Split tunnel VPN on UniFi USG

Let’s say sometimes you want to egress your home network over a VPN?  Maybe hide your traffic from your ISP who likes to snoop your traffic or insert ads?  Or maybe you want to get around geo-location blocks to stream some video only available in another country?  Installing a VPN client on your laptop is pretty easy, but might be harder on your Chromecast or other streaming device.

This article is going to try and provide a step-by-step how to configure your Ubiquiti USG series router/firewall + switch + AP to have a VLAN/SSID for “normal” mode and another VLAN/SSID for accessing the internet transparently over a VPN.  Devices you want to use the VPN just need to join the right WiFi network or have their switch port assigned the correct VLAN.  This config should also generally work for the EdgeRouter series, but you’ll need to do the configuration via the CLI instead of the JSON config file.  I suspect this should work on a DreamMachine or Dream Machine Pro, but I don’t own either of those and haven’t tested. (Nope, won’t work on the UDM or UDM-Pro. Neither support the config.gateway.json config file or the necessary policy routing features.)

Continue reading