Moving Unifi controller to cloud, looping in 3 more sites, wireguard

Hey guys. I’m planning to start bringing some additional locations (family homes) into my nerdism and need some advice.

Today at my home I have a pfSense firewall (Protectli FW4B) and a few Unifi devices (switch and access points). I just have the controller application installed on my windows desktop and fire it up if I need to make changes. I use Wireguard for vpn to my personal mobile devices.

I would like to put a pfSense firewall at 3 of my family’s homes to replace their garbage ISP routers. And also a few unifi devices (switch, access points, etc). I would then setup a site to site Wireguard VPN between all 4 locations, mainly for my management purposes. I can use my domain name and DNS for dynamic DNS purposes at all the sites. However, I do not want to put unifi controllers at each house since they’re all hundreds of miles away and aren’t going to be messing with it themselves.

So I’m thinking I will migrate my Unifi controller to a Vultr cloud VM (as documented by crosstalk). Then use that cloud controller to manage everything as 4 sites. This seems to be pretty well documented by Crosstalk.

Would there be a way to install a Wireguard client on that cloud VM so i can loop that into the VPN as well? Maybe not needed but why not if I can do it. Does anything else about this sound dumb or is there a better way?

I have a write up on how to build a Wireguard server.

I setup the Vultr instance and installed unifi, following all the steps in the crosstalk guide yesterday evening. Super easy with such detailed instruction that people like Tom and Chris produce. Nobel peace prize worthy IMO.

I will next (I think) follow this guide to backup/restore my controller settings to the above new cloud installed controller. If I’m understanding all correctly, this will get my unifi devices talking to the new cloud controller.

Next order of business is securing this. Is there a better way besides having the unifi ports open to to the world??

I would secure first which means locking down any ports that are not in use, make sure the new inform URL is working and do a site export / import.

1 Like

Done! My Unifi controller is now on a vultr ubuntu instance with all my devices migrated over. One of my APs has some network funny business going on so I had to reset it and re-adopt it, but everything else came back to life instantly once i changed the inform URL to the fqdn.

Next up I might to try to install Wireguard on the instance so I can do all the unifi traffic (inform etc) over the VPN instead of in the clear.