This guide was created by a community member and reviewed by us. Firmware and router interfaces may change over time, so some steps may differ depending on your device or version.
Prerequisites:
- UniFi OS version 5.1.15 or above
- UniFi Network App version 10.4.57 or above
Setup
Download the WireGuard configuration from the website
The configuration requires a small tweak.
Each address listed in theAddressfield needs a netmask:From:
[Interface] Address = 10.140.171.221,fd64:e20:68a3::c:abdd ....To:
[Interface] Address = 10.140.171.221/32,fd64:e20:68a3::c:abdd/128 ....Open the UniFi console. By default, it is accessible at either
[https://192.168.0.1] or [https://unifi]Click the gear icon to open the settings page
Open the VPN section
Press the "Create New" button within the "VPN Client" box
Make sure configuration type is set to
WireGuardThe name can be anything you want
Click on the
Upload Configuration Filehyperlink. Upload the edited configuration from step 2Make sure to select
Networkand thenSelect All. This is very important.Press Create - You're done
Verify your connection via DoesMyVPN.work
Additional (optional) notes
Device and Content Wizards
The Device and Content Wizards allow you to define policies to choose what
is routed through the VPN. They can be very useful if you don't want your whole network to go through the VPN, but just a few devices, or all the traffic to a specific domain or region.
In the current version of UniFi Network, there is no any option for these two wizards, and the author has not managed to make the VPN work without either a device or a content policy defined. This is why we used Select All in the networks in step 10.
It's possible to edit the policy after it's created to conjure an any option.
To see this, simply click on the VPN name, and then click on the VPN name again in the Associated Policies section.
Kill Switch
The kill switch option disables internet access in the VPN connection drops. This is
highly recommended.