Download the latest
ugw3 package from https://github.com/Lochnair/vyatta-wireguard/releases and install it on your USG using
dpkg -i wireguard-ugw3-<version>.deb.
cd /config/auth umask 077 mkdir wireguard cd wireguard wg genkey > wg_private.key wg pubkey < wg_private.key > wg_public.key
/var/lib/unifi/data/sites/default on the host running the Controller. Then through the Controller Web UI navigate to Devices, click on the USG row and then in the Properties window navigate to Config > Manage Device and click Provision.
To allow remote access navigate to Settings > Routing & Firewall > Firewall > WAN LOCAL and create a new rule to accept UDP traffic to port 51820.
Note that the mask associated with the
allowed-ips is not a netmask! I also found that provisioning failed with a
/32 mask with only some very vague errors in
@darellsison Wireguard doesn't use the client/server model.
However this config is for running wireguard node on your USG, so external devices can access your internal network.
Configured properly it would also allow external devices to tunnel through your network.