 am

    Sorry, lost in translation yesterday as it seems. This is what I wrote:
    We set up a new dream machine yesterday. Before that we had the server (windows server 2016) run RAS&Routing to do the VPN stuff. Now with VPN set up on the dream machine and RAS&Routing deactivated on the server, I get a connection from the outside and I can reach the router as well as the server via ping. The rest of the network remains unvisible, I can’t ping and can’t connect via RDP anymore.
    What have we missed?

      Kiril · 23/03/2021 at 9:28 pm

      That is strange to me and I don’t know what could be the reason. Maybe someone can jump in and give you a good advice.

      shallowfish · 16/02/2023 at 6:56 pm

      Have you set up a VPN on the Dream Machine Pro? I struggled with the setup firstly and then how to connect from home. see my post from today about connections to the Dream Machine using the built-in VPN on Windows 10. We originally had a microsoft remote webpage that we logged on to virtual machines at the church. That died and we got the Dream Machine and it was a steep learning curve. We finally prevailed and now everything works as planned and we can connect to the church servers via the Dream Machine VPN

Rob · 04/04/2021 at 6:43 pm

I’ve tried retyping the shared secret and user password in both the server and the client multiple times, but I always get authentication failed. I must be missing something. I suspect it has something to do with the “secret” (as opposed to the shared secret). I just made up a secret, like I did for the shared secret, but it’s not entered anywhere else. Is it supposed to be the same as the shared secret? And instead of using a dynamic DNS, I’m just using my ISP’s assigned (current) IP address. I think that’s OK, because I get different errors if I use the wrong IP address in the client. Obviously, I’m a network novice. Is there some reading between the lines I’m not getting?

Rob · 04/04/2021 at 9:31 pm

As I mentioned in my previous comment (which I don’t see yet). I tried multiple times and could not authenticate. So I tried going through the new interface using the instructions here: https://help.ui.com/hc/en-us/articles/115005445768-UniFi-USG-UDM-Configuring-L2TP-Remote-Access-VPN#2

…and it worked. I used essentially the same settings as in your article. I wonder if the latest firmware makes these instructions obsolete?

    Kiril · 10/04/2021 at 12:07 am

    Hi Rob, Ubiquiti is constantly changing the interface and I really hope that they will stay finally with only one that is working good and to disable everything else as it is getting so confusing lately. Thanks for the tips.

Tony · 25/10/2022 at 6:34 pm

will this work with Starlink?

    KIril Peyanski · 25/10/2022 at 7:47 pm

    Yes, why not! I see no reason not to work!

Shallowfish · 16/02/2023 at 6:48 pm

I thought I’d pass along some information that eluded me for a couple of months. I was having problems using the VPN feature on the Dream Machine Pro. After many hours and multiple tries, I finally stumbled upon the reason for my failure. I was able to login from my desktop at home to the Dream Machine using the same login for our onsite server but never able to replicate that login for my compatriot at the church. Additionally, my server login would not work on the VPN and neither would his…..after many tries, it finally dawned on me to type the server user name and a different password than the internal server and now the VPN magically works for every new user. And I’m not too sure but apparently the passwords on the Dream Machine Profiles cannot be duplicated so every one must be different. I’m guessing you have noticed I’m not a professional networking specialist and the online tutorials don’t mention any of these issues. Maybe this post will help someone like me who is struggling with the VPN hookup
Thanks
Bob

UniFi Releases · 14/08/2023 at 4:43 pm

How to improve Network Control?

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *