Is there a way to route YouTube TV traffic through a Magic Site VPN? Policy routing only shows the single WAN connection on the UDR and not any remote gateways. Does the other Site to Site options have those ability?
Hello! Thanks for posting on r/Ubiquiti!
This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.
Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.
If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
No, It might be possible with a CLI-hack… But Site Magic, is literally site-2-site… even the IPSec VPN has the same issue.
If you want to route adhoc internet traffic or specific apps, you need to use the Client-Server VPNs. For example set-up a Wireguard Server on the UDR/UXG/etc where you want to route the traffic through, then configure the Wireguard Client on the UDR/UXG where you are routing from… Then use policy based routing.
I do find it a bit ludicrous, but UBNT do seem to be investing heavily is building out these features… So who know, in 6-12 months they may have this fixed.
What’s the reason you want to do this? Is this to access blacked out sporting events?
I use Palo Alto Global protect to tunnel YouTube TV. Even doing that, the device you use needs to be a simple browser. If you’re trying to use a phone or tablet, they have so much crap that can triangulate your location that it makes it hard to appear elsewhere.
Yeah, I was hoping to see if anyone knew of a CLI route add override for specific client address to remote gateway. This is on a LG WebOs TV. So I guess I will look to see if they have a wireguard vpn or IPSec vpn client on the TV.
Pretty much. My daughter lives in NYC, while I am in Philly. Only watches TV for our teams.
Looks like at least the client side vpn from her UDR to my UDM as the server will allow me to create a policy route through the VPN, even while having the magic site to the site tunnel up. I use that to make backups of her PC to my server.
You don’t need to… You must have 2 Unifi devices, to use Site Magic. So you set Wireguard server on Unifi device #1, then setup as Wireguard client on Unifi device #2,.
You then add rules, so any traffic hitting device #2, from you TV or Laptop going to Destination X, or using App Z, gets routed over the Wireguard VPN.
So don’t use site magic and use client vpn on remote unifi to host unifi and use traffic rules to specify what goes from remote to host network. Then, everything else goes out to the default gateway.
Its one-way, if you want bi-directional, then you set-up the same again, but reverse it, i.e. So where you set-up the original client, you now also add a server… And add a client to where you setup the original server
Then use Policy Based Routes:
https://help.ui.com/hc/en-us/articles/12566175125783-UniFi-Gateway-Policy-Based-Routes
This was exactly what I think I needed. Surprised that the policy routes can’t be defined on the SIte 2 Site Magic. Maybe, as you said, we will get it in the future. This has already been everything I hoped to get when the UDM platforms first came out. Having some SD-WAN flexibility allows for scenarios I never even dreamed of at home.
It looks like even with the site 2 site magic VPN, for my other traffic, adding a wireguard VPN client on the remote UDR, where the TV is, the routers are allowing that VPN to come up. I set up the policy route for all traffic from TV to get routed through the client VPN to my home network (doesn’t show the client VPN as a destination in the android app, need to use webui) and now await confirmation when the kiddo comes home from work.
Yeah this is the biggest problem they have with Site Magic - they assumed the Unifi router would manage all subnets and routing… But this is frequently not the case, at least in business environments…
They are currently on a drive to capture more of the business market…So they have to start paying attention to this gaps… and from what I’ve seen recently, they are doing exactly this.