nocci/mvpg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
mvpg/docs/FAQ.md
nocci 58d70409b5 New branch
2025-08-10 15:34:34 +02:00

241 lines
6.1 KiB
Markdown
Raw Blame History

# Frequently Asked Questions
## General Questions
### Q: What is the VPN Gateway?
**A:** It's a secure VPN gateway solution that routes all network traffic through a VPN connection with a permanent killswitch to prevent leaks.
### Q: Which VPN providers are supported?
**A:**
- Mullvad VPN (commercial service)
- Custom WireGuard servers (your own VPS)
- Any imported WireGuard configuration
### Q: Can I use this with OpenVPN?
**A:** No, this gateway only supports WireGuard protocol for better performance and security.
### Q: Is this free to use?
**A:** The software is free and open source. You need to provide your own VPN service (Mullvad account or custom server).
## Installation
### Q: What are the system requirements?
**A:**
- LXC container or Linux system
- Ubuntu 20.04+ or Debian 11+
- 512MB RAM minimum
- 1GB disk space
- Root access
### Q: Can I install on a Raspberry Pi?
**A:** Yes, as long as it runs a supported OS and has WireGuard kernel module support.
### Q: Does it work in Docker?
**A:** It requires privileged mode and NET_ADMIN capability. LXC is recommended over Docker.
### Q: Can I install on a VPS?
**A:** Yes, but be aware that the killswitch will block all traffic except through VPN, which might lock you out via SSH.
## Usage
### Q: No internet after disconnecting VPN?
**A:** This is correct behavior! The killswitch blocks all internet traffic when VPN is not connected. This prevents leaks.
### Q: Can I disable the killswitch?
**A:** No, the killswitch cannot be disabled through normal means. This is a security feature.
### Q: How do I access the WebUI?
**A:** Navigate to `http://<container-ip>` in your browser. The WebUI is always accessible from the local network.
### Q: Can I use multiple VPN connections simultaneously?
**A:** No, only one VPN connection is active at a time. You can switch between servers/providers via the WebUI.
## Security
### Q: Is this really secure?
**A:** Yes, when properly configured:
- Permanent killswitch prevents leaks
- DNS leak protection enabled
- IPv6 completely disabled
- Continuous security monitoring
### Q: What about WebRTC leaks?
**A:** WebRTC leaks are prevented at the firewall level. No direct peer connections are possible.
### Q: Can applications bypass the VPN?
**A:** No, all traffic is forced through the VPN tunnel or blocked by the killswitch.
### Q: Is my traffic logged?
**A:** The gateway itself doesn't log traffic. Logging depends on your VPN provider's policy.
## Troubleshooting
### Q: WebUI is not accessible
**A:**
```bash
# Check if service is running
sudo systemctl status vpn-webui
# Restart the service
sudo systemctl restart vpn-webui
# Check if port is open
sudo netstat -tlnp | grep 5000
```
### Q: VPN won't connect
**A:**
1. Check your credentials/keys are correct
2. Verify the server is reachable
3. Check firewall allows outbound UDP 51820
4. Review logs: `sudo journalctl -u vpn-webui -n 50`
### Q: DNS not working
**A:**
```bash
# Check DNS configuration
cat /etc/resolv.conf
# Test DNS resolution
nslookup google.com
# Restart VPN connection
sudo wg-quick down wg0
sudo wg-quick up wg0
```
### Q: High CPU usage
**A:**
- Check security monitor: `sudo systemctl status vpn-security-monitor`
- Reduce monitoring frequency if needed
- Check for packet loops in firewall rules
## Configuration
### Q: How do I add a custom DNS server?
**A:** Edit the WireGuard configuration:
```bash
sudo nano /etc/wireguard/wg0.conf
# Change DNS = line to your preferred servers
```
### Q: Can I change the WebUI port?
**A:** Yes, edit the systemd service:
```bash
sudo nano /etc/systemd/system/vpn-webui.service
# Change --bind 0.0.0.0:5000 to your desired port
sudo systemctl daemon-reload
sudo systemctl restart vpn-webui
```
### Q: How do I backup my configuration?
**A:**
```bash
sudo tar czf vpn-backup.tar.gz \
/opt/vpn-gateway \
/etc/wireguard \
/etc/systemd/system/vpn-*.service
```
### Q: How do I enable auto-reconnect?
**A:** Auto-reconnect is handled by the security monitor. Ensure it's running:
```bash
sudo systemctl enable vpn-security-monitor
sudo systemctl start vpn-security-monitor
```
## Advanced
### Q: Can I use split tunneling?
**A:** Yes, for custom servers. Modify the AllowedIPs in your WireGuard config:
```ini
# Only specific subnets through VPN
AllowedIPs = 10.0.0.0/8, 172.16.0.0/12
```
### Q: How do I set up failover?
**A:** Add multiple peers in the WireGuard configuration:
```ini
[Peer]
# Primary
PublicKey = xxx...
Endpoint = primary.example.com:51820
[Peer]
# Backup
PublicKey = yyy...
Endpoint = backup.example.com:51820
```
### Q: Can I monitor traffic statistics?
**A:**
```bash
# WireGuard statistics
wg show wg0 transfer
# Network statistics
vnstat -i wg0
# Real-time monitoring
iftop -i wg0
```
### Q: How do I integrate with existing infrastructure?
**A:**
- Use as default gateway for network segments
- Configure via DHCP options
- Set up policy-based routing for specific clients
## Updates
### Q: How do I update the VPN Gateway?
**A:**
```bash
sudo /usr/local/bin/vpn-update.sh
```
### Q: Will updates break my configuration?
**A:** No, updates preserve your configuration. Backups are created automatically.
### Q: How do I check for updates?
**A:**
```bash
# Check current version
cat /opt/vpn-gateway/version
# Check for updates
curl -s https://raw.githubusercontent.com/yourusername/vpn-gateway/main/version
```
## Support
### Q: Where can I get help?
**A:**
- GitHub Issues: https://github.com/yourusername/vpn-gateway/issues
- Documentation: https://github.com/yourusername/vpn-gateway/wiki
- Community Forum: [Link to forum]
### Q: How do I report a bug?
**A:** Open an issue on GitHub with:
- System information
- Error messages
- Steps to reproduce
- Relevant logs
### Q: Can I contribute?
**A:** Yes! Contributions are welcome:
- Submit pull requests
- Report bugs
- Improve documentation
- Share your setup
## Legal
### Q: Is this legal to use?
**A:** Yes, but check your local laws regarding VPN usage. Some countries restrict VPN use.
### Q: Can I use this commercially?
**A:** Yes, under the MIT license terms. See LICENSE file for details.
### Q: What about warranty?
**A:** This software is provided "as is" without warranty. Use at your own risk.
Reference in a new issue View git blame Copy permalink