I am looking to jump onto the Ubiquiti bandwagon as a router, I already have a bunch of switches and APs, but before I do, has any managed to do a speed test with the cloud gateway ultra with Wireguard client (plan to use a VPN provider like NordVPN or PIA), and with IPS/IDS enabled?
Hello! Thanks for posting on r/Ubiquiti!
This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.
Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.
If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
Very crude testing via speedtest.net. Only tested one server location; ideally I’d test multiple VPN services and locations to get a better picture.
ISP speed: 300/30 Mbps
VPN provider: Mullvad, Wireguard (Europe)
295/30 - VPN off, IDS/IPS off, SQ off
295/30 - VPN off, IDS/IPS on, SQ off
265/30 - VPN on, IDS/IPS off, SQ off
265/30 - VPN on, IDS/IPS on, SQ off
230/27 - VPN on, IDS/IPS on, SQ on
With “VPN on” down speed is fluctuating from test to test quite noticeable, not sure this is a UCG issue or is related to the VPN provider.
Also CPU usage of UCG seems to spike to no more than 35% (with everything on) during speed tests.
Just got my order in, will post wireguard and ipsec thoughtput on a 500/500 line, gonna bench between a OPNsense box, and a commercial Wireguard VPN.
If anyone is intrested, ping me to remind
I assume you’ve already gotten your uxg ultra. Do you have any updates on your vpn client speeds?
I just received my UCG-Ultra, i have IPS enabled, I only manage to get around 100Mbits up and 30 Down. Its the same with IPS disabled.
Using the same config directly on the client I get 250 up and 50 down (100% of my ISP speed).
I expected more performance to be honest.
Read some of the comments on this UniFi OS 3.2.12 release thread.
totally interested, I just pulled the trigger to order a UXG ultra as well, waiting for the vendor to ship it.
Based on the literature from Ubiquiti if you are purely running the Wireguard client on your device you should be able to saturate the line, but once you turn on IDS/IPS it’ll probably top out at 350 is my guess.
No I haven’t still waiting for delivery from 3rd party 
" UCG-Ultra should be a Quad-Core CPU clocked at 1.5 GHz according with the above mention. ".
Based on that info, and also the info on how a Wireguard client VPN implementation for the UDM-Pro (quat-core arm 1.7 Ghz) hitting 250-300Mbps, I might not be able to hit 200Mbps with IDS/IPS. Although this has yet to be tested/vetted.
So if anyone does have a Cloud Gateway Ultra and does some benchmarking like on the UDM pro, that would be awesome.
See it to believe it. Will be doing some testing with it on/off eitherway.
Will post results on here and UI forum!
finally got the uxg ultra. so my internet provider package I have is a 270 up/down, and the uxg-ultra handles the ids/ips + wireguard without a sweat, so basically what other people have experienced so far.
Have you got any updates on your 500/500 test?
I’m currently in the market for 2 x USG Ultras that will be running ‘site magic’. Right now, I have 2 pfSense units running site-to-site VPN, delivering around 200 Mbps up/down, so I’m hoping these USG Ultras can match or surpass that. I’m on a 1 Gbit/1 Gbit connection at both locations.
Hello Friend!
Easter time has taken a hold of me, and i have not been able to post anything. I’ve posted that i would be setting it up with a 500/500 WireGuard line, but havnt been able to provide on that. The Ultra is a somewhat powerful machine right out of the box, and imo beats the UXG-lite in every subject.
From my test, ive been able to max out my parents line (150/50 coax), at 30% CPU utilization over IPsec. I think i could’ve pushed that to 400-500 if i had the capacity on the other side.
When it comes to WireGuard, i’m either too stupid to set it up, or can’t figure out the OPNsense side of it.
I WILL make an update when i can about the WireGuard performance, and also change the location of the ULTRA to a faster site.
The “sucky” thing about the ULTRA is that there is no way to use it with the selfhosted controller. But honestly, i didnt see a problem with it. once IPsec was established, i didnt even noticed that i was on another controller.