Unifi Console + HA Proxy + Wireguard

OrcD3vil · October 21, 2022, 5:02pm

So I just changed my network from:

ISP → pfSense → Switches → Unifi Console LCX

To:

ISP → Dream Machine SE → Switches

My only issue is I’m trying to figure out how I would correctly setup HA Proxy and VPN without pfSense since I’m letting the console handle all of the firewall features. I have a domain I would like to use HA Proxy for directing to internal IP specifics but also use it internal with DNS Resolver, so I don’t get the cert error on my NAS / Servers like I did with pfSense + Let’s Encrypt + HA Proxy in your video.

I’m not finding much info for running HA Proxy or Wire guard behind the Unifi console just in front of it using pfSense. I know UniFi says “Wire guard is coming soon” as per your video and I found some info on how to SSH into the Dream Machine and install it, but I would like to keep things on a different server/VM is possible.

Any suggestions on how to accomplish this or pointers or diagrams?

Below is all my equipment from previous setup or I have available if this helps

2x Dell Wyse Thinclients 8GB / 32GB eMMC Was running pfSense they have 2x NIC Gbe
HP Slimline 500GB 1 Internal NIC Gbe / Dual Port Intel Gbe
Alienware Aurora 10 Ryzen 5800x 512GB NVMe / 32GB 1 Internal Gbe NIC / Dual Port 10G SFP
Unifi Gen 1 8 Port Switch
Unifi Gen 2 8 Port Enterprise 2.5GB
Unifi Dream Machine SE
2x Unifi Flex Mini
Unifi LR AC

I also ordered 2x Unifi G4 Instant Camera that should come in sometime next week

Basically, I’m using this to learn Networking+ / Security+ / Server+ etc. This is my home network and I have a domain that I would like to forward for servers like Photo Gallery / WordPress maybe.

But also, I want to run a server like Proxmox *Since I can’t get almost any other Linux / ESXI / XCP-NG running on the Alienware due to some issue with the Ryzen / Alienware. But I would like to run:

Portainer
Pi hole
Photo Gallery
Word Press
Access Unifi Protect from outside the network

Sorry I might not be explaining it very well and I have a feeling you’re going to say to follow your video of:

ISP → pfSense → LAN 1 → Unifi Dream Machine → LAN Port 192.168.x.x
→ LAN 2 → Unifi Dream Machine → WAN 1 172.168.x.x

Then run how I have been running in the past

LTS_Tom · October 22, 2022, 12:24pm

I am not clear on your ask, but if you are asking if you can run Wireguard through HAProxy I don’t think so and I would not understand why. I prefer Wireguard on pfsense but you can just port forward Wireguard to the UDM if you are going to use it there.

OrcD3vil · October 22, 2022, 1:24pm

Sorry I guess I overloaded with information. I’m asking if I can run HA Proxy behind the Dream Machine SE on Ubuntu with Wire Guard for VPN or if I should keep my pfSense in front of the Dream Machine and keep HA Proxy + Wire Guard on the pfSense.

LTS_Tom · October 22, 2022, 5:17pm

I prefer the pfsense in the front.