Prerequisites (quick check) #

• A UniFi Gateway (UDM/UDM-SE/UDR/UXG, etc.) running the UniFi Network app
• Public IP on the gateway (or forward UDP 51820 to it if you’re behind another router)
• (Recommended) A DNS hostname (static or DDNS) pointing to your public IP for client configs (“Alternate address for clients”)
• The WireGuard app for macOS from the Mac App Store

Configure the UniFi WireGuard Server #

• Open UniFi Network → Settings → VPN → VPN Server → Create New → choose WireGuard
• Server address / port
  • Leave port at UDP 51820 unless you have a reason to change it
  • If you use a hostname (recommended), set Use Alternate Address for Clients to your FQDN (e.g., vpn.example.com)
• VPN network & DNS
  • Pick a tunnel subnet UniFi suggests (e.g., 10.255.255.0/24)
  • Set DNS to a resolver that can answer your internal names (gateway/AD DNS, etc.)
• Add a client
  • In Clients, click + Add Client, name it (e.g., “First_Name Last_Name”)
  • Choose routing:
    • Full tunnel (send all traffic): AllowedIPs = 0.0.0.0/0, ::/0.
    • Split tunnel (only on-prem): AllowedIPs = your LAN(s) (e.g., 192.168.1.0/24)
• Save and Download the client configuration (.conf). (UniFi’s flow is “add client → share/download config/QR”.)

Typical client config (for reference): #

[Interface]
PrivateKey = <client_private_key>
Address = 10.255.255.10/32
DNS = 192.168.1.10

[Peer]
PublicKey = <gateway_public_key>
Endpoint = vpn.example.com:51820
AllowedIPs = 192.168.1.0/24          # split tunnel (LAN only)
# or AllowedIPs = 0.0.0.0/0, ::/0     # full tunnel
PersistentKeepalive = 25

Need Help? #

Contact the NETWINDY support team by opening a support ticket.