Wiregaurd on Ubiquiti or my firewall?


Currently have a Ubiquiti network for wired and wireless access, but use opnsense for all the routing and firewall.

The Ubiquiti WAN port is connected to its own port on the firewall so as it can get internet access (has RFC1918 address via DHCP from firewall as its WAN IP). There is another port from the Ubiquiti switch to another port on the firewall that all the other VLANs are tagged to.

The question I have is the use of Wireguard. Opnsense has wireguard built in, and so does Ubiquiti. I currently run a local Dream Machine. Have future plans to replace the Dream Machine and host the controller in the cloud, which then leads to the second question.

So I am trying to decide whether to run the wiregaurd VPN server on the dream machine controller or on opnsense, why; because I also wanted to make use of Ubiquiti’s UID. With the VPN server being used within the Ubiquiti eco-system I thought the use of assigning the single click VPN for new users / managed through UID would require this, and work more fludliy? Maybe not? Maybe running Wiregaurd on the firewall is still better?

Second question would then if I hosted the controller in the cloud, how does the VPN work in this scenario, and also in relation to UID?

Hopefully I have my understand right, also in relation to UID, but hoping for some guidance to straighten out.

Many thanks in advance

As far as I know UID only works with the Dream Machine but I don’t really use it as it requires the UniFi cloud. My preference is to use VPN on the main firewall.

Thanks Tom, much appreciated