The Ubiquiti UniFi Security Gateway, although not ready for Enterprise deployments, is great for SOHO deployments. Its EdgeOS operating system is a fork of Vyatta’s OS before being purchased by Brocade. Basic functionality you would expect from a firewall is present in the GUI, but to unleash even semi advanced features you need to drop to CLI. Thankfully, the constant development of the GUI unleashes functionally on a seemingly monthly basis.
Recently the GUI was updated to handle IPsec VPN configurations beyond the USG to USG configuration that was present in earlier revisions. Below is an outline of a configuration for a USG to SonicWALL IPsec VPN.
The SonicWALL side was straightforward - configure the primary gateway, shared secrets, and ID’s on the General configuration tab:
Configure the Local and Remote networks on the Network tab. Leave the proposals at their defaults and finally check “Enable Keep Alive” on the Advanced tab.
The USG side required a bit more customization away from its defaults to match up with the SonicWALL default proposal.
Under Settings -> Network I chose the Site-to-Site VPN radio button option along with the IPsec VPN Type below. This opened all the familiar options that are necessary to get this functional. Plug in your Peer and Local information, along with your Remote Subnets and Pre-Shared Key. Change your Key Exchange Version to IKEv2 with 3DES Encryption SHA1 Hash and Diffie-Hellman Group 2. Disable perfect forwarding secrecy and dynamic routing, then save your configuration.