USG site to site VPN and routing

Currently have a mainly Watchguard estate for our bigger sites with OSPF deployed and works a treat.

We have deployed some USG’s to smaller sites where we cannot justify Watchguard costs plus also have hardware left over from another project. These sites just have an internet connection rather and use a site to site VPN back to our data centre, 2 VPN’s one for each data centre, previously sites just connected to our USG-XG-8 at one of the data centres.

Going forward we are doing a site to site back to each of the Watchguards back at the data centre and can route to these fine, the issue is normally we would use OSPF but not found a great way to do this with these and secondly if we add the routes onto each of the VPN which has a higher metric it doesn’t like it.

We have certain traffic that needs to come back to the data centre and out on a specific connection what is the best way to do this or to get OSPF working so if we loose one data centre things will continue to work.

When someone asks for features more than basic routing we recommend replacing the USG wiht something such as a pfsense. The UnFi routing equipment is currently very lacking in advanced features.

I would agree with you there but its what I have to play with at the moment.

I have seen various articles re config.gateway.json for OSPF but its not clear if these work and presuming there is no way around the routing side of things on the site to site VPN?

I would use “Work” loosely when it comes to editing the JSON files. It seems to be hit or miss and sometimes causes the devices to boot loop which is why we never really recommend it.

Thanks for the replies, not my choice in equipment but they were left over were to be used.

Shame as they should be a really good product and will do for the small sites we have just a few small tweaks and they would do us perfectly.

I have no idea why UniFi won’t make those devices better feels like a really big missed opportunity.