6.1 KiB
Frequently Asked Questions
General Questions
Q: What is the VPN Gateway?
A: It's a secure VPN gateway solution that routes all network traffic through a VPN connection with a permanent killswitch to prevent leaks.
Q: Which VPN providers are supported?
A:
- Mullvad VPN (commercial service)
- Custom WireGuard servers (your own VPS)
- Any imported WireGuard configuration
Q: Can I use this with OpenVPN?
A: No, this gateway only supports WireGuard protocol for better performance and security.
Q: Is this free to use?
A: The software is free and open source. You need to provide your own VPN service (Mullvad account or custom server).
Installation
Q: What are the system requirements?
A:
- LXC container or Linux system
- Ubuntu 20.04+ or Debian 11+
- 512MB RAM minimum
- 1GB disk space
- Root access
Q: Can I install on a Raspberry Pi?
A: Yes, as long as it runs a supported OS and has WireGuard kernel module support.
Q: Does it work in Docker?
A: It requires privileged mode and NET_ADMIN capability. LXC is recommended over Docker.
Q: Can I install on a VPS?
A: Yes, but be aware that the killswitch will block all traffic except through VPN, which might lock you out via SSH.
Usage
Q: No internet after disconnecting VPN?
A: This is correct behavior! The killswitch blocks all internet traffic when VPN is not connected. This prevents leaks.
Q: Can I disable the killswitch?
A: No, the killswitch cannot be disabled through normal means. This is a security feature.
Q: How do I access the WebUI?
A: Navigate to http://<container-ip> in your browser. The WebUI is always accessible from the local network.
Q: Can I use multiple VPN connections simultaneously?
A: No, only one VPN connection is active at a time. You can switch between servers/providers via the WebUI.
Security
Q: Is this really secure?
A: Yes, when properly configured:
- Permanent killswitch prevents leaks
- DNS leak protection enabled
- IPv6 completely disabled
- Continuous security monitoring
Q: What about WebRTC leaks?
A: WebRTC leaks are prevented at the firewall level. No direct peer connections are possible.
Q: Can applications bypass the VPN?
A: No, all traffic is forced through the VPN tunnel or blocked by the killswitch.
Q: Is my traffic logged?
A: The gateway itself doesn't log traffic. Logging depends on your VPN provider's policy.
Troubleshooting
Q: WebUI is not accessible
A:
# Check if service is running
sudo systemctl status vpn-webui
# Restart the service
sudo systemctl restart vpn-webui
# Check if port is open
sudo netstat -tlnp | grep 5000
Q: VPN won't connect
A:
- Check your credentials/keys are correct
- Verify the server is reachable
- Check firewall allows outbound UDP 51820
- Review logs:
sudo journalctl -u vpn-webui -n 50
Q: DNS not working
A:
# Check DNS configuration
cat /etc/resolv.conf
# Test DNS resolution
nslookup google.com
# Restart VPN connection
sudo wg-quick down wg0
sudo wg-quick up wg0
Q: High CPU usage
A:
- Check security monitor:
sudo systemctl status vpn-security-monitor - Reduce monitoring frequency if needed
- Check for packet loops in firewall rules
Configuration
Q: How do I add a custom DNS server?
A: Edit the WireGuard configuration:
sudo nano /etc/wireguard/wg0.conf
# Change DNS = line to your preferred servers
Q: Can I change the WebUI port?
A: Yes, edit the systemd service:
sudo nano /etc/systemd/system/vpn-webui.service
# Change --bind 0.0.0.0:5000 to your desired port
sudo systemctl daemon-reload
sudo systemctl restart vpn-webui
Q: How do I backup my configuration?
A:
sudo tar czf vpn-backup.tar.gz \
/opt/vpn-gateway \
/etc/wireguard \
/etc/systemd/system/vpn-*.service
Q: How do I enable auto-reconnect?
A: Auto-reconnect is handled by the security monitor. Ensure it's running:
sudo systemctl enable vpn-security-monitor
sudo systemctl start vpn-security-monitor
Advanced
Q: Can I use split tunneling?
A: Yes, for custom servers. Modify the AllowedIPs in your WireGuard config:
# Only specific subnets through VPN
AllowedIPs = 10.0.0.0/8, 172.16.0.0/12
Q: How do I set up failover?
A: Add multiple peers in the WireGuard configuration:
[Peer]
# Primary
PublicKey = xxx...
Endpoint = primary.example.com:51820
[Peer]
# Backup
PublicKey = yyy...
Endpoint = backup.example.com:51820
Q: Can I monitor traffic statistics?
A:
# WireGuard statistics
wg show wg0 transfer
# Network statistics
vnstat -i wg0
# Real-time monitoring
iftop -i wg0
Q: How do I integrate with existing infrastructure?
A:
- Use as default gateway for network segments
- Configure via DHCP options
- Set up policy-based routing for specific clients
Updates
Q: How do I update the VPN Gateway?
A:
sudo /usr/local/bin/vpn-update.sh
Q: Will updates break my configuration?
A: No, updates preserve your configuration. Backups are created automatically.
Q: How do I check for updates?
A:
# Check current version
cat /opt/vpn-gateway/version
# Check for updates
curl -s https://raw.githubusercontent.com/yourusername/vpn-gateway/main/version
Support
Q: Where can I get help?
A:
- GitHub Issues: https://github.com/yourusername/vpn-gateway/issues
- Documentation: https://github.com/yourusername/vpn-gateway/wiki
- Community Forum: [Link to forum]
Q: How do I report a bug?
A: Open an issue on GitHub with:
- System information
- Error messages
- Steps to reproduce
- Relevant logs
Q: Can I contribute?
A: Yes! Contributions are welcome:
- Submit pull requests
- Report bugs
- Improve documentation
- Share your setup
Legal
Q: Is this legal to use?
A: Yes, but check your local laws regarding VPN usage. Some countries restrict VPN use.
Q: Can I use this commercially?
A: Yes, under the MIT license terms. See LICENSE file for details.
Q: What about warranty?
A: This software is provided "as is" without warranty. Use at your own risk.