New branch
This commit is contained in:
commit
58d70409b5
31 changed files with 9093 additions and 0 deletions
241
docs/FAQ.md
Normal file
241
docs/FAQ.md
Normal file
|
|
@ -0,0 +1,241 @@
|
|||
# Frequently Asked Questions
|
||||
|
||||
## General Questions
|
||||
|
||||
### Q: What is the VPN Gateway?
|
||||
**A:** It's a secure VPN gateway solution that routes all network traffic through a VPN connection with a permanent killswitch to prevent leaks.
|
||||
|
||||
### Q: Which VPN providers are supported?
|
||||
**A:**
|
||||
- Mullvad VPN (commercial service)
|
||||
- Custom WireGuard servers (your own VPS)
|
||||
- Any imported WireGuard configuration
|
||||
|
||||
### Q: Can I use this with OpenVPN?
|
||||
**A:** No, this gateway only supports WireGuard protocol for better performance and security.
|
||||
|
||||
### Q: Is this free to use?
|
||||
**A:** The software is free and open source. You need to provide your own VPN service (Mullvad account or custom server).
|
||||
|
||||
## Installation
|
||||
|
||||
### Q: What are the system requirements?
|
||||
**A:**
|
||||
- LXC container or Linux system
|
||||
- Ubuntu 20.04+ or Debian 11+
|
||||
- 512MB RAM minimum
|
||||
- 1GB disk space
|
||||
- Root access
|
||||
|
||||
### Q: Can I install on a Raspberry Pi?
|
||||
**A:** Yes, as long as it runs a supported OS and has WireGuard kernel module support.
|
||||
|
||||
### Q: Does it work in Docker?
|
||||
**A:** It requires privileged mode and NET_ADMIN capability. LXC is recommended over Docker.
|
||||
|
||||
### Q: Can I install on a VPS?
|
||||
**A:** Yes, but be aware that the killswitch will block all traffic except through VPN, which might lock you out via SSH.
|
||||
|
||||
## Usage
|
||||
|
||||
### Q: No internet after disconnecting VPN?
|
||||
**A:** This is correct behavior! The killswitch blocks all internet traffic when VPN is not connected. This prevents leaks.
|
||||
|
||||
### Q: Can I disable the killswitch?
|
||||
**A:** No, the killswitch cannot be disabled through normal means. This is a security feature.
|
||||
|
||||
### Q: How do I access the WebUI?
|
||||
**A:** Navigate to `http://<container-ip>` in your browser. The WebUI is always accessible from the local network.
|
||||
|
||||
### Q: Can I use multiple VPN connections simultaneously?
|
||||
**A:** No, only one VPN connection is active at a time. You can switch between servers/providers via the WebUI.
|
||||
|
||||
## Security
|
||||
|
||||
### Q: Is this really secure?
|
||||
**A:** Yes, when properly configured:
|
||||
- Permanent killswitch prevents leaks
|
||||
- DNS leak protection enabled
|
||||
- IPv6 completely disabled
|
||||
- Continuous security monitoring
|
||||
|
||||
### Q: What about WebRTC leaks?
|
||||
**A:** WebRTC leaks are prevented at the firewall level. No direct peer connections are possible.
|
||||
|
||||
### Q: Can applications bypass the VPN?
|
||||
**A:** No, all traffic is forced through the VPN tunnel or blocked by the killswitch.
|
||||
|
||||
### Q: Is my traffic logged?
|
||||
**A:** The gateway itself doesn't log traffic. Logging depends on your VPN provider's policy.
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Q: WebUI is not accessible
|
||||
**A:**
|
||||
```bash
|
||||
# Check if service is running
|
||||
sudo systemctl status vpn-webui
|
||||
|
||||
# Restart the service
|
||||
sudo systemctl restart vpn-webui
|
||||
|
||||
# Check if port is open
|
||||
sudo netstat -tlnp | grep 5000
|
||||
```
|
||||
|
||||
### Q: VPN won't connect
|
||||
**A:**
|
||||
1. Check your credentials/keys are correct
|
||||
2. Verify the server is reachable
|
||||
3. Check firewall allows outbound UDP 51820
|
||||
4. Review logs: `sudo journalctl -u vpn-webui -n 50`
|
||||
|
||||
### Q: DNS not working
|
||||
**A:**
|
||||
```bash
|
||||
# Check DNS configuration
|
||||
cat /etc/resolv.conf
|
||||
|
||||
# Test DNS resolution
|
||||
nslookup google.com
|
||||
|
||||
# Restart VPN connection
|
||||
sudo wg-quick down wg0
|
||||
sudo wg-quick up wg0
|
||||
```
|
||||
|
||||
### Q: High CPU usage
|
||||
**A:**
|
||||
- Check security monitor: `sudo systemctl status vpn-security-monitor`
|
||||
- Reduce monitoring frequency if needed
|
||||
- Check for packet loops in firewall rules
|
||||
|
||||
## Configuration
|
||||
|
||||
### Q: How do I add a custom DNS server?
|
||||
**A:** Edit the WireGuard configuration:
|
||||
```bash
|
||||
sudo nano /etc/wireguard/wg0.conf
|
||||
# Change DNS = line to your preferred servers
|
||||
```
|
||||
|
||||
### Q: Can I change the WebUI port?
|
||||
**A:** Yes, edit the systemd service:
|
||||
```bash
|
||||
sudo nano /etc/systemd/system/vpn-webui.service
|
||||
# Change --bind 0.0.0.0:5000 to your desired port
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl restart vpn-webui
|
||||
```
|
||||
|
||||
### Q: How do I backup my configuration?
|
||||
**A:**
|
||||
```bash
|
||||
sudo tar czf vpn-backup.tar.gz \
|
||||
/opt/vpn-gateway \
|
||||
/etc/wireguard \
|
||||
/etc/systemd/system/vpn-*.service
|
||||
```
|
||||
|
||||
### Q: How do I enable auto-reconnect?
|
||||
**A:** Auto-reconnect is handled by the security monitor. Ensure it's running:
|
||||
```bash
|
||||
sudo systemctl enable vpn-security-monitor
|
||||
sudo systemctl start vpn-security-monitor
|
||||
```
|
||||
|
||||
## Advanced
|
||||
|
||||
### Q: Can I use split tunneling?
|
||||
**A:** Yes, for custom servers. Modify the AllowedIPs in your WireGuard config:
|
||||
```ini
|
||||
# Only specific subnets through VPN
|
||||
AllowedIPs = 10.0.0.0/8, 172.16.0.0/12
|
||||
```
|
||||
|
||||
### Q: How do I set up failover?
|
||||
**A:** Add multiple peers in the WireGuard configuration:
|
||||
```ini
|
||||
[Peer]
|
||||
# Primary
|
||||
PublicKey = xxx...
|
||||
Endpoint = primary.example.com:51820
|
||||
|
||||
[Peer]
|
||||
# Backup
|
||||
PublicKey = yyy...
|
||||
Endpoint = backup.example.com:51820
|
||||
```
|
||||
|
||||
### Q: Can I monitor traffic statistics?
|
||||
**A:**
|
||||
```bash
|
||||
# WireGuard statistics
|
||||
wg show wg0 transfer
|
||||
|
||||
# Network statistics
|
||||
vnstat -i wg0
|
||||
|
||||
# Real-time monitoring
|
||||
iftop -i wg0
|
||||
```
|
||||
|
||||
### Q: How do I integrate with existing infrastructure?
|
||||
**A:**
|
||||
- Use as default gateway for network segments
|
||||
- Configure via DHCP options
|
||||
- Set up policy-based routing for specific clients
|
||||
|
||||
## Updates
|
||||
|
||||
### Q: How do I update the VPN Gateway?
|
||||
**A:**
|
||||
```bash
|
||||
sudo /usr/local/bin/vpn-update.sh
|
||||
```
|
||||
|
||||
### Q: Will updates break my configuration?
|
||||
**A:** No, updates preserve your configuration. Backups are created automatically.
|
||||
|
||||
### Q: How do I check for updates?
|
||||
**A:**
|
||||
```bash
|
||||
# Check current version
|
||||
cat /opt/vpn-gateway/version
|
||||
|
||||
# Check for updates
|
||||
curl -s https://raw.githubusercontent.com/yourusername/vpn-gateway/main/version
|
||||
```
|
||||
|
||||
## Support
|
||||
|
||||
### Q: Where can I get help?
|
||||
**A:**
|
||||
- GitHub Issues: https://github.com/yourusername/vpn-gateway/issues
|
||||
- Documentation: https://github.com/yourusername/vpn-gateway/wiki
|
||||
- Community Forum: [Link to forum]
|
||||
|
||||
### Q: How do I report a bug?
|
||||
**A:** Open an issue on GitHub with:
|
||||
- System information
|
||||
- Error messages
|
||||
- Steps to reproduce
|
||||
- Relevant logs
|
||||
|
||||
### Q: Can I contribute?
|
||||
**A:** Yes! Contributions are welcome:
|
||||
- Submit pull requests
|
||||
- Report bugs
|
||||
- Improve documentation
|
||||
- Share your setup
|
||||
|
||||
## Legal
|
||||
|
||||
### Q: Is this legal to use?
|
||||
**A:** Yes, but check your local laws regarding VPN usage. Some countries restrict VPN use.
|
||||
|
||||
### Q: Can I use this commercially?
|
||||
**A:** Yes, under the MIT license terms. See LICENSE file for details.
|
||||
|
||||
### Q: What about warranty?
|
||||
**A:** This software is provided "as is" without warranty. Use at your own risk.
|
||||
Loading…
Add table
Add a link
Reference in a new issue