I setup whole "home" VPN using my Unifi router a while ago and it's kinda cool. For all the faults of the device, this is one of the nicer features, and I have it so the guest network and IOT network goes through it, and can setup even more through it if I want too!
So first thing I did was sign up for a VPN, which duh. You can use this on your own hosted server or any consumer VPN which provides a wireguard config. I went the second route for this with AzireVPN. I went ahead and downloaded the Wireguard config.
With that, on the Unifi config, you can go to setting, VPN and VPN client. There you can hit add new to add the new VPN config.
Give it a unique name, and select file. Upload the file and you are good to go! Save the config and the VPN should show up on the VPNs and you'll be connected to it.
Then you'll want to setup a policy based route, routing the networks that you want to go through the VPN to use that. Head to the PBR section and create a new policy.
Select the VPN interface for the VPN tunnel and the source to Networks and select the network that you want to go through the VPN.
Save that and boom, now I don't need to remember to connect specific devices to VPN/can connect some devices that normally would be hard to connect(XBox, Play Station with VPN connection!).
Pretty cool.