This is not 100% about Unifi, but I figured I would ask here as my network is all Unif (UDM, and some switches).
Essentially, I have an Apple TV (ethernet) and I want to route that device (and that device only) via a VPN (I use ExpressVPN right now). This is to allow me to get around geo restrictions for some content.
Any ideas how to do that? I don’t see a way with Unifi, but I may be missing something.
There’s no official way to do this on the UDM, but you can use a custom script in SSH to force a particular client or vlan through a VPN tunnel, OpenVPN or wireguard.
I’ve done this with the USG and a VPN provider using OpenVPN, so I’m confident it would be possible with UDM. It requires you to edit the config.gateway.json file. AFAIK, only OpenVPN is possible, not sure if WireGuard can be achieved or not. I recall using a guide similar to this. I could pull my config for you, but I don’t use ExpressVPN so it would be somewhat different for you.
What you end up doing, basically, is connecting the VPN tunnel up to a Unifi network. That way, you could wire up an SSID or tag a switch port to that network to make devices use a particular VPN connection (I set up 2 tunnels connected to 2 different countries).
Be aware that OpenVPN asks quite a bit in terms of CPU of your gateway device. So, bandwidth will be very limited. It was good enough for HD streaming to 1 device via USG3P, but not much more than that. YMMV.
As an alternative, you can probably accomplish the same thing with a computer of VM whose egress goes through a VPN interface and set that as the gateway for your TV. That would give you much better speeds (more CPU) and probably let you easily take advantage of better protocols like WireGuard.
That is perfect, thank you.