FreshTomato Wiki

User Tools

Site Tools

Trace: vpn-wireguard
vpn-wireguard

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
vpn-wireguard [2025/09/15 03:28] – [Peer Parameters] -Reorder Forwarrd all peer traffic explanation hogwildvpn-wireguard [2025/09/16 17:14] (current) – [Import Config from file] hogwild
Line 66: Line 66:
 ===== Wireguard Configuration ===== ===== Wireguard Configuration =====
  
-WireGuard uses virtual network adapters (or "network interfaces") on which to operate a VPN tunnel. WireGuard creates a virtual network interface (such as "wg0"on your device that behaves like a standard network adapter. This virtual adapter routes your traffic through the encrypted tunnel between peers.+WireGuard uses virtual network adapters (or "network interfaces") on which to operate a VPN tunnel. The network interface WireGuard creates (such as "wg0") behaves like a standard network adapter. This interface routes your traffic through the encrypted tunnel between peers.
  
-WireGuard allows you to create 3 separate virtual network adapters to allow for 3 separate VPN configurations (or "instances" terminology). In Freshtomato, each virtual adapter is represented by a tab, such as wg0, wg1, or wg2. The current tab selected appears in black. \\   \\   \\  {{::vpn-wireguard-wg0-2025.3.png?95}}  the first Wireguard interface/instance.+WireGuard allows you to create 3 separate network interfaces to allow for 3 separate VPN configurations (or "instances"). In Freshtomato, each network interface is represented by a tab, such as wg0, wg1, or wg2. The current tab selected appears in a different colour than the others. \\   \\   \\  {{::vpn-wireguard-wg0-2025.3.png?95}}  the first Wireguard interface/instance.
  
  \\  \\
Line 89: Line 89:
 ===== Interface ===== ===== Interface =====
  
-Settings here are used to configure the router'virtual WireGuard interface for this instance/tab, (such as "wg0").+Settings here are used to configure the router's WireGuard interface of this instance/tab, (such as "wg0").
  
  \\  \\
Line 226: Line 226:
 ===== Peer Parameters ===== ===== Peer Parameters =====
  
-In this area, you can manually configure Peer settings. Some fields populate automatically if you import a configuration file instead of/in addition to manually entering settings.  \\  \\+Here, you can manually configure Peer settings. Some fields populate automatically if you import a configuration file instead of/in addition to manually entering settings.  \\  \\
  
 **Router behind NAT** - sets whether/how often keepalive packets are sent from the router to defined peers. **Router behind NAT** - sets whether/how often keepalive packets are sent from the router to defined peers.
Line 246: Line 246:
 **Allowed IPs** - here, enter the IP address ranges to be routed through the particular peer. **Allowed IPs** - here, enter the IP address ranges to be routed through the particular peer.
  
-Outgoing packets bound for addresses in the "AllowedIPs" range will be sent through the tunnel to that peer. For example, if a peer has AllowedIPs = 172.16.0.0/24", then traffic to any IP in that subnet will be routed to that peer. Entries must be in CIDR format, separated by commas.+Outgoing packets bound for addresses in the "AllowedIPs" range will be sent through the tunnel to that peer. For example, if a peer has AllowedIPs = "172.16.0.0/24", then traffic to any IP in that subnet will be routed to that peer. Entries must be in CIDR format, separated by commas.
  
  \\  \\
Line 276: Line 276:
 (As set in the Network menu). (As set in the Network menu).
  
- \\  \\ + \\  \\ **Forward all peer traffic** - adding an Allowed IP of "0.0.0.0/0" will tunnel all traffic from the peer through the router's WireGuard interface.
- +
-**Forward all peer traffic** - adding an Allowed IP of "0.0.0.0/0" will tunnel all traffic from the peer through the router's WireGuard interface.+
  
  \\  \\
Line 295: Line 293:
 ===== Import Config from file ===== ===== Import Config from file =====
  
-Available since r2025.3, this lets you quickly and easily import a pre-generated WireGuard configuration file. This file can come from an external VPN provider, or other source, such as another WireGuard endpoint. Files must be compatible with the wg-quick format (usually ending in "*.conf").+Available since r2025.3, this lets you quickly and easily import a pre-generated WireGuard configuration file. This file can come from an external VPN provider, or another WireGuard endpoint. Files must be compatible with the wg-quick format (usually ending in "*.conf").
  
 Typically, with an external VPN provider, you choose appropriate settings on their website for the configuration you want. The VPN provider then generates a corresponding configuration file to import. For most providers, this will be a wg-quick compatible file. Typically, with an external VPN provider, you choose appropriate settings on their website for the configuration you want. The VPN provider then generates a corresponding configuration file to import. For most providers, this will be a wg-quick compatible file.
  
-While FreshTomat's function requires file to be wg-quick compatible format for import, it does not maintain that format, or even save configuration file. Instead, after import, settings are divided up and stored in NVRAM as separate variables. To quickly view all the settings, use the "nvram show" command. For example, typing: "nvram show|grep wg0_" will display all variables and their settings for interface "wg0"The only exception occurs when you copy a configuration file to a folder on the router and enter a path to that file in the //Config File// field. In that case, that file will be saved as a configuration file, in wg-quick format.+Even though FreshTomato requires the file to be in wg-quick compatible format for import, it doesn'save any configuration file. Instead, after import, settings are divided up and stored in NVRAM as separate variables. To quickly view all the settings, use the "nvram show" command. 
 + 
 +For example, to display all variables and their settings for the "wg0" interface, type: 
 + 
 +"nvram show|grep wg0_"  \\  \\ 
 + 
 + \\ 
 + 
 +The only exception occurs when you copy a configuration file to a folder on the router and enter a path to that file in the //Config File// field. In that case, that file will be saved as a configuration file, in wg-quick format.
  
  \\  \\
  
-{{::vpn-wireguard-config_tab-import_config_from_file-choose_file-2025.3.png?95}} lets you browse for the configuration script you wish to use (usually end in ".conf").+{{::vpn-wireguard-config_tab-import_config_from_file-choose_file-2025.3.png?95}} lets you browse for the configuration script to import (usually ending in ".conf").
  
 {{::vpn-wireguard-config_tab-import_config_from_file-import-2025.3.png?95}} will import the configuration file you selected using the //Choose File// button. {{::vpn-wireguard-config_tab-import_config_from_file-import-2025.3.png?95}} will import the configuration file you selected using the //Choose File// button.
Line 408: Line 414:
  \\  \\
  
-**Source IP Filtering for Incoming Traffic:** It acts as an access control filter for incoming traffic from that peer. WireGuard will only accept packets from the peer if their source IP address matches one of the specified "AllowedIPs"Any incoming packets from that peer with source IPs outside the allowed IP ranges will be discarded, enhancing se+**Source IP Filtering for Incoming Traffic** acts as an access control filter for incoming traffic from this peer. 
 + 
 +WireGuard will only accept packets from the peer if its source IP address matches one of the specified "AllowedIPs"Incoming packets from that peer with source addresses outside the allowed IP ranges will be discarded. This enhances security.
  
  \\  \\
vpn-wireguard.1757903329.txt.gz · Last modified: by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki