Over the weekend I spent some time messing around with Wireguard you can find their official site here I had wanted to look into this previously but never found the time until now. I wanted to configure this on a standalone RPi for the time being so I could learn and not break other things within my environment also I had a few spare laying around . My intent was to replace/upgrade from my existing USG L2TP VPN. After spending some time reading many articles online including trial n error I found this which worked well.
I have since decommissioned my Unifi L2TP VPN and replaced with this Wireguard system. What I have found is it’s significantly faster, offers me both a full or split tunnel VPN options, uses significantly less battery when run as always on VPN, simple to use and only requires a single black hole (UDP) port to be opened through my firewall.
Anyways I figured I would pass it on for anyone that is looking to truly isolate everything like cloud platform dashboards, IP cameras and anything else that they would prefer to communicate with locally.
Note, for anyone that doesn’t know what a split tunnel VPN offers. It offers a way for you to be on your mobile phone’s cellular or even work network e.g your away from your home but when for example you load your local HE IP http://192.168.1.1 it will split only that specific traffic over to your local network via the VPN tunnel but all other browsing etc will be handled on your cellular or work network so for example YouTube, Facebook, O365 and whatever else you do etc.
btw, DrZzs talked about it sometime ago here as well.