WingNews logo WingNews
top | item 38644391

(no title)

chunkyks | 2 years ago

The hilarity that goes with this is that their VPN has been broken for years - android and iPhone both deprecated protocols that were considered insecure, but ubiquiti hasn't seen fit to add any others. It has been years.

Their security posture is trash, which is unfortunate for a company that plays a central role in security

discuss

order

SparkyMcUnicorn|2 years ago

Yeah, I use Tailscale instead: https://github.com/SierraSoftworks/tailscale-udm

cmsj|2 years ago

I love Tailscale, but you are really then just substituting one company's remote access for another's. I'm quite certain that TS are more capable of creating a secure system than Ubiquiti are, but still, the principle of not trusting others with access to your network, is violated by TS.

InTheArena|2 years ago

Just stop.

OpenVPN and Wireguard work fine. I am using it right now.

chunkyks|2 years ago

I have a USG Pro 4. Which is still purchasable from their website, not yet EOL, nominally still supported. The only firmware update in the last two years was to fix a security issue, and didn't include support for updated VPNs.

Release notes history is here: https://www.ui.com/download/software/usg-pro-4

The wireguard of which you speak is only available on their "next gen" gateways, ie, not the full set of gateways currently "supported": https://help.ui.com/hc/en-us/articles/12594825307927-UniFi-G...

It's now been three years since at least some of the forum threads started expressing concern: https://community.ui.com/questions/L2TP-unsecure-update-to-I...

From my perspective, they have failed catastrophically to do what I perceive as the pivotally important parts of their job, without which the rest of it is pointless. So, while you say "Just stop", I say "Why the hell should this company be trusted with anything network-related, if they can't do bare-minimum-required security stuff?"