[chunkyks]

The hilarity that goes with this is that their VPN has been broken for years - android and iPhone both deprecated protocols that were considered insecure, but ubiquiti hasn't seen fit to add any others. It has been years.

Their security posture is trash, which is unfortunate for a company that plays a central role in security

[SparkyMcUnicorn]

Yeah, I use Tailscale instead: https://github.com/SierraSoftworks/tailscale-udm

[cmsj]

I love Tailscale, but you are really then just substituting one company's remote access for another's. I'm quite certain that TS are more capable of creating a secure system than Ubiquiti are, but still, the principle of not trusting others with access to your network, is violated by TS.

[michaelnoguera]

I agree that enabling any form of remote access controlled by a third party increases attack surface, but I also feel like Tailscale has earned more of my trust than other vendors with the quality of their past security responses.

https://news.ycombinator.com/item?id=33695886

(If anyone has examples of Tailscale incidents ending badly please share and I’ll update my trust accordingly, but to date I haven’t heard any.)

[fragmede]

That incident ended badly for anyone that had a Windows box and got 0wned. Tailscale's response was good, but my trust in the software they produce was damaged by that incident. I'm a current Tailscale user (esp with their AppleTV app), but that incident wasn't good.

[SparkyMcUnicorn]

It works with Headscale.

https://github.com/juanfont/headscale

[InTheArena]

Just stop.

OpenVPN and Wireguard work fine. I am using it right now.

[chunkyks]

I have a USG Pro 4. Which is still purchasable from their website, not yet EOL, nominally still supported. The only firmware update in the last two years was to fix a security issue, and didn't include support for updated VPNs.

Release notes history is here: https://www.ui.com/download/software/usg-pro-4

The wireguard of which you speak is only available on their "next gen" gateways, ie, not the full set of gateways currently "supported": https://help.ui.com/hc/en-us/articles/12594825307927-UniFi-G...

It's now been three years since at least some of the forum threads started expressing concern: https://community.ui.com/questions/L2TP-unsecure-update-to-I...

From my perspective, they have failed catastrophically to do what I perceive as the pivotally important parts of their job, without which the rest of it is pointless. So, while you say "Just stop", I say "Why the hell should this company be trusted with anything network-related, if they can't do bare-minimum-required security stuff?"

[WillPostForFood]

https://help.ui.com/hc/en-us/articles/7951513517079-UniFi-Ga...

They do now support Wireguard and OpenVPN in addition to L2TP. OpenVPN looks like it is only available on newer hardware though.