If you have multiple locations — office, warehouse, home, a remote site — and you want them all on the same network as if they were in one place, UniFi makes this absurdly simple. Seriously, this is one of those things that traditionally required hours of CLI configuration, manual IPsec tunnels, route debugging, and a lot of frustration. With UniFi, it's a few clicks. The interface is super intuitive — you don't need to be a network engineer to set up a VPN tunnel that actually works.

Bucharest to Auckland: 17,000 km, one click

To give you a concrete example of how well this works: we set up a site-to-site link between Bucharest, Romania and Auckland, New Zealand. Yes, you read that right — nearly 17,000 kilometers apart, literally on opposite sides of the planet.

We have a UniFi Gateway in Bucharest and one in Auckland. We opened the dashboard, created the site-to-site tunnel, and it works like a charm. Devices in Auckland see the Bucharest network as if they were in the next room. NAS access, cameras, internal services — everything transparent, just like being on LAN.

What impressed us the most? Stability. The tunnel stays up 24/7, reconnects automatically after any internet interruption, and latency is consistent (~280ms, which is excellent for that distance). Zero manual intervention since we set it up. Zero maintenance.

Why site-to-site VPN?

The idea is simple: you have two or more physical networks in different locations, and you want devices in each location to see each other as if they were on the same LAN. Some real-world scenarios:

• Office + warehouse — access surveillance cameras and NAS at the warehouse directly from the main office
• Office + home office — remote employees access internal resources without a VPN client on every device
• Multiple branches — one logical network, centralized management, uniform policies
• Locations on different continents — exactly what we did with Bucharest-Auckland: full access to the remote network, from anywhere in the world

How it works on UniFi

You need a UniFi Gateway (UDM, UDM Pro, UDR, UCG Ultra — any of them) at each location. Both need to be adopted into a UniFi Site. Then:

1. Open UniFi Network on one of the gateways
2. Settings → VPN → Site-to-Site VPN
3. Create Site-to-Site VPN — select the remote location
4. Done. Literally. UniFi negotiates the tunnel automatically between the two gateways.

You don't need to manually configure:

• Pre-shared keys or certificates
• Phase 1 / Phase 2 parameters
• Static routes
• Firewall rules for the VPN tunnel
• NAT traversal

UniFi handles everything automatically. It picks the right protocol (WireGuard or IPsec, depending on firmware), negotiates parameters, sets up routes, and opens the firewall. The tunnel is up in seconds. The interface is so intuitive that someone with no networking experience can set up a working tunnel in under 2 minutes.

What we liked the most

Super intuitive

This is probably UniFi's biggest advantage over any other solution. No CLI syntax to learn, no RFC documents about IKEv2 to read. You open the web interface, see your sites, click "Create Site-to-Site VPN" and you're done. All the complexity is abstracted behind a clean, logical UI. If you can use a browser, you can configure a site-to-site VPN.

Auto-failover

If the primary link goes down (say, the fiber at location A), the tunnel re-establishes automatically when connectivity returns. No manual intervention needed. We've tested this in production — ISP failover, router reboot, even public IP changes — the tunnel comes back on its own. On the Bucharest-Auckland link, we've had a few brief ISP outages on both ends, and every time the tunnel came back without intervention.

Full visibility

From the UniFi dashboard you instantly see tunnel status: latency, uptime, traffic. No more SSH-ing into the router and running ipsec statusall like the old days. Everything is visual, clear, real-time.

Multiple subnets

You can route multiple VLANs through the same tunnel. For example, the management VLAN at location A talks to the management VLAN at location B, while the camera VLAN at A talks to the NVR at B. All through the same tunnel, no extra configuration.

Works through NAT

Even if one site is behind an ISP with CGNAT (private IP), the tunnel still works. UniFi uses a relay server for the initial handshake, then establishes a direct connection if possible. This is the kind of detail that on other platforms takes hours of debugging.

Real example #1: Bucharest — Auckland, New Zealand

Our most spectacular setup. Two UniFi gateways, nearly 17,000 km apart:

• Bucharest — UniFi Gateway, dual-WAN (Digi 10G dynamic IP + Orange 2.5G static IP), multiple VLANs
• Auckland — UniFi Gateway, Vocus/Two Degrees fiber, static IP

Configuration time: under 2 minutes. The tunnel came up instantly. Latency: ~280ms (you can't cheat physics — light through fiber optic needs time to cross half the globe). But for file sharing, service access, remote management — it works flawlessly. It just works.

Real example #2: office + remote site in Romania

A more "classic" setup — main office with a UDM Pro and a remote location with a UCG Ultra:

• Office — UDM Pro, dual-WAN (Digi 10G dynamic IP + Orange 2.5G static IP), 5 VLANs
• Remote — UCG Ultra, 4G LTE (dynamic IP, CGNAT), 2 VLANs

Throughput through the tunnel: ~50 Mbps (limited by the 4G link, not the VPN). Latency: ~25ms. Stable for months, zero intervention.

When UniFi isn't enough

To be fair — UniFi site-to-site isn't perfect for every scenario:

• Enterprise with dozens of sites — if you have 50+ locations, you'll probably want dedicated SD-WAN (Cisco Meraki, Fortinet, etc.)
• Advanced routing requirements — BGP, OSPF, policy-based routing — UniFi doesn't offer that
• Strict compliance — certain industries require specific certifications on networking equipment

But for 2-10 locations, in an SMB or even mid-enterprise environment? UniFi is hard to beat in terms of simplicity, functionality, and price.

Bottom line

UniFi has democratized enterprise networking. What used to require a dedicated network engineer and thousands of dollars in equipment now takes a few clicks and a gateway costing $100-200 per location. We proved it with a Bucharest-Auckland link — if it works flawlessly at 17,000 km, it'll definitely work for you.

Site-to-site VPN on UniFi is the perfect example of complex technology made accessible. Intuitive, stable, and it just works.

If you need help with a multi-site setup or want an assessment of your network infrastructure, get in touch.