Simplify VPN config

README.md

@@ -231,6 +231,8 @@ Then we can start the interface with:
 ifup broadband
 ```
 
+Add our broadband interface to the WAN zone in the firewall.
+
 Both IPv6 and IPv4 should work:
 
 ```
@@ -238,9 +240,6 @@ ping openwrt.org
 ping -6 openwrt.org
 ```
 
-### Configure Zones
-
-Add our broadband interface to the WWAN zone.
 
 ### Configure Wireguard
 
@@ -252,30 +251,24 @@ cd /tmp/x
 umask go=
 wg genkey | tee wgclient.key | wg pubkey > wgclient.pub
 wg genpsk > wgclient.psk
+```
 
-uci add_list firewall.wan.network="vpn"
+Add to `/etc/config/network`
-uci commit firewall
-/etc/init.d/firewall restart
 
-uci set network.vpn="interface"
+```
-uci set network.vpn.proto="wireguard"
+config interface 'wg0'
-uci set network.vpn.private_key="$(cat /tmp/x/wgclient.key)"
+	option proto 'wireguard'
-uci add_list network.vpn.addresses="192.168.2.3/24"
+	list addresses '192.168.2.3'
+	option private_key '???'
 
-uci set network.wgserver="wireguard_vpn"
+config wireguard_wg0
-uci set network.wgserver.public_key="$(cat /tmp/x/wgclient.pub)"
+	option public_key '???'
-uci set network.wgserver.preshared_key="$(cat /tmp/x/wgclient.psk)"
+	option description 'rayonx'
-uci set network.wgserver.endpoint_host="rayonx.machine.deuxfleurs.fr"
+	option persistent_keepalive '25'
-uci set network.wgserver.endpoint_port="51820"
+	option endpoint_port '51820'
-uci set network.wgserver.route_allowed_ips="1"
+	list allowed_ips '192.168.2.0/24'
-uci set network.wgserver.persistent_keepalive="25"
+	option route_allowed_ips '1'
-uci add_list network.wgserver.allowed_ips="0.0.0.0/0"
+	option endpoint_host 'rayonx.machine.dufour.io'
-uci add_list network.wgserver.allowed_ips="::/0"
-uci commit network
-
-# update server's configuration
-
-ifup vpn
 ```
 
 Doc: