IPSEC UDMPro to Linode

Linode Network Configuration
Linode Instances Information:

vpn.gotlabs.net: Public/Private IP on interface 0, Private IP on interface 1 (eth1)
guac.gotlabs.net: Public/Private IP on interface 0, Private IP on interface 1 (eth1)
ca.gotlabs.net: Public/Private IP on interface 0, Private IP on interface 1 (eth1)
Local Network Connectivity Issues: and can ping each other.
However, neither can ping, and can't ping or

Is the current network configuration on Linode correct? We aim to give each machine both a public-facing IP and a private address of Are there better ways to achieve this on Linode?
VPN Connectivity Issues
Network Details:

Linode Side:
UDM Pro Side:
UDM Pro Side:

Clients can ping the VPN server at
However, they cannot ping other hosts within the subnet, despite the entire subnet being advertised via the VPN.
Linode Side:

The VPN server at can ping all UDM Pro clients.
Yet, clients on the Linode side cannot ping any UDM Pro hosts.
Request for Insight:

I've attached the StrongSwan VPN configuration for the server.
Also, I've included a screenshot of the UDM Pro configuration with the public IPs masked.
Any thoughts or suggestions on these issues? Is our approach for setting up the VPN between the UDM Pro and Linode networks appropriate, or should we consider alternatives?

Here is the openswan ipsec.conf file

netadmin@vpn:/etc$ cat ipsec.conf

ipsec.conf - strongSwan IPsec configuration file
basic configuration
config setup
conn devgateway-to-prodgateway
left=x.x.x.x #Public IP Linode
right=y.y.y.y #Public IP UDM Pro

4 Replies

It appears that you're currently grappling with network configuration and connectivity challenges involving your Linode instances and your Unifi Dream Machine Pro through IPSec. While I can't physically implement and test solutions for you, after carefully reviewing your concerns, I've identified several potential areas that might be causing these issues. I've organized these into sections for clarity.

Local Linode Network Connectivity Issues:

Based on the details you've provided, it seems that there could be some connectivity issues among your Linode instances within the local network. Specifically, you've mentioned that while and can successfully ping each other, is unable to ping or, and the reverse is also true. This suggests the presence of a possible underlying network configuration issue.

Regarding your current network configuration on Linode, it seems you're aiming to grant each machine both a public-facing IP and a private address within the subnet. However, it's worth exploring whether there might be more optimal methods to achieve this on the Linode platform.

It appears that you're working toward establishing a network setup where each machine possesses both a public-facing IP and a private address within the subnet. To address the connectivity issues, a closer examination of your current configuration is necessary to identify and rectify any potential misconfigurations that could be causing these disruptions.

VPN Connectivity Issues:

Your description indicates that you're currently contending with connectivity challenges related to a site-to-site VPN setup between your Linode network ( and a UDM Pro network ( Notably, clients within the UDM Pro network can successfully ping the VPN server located at However, these clients are encountering difficulties when trying to ping other hosts within the subnet, even though the entire subnet is being advertised through the VPN. Similarly, clients on the Linode side are encountering obstacles when attempting to ping UDM Pro hosts.

You've graciously shared the StrongSwan VPN configuration pertaining to the server. Regrettably, there's no accompanying screenshot for the UDM configuration. Based on the provided StrongSwan configuration, it appears that you've appropriately configured it to facilitate the establishment of a tunnel between the Linode and UDM Pro networks. For the sake of completeness, I'm assuming that the UDM configuration aligns with the expected settings.

Recommended Steps:

Given the intricacies of the issue and the multifaceted configurations involved, it would be good to meticulously review your firewall rules and routing configurations. Ensuring that the requisite ports are open to facilitate the flow of VPN traffic across all devices and interfaces is crucial. It's worth noting that with the limited information available to me, I'm unable to pinpoint the precise source of the problem.

Although I wasn't able to find a precise video or online document that directly illustrates your specific use case, I've curated a selection of valuable resources that you might find beneficial:

UniFi Gateway - Site-to-Site IPsec VPN

EdgeRouter - Policy-Based Site-to-Site IPsec VPN

Manual IPsec Site to Site VPN from UDM Pro to USG

If any other members of the Linode Community possess additional advice, I invite them to contribute their insights below. 💚

hank you for your response. I believe the problem is related to routing. The IP address has a gateway set to itself, which seems to be causing the issue. I'm not sure how to configure a gateway in Linode's IPAM.

Here's what I'm trying to achieve: I have a Guacamole server hosted on Linode. The goal is to make this server able to access devices on the network behind the UDMP Pro. In the future, there might be one or two additional Linodes that need to access devices behind the UDMPro, but currently, the primary objective is to allow the Guacamole server to connect to devices behind the UDMPro using RDP and SSH clients. If you have any suggestions or better ideas on how to accomplish this, please let me know.

Thanks for those links, I appreciate you. Verify firewall rules, routes, and VPN settings on both sides. Ensure UDM Pro advertises correctly. I used to hate writing academic papers. But then I found a plagiarism checker on Trust My Paper and now I love writing academic papers. I can write my paper with confidence, and then quickly check it for plagiarism. And guess what? I don’t have to spend hours editing and stressing about originality anymore. I even hired an editor through a plagiarism checker service.

To establish an IPsec VPN connection between UDMPro and Linode, you can follow these general steps:

  1. Configure the Linode side:
  • Create a Linode instance with the desired operating system (e.g., Ubuntu).
  • Configure the Linode's firewall to allow IPsec traffic (typically UDP ports 500 and 4500).
  • Install and configure the necessary IPsec packages (e.g., strongSwan) on the Linode instance.
  • Generate the necessary certificates and keys for IPsec authentication.
  1. Configure the UDMPro side:
  • Log in to the UDMPro web interface.
  • Navigate to the "Settings" section and select "VPN" from the left-hand menu.
  • Click on "Add VPN Connection" and choose "IPsec Remote Access VPN" as the connection type.
  • Provide the necessary details, such as the Linode's public IP address, authentication method, pre-shared key, etc.
  • Configure the desired IPsec settings, such as encryption algorithms, Diffie-Hellman group, etc.
  1. Establish the IPsec tunnel: Pizza Tower
  • Start the IPsec service on the Linode instance.
  • Save the configuration on the UDMPro and apply the changes.
  • The IPsec tunnel should now be established between UDMPro and Linode.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct