How-to Ubiquiti Unifi Security Gateway (USG) Cloudkey VPN without Radius server (local users)

I wanted to use VPN without mandatory installing a Radius server. This is possible with an Ubiquiti USG if you follow the following instruction strictly:

https://help.ubnt.com/hc/en-us/articles/204953054-UniFi-USG-Remote-User-VPN-with-Local-Users

Read this official instruction before you continue reading mine. It’s very important you understand and follow the instruction step by step. I strongly advice to create a ticket with Ubiquiti support  https://help.ubnt.com/hc/en-us/requests/new because no system, network and circumstances are the same. Also instructions change very fast because of the updates. If you don’t know what to do, ask for help. The version when I installed VPN was 5.3.8 and when created this document 5.4.11.

1. Create config.gateway.json file

First your create a textfile with filename ‘config.gateway.json’. Be aware you don’t have any other extension (for eg. txt or other, it has to be .json)

Content of this textfile :

{

    “vpn”: {

        “pptp”: {

            “remote-access”: {

                “authentication”: {

                    “local-users”: {

                        “username”: {

                            “user1”: {

                                “password”: “password1”

                            },

                            “user2”: {

                                “password”: “password2”

                            }

                        }

                    },

                    “mode”: “local”

                }

            }

        }

    }

}

 

Save this as config.gateway.json. In this example two users were created: user1 with password password1 and user2 with password password2. Change this in something you want.

2. WinSCP

Download and install WinSCP.

Start WinSCP and connect to the IP address of your Cloudkey. Use the credentials (username/password) of your Cloudkey to login.

Go to the directory /srv/unifi/data/sites/default (or how you named your site).

Copy here the created config.gateway.json.

3. Create network for VPN

Go to settings in Unifi and click Networks, click CREATE NEW NETWORK.

Fill in the information like shown below and click on CREATE NEW RADIUS PROFILE.

Fill in the information like below:

You can use the information like mentioned in the instructions of Ubiquiti (link top of the page)i. Click on SAVE and click again on SAVE.

When the USG completed it’s provisioning you will be able to use VPN with using the username/password you created.