Line 88: |
Line 88: |
| <tr> | | <tr> |
| <td>TUN/TAP</td> | | <td>TUN/TAP</td> |
− | <td>TUN (tunnel) {{!}} TAP (bridged); default: <b>TUN (tunnel)</b></td> | + | <td>TUN (tunnel) {{!}} <span style="color:brown ;">TAP (bridged)</span>; default: <b>TUN (tunnel)</b></td> |
| <td>Virtual network device type. | | <td>Virtual network device type. |
| <ul> | | <ul> |
Line 95: |
Line 95: |
| </ul> | | </ul> |
| </td> | | </td> |
| + | </tr> |
| + | <tr> |
| + | <td><span style="color:brown ;">Bridge</span></td> |
| + | <td>Bridge interface for TAP; default: br-lan</td> |
| + | <td>Assign a TAP interface to a bridge.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
Line 744: |
Line 749: |
| <tr> | | <tr> |
| <td>Authentication method</td> | | <td>Authentication method</td> |
− | <td>Pre-shared key {{!}} <span style="color:darkred">X.509 {{!}} EAP</span> {{!}} <span style="color:blue">PKCS#12</span>; default: <b>Pre-shared key</b></td> | + | <td><span style="color:chocolate">Pre-shared key</span> {{!}} <span style="color:darkred">X.509 {{!}} EAP</span> {{!}} <span style="color:blue">PKCS#12</span>; default: <b>Pre-shared key</b></td> |
| <td>Specify authentication method. Choose between Pre-shared key and X.509 certificates.</td> | | <td>Specify authentication method. Choose between Pre-shared key and X.509 certificates.</td> |
| </tr> | | </tr> |
Line 2,091: |
Line 2,096: |
| WireGuard works by adding an interface which acts as a tunnel. To create one enter its name and click the <b>Add</b> button. This should add a new Wireguard instance and open a configuration window. | | WireGuard works by adding an interface which acts as a tunnel. To create one enter its name and click the <b>Add</b> button. This should add a new Wireguard instance and open a configuration window. |
| | | |
− | [[File:Networking_rutx_vpn_wireguard_v1.png|border|class=tlt-border]] | + | [[File:Networking_rutx_vpn_wireguard_v2.png|border|class=tlt-border]] |
| | | |
| ===General Instance Settings=== | | ===General Instance Settings=== |
Line 2,099: |
Line 2,104: |
| Private keys and generate them, specify Port and IP addresses for communication. | | Private keys and generate them, specify Port and IP addresses for communication. |
| | | |
− | [[File:Networking_rutx_vpn_wireguard_instance_general_v1.png|border|class=tlt-border]] | + | [[File:Networking_rutx_vpn_wireguard_instance_general_v3.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 2,114: |
Line 2,119: |
| <tr> | | <tr> |
| <td>Private Key</td> | | <td>Private Key</td> |
− | <td>string; default: <b>none</b></td> | + | <td>string; default: <b>-</b></td> |
| <td>Private Key used in authentication.</td> | | <td>Private Key used in authentication.</td> |
| </tr> | | </tr> |
Line 2,123: |
Line 2,128: |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td>Generate</td> | + | <td>Generate key pair</td> |
| <td>-(interactive button)</td> | | <td>-(interactive button)</td> |
| <td>Click to generate Public Key and Private Key.</td> | | <td>Click to generate Public Key and Private Key.</td> |
− | </tr>
| |
− | <tr>
| |
− | <td>Listen Port</td>
| |
− | <td>integer [0..65535]; default: <b>none</b></td>
| |
− | <td>Specify port to listen for incomming connections. It will be set to a random integer if left empty.</td>
| |
| </tr> | | </tr> |
| <tr> | | <tr> |
Line 2,145: |
Line 2,145: |
| Advanced Settings section contains Metric and MTU configuration for this WireGuard interface. | | Advanced Settings section contains Metric and MTU configuration for this WireGuard interface. |
| | | |
− | [[File:Networking_rutos_vpn_wireguard_instance_advanced_v2.png|border|class=tlt-border]] | + | [[File:Networking_rutos_vpn_wireguard_instance_advanced_v3.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 2,156: |
Line 2,156: |
| <td>Metric</td> | | <td>Metric</td> |
| <td>positive integer; default: <b>none</b></td> | | <td>positive integer; default: <b>none</b></td> |
− | <td>Specify metric for this tunnel interface. Lower number means higher priority.</td> | + | <td>Specify (Optional) metric for this tunnel interface. Lower number means higher priority.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Listen port</td> |
| + | <td>integer [1..65535]; default: <b>51820</b></td> |
| + | <td>Required. UDP port used for outgoing and incoming packets.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
| <td>MTU</td> | | <td>MTU</td> |
− | <td>integer [1280..1420]; default: <b>none</b></td> | + | <td>integer [68..9200]; default: <b>none</b></td> |
− | <td>Maximum Transmission Unit for this tunnel interface.</td> | + | <td>Maximum Transmission Unit of tunnel interface. Range [68 to 9200]. If not specified, the MTU is automatically determined by physical interface MTU value.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
| <td>DNS servers</td> | | <td>DNS servers</td> |
− | <td>ip | ips; default: <b>none</b></td> | + | <td>ip; default: <b>none</b></td> |
| <td>DNS server(s) for this Wireguard interface.</td> | | <td>DNS server(s) for this Wireguard interface.</td> |
| </tr> | | </tr> |
Line 2,174: |
Line 2,179: |
| ---- | | ---- |
| | | |
− | The Peers section is used to create and configure all the peers for this interface. | + | The Peers section is used to create and configure all the peers for this interface. To create one enter its name and click the <b>Add</b> button. |
− | To create one enter its name and click the <b>Add</b> button. | + | |
− | To configure it click the <b>Edit</b> [[File:Networking_rutx_manual_edit_button_v1.png]] button.
| + | [[File:Networking_rutx_vpn_wireguard_instance_peer_v3.png|border|class=tlt-border]] |
− | [[File:Networking_rutx_vpn_wireguard_instance_peer_v2.png|border|class=tlt-border]] | |
| | | |
| | | |
Line 2,185: |
Line 2,189: |
| In the General section of Peer instance you can configure basic information about the endpoint to allow communications. | | In the General section of Peer instance you can configure basic information about the endpoint to allow communications. |
| | | |
− | [[File:Networking_rutos_vpn_wireguard_instance_peer_instance_general_v2.png|border|class=tlt-border]] | + | [[File:Networking_rutos_vpn_wireguard_instance_peer_instance_general_v3.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 2,196: |
Line 2,200: |
| <td>Public Key</td> | | <td>Public Key</td> |
| <td>string; default: <b>none</b></td> | | <td>string; default: <b>none</b></td> |
− | <td>Endpoint's Public Key.</td> | + | <td>Base64-encoded public key of peer.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Endpoint host</td> |
| + | <td>domain name {{!}} ip; default: <b>none</b></td> |
| + | <td>Host of peer. Names are resolved prior to bringing up the interface.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
| <td>Allowed IPs</td> | | <td>Allowed IPs</td> |
| <td>ip; default: <b>none</b></td> | | <td>ip; default: <b>none</b></td> |
− | <td>A single IP address or a list of them which are allowed to communicate with this peer.</td> | + | <td>IP addresses and prefixes that this peer is allowed to use inside the tunnel. Usually the peer's tunnel IP addresses and the networks the peer routes through the tunnel.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
Line 2,211: |
Line 2,220: |
| <td>Route Allowed IPs</td> | | <td>Route Allowed IPs</td> |
| <td>off {{!}} on; default: <b>off</b></td> | | <td>off {{!}} on; default: <b>off</b></td> |
− | <td>Enable to create routes for <b>Allowed IPs</b> for this peer.</td> | + | <td>Create routes for Allowed IPs for this peer.</td> |
| </tr> | | </tr> |
| </table> | | </table> |
Line 2,222: |
Line 2,231: |
| settings such as its Description, Endpoint Host and Port, Preshared Key and other. | | settings such as its Description, Endpoint Host and Port, Preshared Key and other. |
| See more information below. | | See more information below. |
− | [[File:Networking_rutx_vpn_wireguard_instance_peer_instance_advanced_v1.png|border|class=tlt-border]] | + | [[File:Networking_rutx_vpn_wireguard_instance_peer_instance_advanced_v2.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 2,231: |
Line 2,240: |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td>Description</td> | + | <td>Tunnel source</td> |
− | <td>string; default: <b>none</b></td> | + | <td>Any {{!}} LAN {{!}} WAN {{!}} Mobile; default: <b>Any</b></td> |
− | <td>Description of this peer.</td> | + | <td>Interface to bind this instance to.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
Line 2,241: |
Line 2,250: |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td>Route Allowed IPs</td>
| + | <td>Endpoint Port</td> |
− | <td>off {{!}} on; default: <b>off</b></td> | + | <td>integer [1..65535]; default: <b>none</b></td> |
− | <td>Enable to create routes for <b>Allowed IPs</b> for this peer.</td> | + | <td>Port of peer.</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td>Endpoint Host</td> | + | <td>Persistent Keep Alive</td> |
− | <td>ip {{!}} url; default: <b>none</b></td>
| |
− | <td>IP or URL of Remote Endpoint.</td>
| |
− | </tr>
| |
− | <tr>
| |
− | <td>Endpoint Port</td>
| |
| <td>integer [0..65535]; default: <b>none</b></td> | | <td>integer [0..65535]; default: <b>none</b></td> |
− | <td>Specify port to connect to Remote Endpoint. It will be set to <b>51820</b> if left empty.</td> | + | <td>Seconds between keep alive messages. Default is 0 (disabled). Recommended value if this device is behind a NAT is 25. Range [0 to 65535].</td> |
| </tr> | | </tr> |
| <tr> | | <tr> |
− | <td>Persistent Keep Alive</td> | + | <td>Routing table</td> |
− | <td>integer [0..65535]; default: <b>none</b></td> | + | <td>string; default: <b>none</b></td> |
− | <td>Specify time amount in seconds between Keep Alive messages. By default this option is <b>0</b> which means it is disabled. Recommended value for a device behind NAT is 25.</td> | + | <td>Defines which routing table to use for this peer routes, not necessary to configure for most setups..</td> |
| </tr> | | </tr> |
| </table> | | </table> |