Download the latest
ugw3 package from https://github.com/Lochnair/vyatta-wireguard/releases and install it on your USG using
dpkg -i wireguard-ugw3-<version>.deb.
cd /config/auth umask 077 mkdir wireguard cd wireguard wg genkey > wg_private.key wg pubkey < wg_private.key > wg_public.key
/var/lib/unifi/data/sites/default on the host running the Controller. Then through the Controller Web UI navigate to Devices, click on the USG row and then in the Properties window navigate to Config > Manage Device and click Provision.
To allow remote access navigate to Settings > Routing & Firewall > Firewall > WAN LOCAL and create a new rule to accept UDP traffic to port 51820.
Note that the mask associated with the
allowed-ips is not a netmask! I also found that provisioning failed with a
/32 mask with only some very vague errors in