diff --git a/how-to/wireguard-vpn/on-an-internal-system.md b/how-to/wireguard-vpn/on-an-internal-system.md
index 3bee8f5c..cd26aa99 100644
--- a/how-to/wireguard-vpn/on-an-internal-system.md
+++ b/how-to/wireguard-vpn/on-an-internal-system.md
@@ -7,22 +7,22 @@ However, you do have a spare system inside your network that you could use. Here
To recap, our home network has the `10.10.10.0/24` address, and we want to connect to it from a remote location and be "inserted" into that network as if we were there:
-```
- public internet
-10.10.10.11/24
- home0│ xxxxxx ppp0 ┌────────┐
- ┌─┴──┐ xx xxxxx ──────┤ router │
- │ ├─ppp0 xxx xx └───┬────┘ home network, .home domain
- │ │ xx x │ 10.10.10.0/24
- │ │ xxx xxx └───┬─────────┬─────────┐
- └────┘ xxxxxx │ │ │
- ┌─┴─┐ ┌─┴─┐ ┌─┴─┐
- wg0 ──┤ │ │ │ │ │
- 10.10.10.10/32 │pi4│ │NAS│ │...│
- │ │ │ │ │ │
- └───┘ └───┘ └───┘
-Reserved for VPN users:
-10.10.10.10-49
+```{mermaid}
+flowchart LR
+ subgraph home["home network, .home domain — 10.10.10.0/24"]
+ router["router"]
+ pi4["pi4"]
+ nas["NAS"]
+ extra["Y"]
+ dots["..."]
+ end
+ router --- pi4 & nas & extra & dots
+ host["home0
10.10.10.11/24"] -- |ppp0| --> internet(("public internet"))
+ internet -- |ppp0| --> router
+ host -. "wg0
10.10.10.10/32" .- pi4
+ note["Reserved for VPN users:
10.10.10.10–49"] --- router
+
+
```
## Router changes
diff --git a/how-to/wireguard-vpn/peer-to-site-on-router.md b/how-to/wireguard-vpn/peer-to-site-on-router.md
index bfa9239e..5436e1ea 100644
--- a/how-to/wireguard-vpn/peer-to-site-on-router.md
+++ b/how-to/wireguard-vpn/peer-to-site-on-router.md
@@ -4,20 +4,33 @@
In this diagram, we are depicting a home network with some devices and a router where we can install WireGuard.
+```{mermaid}
+
+flowchart LR
+ home0["home0"]
+ laptop["Laptop in Coffee shop"]
+ home0 --> laptop
+
+ internet(("public internet"))
+ vpn(("VPN network"))
+
+ subgraph home["home network, .home domain — 10.10.10.0/24"]
+ router["router (.1)"]
+ pi4["pi4"]
+ nas["NAS"]
+ extra["Y"]
+ dots["..."]
+ router --- pi4
+ router --- nas
+ router --- extra
+ router --- dots
+ end
+
+ laptop -- wlan0 --> internet
+ internet -- ppp0 --> router
+ laptop -. "wg0 10.10.11.2/24" .-> vpn
+ router -. "wg0 10.10.11.1/24" .-> vpn
```
- public internet ┌─── wg0 10.10.11.1/24
-10.10.11.2/24 │ VPN network
- home0│ xxxxxx ppp0 ┌───────┴┐
- ┌─┴──┐ xx xxxxx ──────┤ router │
- │ ├─wlan0 xx xx └───┬────┘ home network, .home domain
- │ │ xx x │.1 10.10.10.0/24
- │ │ xxx xxx └───┬─────────┬─────────┐
- └────┘ xxxxxx │ │ │
-Laptop in ┌─┴─┐ ┌─┴─┐ ┌─┴─┐
-Coffee shop │ │ │ │ │ │
- │pi4│ │NAS│ │...│
- │ │ │ │ │ │
- └───┘ └───┘ └───┘
```
Of course, this setup is only possible if you can install software on the router. Most of the time, when it's provided by your ISP, you can't. But some ISPs allow their device to be put into a bridge mode, in which case you can use your own device (a computer, a Raspberry PI, or something else) as the routing device.
diff --git a/how-to/wireguard-vpn/peer-to-site.md b/how-to/wireguard-vpn/peer-to-site.md
index 431dfeb4..0e0b3688 100644
--- a/how-to/wireguard-vpn/peer-to-site.md
+++ b/how-to/wireguard-vpn/peer-to-site.md
@@ -10,24 +10,28 @@ Where to place the remote WireGuard endpoint in the network will vary a lot depe
Here we will cover a simpler case more resembling what a home network could be like:
-```
- public internet
-
- xxxxxx ppp0 ┌────────┐
- ┌────┐ xx xxxx ──┤ router │
- │ ├─ppp0 xxx xx └───┬────┘
- │ │ xx x │ home 10.10.10.0/24
- │ │ xxx xxx └───┬─────────┬─────────┐
- └────┘ xxxxx │ │ │
- ┌─┴─┐ ┌─┴─┐ ┌─┴─┐
- │ │ │ │ │ │
- │pi4│ │NAS│ │...│
- │ │ │ │ │ │
- └───┘ └───┘ └───┘
+
+```{mermaid}
+
+flowchart LR
+ subgraph home["Home LAN 10.10.10.0/24"]
+ pi4["Raspberry Pi 4"]
+ nas["NAS"]
+ extra["Y"]
+ dots["..."]
+ end
+ host["Host"] -- ppp0 --> internet((("Public Internet")))
+ internet -- ppp0 --> router[["Router"]]
+ router --- pi4 & nas & extra & dots
+ style host fill:#FFE0B2
+ style internet fill:#BBDEFB
+ style router fill:#FFF9C4
+ style home fill:#FFD600
+
```
-This diagram represents a typical simple home network setup. You have a router/modem, usually provided by the ISP (Internet Service Provider), and some internal devices like a Raspberry PI perhaps, a NAS (Network Attached Storage), and some other device.
+This diagram represents a typical simple home network setup. You have a router/modem, usually provided by the ISP (Internet Service Provider), and some internal devices like a Raspberry PI perhaps, a NAS (Network Attached Storage), and some other devices.
There are basically two approaches that can be taken here: install WireGuard {ref}`on the router `, or on {ref}`another system in the home network `.
diff --git a/how-to/wireguard-vpn/site-to-site.md b/how-to/wireguard-vpn/site-to-site.md
index 2d62a878..0fa4730d 100644
--- a/how-to/wireguard-vpn/site-to-site.md
+++ b/how-to/wireguard-vpn/site-to-site.md
@@ -3,24 +3,30 @@
Another usual VPN configuration where one could deploy WireGuard is to connect two distinct networks over the internet. Here is a simplified diagram:
-```
- ┌─────── WireGuard tunnel ──────┐
- │ 10.10.9.0/31 │
- │ │
- 10.10.9.0 wgA│ xx │wgB 10.10.9.1
- ┌─┴─┐ xxx xxxx ┌─┴─┐
- alpha site │ │ext xx xx ext│ │ beta site
- │ ├─── x x ───┤ │
- 10.10.10.0/24 │ │ xx xx │ │ 10.10.11.0/24
- │ │ x x │ │
- └─┬─┘ x x └─┬─┘
- 10.10.10.1│ xx x │10.10.11.1
- ...┌─────────┬────┘ xx xxx xx └───┬─────────┐...
- │ │ xx xxxxx │ │
- │ │ │ │
- ┌─┴─┐ ┌─┴─┐ public internet ┌─┴─┐ ┌─┴─┐
- │ │ │ │ │ │ │ │
- └───┘ └───┘ └───┘ └───┘
+```{mermaid}
+
+ flowchart LR
+ subgraph alpha["alpha site — 10.10.10.0/24"]
+ alpha_gw["wgA
10.10.10.1
10.10.9.0"]
+ a_left["..."]
+ a_right["..."]
+ end
+ subgraph beta["beta site — 10.10.11.0/24"]
+ beta_gw["wgB
10.10.11.1
10.10.9.1"]
+ b_left["..."]
+ b_right["..."]
+ end
+ alpha_gw --- a_left & a_right
+ beta_gw --- b_left & b_right
+ alpha_gw -. ext .- internet(("public internet"))
+ internet -. ext .- beta_gw
+ alpha_gw -. "WireGuard tunnel
10.10.9.0/31" .- beta_gw
+
+ style internet fill:#BBDEFB
+ style alpha fill:#FFF9C4
+ style beta fill:#C8E6C9
+
+
```
The goal here is to seamlessly integrate network **alpha** with network **beta**, so that systems on the alpha site can transparently access systems on the beta site, and vice-versa.