Disabling IPSec on Ubiquiti Edgerouter devices

IPSec is wonderful. It’s the standard for creating secure site to site VPN solutions. Ubiquiti’s Edgerouter (and UniFi) have native support. Because it is an industry standard, most firewalls support IPSec. However sometimes you need to turn off the VPN for one reason or another.

So how do you have setup your IPSec tunnel in your Edgerouter, but how do you disable it without losing your configuration?

  • Under the Config Tree tab select the vpn branch. 
  • Navigate to the ipsec branch.
  • Navigate to the site-to-site sub-branch.
  • Select the peer branch
  • Select the vpn connection in question.
  • Under the tunnel branch you will see a disable with a little ‘+’ next to it.

Selecting that little ‘+’ symbol will tell the edgerouter to disable this site-to-site connection. The next time you need the VPN simply click the resulting ‘-‘ symbol.

disable ipsec tunnel on edgerouter

If all of that seemed like a lot of mouse clicking, and you feel more comfortable at the CLI. You can issue the following command

delete vpn ipsec site-to-site peer my-vpn-tunnel tunnel 1 disable

Commit and save your changes and then you are good to go. Want to check out if the VPN is back up? Check out the other post here.

If you haven’t setup IPSec yet to your remote sites and locations, you should. The edgerouter makes setting up the connections pretty straightforward between two Edgerouter devices, but you can set it up between any IPSec devices. 

In a future post I will document how to setup an IPSec tunnel between your Edgerouter and an existing firewall such as pfSense, SonicWall or Juniper SRX.

Leave a Reply