# Frequently Asked Questions

## General Questions

### Q: What is the VPN Gateway?
**A:** It's a secure VPN gateway solution that routes all network traffic through a VPN connection with a permanent killswitch to prevent leaks.

### Q: Which VPN providers are supported?
**A:** 
- Mullvad VPN (commercial service)
- Custom WireGuard servers (your own VPS)
- Any imported WireGuard configuration

### Q: Can I use this with OpenVPN?
**A:** No, this gateway only supports WireGuard protocol for better performance and security.

### Q: Is this free to use?
**A:** The software is free and open source. You need to provide your own VPN service (Mullvad account or custom server).

## Installation

### Q: What are the system requirements?
**A:**
- LXC container or Linux system
- Ubuntu 20.04+ or Debian 11+
- 512MB RAM minimum
- 1GB disk space
- Root access

### Q: Can I install on a Raspberry Pi?
**A:** Yes, as long as it runs a supported OS and has WireGuard kernel module support.

### Q: Does it work in Docker?
**A:** It requires privileged mode and NET_ADMIN capability. LXC is recommended over Docker.

### Q: Can I install on a VPS?
**A:** Yes, but be aware that the killswitch will block all traffic except through VPN, which might lock you out via SSH.

## Usage

### Q: No internet after disconnecting VPN?
**A:** This is correct behavior! The killswitch blocks all internet traffic when VPN is not connected. This prevents leaks.

### Q: Can I disable the killswitch?
**A:** No, the killswitch cannot be disabled through normal means. This is a security feature.

### Q: How do I access the WebUI?
**A:** Navigate to `http://<container-ip>` in your browser. The WebUI is always accessible from the local network.

### Q: Can I use multiple VPN connections simultaneously?
**A:** No, only one VPN connection is active at a time. You can switch between servers/providers via the WebUI.

## Security

### Q: Is this really secure?
**A:** Yes, when properly configured:
- Permanent killswitch prevents leaks
- DNS leak protection enabled
- IPv6 completely disabled
- Continuous security monitoring

### Q: What about WebRTC leaks?
**A:** WebRTC leaks are prevented at the firewall level. No direct peer connections are possible.

### Q: Can applications bypass the VPN?
**A:** No, all traffic is forced through the VPN tunnel or blocked by the killswitch.

### Q: Is my traffic logged?
**A:** The gateway itself doesn't log traffic. Logging depends on your VPN provider's policy.

## Troubleshooting

### Q: WebUI is not accessible
**A:** 
```bash
# Check if service is running
sudo systemctl status vpn-webui

# Restart the service
sudo systemctl restart vpn-webui

# Check if port is open
sudo netstat -tlnp | grep 5000
```

### Q: VPN won't connect
**A:**
1. Check your credentials/keys are correct
2. Verify the server is reachable
3. Check firewall allows outbound UDP 51820
4. Review logs: `sudo journalctl -u vpn-webui -n 50`

### Q: DNS not working
**A:**
```bash
# Check DNS configuration
cat /etc/resolv.conf

# Test DNS resolution
nslookup google.com

# Restart VPN connection
sudo wg-quick down wg0
sudo wg-quick up wg0
```

### Q: High CPU usage
**A:**
- Check security monitor: `sudo systemctl status vpn-security-monitor`
- Reduce monitoring frequency if needed
- Check for packet loops in firewall rules

## Configuration

### Q: How do I add a custom DNS server?
**A:** Edit the WireGuard configuration:
```bash
sudo nano /etc/wireguard/wg0.conf
# Change DNS = line to your preferred servers
```

### Q: Can I change the WebUI port?
**A:** Yes, edit the systemd service:
```bash
sudo nano /etc/systemd/system/vpn-webui.service
# Change --bind 0.0.0.0:5000 to your desired port
sudo systemctl daemon-reload
sudo systemctl restart vpn-webui
```

### Q: How do I backup my configuration?
**A:**
```bash
sudo tar czf vpn-backup.tar.gz \
  /opt/vpn-gateway \
  /etc/wireguard \
  /etc/systemd/system/vpn-*.service
```

### Q: How do I enable auto-reconnect?
**A:** Auto-reconnect is handled by the security monitor. Ensure it's running:
```bash
sudo systemctl enable vpn-security-monitor
sudo systemctl start vpn-security-monitor
```

## Advanced

### Q: Can I use split tunneling?
**A:** Yes, for custom servers. Modify the AllowedIPs in your WireGuard config:
```ini
# Only specific subnets through VPN
AllowedIPs = 10.0.0.0/8, 172.16.0.0/12
```

### Q: How do I set up failover?
**A:** Add multiple peers in the WireGuard configuration:
```ini
[Peer]
# Primary
PublicKey = xxx...
Endpoint = primary.example.com:51820

[Peer] 
# Backup
PublicKey = yyy...
Endpoint = backup.example.com:51820
```

### Q: Can I monitor traffic statistics?
**A:**
```bash
# WireGuard statistics
wg show wg0 transfer

# Network statistics
vnstat -i wg0

# Real-time monitoring
iftop -i wg0
```

### Q: How do I integrate with existing infrastructure?
**A:** 
- Use as default gateway for network segments
- Configure via DHCP options
- Set up policy-based routing for specific clients

## Updates

### Q: How do I update the VPN Gateway?
**A:**
```bash
sudo /usr/local/bin/vpn-update.sh
```

### Q: Will updates break my configuration?
**A:** No, updates preserve your configuration. Backups are created automatically.

### Q: How do I check for updates?
**A:**
```bash
# Check current version
cat /opt/vpn-gateway/version

# Check for updates
curl -s https://raw.githubusercontent.com/yourusername/vpn-gateway/main/version
```

## Support

### Q: Where can I get help?
**A:**
- GitHub Issues: https://github.com/yourusername/vpn-gateway/issues
- Documentation: https://github.com/yourusername/vpn-gateway/wiki
- Community Forum: [Link to forum]

### Q: How do I report a bug?
**A:** Open an issue on GitHub with:
- System information
- Error messages
- Steps to reproduce
- Relevant logs

### Q: Can I contribute?
**A:** Yes! Contributions are welcome:
- Submit pull requests
- Report bugs
- Improve documentation
- Share your setup

## Legal

### Q: Is this legal to use?
**A:** Yes, but check your local laws regarding VPN usage. Some countries restrict VPN use.

### Q: Can I use this commercially?
**A:** Yes, under the MIT license terms. See LICENSE file for details.

### Q: What about warranty?
**A:** This software is provided "as is" without warranty. Use at your own risk.