Configure WireGuard VPN on UDM Pro

Ubiquiti UniFi OS 3.2.12 and Unifi Network 8.0.28 supports Wireguard VPN Server on the UDM Pro. Use these steps to configure the server and add a client

 Instructions for initial setup of WireGuard service

Only perform these steps if the WireGuard services in not already configured. If you want to add a VPN client to an existing service, see below

1. Access Settings > VPN > VPN Server (tab)

2. Select WireGuard

3. Set the Name to wg0

4. Do not change Private Key or Public Key

5. Select the desired WAN IP for Server Address. Most UDM Pros only have one (1) WAN interface.

6. Select a unique port number. Note: Some UDM Pro gateways use the WireGuard default port of 51820. You may need to change this port to avoid conflicts. The server port selected does not need to be the same port selected as the ListeningPort on the WireGuard Client.

7. Do not add clients at this time.

8. Advanced: You may need to select manual if the auto-generated IP networks conflicts with the networks of the home site or the remote site. You may asl want to select manual if you desire to direct DNS request to some other DNS server on your network.

9. Save or Add the configuration

 Instructions for adding a new WireGuard client to existing service

These are not the instructions to configure the client, only the steps needed to add the client to the WireGuard service.

1. Access Settings > VPN VPN Server (tab)

2. In the Client section, select Add Client

3. For the Name, add an identifiable name for the client (e.g. FQDN or Property Number)

4. Select Auto or Manual. Auto will produce a configuration file that can be downloaded and used on the client to significantly reduce the complexity in client configuration. Selection manual will allow you to inset keys already configured on the client.

5. Download the configuration file and select Add

6. Securely transfer the configuration file to the client and configure

 Related articles