FreshTomato Wiki

User Tools

Site Tools

Trace: vpn-wireguard

Sidebar

freshtomato.org

Wiki

▸ About

▸ Releases

▸ Hardware compatibility

▸ 3G/4G/5G compatibility

▸ Feature matrix

▸ Documentation

▸ HOWTOs

▸ FAQ

Forum

AX

Download

Changelog

Development

Bug track

ARM

Download

Changelog

Development

Bug track

MIPS

Download

Changelog

Development

Bug track


TomatoAnon

Style Guidelines

✔️ Help (WikiText Syntax)

🧑‍🤝‍🧑 Credits

💰 Donations

vpn-wireguard

Table of Contents

Wireguard VPN

Introduction

Wireguard can be configured/run via the web interface, or at the command line. Either way lets you configure Wireguard settings and generate configurations. This page describes how to configure Wireguard through the web interface.


To configure Wireguard via the command line, and for some theoretical background see this HOWTO: Set up Wireguard

Regardless of the interface used, you are advised to “nominate” a main router where configurations will be produced. Clients, such as other FreshTomato routers, and other client devices must import the configuration generated by this main router. Relevant configuration changes may require you to delete and reimport the configuration on those client devices.

Current development status

The Wireguard web interface menu is a work in progress. It is working/functional since release 2024.1. However some elements have not yet been implemented. This includes:


  • External VPN provider connectivity
  • Kill switch
  • Routing policy
  • Split tunneling


For now, only site-to-site configurations (as opposed to VPN service providers) are officially supported. However, many people have successfully used the following (unofficial) tutorial to connect to their VPN Provider:

How to Connect to a VPN Provider's Wireguard Tunnel on FreshTomato


Type of VPN



This setting affects the creation of peer configurations.


  • Hub and Spoke: Any peers can only communicate via the Hub.
  • Full Mesh (defined Endpoint only): FreshTomato will try to create
    a full mesh among peers with EndPoint defined.
  • Full Mesh: FreshTomato will try to establish a full mesh
    between all peers.
  • External VPN Provider - This option is greyed out, as it is still
    a work in progress.

Wireguard Notes and Troubleshooting

Please remember these troubleshooting tips when trying to configure your VPN:


  • wg show (via the command line) output will help you
    understand the relationship between peers.
  • route (via the command line) can help you to verify
    routing decisions when the VPN is connected.
  • traceroute is a must when verifying end-to-end connectivity.
    A good approach is to test the following in order:
    • Local LAN IP
    • Local VPN IP
    • Remote VPN IP
    • Remote LAN IP


The point of failure will provide critical insight into whatever issue you are facing.



vpn-wireguard.txt · Last modified: 2024/10/19 18:44 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki