A virtual private network (VPN) allows a client to join a network remotely via an encrypted connection. VPNs offer many benefits:
- Securely share resources between multiple office branches, or grant access to network resources from a remote location.
- Moderate activity and impose network-specific traffic and routing policies for remote connections.
- Mask IP addresses when accessing the internet.
UniFi supports several types of VPNs. This article will outline their specific benefits and use cases.
Note: A UniFi gateway is required to use the VPNs profiled below.
Teleport is a one-click VPN that allows clients to remotely connect to networks hosted by a UniFi gateway via the WiFiman mobile app (iOS / Android). With WiFiman, you can remotely access local network resources, like connected storage drives. Utilizing Wireguard VPN technology, Teleport delivers reliable, high-speed connectivity and requires zero configuration. We recommend Teleport for most users seeking to set up a VPN.
A VPN server also allows clients to remotely connect to a network hosted by a UniFi gateway. Unlike Teleport, you must configure your UniFi gateway and the clients that will be using the VPN. We only recommend setting up a VPN server if you need to connect remote clients that cannot use the WiFiman mobile app. Otherwise, Teleport is likely a more suitable option because of its streamlined configuration and reliably high performance.
For more information, see Configuring Remote Access VPNs (VPN Server).
Site-to-site VPNs connect multiple sites with an encrypted “VPN tunnel” to create a single secure connection between all ‘local’ networks. This is perfect for two-way resource sharing across multiple locations. As such, site-to-site VPNs are primarily used by larger organizations that span multiple locations. They are not recommended for most home users.
For more information, see Configuring Site-to-Site VPNs.
This VPN sends some, or all, of your network traffic through a third-party VPN server. This is useful for those that prefer to mask their public IP addresses while they access the internet.
VPN Client also allows devices that don’t natively support VPN usage to connect to one. For example, when configuring a UniFi VPN server, we mentioned that each connected client must be configured individually. This isn’t a problem for most smartphones, laptops, or PCs, but some clients, like IoT devices or smart TVs, are not designed to remotely connect to other networks. VPN Client circumvents this by allowing your UniFi gateway to send their traffic through the VPN, instead of the devices themselves.
|Teleport||VPN Server||Site-to-Site||VPN Client|
|Purpose||Allow users to remotely connect to a local network and access network resources (e.g., a local storage drive).||Allow users to remotely connect to a local network and access network resources (e.g., a local storage drive).||Combine multiple sites to create a single, secure connection allowing two-way resource sharing.||Direct local network client traffic through a third-party VPN server to mask their IP addresses and/or locations.|
|Recommended Users||Users connecting to their home network from a different location.||Remote employees connecting to their company’s network from home.||Office employees connecting to other branch networks.||Network administrators sending specific network traffic through a third-party VPN server.|
|One-click VPN that requires zero-configuration.||Set up on a UniFi gateway. Each connected client must be individually configured.||A gateway at each connected site must be configured.||UniFi gateways must be loaded with a configuration file provided by the third-party VPN provider.|
|How Users Connect||Each client has its own connection with the UniFi gateway.||Each client has its own connection with the UniFi gateway.||Users share the same connection that tethers multiple sites.||The UniFi gateway establishes a single connection with the third-party VPN.|