AT&T Fiber arrived in my village (just outside of the greater Chicago metropolitan area) a little over a year ago. Residents rejoiced, as we were finally free from shackles of Xfinity. I finally made the switch last year and honestly, I wish I would've had the opportunity to switch earlier! Relatively minimal disruptions and faster service (both upload and download).

Unfortunately, my VPN into home became a pain point and I had issues trying to re-establish connectivity to my house if I was on the road. With my job, I do find myself traveling 20-30% of the time and occasionally something might require my remote "Midas Touch" while away.

I racked my brain and troubleshot all sorts of dead ends. My hope in writing this blog? That it helps OTHER people who are using: 1. AT&T fiber at home and 2. Own a Unifi Dream Machine. I'll start by helpful links I found along the way and then showcase how I made this happen:

1. How To: Properly Configure The Arris BGW-210 For "Bridge Mode" (Walkthrough) : r/Ubiquiti

2. Configure L2TP/IPsec server behind NAT-T device - Windows Server | Microsoft Learn

Since I personally know not everyone enjoys reading through technical support Reddit threads and Microsoft documentation, I'll walk you through what I did on a step-by-step basis.

1. I first connected to the WiFi from my AT&T modem (the Arris BGW-210). I personally left WiFi enabled on that device and it's what helped me get everything situated at home.

2. The trick is to place your AT&T modem into a bridge mode, so you're not double NATted and/or don't have to port forward (my least favorite). Turning it into bridge mode is actually very easy, however it took me to a lot of failed attempts at locating information on how to do this online.

3. After you're connected via WiFi, log into your modem using the device password on the device. Pro-tip: change the device password if you're security conscious or don't and live dangerously with the manufacturer's password printed on a sticker, affixed to the device.

4. Click on Firewall and then click on IP Passthrough. Make sure your configuration looks like this:

   

5. Click Save. DHCPS-fixed worked every time.

6. Click back to Status and confirm the change took effect (you want to make sure IP Passthrough is now On):

   

7. Next, it's time to make some registry changes. Log into your Windows machine as a user who is a member of the Administrators group.

8. Select Start > All Programs > Accessories > Run.

9. Type regedit (we're going to make an edit to the registry - I'm going to assume you're ok to make this change) and select OK.

10. If the User Account Control dialog box pops up on the screen and prompts you to elevate your administrator token, select Continue.

11. Locate and select the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent

12. On the Edit menu, select New, and then select DWORD (32-bit) Value.

    

    
    

13. Type AssumeUDPEncapsulationContextOnSendRule and then press Enter.

    

14. Double click on AssumeUDPEncapsulationContextOnSendRule and in the Value Data box, type one of the following values: 0: This is the default value; when it's set to 0, Windows cannot establish security associations with servers located behind NAT devices.

    1: When the key is set to 1, Windows can establish security associations with servers located behind NAT devices.

    2: When the key is set to 2, Windows can establish security associations when both the server and VPN client computer are behind NAT devices.

15. In terms of my configuration, 1 worked for me.

    

16. Reboot your computer.

    
    

Happy VPNing in when you're away from your home setup/internet connection!