Ubiquiti UniFi Site-to-Site VPN Down Error: How to Fix It

Q: Why does my UniFi site-to-site VPN keep disconnecting?

Frequent VPN disconnections are usually caused by unstable internet connections, NAT traversal issues, or aggressive timeout settings. Check your internet stability, ensure proper port forwarding for UDP 500/4500, and consider adjusting DPD (Dead Peer Detection) timeout values in advanced settings.

Q: How do I find the correct remote subnet for my UniFi VPN?

Log into the UniFi Controller at the remote site and check Settings > Networks to see the configured LAN subnets. The remote subnet in your VPN configuration should match the actual network range used at the distant location, typically something like 192.168.1.0/24 or 10.0.0.0/8.

Q: Can I use the same preshared key for multiple UniFi VPN tunnels?

While technically possible, it's not recommended for security reasons. Each site-to-site VPN tunnel should have a unique, strong preshared key. Use a password generator to create complex keys with at least 20 characters including letters, numbers, and symbols.

Q: What UniFi devices support site-to-site VPN?

Site-to-site VPN is supported on UniFi Security Gateway (USG), USG Pro 4, Dream Machine (UDM), Dream Machine Pro (UDM-Pro), and Dream Machine SE (UDM-SE). Basic UniFi access points and switches do not support VPN functionality.

Q: How do I test if my UniFi VPN tunnel is working properly?

Test the VPN by pinging devices across the tunnel from each site. You can also check the VPN status in the UniFi Controller dashboard, review connection logs, and verify that devices on one network can access resources on the remote network through the encrypted tunnel.

Abstract

The UniFi site-to-site VPN down error occurs when your IPsec tunnel fails to renegotiate properly between two network locations. This typically happens due to incorrect preshared keys, subnet conflicts, or firewall configuration issues preventing secure communication between your UniFi devices.