This test was on the non-SE UDM Pro with EA UnifiOS 2.4.26 firmware.
No this is done using a custom script. VPN routing isn’t a feature right now, until UnifiOS 3 probably.
It’s not built-in, it’s a 3rd party custom script that supports UnifiOS 1, 2, and 3.
This is done using the custom script linked in the OP. Built-in GUI wireguard will come in UnifiOS 3.x which is still many months away for UDM Pro.
The tutorial is linked in the OP, but I wouldn’t recommend doing it unless you’re comfortable with command line and Linux.
Yes, that was always supported with the script I used. I currently have a torrent client forced through the VPN that is using port forwarding.
I updated before they were pulled, obviously lol.
You can use it for either case. The script can be configured to do whatever you want.
But for accessing your network remotely, you can also just use Teleport without any custom mods.
If you’re talking about using the custom script to do the VPN routing, then yes you’re able to configure a kill switch. But if you’re talking about Unifi’s GUI implementation, then no you cannot.
Wireguard has to configs IF_UP IF_DOWN its runs them on sh. Also when wireguard c omes up it creates the wg0 interface and routes the configured stuff through it. The VPN dies the wg0 interface is toasted with its routes.
UXG EA firmware 3.0.1 added GUI wireguard support. If you’re using EA firmware and the latest EA network, you should see wireguard as an option in the GUI.
You are missing nothing sir. Welcome to owning Ubiquit hardware. Your options are the uxg-boot project and my scripts or move to a UDMSE.
Lol you’ll wait forever because they still don’t have wireguard client routing support in UnifiOS 3.x, they only have wireguard server support from the GUI.
No actually, 1.0 also supports the kernel module. In fact, the kernel module is already built-in on 1.0 but there is no way to leverage it from the GUI. The script simply leverages it in command line.
We had a custom kernel that added wireguard. Also wireguard is in since whenever they moved to 4.15. 1.10? The wg-quick binaries were just used from then on out to interact with the kernel. These speeds are not a massive improvement over what I got with Ubis official kernel support. Wireguard has always been uber quick
You would have to get the tailscaled installed onto the UDM and run it. I’m sure it’s not that difficult, though I’ve never tried.
Tailscale is nice if you’re running many wireguard clients and servers since you don’t have to modify the wireguard config manually for each one. But not sure how much the benefit is for personal use on the UDM when you only have so many devices and it’s not that difficult to just generate the keys and write the wireguard config file yourself.
Not OP, but I have heard this. Quick Googlin’
Torvalds loved WireGuard because, “Maybe the code isn’t perfect, but I’ve skimmed it, and compared to the horrors that are OpenVPN and IPSec, it’s a work of art.”
It’s a comparison, though, and not really an objective thing. 
IPsec is dangerously complicated to the point where all implementations almost certainly have undiscovered vulnerabilities.
You don’t believe that whole migration thing right? Every other device worked fine. The hardware is all the same. Ubiquiti is a joke pay them 400 dollars now for the feature you desire. UDMP is dead.
Go look through the firmware post. forcing devices into recovery mode, random reboots switch freezes. We are no where close. 3.0 will never come.
Cry’s that it’s still EA and I can’t afford to run EA on my stable environment