Ubiquiti Security Gateway USG Controller Override
15 Jun 2019I have a few Ubiquiti Security Gateways (USG) deployed at remote sites, and I have some basic UniFi controller configs I can push centrally to these devices.
Ubiquiti allows central override of the JSON configuration from the controller1 by editing the config.gateway.json on the controller:
- Set up the USGs, and connect them to the controller. Ensure the necessary ports are open on the controller, and that basic config changes are pushed correctly to the USGs.
- Create the OpenVPN configs, and put the DDNS update script in place on the devices.
- Create
/usr/lib/unifi/data/sites/(sitename)/config.gateway.jsonas follows:{ "interfaces": { "openvpn": { "vtun0": { "description": "OpenVPN server", "encryption": "aes256", "hash": "sha256", "mode": "server", "openvpn-option": [ "--port 1194", "--tls-server", "--comp-lzo yes", "--persist-key", "--persist-tun", "--keepalive 10 120", "--user nobody", "--group nogroup" ], "server": { "name-server": [ "192.168.40.1" ], "push-route": [ "192.168.1.0/24" ], "subnet": "192.168.40.0/24" }, "tls": { "ca-cert-file": "/config/openvpn/demoCA/cacert.pem", "cert-file": "/config/openvpn/server.pem", "dh-file": "/config/openvpn/dh2048.pem", "key-file": "/config/openvpn/server-decrypted.key" } } } }, "system": { "task-scheduler": { "task": { "ddns": { "executable": { "path": "/config/dnsmadeeasy.sh" }, "interval": "10m" } } } } } - Confirm the json file parses on the controller.
python -m json.tool config.gateway.json