This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
vpn-wireguard [2024/02/14 13:18] – rs232 | vpn-wireguard [2024/04/16 16:51] (current) – [Type of VPN] -change "amongst" to "between" hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
======= Wireguard VPN ======= | ======= Wireguard VPN ======= | ||
- | As a GUI design keep in mind the FreshTomato Wireguard page is meant to be both a configuration and config generation point. So it is suggested you "nominated" a main router where the config | + | ===== Introduction ===== |
+ | |||
+ | FreshTomato' | ||
+ | |||
+ | |||
+ | ===== Current development status ===== | ||
+ | |||
+ | The Wireguard GUI menu is currently a work in progress. Some basic functionality is working since release 2024.1. However some elements, including the following have no yet been implemented: | ||
- | A GUI for Wireguard is currently work in progress. Some basic functionality should already be working on 2024.1 although elements like | ||
* External VPN provider connectivity | * External VPN provider connectivity | ||
- | * kill-switch | + | * Kill-switch |
- | * routing-policy | + | * Routing-policy |
- | * split-tunneling | + | * Split-tunneling |
- | are not yet implemented. So your focus should | + | |
+ | \\ | ||
+ | |||
+ | For this reason, you should | ||
+ | |||
+ | |||
+ | ===== Type of VPN ===== | ||
+ | |||
+ | {{: | ||
+ | |||
+ | This setting affects | ||
+ | |||
+ | * Hub and Spoke: Any peers can only communicate via the Hub. | ||
+ | * Full Mesh (defined Endpoint only): FreshTomato will try to create a full mesh but only among peers which have the EndPoint defined. | ||
+ | * Full Mesh: FreshTomato will try to establish a full mesh between all peers. FIXME | ||
+ | * External VPN Provider - This option is greyed out, as the function is still a work in progress. | ||
+ | |||
+ | |||
+ | ===== Troubleshooting ===== | ||
+ | |||
+ | When trying to configure your VPN, please remember these troubleshooting tips: | ||
+ | ***wg show** (via the command line) output will help you understand the relationship between peers. | ||
+ | ***route** (via the command line) can help you to verify routing decisions while the VPN is connected. | ||
+ | ***traceroute** is a must when verifying end-to-end connectivity. A good approach is to test the following in order: | ||
+ | *Local LAN IP | ||
+ | *Local VPN IP | ||
+ | *Remote VPN IP | ||
+ | *Remote LAN IP | ||
+ | The point of failure will provide critical insight into whatever issue you are facing. | ||
- | While you try to configure your own VPN please keep in mind the following troubleshooting tips: | ||
- | * **wg show** (command line) will help you understand the relationship between peers | ||
- | * **route** can help you verifying routing decision while the VPN is connected | ||
- | * **traceroute** is a must use when verifying end-to-end connectivity, | ||
- | - Local LAN IP | ||
- | - Local VPN IP | ||
- | - Remote VPN IP | ||
- | - Remote LAN IP | ||
- | The point where this fail provides a crucial insight into the issue you might be facing. | ||