Just published a blog after finally making Wireguard work on my ER-X with a private server on AWS. Might be the missing guide for some of you guys as I didn’t find anything like this elsewhere!
https://pycvala.de/blog/aws/wireguard-vpn-at-home-with-aws-and-edgerouter-x/
Nice write-up.
Useful EdgeOS tip: If you use dnsmasq as a local dns cache you can use the ipset directive to place the IP addresses returned for certain lookups (e.g. Netflix hostnames) into an ipset and then use that in your firewall modify ruleset such that traffic to those IP addresses isn’t sent via the VPN. Useful for those services which ban VPN access.
Useful VPS tip: If you’re on a slower connection you can always set up your WireGuard server on an Oracle Cloud Infrastructure ‘Always Free’ instance. Speed is capped at 48mbit/s but bandwidth is effectively unlimited.
I think you need to add how to maintain to update wireguard version in erx not just that it work
Hey, Thanks for taking time to write this down.
I have similar setup, but with DigitalOcean instead of AWS. And I use docker (https://hub.docker.com/r/linuxserver/wireguard) in the VPS. Plus, you can add a DNS server, with ad filtering (pihole) and handle DNS filtering needs.
uh, very useful! is it working on USG too?
Thx for the kind words 
Good stuff for dnsmasq… I’ll definitely set that up as some shows disappeared 
I wish I had one lying around to try it. If you can run those same steps, it should. If you try it out, let us know!
wifey would kill me if i break the internet…
also, I always wandered how that kind of configurations would work with unifi controller…
If it’s the same config as edgeos it should work just fine. As long as you can install WireGuard on the router, I don’t see why it wouldn’t work
cool, if i try i’ll let you know for sure!