UnifiOS 2 has really improved WireGuard VPN routing throughput on the UDM Pro. Speedtests on a WiFi network routed through a Mullvad VPN server show 1 Gbps throughput.
Hello! Thanks for posting on r/Ubiquiti!
This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.
Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.
If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
Ubiquiti seems to have really upped the game with UnifiOS 2 when it comes to routing over a WireGuard VPN tunnel. I have done a lot of throughput testing with VPN-routed traffic, and the results are exceptionally good and consistent. On WiFi or Ethernet, the UDM Pro can now saturate a 1 Gbps link over a VPN-routed network. The linked result was taken with my phone over a WiFi 6E network routed through Mullvad VPN.
A couple years ago, I released the split-vpn script to help with setting up routing over a VPN tunnel on the UDM-series routers, but never really quantified the throughput or performance. I’ve now tested the VPN-routing performance (throughput and CPU usage) in different scenarios including single & multiple stream iPerf tests and more, with comparisons to OpenVPN routing. All throughput results can be found at this link if you’re interested.
Here is a summary table showing WireGuard vs. OpenVPN routing throughput on WiFi or Ethernet. Throughput is shown as [download]/[upload] in Mbps, and ping times are shown as [idle ping]/[download ping]/[upload ping] in milliseconds. You can click any of the throughput numbers to go to the Ookla speedtest result page for that result.
| Ethernet Throughput | Ethernet Ping | WiFi Throughput | WiFi Ping | |
|---|---|---|---|---|
| Control (No VPN) | 2590/2574 | 1/10/6 | 1663/1615 | 8/26/37 |
| WireGuard | 927/1050 | 23/35/46 | 1011/944 | 29/37/62 |
| OpenVPN | 230/316 | 60/650/213 | 248/141 | 105/423/110 |
FYI, UnifiOS 1.x on the UDM Pro could only reach 400-600 Mbps previously on WireGuard. So it does really look like Ubiquiti has worked worked really hard to improve VPN routing throughput on Unifi OS 2. Thank you Ubiquiti for helping make 1 Gbps VPN routing a reality on the UDM Pro!
Wireguard is the best VPN I’ve ever used. It’s impressive and simple. Even Linus Torvalds praised its codebase.
<Cries in non-SE, UDM-Pro>…
Is wireguard the built in VPN?
Magic question is how did you get the vpn setup on UniFi os 2, since it’s a major difference between 1 and 2
How do I get wireguarD? ive been trying and dont see the wireguard option…
is there a tutorial ? pls for wireguard on udm pro for dummies ? thx
How did you get unifi OS v2? I have seen like 2 EA builds that got pulled asap
Can we configure a kill switch for the vpn client? If the vpn client goes down all traffic routed through that interface should be blocked. Right now, if the vpn goes down, it falls back to the regular interface.
I was told that the firmware of the UXG-Pro was upgraded to support wireguard and upgraded peer-to-peer VPN, and all that was needed was an upgrade to the network OS. Yet there have been at least two updates to the network and as far as I can see, nothing.
Am I missing something? Or do I still need to wait? If the latter, how long will it be?
/me waiting for official implementation…
these are the indicators, but I will say so, Vpnhouse has the same, the bandwidth has always been at this level.
I believe the 1.0 wireguard third-party implementation used the userspace golib version. 2.0 must support the kernel extension, which is much faster.
This is awesome, thanks for sharing. Here’s hoping I can get the 2.x Firmware before they pull it from EA again. Consider yourself lucky.
See I knew there was a reason I clicked on this post. Thank you for split-vpn!
Is there a straightforward way to get this onto Tailscale for routing?
The only code Linus ever praised was his own. He swears at everyone else.
Like, I would happily format mine and start over, make that an option. I don’t care if I have to start from scratch.