Configure WireGuard VPN on UDM Pro
Ubiquiti UniFi OS 3.2.12 and Unifi Network 8.0.28 supports Wireguard VPN Server on the UDM Pro. Use these steps to configure the server and add a client
 Instructions for initial setup of WireGuard service
Only perform these steps if the WireGuard services in not already configured. If you want to add a VPN client to an existing service, see below
Access Settings > VPN > VPN Server (tab)
Select WireGuard
Set the Name to
wg0
Do not change Private Key or Public Key
Select the desired WAN IP for Server Address. Most UDM Pros only have one (1) WAN interface.
Select a unique port number. Note: Some UDM Pro gateways use the WireGuard default port of
51820
. You may need to change this port to avoid conflicts. The server port selected does not need to be the same port selected as the ListeningPort on the WireGuard Client.Do not add clients at this time.
Advanced: You may need to select manual if the auto-generated IP networks conflicts with the networks of the home site or the remote site. You may asl want to select manual if you desire to direct DNS request to some other DNS server on your network.
Save or Add the configuration
 Instructions for adding a new WireGuard client to existing service
These are not the instructions to configure the client, only the steps needed to add the client to the WireGuard service.
Access Settings > VPN VPN Server (tab)
In the Client section, select Add Client
For the Name, add an identifiable name for the client (e.g. FQDN or Property Number)
Select Auto or Manual. Auto will produce a configuration file that can be downloaded and used on the client to significantly reduce the complexity in client configuration. Selection manual will allow you to inset keys already configured on the client.
Download the configuration file and select Add
Securely transfer the configuration file to the client and configure
Note: Multiple WireGuard clients should not share the same VPN configuration file.
Note: Do not reuse WireGuard keys across multiple clients. Do use client keys that are already configured to access other WireGuard servers. Use unique keys for each connection.
 Related articles
Other Articles about VPNs
All information contained on this page and in this database is the confidential
and the intellectual property of OSSDS, LLC.
DO NOT DISCLOSE