@mysticalgator: Honestly, it’s not that advanced. The software I referenced is just a simple UDP proxy. It’s more “niche” than advanced and I think that’s what throws people off because there is so little public documentation out there for this sorta thing.
@Nepherte: There are a few ways to do IPSec on USG. You definitely can do it via a vti interface. I’m pretty sure the site-to-site VPN for USG defaults to doing that (I thought it did). If you’re creating the IPSec VPN tunnel manually via the config.gateway.json file, then you’d use a vti interface. Dunno about L2TP for remote access- that’s a big reason why I switched- I had it working for over a year and then one day my USG wouldn’t provision anymore and it was because of the L2TP config.
If you can swing the $$$ for pfSense (check out Protecli boxes on Amazon) I’d highly recommend it. I’ve done much more advanced configuration (a load balanced HA policy route based VPN) entirely done in the WebUI. I’m seeing 780Mbps over VPN on a $500 box. If you don’t need that, you can spend probably half what I did. Compared to my USG Pro4 which did about 150Mbps VPN and required me to do this nightmare config: https://synfin.net/sock_stream/devrandom/split-tunnel-vpn-on-unifi-usg Honestly, this is the first time I’ve had to do anything on the CLI/ssh- everything else has been via their webUI (which I’ll admit is less polished than UniFi). Software is free so you could install it on an old PC you have sitting around and play with it.