As a GUI design keep in mind the FreshTomato Wireguard page is meant to be both a configuration and config generation point. So it is suggested you “nominated” a main router where the config will be produced. Client like other FreshTomato routers, WIndows, Linux, Android etc client will need to import the config generated by the main FreshTomato router. This also implies that any relevant configuration change might also require you to delete/re-import the config on the other peers.

A GUI for Wireguard is currently work in progress. Some basic functionality should already be working on 2024.1 although elements like

• External VPN provider connectivity
• kill-switch
• routing-policy
• split-tunneling

are not yet implemented. So your focus should be on sit-to-site for the time being.

While you try to configure your own VPN please keep in mind the following troubleshooting tips:

• wg show (command line) will help you understand the relationship between peers
• route can help you verifying routing decision while the VPN is connected
• traceroute is a must use when verifying end-to-end connectivity, a goo approach is to test in order:

1. Local LAN IP
2. Local VPN IP
3. Remote VPN IP
4. Remote LAN IP

The point where this fail provides a crucial insight into the issue you might be facing.