Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Connecting to a Ubiquiti Unifi VPN with a Linux machine
This guide assumes that you have already set up a Ubiquiti Unifi VPN following the guide:
To configure a Linux machine to be able to connect remotely I followed these steps. This guide was written for Debian 8.
- In Debian install the "xl2tpd" and "strongswan" packages.
- Edit /etc/ipsec.conf to add the connection:
# Replace IP address with your VPN server's IP
- Edit /etc/ipsec.secrets to add the secret key for this connection:
- Edit /etc/xl2tpd/xl2tpd.conf to add this connection:
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client-YOURVPNCONNECTIONNAME
length bit = yes
- Create the file /etc/ppp/options.l2tpd.client-YOURVPNCONNECTIONNAME:
idle 1800
mtu 1410
mru 1410
# Uncomment if you want to use the DNS servers of the VPN host:
logfile /var/log/xl2tpd.log
connect-delay 5000
password "VPNPASSWORD"
- Now to connect to the VPN create a script:
echo "Connecting to VPN..."
echo "c YOURVPNCONNECTIONNAME" > /var/run/xl2tpd/l2tp-control
sleep 10
# To have all internet traffic routed through the VPN uncomment:
#ip route add default dev ppp0
# To only have a remote subnet routed through the VPN uncomment
# (this line assumes the remote subnet you want routed is and the remote VPN end is
ip route add via dev ppp0
- And to disconnect to the VPN create a script:
ip route del default dev ppp0
ip route del dev ppp0
echo "d YOURVPNCONNECTIONNAME" > /var/run/xl2tpd/l2tp-control
service xl2tpd restart
- Note that for these scripts I am assuming that the remote subnet we are interested in is
and the remote VPN gateway address is
- You can also decide which line to uncomment based on if you want all traffic to be routed through the VPN
or to just route connections to the subnet.
- If you want all traffic routed through the VPN you may want to uncomment the "usepeerdns" line in
/etc/ppp/options.l2tpd.client-YOURVPNCONNECTIONNAME so that DNS traffic flows through the VPN rather
than going to the local DNS server.

This comment has been minimized.

Copy link

@brett-kimball brett-kimball commented Feb 10, 2019

Nice example, it worked great. One additional option I found useful, especially if multiple VPN connections are required, is to specify the ppp interface name manually by adding the following to /etc/ppp/options.l2tpd.client-YOURVPNCONNECTIONNAME:


Then modify the connect/disconnect scripts to utilize the interface name instead of the default "ppp0".


This comment has been minimized.

Copy link

@JnMik JnMik commented Feb 19, 2019

Hello guys,

In file, on that line :

ip route add default dev ppp0

I end up with Cannot find device "ppp0".
Not quite sure what to do from here, does it have anything to do with pptp software ?

  • Ubuntu 16.04.3

This comment has been minimized.

Copy link

@pjbisset pjbisset commented May 11, 2020

I have the same issue as JnMik - for us newbies there must be something missing here. How is the interface ppp0 created?


This comment has been minimized.

Copy link
Owner Author

@nahall nahall commented May 11, 2020

It will give the error message "Cannot find device ppp0" if it was not successful connecting to the VPN. Check syslog for the messages about establishing the VPN link. If you want to reset everything and try again, run:

/etc/init.d/ipsec restart
/etc/init.d/xl2tpd restart

and then watch the log as you bring the VPN up.

But, I will also tell you that the VPN software on Unifi continues to be really flaky. Sometimes it gets in a weird state on the Unifi end where you need to SSH on to the Unifi and run "restart vpn" and then reconnect from your client. So if you used to be able to connect OK but are now getting this "Cannot find device ppp0" error, reset the vpn on Unifi's side and see if it can reconnect. This seems to happen a lot more often when there are Windows clients involved, and I've had much better success when only Linux clients connect to the VPN. But personally I've kind of given up on Ubiquiti fixing it and have switched my main VPN to use Wireguard instead. It is so much better and I highly recommend it. It is a little work to set up but once it is set up, it just works. I know you can get it to work on the Unifi device but I just have mine running on that end on a Raspberry Pi that also runs PiHole.


This comment has been minimized.

Copy link

@pjbisset pjbisset commented May 11, 2020

Thanks - tried using networkmanager and strongswan and still get failed connection. Complains about encryption algorithm 3des_CBC not supported. I'm following the Ubiquiti doco page, but it does look like there is something wrong with their end. It is a little beyond my troubleshooting ability, so might investigate your suggestion. Thanks again.

One last update done the day after. Just tried connecting using my android phone's VPN service and it worked. So issue is on my Linux PC. Thanks again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.