FreshTomato Wiki

User Tools

Site Tools

Trace: wireguard_on_freshtomato vpn-wireguard
vpn-wireguard

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
vpn-wireguard [2025/08/08 20:31] – [Interface] -Formatting hogwildvpn-wireguard [2025/08/13 04:46] (current) – [Current development status] -Add warning about no IPv6 support to intro hogwild
Line 12: Line 12:
 ===== Current development status ===== ===== Current development status =====
  
-The WireGuard web interface menu has been working since r2024.1.+The WireGuard web interface menu has been working since r2024.1. IPv4 is fully supported, but IPv6 is not supported at this time.
  
 Policy-based Routing and the kill switch feature are supported since r2025.3. Split-tunneling is supported within Policy-based Routing. Policy-based Routing and the kill switch feature are supported since r2025.3. Split-tunneling is supported within Policy-based Routing.
Line 26: Line 26:
 These VPN providers' scripts have been tested as working: These VPN providers' scripts have been tested as working:
  
 +  * Coming soon: IVPN
   * Integrity VPN   * Integrity VPN
   * NordVPN   * NordVPN
Line 46: Line 47:
  \\ \\  \\ \\
  
-{{::vpn-wireguard-down-2025.3.png?73}}    indicates the Wireguard service isn't running and no VPN tunnel is currently established on this interface. +{{::vpn-wireguard-down-2025.3.png?73}}    indicates the Wireguard service isn't running and no VPN tunnel is currently established on this interface.  \\  \\
- +
-\\ {{::vpn-wireguard-up-2025.3.png?76}}    indicates the selected WireGuard connection is running, and connected to the configured peers. +
- +
- \\+
  
 {{::vpn-wireguard-start_now-2025.3.png?80}}   clicking this starts the WireGuard service, and makes the interface negotiate a VPN tunnel to peers. {{::vpn-wireguard-start_now-2025.3.png?80}}   clicking this starts the WireGuard service, and makes the interface negotiate a VPN tunnel to peers.
  
 This may take time, especially on slower routers. This may take time, especially on slower routers.
 +
 + \\ \\ {{::vpn-wireguard-up-2025.3.png?76}}    indicates the selected WireGuard connection is running, and connected to the configured peers.
  
  \\  \\
Line 121: Line 120:
  \\  \\
  
-**Public Key** - here, enter the public key for the VPN tunnel.+**Public Key** - displays the tunnel'public key
 + 
 +This is automatically generated by WireGuard from the Private Key. This field cannot be directly edited.
  
  \\  \\
Line 127: Line 128:
 **VPN Interface IP** - the IP address to be assigned to the virtual network interface. **VPN Interface IP** - the IP address to be assigned to the virtual network interface.
  
-This is used only to communicate inside the tunnel. It is independent from the physical network interface's IP addresses. It must be using  CIDR notation.+This is used only to communicate //inside// the tunnel. It is independent from the physical network interface's IP addresses. To prevent addressing conflicts on participating networks or VPN peers, this must be a unique address space, specifically set aside for the VPN.
  
-For  exampe: "10.0.0.1/32"+It must be written using CIDR notation. For  example: "10.0.0.1/32". Addresses should be separated by commas or newline characters.
  
- \\ + \\ \\ **DNS Servers (out)** - the nameservers the client device will use for DNS lookups once the tunnel is active.
- +
-**DNS Servers (out)** - the nameservers the client device will use for DNS lookups once the tunnel is active.+
  
 These can be: These can be:
Line 139: Line 138:
   * Internal (private) to the VPN, such as a DNS resolver reachable only via the VPN.   * Internal (private) to the VPN, such as a DNS resolver reachable only via the VPN.
   * Public, such as Google DNS (8.8.8.8) or Cloudflare (1.1.1.1).   * Public, such as Google DNS (8.8.8.8) or Cloudflare (1.1.1.1).
 +
 + \\
  
 This setting is the same as the “DNS” setting in a wg-quick configuration file This setting is the same as the “DNS” setting in a wg-quick configuration file
Line 168: Line 169:
  \\  \\
  
-**Firewall** -+**Firewall** - lets you choose the appropriate firewall setting for your WireGuard setup.
  
  \\  \\
  
-  * **Create NAT on tunnel** -\\ +  * **Create NAT on tunnel** - enables NAT on the VPN interface. Essentially, this modifies the source IP address of packets from the VPN clients to the VPN server's tunnel IP or the server’s external interface IP. This helps VPN clients behind the WireGuard tunnel to access external networks, such as the Internet. It can also simplify routing by hiding the client's real IP behind the tunnel's IP. 
 +    * When this setting is on, packets traveling through the tunnel are NATed, meaning their source IP is translated to match the tunnel or server IP, allowing for easier outbound access from the client network without needing explicit routing rules back from destination networks. 
 +    * This is especially useful if the VPN clients are on private or overlapping IP ranges, or if the destination network only knows about the server IP. 
 +    * It can also address issues related to asymmetric routing and helps in environments where the server acts as a gateway for client Internet traff 
 +  * \\ 
   * **Inbound Firewall** -   * **Inbound Firewall** -
  
- \\   \\ **Type of VPN** - lets you set the type of peer topology generated.+ \\   \\ **Type of VPN** - lets you set the type of VPN topology generated.
  
  \\  \\
Line 190: Line 195:
 Depending on which setting you choose, other fields will appear in which to configure more settings. Depending on which setting you choose, other fields will appear in which to configure more settings.
  
- \\+To learn about WireGuard topologies, see this webpage: [[https://www.procustodibus.com/blog/2020/10/wireguard-topologies/|Procustodibus: Primary WireGuard Topologies]]\\  \\
  
 **Redirect Internet traffic** **Redirect Internet traffic**
Line 196: Line 201:
 \\ \\
  
-{{::vpn-wireguard-peers_tab-2025.3.png?87|Peers}} in this tab, enter information about the peer parameters.  \\   \\  Status+{{::vpn-wireguard-peers_tab-2025.3.png?87|Peers}} in this tab, enter information about the peer parameters. 
 + 
 + \\ \\   \\  Status
  
  
vpn-wireguard.1754681508.txt.gz · Last modified: by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki