Remote Access
Chuiko connects directly to your UniFi Protect controller on your local network. When you're away from that network, you'll need a VPN to create a secure tunnel back. Once connected, Chuiko works exactly as it does locally — no special configuration needed.
There are three main ways to set this up. Here's a quick comparison to help you choose:
Comparison
| WireGuard | Teleport | Third-Party VPN | |
|---|---|---|---|
| Difficulty | Moderate | Easy | Moderate |
| Best for | Reliable, always-on access | Quick, occasional access | No public IP available |
| Extra software | WireGuard app | WiFiman app | Varies (e.g. Tailscale) |
| Public IP needed | Yes | No | No |
| Persistent config | Yes — set up once | No — invitations expire | Yes — set up once |
| Split tunnel | Yes — only local network traffic uses VPN | Yes — only local network traffic uses VPN | Usually — depends on provider |
| Performance | Excellent | Excellent | Good |
| Port forwarding | UDP 51820 (for the VPN, not Chuiko) | None | None |
Option 1: WireGuard VPN (Recommended)
WireGuard is a fast, modern VPN built into your UniFi Dream Machine. It gives you a permanent, reliable connection back to your local network whenever you need it. This is the best option if your network has a public IP address.
What you'll need
- A UniFi Dream Machine (or gateway) with a public IP address
- The free WireGuard app on your Mac
Set up WireGuard on your UniFi controller
- Open the UniFi Network web interface
- Go to Settings → VPN
- Select WireGuard and enable it
- Click Create Client and give it a name (e.g. "MacBook")
- Download the configuration file — this contains everything the WireGuard app needs
Set up WireGuard on your Mac
- Install the WireGuard app from the Mac App Store or website
- Open WireGuard and click Import Tunnel(s) from File
- Select the configuration file you downloaded
- Click Activate to connect
Using Chuiko remotely
Once WireGuard is connected, open Chuiko as normal. It will connect to your UniFi Protect controller through the VPN tunnel — no changes to your Chuiko settings are needed.
Tips
- WireGuard uses split tunnelling by default, which means only traffic to the remote network goes through the VPN. Everything else (web browsing, email, etc.) uses your normal internet connection.
- You can create multiple client configurations if you have several devices.
- The VPN configuration is permanent — you only need to set it up once.
- If your UniFi gateway is behind another router (e.g. an ISP-supplied one), you may need to forward UDP port 51820 on that router to your UniFi gateway. This is a WireGuard requirement, not a Chuiko one.
Option 2: Teleport via WiFiman
Teleport is Ubiquiti's own remote access VPN. It's the easiest option to get started with because it doesn't require a public IP address or any port forwarding. Under the hood, it uses WireGuard, so performance is excellent.
What you'll need
- A UniFi Dream Machine (or gateway)
- The free WiFiman app on your Mac
Set up Teleport
- Open the UniFi Network web interface
- Go to Settings → VPN
- Select Teleport and enable it
- Click Generate Invitation — this creates a link
- Open the invitation link on your Mac
- The WiFiman app will open and configure the connection automatically
Using Chuiko remotely
Open WiFiman and connect via Teleport. Once connected, open Chuiko as normal — it will reach your UniFi Protect controller through the tunnel.
Things to be aware of
- Invitation links expire after 24 hours and can only be used by one device.
- If your invitation is revoked or expires, you'll need to generate a new one from the UniFi web interface.
- You must use the WiFiman app — standard WireGuard clients won't work with Teleport invitations.
- Like WireGuard, Teleport uses split tunnelling, so your normal internet traffic isn't affected.
Option 3: Third-Party VPN
If your network doesn't have a public IP address (common with some ISPs, mobile broadband, or CGNAT), you can use a third-party VPN service like Tailscale to connect back to your local network. These services work by relaying your connection through their infrastructure, so no public IP or port forwarding is needed.
General approach
- Install the VPN software on both your Mac and a device on the same network as your UniFi controller (this could be a Raspberry Pi, NAS, or any always-on computer)
- That device acts as a gateway, giving your Mac access to the local network
- Once connected, Chuiko can reach your UniFi Protect controller as if you were on the local network
Things to consider
- You'll need an always-on device on the local network running the VPN software (your UniFi gateway can't run third-party VPN clients).
- Setup varies depending on the provider — refer to their documentation for specific instructions.
- Most providers offer free tiers that are sufficient for this use case.
- Make sure the VPN is configured to route traffic to the local network's subnet (e.g. 192.168.1.0/24) through the tunnel.
Troubleshooting
Chuiko shows "Disconnected" after connecting VPN
- Check that your VPN is connected and active
- Verify you can reach your UniFi controller's local IP address — try opening it in a web browser
- Make sure Chuiko is configured with the controller's local IP address, not a public or cloud address
Video streams won't load over VPN
- Video streaming requires more bandwidth than the management connection — try switching to a lower stream quality in Chuiko settings
- Check that your VPN is routing traffic to the camera subnet (cameras may be on a different VLAN)
- Ensure RTSP port 7441 is accessible through the VPN tunnel
Connection is slow or video stutters
- Switch to Low stream quality in Chuiko settings — this significantly reduces bandwidth requirements
- If using Teleport or a third-party VPN with relay servers, performance depends on the relay's location and your internet speed at both ends
- WireGuard with a direct connection (public IP) generally offers the best performance