This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.
Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.
If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!
So first thing, yes you will need some sort of gateway. A USG will work or you can add another firewall.
Second, you can us a Dynamic DNS service to get around this. Noip is one I can think of.
Third, your LTE router will need to be in a bridge or passthrough mode for this to work. Check with the manufacturer on the best way to set this up. For example, Comcast no longer recommends bridge mode but instead an advanced mode that basically just shuts off the firewall.
Finally, depending on your provider, you may be behind a CGNAT which will hose you from the start and there is no real way around it. I would check with them before even getting started.
You need a Unifi gateway to use the controller to manage a VPN I would assume. A switch has no ability to host a VPN. If you buy a gateway then you should use your LTE router as a bridge and use the USG as your router. I use my domain for my VPN and I have ddclient on a VM that updates the DNS every 5 min. I think a USG has ddns update capability (YM UDMP does but I don't use it, I assume the USG would too) so you might not need anything else.
First, if you're behind LTE, chances are that you're behind a CGNAT, which is basically Double-NAT, but using 100.64.0.0/10 as the network in front, instead of 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16. What this means is that you can't port forward or host services due to how the network is architected. You can push outbound traffic from your network (Access the internet normally), but you can't get any traffic that didn't originate from your network (VPN, any type of server hosting) if that makes sense.
Like u/zerphtech said, you can get around the dynamic IP problem by using dynamic DNS, but this only works if you have a public IP address.
On the hardware assuming you're able to get a public IP, a USG would work, but keep in mind that that hardware is really old, equivalent to an *EdgeRouter Lite*. USG Pro 4 is equivalent to an EdgeRouter 8 Pro without a couple of ethernet ports (Still really old). I really have no idea why they're still selling them; they're delisted, but if you search for them in the UI store, you'll find them.
If you can, get an EdgeRouter 4. You won't have the single pane of glass, but it's beefier for VPN with hardware acceleration, at least for IPsec.
Hello! Thanks for posting on r/Ubiquiti!
This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.
Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.
If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
So first thing, yes you will need some sort of gateway. A USG will work or you can add another firewall.
Second, you can us a Dynamic DNS service to get around this. Noip is one I can think of.
Third, your LTE router will need to be in a bridge or passthrough mode for this to work. Check with the manufacturer on the best way to set this up. For example, Comcast no longer recommends bridge mode but instead an advanced mode that basically just shuts off the firewall.
Finally, depending on your provider, you may be behind a CGNAT which will hose you from the start and there is no real way around it. I would check with them before even getting started.
You need a Unifi gateway to use the controller to manage a VPN I would assume. A switch has no ability to host a VPN. If you buy a gateway then you should use your LTE router as a bridge and use the USG as your router. I use my domain for my VPN and I have ddclient on a VM that updates the DNS every 5 min. I think a USG has ddns update capability (YM UDMP does but I don't use it, I assume the USG would too) so you might not need anything else.
First, if you're behind LTE, chances are that you're behind a CGNAT, which is basically Double-NAT, but using 100.64.0.0/10 as the network in front, instead of 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16. What this means is that you can't port forward or host services due to how the network is architected. You can push outbound traffic from your network (Access the internet normally), but you can't get any traffic that didn't originate from your network (VPN, any type of server hosting) if that makes sense.
Like u/zerphtech said, you can get around the dynamic IP problem by using dynamic DNS, but this only works if you have a public IP address.
On the hardware assuming you're able to get a public IP, a USG would work, but keep in mind that that hardware is really old, equivalent to an *EdgeRouter Lite*. USG Pro 4 is equivalent to an EdgeRouter 8 Pro without a couple of ethernet ports (Still really old). I really have no idea why they're still selling them; they're delisted, but if you search for them in the UI store, you'll find them.
If you can, get an EdgeRouter 4. You won't have the single pane of glass, but it's beefier for VPN with hardware acceleration, at least for IPsec.