Differences

This shows you the differences between two versions of the page.

--- vpn-wireguard [2025/09/15 03:52] – [Peer's Parameters] -Clarify Source IP Filtering explanation hogwild
+++ vpn-wireguard [2025/09/16 17:14] (current) – [Import Config from file] hogwild
@@ Line 66: / Line 66: @@
 ===== Wireguard Configuration =====
-WireGuard uses virtual network adapters (or "network interfaces") on which to operate a VPN tunnel. WireGuard creates a virtual network interface (such as "wg0") on your device that behaves like a standard network adapter. This virtual adapter routes your traffic through the encrypted tunnel between peers.
+WireGuard uses virtual network adapters (or "network interfaces") on which to operate a VPN tunnel. The network interface WireGuard creates (such as "wg0") behaves like a standard network adapter. This interface routes your traffic through the encrypted tunnel between peers.
-WireGuard allows you to create 3 separate virtual network adapters to allow for 3 separate VPN configurations (or "instances" terminology). In Freshtomato, each virtual adapter is represented by a tab, such as wg0, wg1, or wg2. The current tab selected appears in black. \\   \\   \\  {{::vpn-wireguard-wg0-2025.3.png?95}}  the first Wireguard interface/instance.
+WireGuard allows you to create 3 separate network interfaces to allow for 3 separate VPN configurations (or "instances"). In Freshtomato, each network interface is represented by a tab, such as wg0, wg1, or wg2. The current tab selected appears in a different colour than the others. \\   \\   \\  {{::vpn-wireguard-wg0-2025.3.png?95}}  the first Wireguard interface/instance.
  \\
@@ Line 89: / Line 89: @@
 ===== Interface =====
-Settings here are used to configure the router's virtual WireGuard interface for this instance/tab, (such as "wg0").
+Settings here are used to configure the router's WireGuard interface of this instance/tab, (such as "wg0").
  \\
@@ Line 226: / Line 226: @@
 ===== Peer Parameters =====
-In this area, you can manually configure Peer settings. Some fields populate automatically if you import a configuration file instead of/in addition to manually entering settings.  \\  \\
+Here, you can manually configure Peer settings. Some fields populate automatically if you import a configuration file instead of/in addition to manually entering settings.  \\  \\
 **Router behind NAT** - sets whether/how often keepalive packets are sent from the router to defined peers.
@@ Line 246: / Line 246: @@
 **Allowed IPs** - here, enter the IP address ranges to be routed through the particular peer.
-Outgoing packets bound for addresses in the "AllowedIPs" range will be sent through the tunnel to that peer. For example, if a peer has AllowedIPs = 172.16.0.0/24", then traffic to any IP in that subnet will be routed to that peer. Entries must be in CIDR format, separated by commas.
+Outgoing packets bound for addresses in the "AllowedIPs" range will be sent through the tunnel to that peer. For example, if a peer has AllowedIPs = "172.16.0.0/24", then traffic to any IP in that subnet will be routed to that peer. Entries must be in CIDR format, separated by commas.
  \\
@@ Line 276: / Line 276: @@
 (As set in the Network menu).
- \\  \\
+ \\  \\ **Forward all peer traffic** - adding an Allowed IP of "0.0.0.0/0" will tunnel all traffic from the peer through the router's WireGuard interface.
-**Forward all peer traffic** - adding an Allowed IP of "0.0.0.0/0" will tunnel all traffic from the peer through the router's WireGuard interface.
  \\
@@ Line 295: / Line 293: @@
 ===== Import Config from file =====
-Available since r2025.3, this lets you quickly and easily import a pre-generated WireGuard configuration file. This file can come from an external VPN provider, or other source, such as another WireGuard endpoint. Files must be compatible with the wg-quick format (usually ending in "*.conf").
+Available since r2025.3, this lets you quickly and easily import a pre-generated WireGuard configuration file. This file can come from an external VPN provider, or another WireGuard endpoint. Files must be compatible with the wg-quick format (usually ending in "*.conf").
 Typically, with an external VPN provider, you choose appropriate settings on their website for the configuration you want. The VPN provider then generates a corresponding configuration file to import. For most providers, this will be a wg-quick compatible file.
-While FreshTomat's function requires a file to be wg-quick compatible format for import, it does not maintain that format, or even save a configuration file. Instead, after import, settings are divided up and stored in NVRAM as separate variables. To quickly view all the settings, use the "nvram show" command. For example, typing:
+Even though FreshTomato requires the file to be in wg-quick compatible format for import, it doesn't save any configuration file. Instead, after import, settings are divided up and stored in NVRAM as separate variables. To quickly view all the settings, use the "nvram show" command.
-''nvram show|grep wg0_''
+For example, to display all variables and their settings for the "wg0" interface, type:
+"nvram show|grep wg0_"  \\  \\
+ \\
-will display all variables and their settings for interface "wg0". The only exception occurs when you copy a configuration file to a folder on the router and enter a path to that file in the //Config File// field. In that case, that file will be saved as a configuration file, in wg-quick format.
+The only exception occurs when you copy a configuration file to a folder on the router and enter a path to that file in the //Config File// field. In that case, that file will be saved as a configuration file, in wg-quick format.
  \\

FreshTomato Wiki

User Tools

Site Tools

Differences

Page Tools