Download the latest
ugw3 package from https://github.com/Lochnair/vyatta-wireguard/releases and install it on your USG using
dpkg -i wireguard-ugw3-<version>.deb.
cd /config/auth umask 077 mkdir wireguard cd wireguard wg genkey > wg_private.key wg pubkey < wg_private.key > wg_public.key
/var/lib/unifi/data/sites/default on the host running the Controller. Then through the Controller Web UI navigate to Devices, click on the USG row and then in the Properties window navigate to Config > Manage Device and click Provision.
To allow remote access navigate to Settings > Routing & Firewall > Firewall > WAN LOCAL and create a new rule to accept UDP traffic to port 51820.
Note that the mask associated with the
allowed-ips is not a netmask! I also found that provisioning failed with a
/32 mask with only some very vague errors in
Thank you for the guide. Did you manage to generate port forwarding rules also for wg0 interface automatically? I'm facing problem that I can connect to VPN, everything works, but clients from VPN can not access forwarded ports on WAN, I've checked
iptables -L -v -n -t nattable to see that those rules are missing in
UBNT_PFOR_SNAT_RULESchain. I can add them manually, just wondering if anyone solve this differently.