Split tunnel VPN on UniFi USG
Let’s say sometimes you want to egress your home network over a VPN? Â Maybe hide your traffic from your ISP who likes to snoop your traffic or insert ads? Â Or maybe you want to get around geo-location blocks to stream some video only available in another country? Â Installing a VPN client on your laptop is pretty easy, but might be harder on your Chromecast or other streaming device.
This article is going to try and provide a step-by-step how to configure your Ubiquiti USG series router/firewall + switch + AP to have a VLAN/SSID for “normal” mode and another VLAN/SSID for accessing the internet transparently over a VPN. Â Devices you want to use the VPN just need to join the right WiFi network or have their switch port assigned the correct VLAN. Â This config should also generally work for the EdgeRouter series, but you’ll need to do the configuration via the CLI instead of the JSON config file. Â
I suspect this should work on a DreamMachine or Dream Machine Pro, but I don’t own either of those and haven’t tested. (Nope, won’t work on the UDM or UDM-Pro. Neither support the
config.gateway.json config file or the necessary policy routing features.)