Skip to content

Replace WireGuard VPN ASCII with mermaid diagrams #391

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
MariaBego56 wants to merge 12 commits into
base: main
Choose a base branch
from
Open

Replace WireGuard VPN ASCII with mermaid diagrams #391

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
706c559
WireGuard VPN - peer-to-site
MariaBego56 Oct 20, 2025
c52d0fa
Revise home network diagram and fix grammar
MariaBego56 Nov 2, 2025
5280eba
Add flowchart for WireGuard VPN peer-to-site setup
MariaBego56 Nov 2, 2025
cf37892
Merge pull request #3 from MariaBego56/MariaBego56-patch-9
MariaBego56 Nov 2, 2025
0c16843
Revert "Add flowchart for WireGuard VPN peer-to-site setup"
MariaBego56 Nov 2, 2025
0bda3e8
Add flowchart for WireGuard VPN peer-to-site setup
MariaBego56 Nov 2, 2025
699c22a
Revise internal system VPN setup documentation
MariaBego56 Nov 2, 2025
7b2c02d
Enhance site-to-site.md with diagram using mermaid
MariaBego56 Nov 2, 2025
bf99080
Update site-to-site.md
MariaBego56 Nov 2, 2025
8426659
Update site-to-site.md
MariaBego56 Nov 2, 2025
a497af2
Merge pull request #5 from MariaBego56/MariaBego56-patch-12
MariaBego56 Nov 2, 2025
d05e5b5
Make diagrams render in RTD
s-makin Nov 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 16 additions & 16 deletions how-to/wireguard-vpn/on-an-internal-system.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,22 +7,22 @@ However, you do have a spare system inside your network that you could use. Here

To recap, our home network has the `10.10.10.0/24` address, and we want to connect to it from a remote location and be "inserted" into that network as if we were there:

```
public internet
10.10.10.11/24
home0│ xxxxxx ppp0 ┌────────┐
┌─┴──┐ xx xxxxx ──────┤ router │
│ ├─ppp0 xxx xx └───┬────┘ home network, .home domain
│ │ xx x │ 10.10.10.0/24
│ │ xxx xxx └───┬─────────┬─────────┐
└────┘ xxxxxx │ │ │
┌─┴─┐ ┌─┴─┐ ┌─┴─┐
wg0 ──┤ │ │ │ │ │
10.10.10.10/32 │pi4│ │NAS│ │...│
│ │ │ │ │ │
└───┘ └───┘ └───┘
Reserved for VPN users:
10.10.10.10-49
```{mermaid}
flowchart LR
subgraph home["home network, .home domain — 10.10.10.0/24"]
router["router"]
pi4["pi4"]
nas["NAS"]
extra["Y"]
dots["..."]
end
router --- pi4 & nas & extra & dots
host["home0<br>10.10.10.11/24"] -- |ppp0| --> internet(("public internet"))
internet -- |ppp0| --> router
host -. "wg0<br>10.10.10.10/32" .- pi4
note["Reserved for VPN users:<br>10.10.10.10–49"] --- router


```

## Router changes
Expand Down
39 changes: 26 additions & 13 deletions how-to/wireguard-vpn/peer-to-site-on-router.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,20 +4,33 @@

In this diagram, we are depicting a home network with some devices and a router where we can install WireGuard.

```{mermaid}

flowchart LR
home0["home0"]
laptop["Laptop in Coffee shop"]
home0 --> laptop

internet(("public internet"))
vpn(("VPN network"))

subgraph home["home network, .home domain — 10.10.10.0/24"]
router["router (.1)"]
pi4["pi4"]
nas["NAS"]
extra["Y"]
dots["..."]
router --- pi4
router --- nas
router --- extra
router --- dots
end

laptop -- wlan0 --> internet
internet -- ppp0 --> router
laptop -. "wg0 10.10.11.2/24" .-> vpn
router -. "wg0 10.10.11.1/24" .-> vpn
```
public internet ┌─── wg0 10.10.11.1/24
10.10.11.2/24 │ VPN network
home0│ xxxxxx ppp0 ┌───────┴┐
┌─┴──┐ xx xxxxx ──────┤ router │
│ ├─wlan0 xx xx └───┬────┘ home network, .home domain
│ │ xx x │.1 10.10.10.0/24
│ │ xxx xxx └───┬─────────┬─────────┐
└────┘ xxxxxx │ │ │
Laptop in ┌─┴─┐ ┌─┴─┐ ┌─┴─┐
Coffee shop │ │ │ │ │ │
│pi4│ │NAS│ │...│
│ │ │ │ │ │
└───┘ └───┘ └───┘
```

Of course, this setup is only possible if you can install software on the router. Most of the time, when it's provided by your ISP, you can't. But some ISPs allow their device to be put into a bridge mode, in which case you can use your own device (a computer, a Raspberry PI, or something else) as the routing device.
Expand Down
34 changes: 19 additions & 15 deletions how-to/wireguard-vpn/peer-to-site.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,24 +10,28 @@ Where to place the remote WireGuard endpoint in the network will vary a lot depe

Here we will cover a simpler case more resembling what a home network could be like:

```
public internet

xxxxxx ppp0 ┌────────┐
┌────┐ xx xxxx ──┤ router │
│ ├─ppp0 xxx xx └───┬────┘
│ │ xx x │ home 10.10.10.0/24
│ │ xxx xxx └───┬─────────┬─────────┐
└────┘ xxxxx │ │ │
┌─┴─┐ ┌─┴─┐ ┌─┴─┐
│ │ │ │ │ │
│pi4│ │NAS│ │...│
│ │ │ │ │ │
└───┘ └───┘ └───┘

```{mermaid}

flowchart LR
subgraph home["Home LAN 10.10.10.0/24"]
pi4["Raspberry Pi 4"]
nas["NAS"]
extra["Y"]
dots["..."]
end
host["Host"] -- ppp0 --> internet((("Public Internet")))
internet -- ppp0 --> router[["Router"]]
router --- pi4 & nas & extra & dots
style host fill:#FFE0B2
style internet fill:#BBDEFB
style router fill:#FFF9C4
style home fill:#FFD600

```


This diagram represents a typical simple home network setup. You have a router/modem, usually provided by the ISP (Internet Service Provider), and some internal devices like a Raspberry PI perhaps, a NAS (Network Attached Storage), and some other device.
This diagram represents a typical simple home network setup. You have a router/modem, usually provided by the ISP (Internet Service Provider), and some internal devices like a Raspberry PI perhaps, a NAS (Network Attached Storage), and some other devices.

There are basically two approaches that can be taken here: install WireGuard {ref}`on the router <wireguard-vpn-peer-to-site-on-router>`, or on {ref}`another system in the home network <wireguard-on-an-internal-system>`.

Expand Down
42 changes: 24 additions & 18 deletions how-to/wireguard-vpn/site-to-site.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,24 +3,30 @@

Another usual VPN configuration where one could deploy WireGuard is to connect two distinct networks over the internet. Here is a simplified diagram:

```
┌─────── WireGuard tunnel ──────┐
│ 10.10.9.0/31 │
│ │
10.10.9.0 wgA│ xx │wgB 10.10.9.1
┌─┴─┐ xxx xxxx ┌─┴─┐
alpha site │ │ext xx xx ext│ │ beta site
│ ├─── x x ───┤ │
10.10.10.0/24 │ │ xx xx │ │ 10.10.11.0/24
│ │ x x │ │
└─┬─┘ x x └─┬─┘
10.10.10.1│ xx x │10.10.11.1
...┌─────────┬────┘ xx xxx xx └───┬─────────┐...
│ │ xx xxxxx │ │
│ │ │ │
┌─┴─┐ ┌─┴─┐ public internet ┌─┴─┐ ┌─┴─┐
│ │ │ │ │ │ │ │
└───┘ └───┘ └───┘ └───┘
```{mermaid}

flowchart LR
subgraph alpha["alpha site — 10.10.10.0/24"]
alpha_gw["wgA<br>10.10.10.1<br>10.10.9.0"]
a_left["..."]
a_right["..."]
end
subgraph beta["beta site — 10.10.11.0/24"]
beta_gw["wgB<br>10.10.11.1<br>10.10.9.1"]
b_left["..."]
b_right["..."]
end
alpha_gw --- a_left & a_right
beta_gw --- b_left & b_right
alpha_gw -. ext .- internet(("public internet"))
internet -. ext .- beta_gw
alpha_gw -. "WireGuard tunnel<br>10.10.9.0/31" .- beta_gw

style internet fill:#BBDEFB
style alpha fill:#FFF9C4
style beta fill:#C8E6C9


```

The goal here is to seamlessly integrate network **alpha** with network **beta**, so that systems on the alpha site can transparently access systems on the beta site, and vice-versa.
Expand Down