Comment by tom-9999

3 months ago

This can be done on UniFi using policy based routing too trivially if anyone wants to repeat this.

Instructions using the unifi mobile app as it’s what I have to hand:

1) download wireguard conf file from vpn provider. On mobile app settings -> vpn client -> add new -> wireguard. Upload the file and save it

2) settings -> policy engine -> policy based routes. New. Select what to route -> specific traffic. Source = all devices. destination = domain name. Here add any domains you like. Interface = add the vpn you added in step 1

4 comments

tom-9999

Reply
cpressland  3 months ago

The only downside is this doesn’t work if you have IPv6 enabled as UniFi Network still allows those to bypass the VPN.

I ended up making a long list of firewall rules to block specific sites IPv6 ranges, which worked until I hit cloudflare backed sites.

I’m really hoping UniFi start supporting IPv6 WireGuard soon.

  • tucnak  3 months ago

    Wow, this is unbelievable. I thought UniFi was a premier networking product. Certainly its price would suggest so. Not supporting IPv6 in 2025 is unacceptable.

    • cpressland  3 months ago

      To be clear, the rest of the OS supports IPv6, just the WireGuard VPN doesn’t. Disappointing all the same.