From 706c559d21b47c26949183f58e76a8ae2f8e7662 Mon Sep 17 00:00:00 2001 From: Maria B de la Serna-Lopez <148390279+MariaBego56@users.noreply.github.com> Date: Mon, 20 Oct 2025 22:47:10 +0100 Subject: [PATCH 01/10] WireGuard VPN - peer-to-site Update the network diagram to use flowchart syntax . I used Mermaid (diagrams as code) for easier maintenance. --- how-to/wireguard-vpn/peer-to-site.md | 31 ++++++++++++++++------------ 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/how-to/wireguard-vpn/peer-to-site.md b/how-to/wireguard-vpn/peer-to-site.md index 431dfeb4..cb5cf3ec 100644 --- a/how-to/wireguard-vpn/peer-to-site.md +++ b/how-to/wireguard-vpn/peer-to-site.md @@ -11,19 +11,24 @@ Where to place the remote WireGuard endpoint in the network will vary a lot depe Here we will cover a simpler case more resembling what a home network could be like: ``` - public internet - - xxxxxx ppp0 ┌────────┐ - ┌────┐ xx xxxx ──┤ router │ - │ ├─ppp0 xxx xx └───┬────┘ - │ │ xx x │ home 10.10.10.0/24 - │ │ xxx xxx └───┬─────────┬─────────┐ - └────┘ xxxxx │ │ │ - ┌─┴─┐ ┌─┴─┐ ┌─┴─┐ - │ │ │ │ │ │ - │pi4│ │NAS│ │...│ - │ │ │ │ │ │ - └───┘ └───┘ └───┘ +--- +config: + layout: dagre +--- +flowchart LR + subgraph home["Home LAN 10.10.10.0/24"] + pi4["Raspberry Pi 4"] + nas["NAS"] + dots["..."] + end + host["Host"] -- ppp0 --> internet((("Public Internet"))) + internet -- ppp0 --> router[["Router"]] + router --- pi4 & nas & dots + style host fill:#FFE0B2 + style internet fill:#BBDEFB + style router fill:#FFF9C4 + style home fill:#FFD600 + ``` From c52d0faf5e2ce121ba6984bfc8fd42abee265c2f Mon Sep 17 00:00:00 2001 From: Maria B de la Serna-Lopez <148390279+MariaBego56@users.noreply.github.com> Date: Sun, 2 Nov 2025 20:38:47 +0000 Subject: [PATCH 02/10] Revise home network diagram and fix grammar Updated the mermaid diagram for a home network setup and corrected minor grammatical issues. --- how-to/wireguard-vpn/peer-to-site.md | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/how-to/wireguard-vpn/peer-to-site.md b/how-to/wireguard-vpn/peer-to-site.md index cb5cf3ec..3f3ae054 100644 --- a/how-to/wireguard-vpn/peer-to-site.md +++ b/how-to/wireguard-vpn/peer-to-site.md @@ -10,20 +10,19 @@ Where to place the remote WireGuard endpoint in the network will vary a lot depe Here we will cover a simpler case more resembling what a home network could be like: -``` ---- -config: - layout: dagre ---- + +```mermaid + flowchart LR subgraph home["Home LAN 10.10.10.0/24"] pi4["Raspberry Pi 4"] nas["NAS"] + extra["Y"] dots["..."] end host["Host"] -- ppp0 --> internet((("Public Internet"))) internet -- ppp0 --> router[["Router"]] - router --- pi4 & nas & dots + router --- pi4 & nas & extra & dots style host fill:#FFE0B2 style internet fill:#BBDEFB style router fill:#FFF9C4 @@ -32,7 +31,7 @@ flowchart LR ``` -This diagram represents a typical simple home network setup. You have a router/modem, usually provided by the ISP (Internet Service Provider), and some internal devices like a Raspberry PI perhaps, a NAS (Network Attached Storage), and some other device. +This diagram represents a typical simple home network setup. You have a router/modem, usually provided by the ISP (Internet Service Provider), and some internal devices like a Raspberry PI perhaps, a NAS (Network Attached Storage), and some other devices. There are basically two approaches that can be taken here: install WireGuard {ref}`on the router `, or on {ref}`another system in the home network `. From 5280eba8c7a0c6833dc99b4e9b7d3fa7a1c18037 Mon Sep 17 00:00:00 2001 From: Maria B de la Serna-Lopez <148390279+MariaBego56@users.noreply.github.com> Date: Sun, 2 Nov 2025 20:53:27 +0000 Subject: [PATCH 03/10] Add flowchart for WireGuard VPN peer-to-site setup Added a flowchart illustrating the peer-to-site setup for WireGuard VPN on a router. --- .../wireguard-vpn/peer-to-site-on-router.md | 39 ++++++++++++------- 1 file changed, 26 insertions(+), 13 deletions(-) diff --git a/how-to/wireguard-vpn/peer-to-site-on-router.md b/how-to/wireguard-vpn/peer-to-site-on-router.md index bfa9239e..dab267f2 100644 --- a/how-to/wireguard-vpn/peer-to-site-on-router.md +++ b/how-to/wireguard-vpn/peer-to-site-on-router.md @@ -4,20 +4,33 @@ In this diagram, we are depicting a home network with some devices and a router where we can install WireGuard. +```mermaid + +flowchart LR + home0["home0"] + laptop["Laptop in Coffee shop"] + home0 --> laptop + + internet(("public internet")) + vpn(("VPN network")) + + subgraph home["home network, .home domain — 10.10.10.0/24"] + router["router (.1)"] + pi4["pi4"] + nas["NAS"] + extra["Y"] + dots["..."] + router --- pi4 + router --- nas + router --- extra + router --- dots + end + + laptop -- wlan0 --> internet + internet -- ppp0 --> router + laptop -. "wg0 10.10.11.2/24" .-> vpn + router -. "wg0 10.10.11.1/24" .-> vpn ``` - public internet ┌─── wg0 10.10.11.1/24 -10.10.11.2/24 │ VPN network - home0│ xxxxxx ppp0 ┌───────┴┐ - ┌─┴──┐ xx xxxxx ──────┤ router │ - │ ├─wlan0 xx xx └───┬────┘ home network, .home domain - │ │ xx x │.1 10.10.10.0/24 - │ │ xxx xxx └───┬─────────┬─────────┐ - └────┘ xxxxxx │ │ │ -Laptop in ┌─┴─┐ ┌─┴─┐ ┌─┴─┐ -Coffee shop │ │ │ │ │ │ - │pi4│ │NAS│ │...│ - │ │ │ │ │ │ - └───┘ └───┘ └───┘ ``` Of course, this setup is only possible if you can install software on the router. Most of the time, when it's provided by your ISP, you can't. But some ISPs allow their device to be put into a bridge mode, in which case you can use your own device (a computer, a Raspberry PI, or something else) as the routing device. From 0c16843390ce11b88a458c30033890ae7ace9586 Mon Sep 17 00:00:00 2001 From: Maria B de la Serna-Lopez <148390279+MariaBego56@users.noreply.github.com> Date: Sun, 2 Nov 2025 20:56:53 +0000 Subject: [PATCH 04/10] Revert "Add flowchart for WireGuard VPN peer-to-site setup" --- .../wireguard-vpn/peer-to-site-on-router.md | 39 +++++++------------ 1 file changed, 13 insertions(+), 26 deletions(-) diff --git a/how-to/wireguard-vpn/peer-to-site-on-router.md b/how-to/wireguard-vpn/peer-to-site-on-router.md index dab267f2..bfa9239e 100644 --- a/how-to/wireguard-vpn/peer-to-site-on-router.md +++ b/how-to/wireguard-vpn/peer-to-site-on-router.md @@ -4,33 +4,20 @@ In this diagram, we are depicting a home network with some devices and a router where we can install WireGuard. -```mermaid - -flowchart LR - home0["home0"] - laptop["Laptop in Coffee shop"] - home0 --> laptop - - internet(("public internet")) - vpn(("VPN network")) - - subgraph home["home network, .home domain — 10.10.10.0/24"] - router["router (.1)"] - pi4["pi4"] - nas["NAS"] - extra["Y"] - dots["..."] - router --- pi4 - router --- nas - router --- extra - router --- dots - end - - laptop -- wlan0 --> internet - internet -- ppp0 --> router - laptop -. "wg0 10.10.11.2/24" .-> vpn - router -. "wg0 10.10.11.1/24" .-> vpn ``` + public internet ┌─── wg0 10.10.11.1/24 +10.10.11.2/24 │ VPN network + home0│ xxxxxx ppp0 ┌───────┴┐ + ┌─┴──┐ xx xxxxx ──────┤ router │ + │ ├─wlan0 xx xx └───┬────┘ home network, .home domain + │ │ xx x │.1 10.10.10.0/24 + │ │ xxx xxx └───┬─────────┬─────────┐ + └────┘ xxxxxx │ │ │ +Laptop in ┌─┴─┐ ┌─┴─┐ ┌─┴─┐ +Coffee shop │ │ │ │ │ │ + │pi4│ │NAS│ │...│ + │ │ │ │ │ │ + └───┘ └───┘ └───┘ ``` Of course, this setup is only possible if you can install software on the router. Most of the time, when it's provided by your ISP, you can't. But some ISPs allow their device to be put into a bridge mode, in which case you can use your own device (a computer, a Raspberry PI, or something else) as the routing device. From 0bda3e8426afd37e1a5dbb76364264ad282de5c4 Mon Sep 17 00:00:00 2001 From: Maria B de la Serna-Lopez <148390279+MariaBego56@users.noreply.github.com> Date: Sun, 2 Nov 2025 21:07:06 +0000 Subject: [PATCH 05/10] Add flowchart for WireGuard VPN peer-to-site setup Added a flowchart diagram to illustrate the peer-to-site WireGuard VPN setup. --- .../wireguard-vpn/peer-to-site-on-router.md | 39 ++++++++++++------- 1 file changed, 26 insertions(+), 13 deletions(-) diff --git a/how-to/wireguard-vpn/peer-to-site-on-router.md b/how-to/wireguard-vpn/peer-to-site-on-router.md index bfa9239e..dab267f2 100644 --- a/how-to/wireguard-vpn/peer-to-site-on-router.md +++ b/how-to/wireguard-vpn/peer-to-site-on-router.md @@ -4,20 +4,33 @@ In this diagram, we are depicting a home network with some devices and a router where we can install WireGuard. +```mermaid + +flowchart LR + home0["home0"] + laptop["Laptop in Coffee shop"] + home0 --> laptop + + internet(("public internet")) + vpn(("VPN network")) + + subgraph home["home network, .home domain — 10.10.10.0/24"] + router["router (.1)"] + pi4["pi4"] + nas["NAS"] + extra["Y"] + dots["..."] + router --- pi4 + router --- nas + router --- extra + router --- dots + end + + laptop -- wlan0 --> internet + internet -- ppp0 --> router + laptop -. "wg0 10.10.11.2/24" .-> vpn + router -. "wg0 10.10.11.1/24" .-> vpn ``` - public internet ┌─── wg0 10.10.11.1/24 -10.10.11.2/24 │ VPN network - home0│ xxxxxx ppp0 ┌───────┴┐ - ┌─┴──┐ xx xxxxx ──────┤ router │ - │ ├─wlan0 xx xx └───┬────┘ home network, .home domain - │ │ xx x │.1 10.10.10.0/24 - │ │ xxx xxx └───┬─────────┬─────────┐ - └────┘ xxxxxx │ │ │ -Laptop in ┌─┴─┐ ┌─┴─┐ ┌─┴─┐ -Coffee shop │ │ │ │ │ │ - │pi4│ │NAS│ │...│ - │ │ │ │ │ │ - └───┘ └───┘ └───┘ ``` Of course, this setup is only possible if you can install software on the router. Most of the time, when it's provided by your ISP, you can't. But some ISPs allow their device to be put into a bridge mode, in which case you can use your own device (a computer, a Raspberry PI, or something else) as the routing device. From 699c22aa205765d5d5c7eb4d5765f9e3f125b90e Mon Sep 17 00:00:00 2001 From: Maria B de la Serna-Lopez <148390279+MariaBego56@users.noreply.github.com> Date: Sun, 2 Nov 2025 21:41:50 +0000 Subject: [PATCH 06/10] Revise internal system VPN setup documentation Updated the diagram and text to clarify the home network setup for VPN users. --- how-to/wireguard-vpn/on-an-internal-system.md | 37 +++++++++++-------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/how-to/wireguard-vpn/on-an-internal-system.md b/how-to/wireguard-vpn/on-an-internal-system.md index 3bee8f5c..06da8d27 100644 --- a/how-to/wireguard-vpn/on-an-internal-system.md +++ b/how-to/wireguard-vpn/on-an-internal-system.md @@ -7,22 +7,27 @@ However, you do have a spare system inside your network that you could use. Here To recap, our home network has the `10.10.10.0/24` address, and we want to connect to it from a remote location and be "inserted" into that network as if we were there: -``` - public internet -10.10.10.11/24 - home0│ xxxxxx ppp0 ┌────────┐ - ┌─┴──┐ xx xxxxx ──────┤ router │ - │ ├─ppp0 xxx xx └───┬────┘ home network, .home domain - │ │ xx x │ 10.10.10.0/24 - │ │ xxx xxx └───┬─────────┬─────────┐ - └────┘ xxxxxx │ │ │ - ┌─┴─┐ ┌─┴─┐ ┌─┴─┐ - wg0 ──┤ │ │ │ │ │ - 10.10.10.10/32 │pi4│ │NAS│ │...│ - │ │ │ │ │ │ - └───┘ └───┘ └───┘ -Reserved for VPN users: -10.10.10.10-49 +```mermaid +--- +config: + layout: fixed + look: neo +--- +flowchart LR + subgraph home["home network, .home domain — 10.10.10.0/24"] + router["router"] + pi4["pi4"] + nas["NAS"] + extra["Y"] + dots["..."] + end + router --- pi4 & nas & extra & dots + host["home0
10.10.10.11/24"] -- |ppp0| --> internet(("public internet")) + internet -- |ppp0| --> router + host -. "wg0
10.10.10.10/32" .- pi4 + note["Reserved for VPN users:
10.10.10.10–49"] --- router + + ``` ## Router changes From 7b2c02dfbae71ac8aedccc997b00c0fc16fe7bdf Mon Sep 17 00:00:00 2001 From: Maria B de la Serna-Lopez <148390279+MariaBego56@users.noreply.github.com> Date: Sun, 2 Nov 2025 22:02:14 +0000 Subject: [PATCH 07/10] Enhance site-to-site.md with diagram using mermaid Added a diagram to illustrate the WireGuard VPN site-to-site configuration. --- how-to/wireguard-vpn/site-to-site.md | 42 ++++++++++++++++------------ 1 file changed, 24 insertions(+), 18 deletions(-) diff --git a/how-to/wireguard-vpn/site-to-site.md b/how-to/wireguard-vpn/site-to-site.md index 2d62a878..04973b06 100644 --- a/how-to/wireguard-vpn/site-to-site.md +++ b/how-to/wireguard-vpn/site-to-site.md @@ -3,24 +3,30 @@ Another usual VPN configuration where one could deploy WireGuard is to connect two distinct networks over the internet. Here is a simplified diagram: -``` - ┌─────── WireGuard tunnel ──────┐ - │ 10.10.9.0/31 │ - │ │ - 10.10.9.0 wgA│ xx │wgB 10.10.9.1 - ┌─┴─┐ xxx xxxx ┌─┴─┐ - alpha site │ │ext xx xx ext│ │ beta site - │ ├─── x x ───┤ │ - 10.10.10.0/24 │ │ xx xx │ │ 10.10.11.0/24 - │ │ x x │ │ - └─┬─┘ x x └─┬─┘ - 10.10.10.1│ xx x │10.10.11.1 - ...┌─────────┬────┘ xx xxx xx └───┬─────────┐... - │ │ xx xxxxx │ │ - │ │ │ │ - ┌─┴─┐ ┌─┴─┐ public internet ┌─┴─┐ ┌─┴─┐ - │ │ │ │ │ │ │ │ - └───┘ └───┘ └───┘ └───┘ +```mermaid + + flowchart LR + subgraph alpha["alpha site — 10.10.10.0/24"] + alpha_gw["wgA
10.10.10.1
10.10.9.0"] + a_left["..."] + a_right["..."] + end + subgraph beta["beta site — 10.10.11.0/24"] + beta_gw["wgB
10.10.11.1
10.10.9.1"] + b_left["..."] + b_right["..."] + end + alpha_gw --- a_left & a_right + beta_gw --- b_left & b_right + alpha_gw -. ext .- internet(("public internet")) + internet -. ext .- beta_gw + alpha_gw -. "WireGuard tunnel
10.10.9.0/31" .- beta_gw + + style internet fill:#BBDEFB + style alpha fill:#FFF9C4 + style beta fill:#C8E6C9 + + ``` The goal here is to seamlessly integrate network **alpha** with network **beta**, so that systems on the alpha site can transparently access systems on the beta site, and vice-versa. From bf9908049ef2741d7656cb0fc057264043cdf8ee Mon Sep 17 00:00:00 2001 From: Maria B de la Serna-Lopez <148390279+MariaBego56@users.noreply.github.com> Date: Sun, 2 Nov 2025 22:03:33 +0000 Subject: [PATCH 08/10] Update site-to-site.md From 84266595b68471a9ce9cdac4e8d4af9100f80ddf Mon Sep 17 00:00:00 2001 From: Maria B de la Serna-Lopez <148390279+MariaBego56@users.noreply.github.com> Date: Sun, 2 Nov 2025 22:03:58 +0000 Subject: [PATCH 09/10] Update site-to-site.md From d05e5b5e9c0a7f13856a515d0d50f222d4a40915 Mon Sep 17 00:00:00 2001 From: Sally Date: Tue, 11 Nov 2025 11:23:20 +0000 Subject: [PATCH 10/10] Make diagrams render in RTD --- how-to/wireguard-vpn/on-an-internal-system.md | 7 +------ how-to/wireguard-vpn/peer-to-site-on-router.md | 2 +- how-to/wireguard-vpn/peer-to-site.md | 2 +- how-to/wireguard-vpn/site-to-site.md | 2 +- 4 files changed, 4 insertions(+), 9 deletions(-) diff --git a/how-to/wireguard-vpn/on-an-internal-system.md b/how-to/wireguard-vpn/on-an-internal-system.md index 06da8d27..cd26aa99 100644 --- a/how-to/wireguard-vpn/on-an-internal-system.md +++ b/how-to/wireguard-vpn/on-an-internal-system.md @@ -7,12 +7,7 @@ However, you do have a spare system inside your network that you could use. Here To recap, our home network has the `10.10.10.0/24` address, and we want to connect to it from a remote location and be "inserted" into that network as if we were there: -```mermaid ---- -config: - layout: fixed - look: neo ---- +```{mermaid} flowchart LR subgraph home["home network, .home domain — 10.10.10.0/24"] router["router"] diff --git a/how-to/wireguard-vpn/peer-to-site-on-router.md b/how-to/wireguard-vpn/peer-to-site-on-router.md index dab267f2..5436e1ea 100644 --- a/how-to/wireguard-vpn/peer-to-site-on-router.md +++ b/how-to/wireguard-vpn/peer-to-site-on-router.md @@ -4,7 +4,7 @@ In this diagram, we are depicting a home network with some devices and a router where we can install WireGuard. -```mermaid +```{mermaid} flowchart LR home0["home0"] diff --git a/how-to/wireguard-vpn/peer-to-site.md b/how-to/wireguard-vpn/peer-to-site.md index 3f3ae054..0e0b3688 100644 --- a/how-to/wireguard-vpn/peer-to-site.md +++ b/how-to/wireguard-vpn/peer-to-site.md @@ -11,7 +11,7 @@ Where to place the remote WireGuard endpoint in the network will vary a lot depe Here we will cover a simpler case more resembling what a home network could be like: -```mermaid +```{mermaid} flowchart LR subgraph home["Home LAN 10.10.10.0/24"] diff --git a/how-to/wireguard-vpn/site-to-site.md b/how-to/wireguard-vpn/site-to-site.md index 04973b06..0fa4730d 100644 --- a/how-to/wireguard-vpn/site-to-site.md +++ b/how-to/wireguard-vpn/site-to-site.md @@ -3,7 +3,7 @@ Another usual VPN configuration where one could deploy WireGuard is to connect two distinct networks over the internet. Here is a simplified diagram: -```mermaid +```{mermaid} flowchart LR subgraph alpha["alpha site — 10.10.10.0/24"]