docs: wireguard-gui

Signed-off-by: Enes Öztürk <[email protected]>

Author: enesoztrk

docs/src/assets/ghaf/wireguard_full_tunelling.png

@@ -21,15 +21,15 @@ import { Aside } from "@astrojs/starlight/components";
  wireguard-gui service should be enabled to appear ```Wireguard GUI``` button.
  It can be enabled to add vm nix config like following:
 ```nix
-ghaf.reference.services.wireguard-gui.enable =true;
+ghaf.reference.services.wireguard-gui.enable = true;
 ```
 </Aside>
 
 ![Wireguard GUI template](@assets/ghaf/wireguard_gui_template_cfg.png)
 
-3. **Click the ```Generate Configs``` to generate template configuration files**
-4. **Enter your configuration details for required sections**
-5. **Click the ```Generate``` button**
+3. **Click the ```Generate Config``` button to generate a new tunnel configuration, which will appear on the list with the ```unknown``` name**
+4. **Enter your configuration details for required sections such as ```# Name```, ```# Address```, etc.**
+5. **Click the ```Save``` button  — a confirmation dialog will appear once the configuration is saved successfully**
 
 ![Wireguard GUI configuration](@assets/ghaf/wireguard_gui_config.png)
 
@@ -60,14 +60,33 @@ You can try to ping: ```ping 10.10.10.0```
 Use this mode if you want all network traffic to be routed through the VPN tunnel for maximum privacy and encryption.
 ![Wireguard full tunnelling configuration](@assets/ghaf/wireguard_full_tunelling.png)
 
-You can run ```curl ifconfig.me``` command and response should be vpn server's public IP. For our case it should be ```1.2.3.4```
+You can run ```curl ifconfig.me``` command from ```chrome-vm``` and response should be vpn server's public IP. For our case it should be ```1.2.3.4```
+
+<Aside type="caution">
+- This configuration will not work from the `business-vm` due to its firewall configuration.
+</Aside>
 
 ### 3. VPN as server
 Configure WireGuard as a server to accept connections from multiple clients.
 
 ![Wireguard as server configuration](@assets/ghaf/wireguard_server_cfg.png)
 
-You can try to ping: ```ping 10.10.10.0```
+You can try to ping from test client: ```ping 10.10.10.4```
+
+<Aside>
+- You have to enable ```serverPorts``` in nix file.
+```nix
+ghaf.reference.services.wireguard-gui = {
+    enable = true;
+    serverPorts = [ 51820 ];
+};
+```
+</Aside>
+<Aside type="caution">
+- In the default Ghaf image, business-vm uses port ```51821``` and chrome-vm uses port ```51822``` for WireGuard server mode.
+When configuring server mode, set ```ListenPort``` to 51821 in business-vm and 51822 in chrome-vm.
+</Aside>
+
 
 <Aside>
 - You can use an IP calculator to help generate correct `AllowedIPs` values: [WireGuard AllowedIPs Calculator](https://www.procustodibus.com/blog/2021/03/wireguard-allowedips-calculator/)

docs/src/assets/ghaf/wireguard_gui_config.png

@@ -190,7 +190,7 @@
 
     # A UI for the one true VPN: Wireguard
     wireguard-gui = {
-      url = "github:enesoztrk/wireguard-gui/feat/routing_scripts";
+      url = "github:tiiuae/wireguard-gui";
       inputs = {
         nixpkgs.follows = "nixpkgs";
         flake-utils.follows = "flake-utils";

docs/src/assets/ghaf/wireguard_gui_template_cfg.png

@@ -430,7 +430,6 @@ in
           ### FORWARD rules ###
           iptables -t filter -A ghaf-fw-fwd-filter -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
-
           ### OUTPUT rules ###
 
           ### POSTROUTING rules ###

docs/src/assets/ghaf/wireguard_server_cfg.png

@@ -271,7 +271,7 @@ in
           # Enable WireGuard GUI
           wireguard-gui = {
             enable = config.ghaf.reference.services.wireguard-gui;
-            serverPorts = [ 51820 ];
+            serverPorts = [ 51821 ];
           };
 
         };