mvpg/docs/FAQ.md

# Frequently Asked Questions

## General Questions

### Q: What is the VPN Gateway?
**A:** It's a secure VPN gateway solution that routes all network traffic through a VPN connection with a permanent killswitch to prevent leaks.

### Q: Which VPN providers are supported?
**A:** 
- Mullvad VPN (commercial service)
- Custom WireGuard servers (your own VPS)
- Any imported WireGuard configuration

### Q: Can I use this with OpenVPN?
**A:** No, this gateway only supports WireGuard protocol for better performance and security.

### Q: Is this free to use?
**A:** The software is free and open source. You need to provide your own VPN service (Mullvad account or custom server).

## Installation

### Q: What are the system requirements?
**A:**
- LXC container or Linux system
- Ubuntu 20.04+ or Debian 11+
- 512MB RAM minimum
- 1GB disk space
- Root access

### Q: Can I install on a Raspberry Pi?
**A:** Yes, as long as it runs a supported OS and has WireGuard kernel module support.

### Q: Does it work in Docker?
**A:** It requires privileged mode and NET_ADMIN capability. LXC is recommended over Docker.

### Q: Can I install on a VPS?
**A:** Yes, but be aware that the killswitch will block all traffic except through VPN, which might lock you out via SSH.

## Usage

### Q: No internet after disconnecting VPN?
**A:** This is correct behavior! The killswitch blocks all internet traffic when VPN is not connected. This prevents leaks.

### Q: Can I disable the killswitch?
**A:** No, the killswitch cannot be disabled through normal means. This is a security feature.

### Q: How do I access the WebUI?
**A:** Navigate to `http://<container-ip>` in your browser. The WebUI is always accessible from the local network.

### Q: Can I use multiple VPN connections simultaneously?
**A:** No, only one VPN connection is active at a time. You can switch between servers/providers via the WebUI.

## Security

### Q: Is this really secure?
**A:** Yes, when properly configured:
- Permanent killswitch prevents leaks
- DNS leak protection enabled
- IPv6 completely disabled
- Continuous security monitoring

### Q: What about WebRTC leaks?
**A:** WebRTC leaks are prevented at the firewall level. No direct peer connections are possible.

### Q: Can applications bypass the VPN?
**A:** No, all traffic is forced through the VPN tunnel or blocked by the killswitch.

### Q: Is my traffic logged?
**A:** The gateway itself doesn't log traffic. Logging depends on your VPN provider's policy.

## Troubleshooting

### Q: WebUI is not accessible
**A:** 
```bash
# Check if service is running
sudo systemctl status vpn-webui

# Restart the service
sudo systemctl restart vpn-webui

# Check if port is open
sudo netstat -tlnp | grep 5000
```

### Q: VPN won't connect
**A:**
1. Check your credentials/keys are correct
2. Verify the server is reachable
3. Check firewall allows outbound UDP 51820
4. Review logs: `sudo journalctl -u vpn-webui -n 50`

### Q: DNS not working
**A:**
```bash
# Check DNS configuration
cat /etc/resolv.conf

# Test DNS resolution
nslookup google.com

# Restart VPN connection
sudo wg-quick down wg0
sudo wg-quick up wg0
```

### Q: High CPU usage
**A:**
- Check security monitor: `sudo systemctl status vpn-security-monitor`
- Reduce monitoring frequency if needed
- Check for packet loops in firewall rules

## Configuration

### Q: How do I add a custom DNS server?
**A:** Edit the WireGuard configuration:
```bash
sudo nano /etc/wireguard/wg0.conf
# Change DNS = line to your preferred servers
```

### Q: Can I change the WebUI port?
**A:** Yes, edit the systemd service:
```bash
sudo nano /etc/systemd/system/vpn-webui.service
# Change --bind 0.0.0.0:5000 to your desired port
sudo systemctl daemon-reload
sudo systemctl restart vpn-webui
```

### Q: How do I backup my configuration?
**A:**
```bash
sudo tar czf vpn-backup.tar.gz \
  /opt/vpn-gateway \
  /etc/wireguard \
  /etc/systemd/system/vpn-*.service
```

### Q: How do I enable auto-reconnect?
**A:** Auto-reconnect is handled by the security monitor. Ensure it's running:
```bash
sudo systemctl enable vpn-security-monitor
sudo systemctl start vpn-security-monitor
```

## Advanced

### Q: Can I use split tunneling?
**A:** Yes, for custom servers. Modify the AllowedIPs in your WireGuard config:
```ini
# Only specific subnets through VPN
AllowedIPs = 10.0.0.0/8, 172.16.0.0/12
```

### Q: How do I set up failover?
**A:** Add multiple peers in the WireGuard configuration:
```ini
[Peer]
# Primary
PublicKey = xxx...
Endpoint = primary.example.com:51820

[Peer] 
# Backup
PublicKey = yyy...
Endpoint = backup.example.com:51820
```

### Q: Can I monitor traffic statistics?
**A:**
```bash
# WireGuard statistics
wg show wg0 transfer

# Network statistics
vnstat -i wg0

# Real-time monitoring
iftop -i wg0
```

### Q: How do I integrate with existing infrastructure?
**A:** 
- Use as default gateway for network segments
- Configure via DHCP options
- Set up policy-based routing for specific clients

## Updates

### Q: How do I update the VPN Gateway?
**A:**
```bash
sudo /usr/local/bin/vpn-update.sh
```

### Q: Will updates break my configuration?
**A:** No, updates preserve your configuration. Backups are created automatically.

### Q: How do I check for updates?
**A:**
```bash
# Check current version
cat /opt/vpn-gateway/version

# Check for updates
curl -s https://raw.githubusercontent.com/yourusername/vpn-gateway/main/version
```

## Support

### Q: Where can I get help?
**A:**
- GitHub Issues: https://github.com/yourusername/vpn-gateway/issues
- Documentation: https://github.com/yourusername/vpn-gateway/wiki
- Community Forum: [Link to forum]

### Q: How do I report a bug?
**A:** Open an issue on GitHub with:
- System information
- Error messages
- Steps to reproduce
- Relevant logs

### Q: Can I contribute?
**A:** Yes! Contributions are welcome:
- Submit pull requests
- Report bugs
- Improve documentation
- Share your setup

## Legal

### Q: Is this legal to use?
**A:** Yes, but check your local laws regarding VPN usage. Some countries restrict VPN use.

### Q: Can I use this commercially?
**A:** Yes, under the MIT license terms. See LICENSE file for details.

### Q: What about warranty?
**A:** This software is provided "as is" without warranty. Use at your own risk.
New branch 2025-08-10 15:34:34 +02:00			`# Frequently Asked Questions`

			`## General Questions`

			`### Q: What is the VPN Gateway?`
			`A: It's a secure VPN gateway solution that routes all network traffic through a VPN connection with a permanent killswitch to prevent leaks.`

			`### Q: Which VPN providers are supported?`
			`A:`
			`- Mullvad VPN (commercial service)`
			`- Custom WireGuard servers (your own VPS)`
			`- Any imported WireGuard configuration`

			`### Q: Can I use this with OpenVPN?`
			`A: No, this gateway only supports WireGuard protocol for better performance and security.`

			`### Q: Is this free to use?`
			`A: The software is free and open source. You need to provide your own VPN service (Mullvad account or custom server).`

			`## Installation`

			`### Q: What are the system requirements?`
			`A:`
			`- LXC container or Linux system`
			`- Ubuntu 20.04+ or Debian 11+`
			`- 512MB RAM minimum`
			`- 1GB disk space`
			`- Root access`

			`### Q: Can I install on a Raspberry Pi?`
			`A: Yes, as long as it runs a supported OS and has WireGuard kernel module support.`

			`### Q: Does it work in Docker?`
			`A: It requires privileged mode and NET_ADMIN capability. LXC is recommended over Docker.`

			`### Q: Can I install on a VPS?`
			`A: Yes, but be aware that the killswitch will block all traffic except through VPN, which might lock you out via SSH.`

			`## Usage`

			`### Q: No internet after disconnecting VPN?`
			`A: This is correct behavior! The killswitch blocks all internet traffic when VPN is not connected. This prevents leaks.`

			`### Q: Can I disable the killswitch?`
			`A: No, the killswitch cannot be disabled through normal means. This is a security feature.`

			`### Q: How do I access the WebUI?`
			A: Navigate to `http://<container-ip>` in your browser. The WebUI is always accessible from the local network.

			`### Q: Can I use multiple VPN connections simultaneously?`
			`A: No, only one VPN connection is active at a time. You can switch between servers/providers via the WebUI.`

			`## Security`

			`### Q: Is this really secure?`
			`A: Yes, when properly configured:`
			`- Permanent killswitch prevents leaks`
			`- DNS leak protection enabled`
			`- IPv6 completely disabled`
			`- Continuous security monitoring`

			`### Q: What about WebRTC leaks?`
			`A: WebRTC leaks are prevented at the firewall level. No direct peer connections are possible.`

			`### Q: Can applications bypass the VPN?`
			`A: No, all traffic is forced through the VPN tunnel or blocked by the killswitch.`

			`### Q: Is my traffic logged?`
			`A: The gateway itself doesn't log traffic. Logging depends on your VPN provider's policy.`

			`## Troubleshooting`

			`### Q: WebUI is not accessible`
			`A:`
			```bash
			`# Check if service is running`
			`sudo systemctl status vpn-webui`

			`# Restart the service`
			`sudo systemctl restart vpn-webui`

			`# Check if port is open`
			`sudo netstat -tlnp \| grep 5000`
			```

			`### Q: VPN won't connect`
			`A:`
			`1. Check your credentials/keys are correct`
			`2. Verify the server is reachable`
			`3. Check firewall allows outbound UDP 51820`
			4. Review logs: `sudo journalctl -u vpn-webui -n 50`

			`### Q: DNS not working`
			`A:`
			```bash
			`# Check DNS configuration`
			`cat /etc/resolv.conf`

			`# Test DNS resolution`
			`nslookup google.com`

			`# Restart VPN connection`
			`sudo wg-quick down wg0`
			`sudo wg-quick up wg0`
			```

			`### Q: High CPU usage`
			`A:`
			- Check security monitor: `sudo systemctl status vpn-security-monitor`
			`- Reduce monitoring frequency if needed`
			`- Check for packet loops in firewall rules`

			`## Configuration`

			`### Q: How do I add a custom DNS server?`
			`A: Edit the WireGuard configuration:`
			```bash
			`sudo nano /etc/wireguard/wg0.conf`
			`# Change DNS = line to your preferred servers`
			```

			`### Q: Can I change the WebUI port?`
			`A: Yes, edit the systemd service:`
			```bash
			`sudo nano /etc/systemd/system/vpn-webui.service`
			`# Change --bind 0.0.0.0:5000 to your desired port`
			`sudo systemctl daemon-reload`
			`sudo systemctl restart vpn-webui`
			```

			`### Q: How do I backup my configuration?`
			`A:`
			```bash
			`sudo tar czf vpn-backup.tar.gz \`
			`/opt/vpn-gateway \`
			`/etc/wireguard \`
			`/etc/systemd/system/vpn-*.service`
			```

			`### Q: How do I enable auto-reconnect?`
			`A: Auto-reconnect is handled by the security monitor. Ensure it's running:`
			```bash
			`sudo systemctl enable vpn-security-monitor`
			`sudo systemctl start vpn-security-monitor`
			```

			`## Advanced`

			`### Q: Can I use split tunneling?`
			`A: Yes, for custom servers. Modify the AllowedIPs in your WireGuard config:`
			```ini
			`# Only specific subnets through VPN`
			`AllowedIPs = 10.0.0.0/8, 172.16.0.0/12`
			```

			`### Q: How do I set up failover?`
			`A: Add multiple peers in the WireGuard configuration:`
			```ini
			`[Peer]`
			`# Primary`
			`PublicKey = xxx...`
			`Endpoint = primary.example.com:51820`

			`[Peer]`
			`# Backup`
			`PublicKey = yyy...`
			`Endpoint = backup.example.com:51820`
			```

			`### Q: Can I monitor traffic statistics?`
			`A:`
			```bash
			`# WireGuard statistics`
			`wg show wg0 transfer`

			`# Network statistics`
			`vnstat -i wg0`

			`# Real-time monitoring`
			`iftop -i wg0`
			```

			`### Q: How do I integrate with existing infrastructure?`
			`A:`
			`- Use as default gateway for network segments`
			`- Configure via DHCP options`
			`- Set up policy-based routing for specific clients`

			`## Updates`

			`### Q: How do I update the VPN Gateway?`
			`A:`
			```bash
			`sudo /usr/local/bin/vpn-update.sh`
			```

			`### Q: Will updates break my configuration?`
			`A: No, updates preserve your configuration. Backups are created automatically.`

			`### Q: How do I check for updates?`
			`A:`
			```bash
			`# Check current version`
			`cat /opt/vpn-gateway/version`

			`# Check for updates`
			`curl -s https://raw.githubusercontent.com/yourusername/vpn-gateway/main/version`
			```

			`## Support`

			`### Q: Where can I get help?`
			`A:`
			`- GitHub Issues: https://github.com/yourusername/vpn-gateway/issues`
			`- Documentation: https://github.com/yourusername/vpn-gateway/wiki`
			`- Community Forum: [Link to forum]`

			`### Q: How do I report a bug?`
			`A: Open an issue on GitHub with:`
			`- System information`
			`- Error messages`
			`- Steps to reproduce`
			`- Relevant logs`

			`### Q: Can I contribute?`
			`A: Yes! Contributions are welcome:`
			`- Submit pull requests`
			`- Report bugs`
			`- Improve documentation`
			`- Share your setup`

			`## Legal`

			`### Q: Is this legal to use?`
			`A: Yes, but check your local laws regarding VPN usage. Some countries restrict VPN use.`

			`### Q: Can I use this commercially?`
			`A: Yes, under the MIT license terms. See LICENSE file for details.`

			`### Q: What about warranty?`
			`A: This software is provided "as is" without warranty. Use at your own risk.`