update to reflect changes in behaviour

hotio · Mar 2, 2024 · ceb95de · ceb95de
1 parent 4b9eaee
commit ceb95de
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/includes/annotations.md b/includes/annotations.md
@@ -12,11 +12,11 @@
 
 7. By default the fastest server is used, but if you prefer a certain region you can fill in the region id. A list of available regions can be found in `/config/wireguard` after the first start.
 
-8. With `VPN_CONF` you can set the name used for your WireGuard config. This is an example of how your `wg0.conf` file should look like. If there's a lot of extra stuff, remove it unless you know what it's there for. The WireGuard config is automatically modified to use `AllowedIPs = 0.0.0.0/1,128.0.0.0/1` for compatibility with Synology/QNAP/Asustor systems. If you'd like to disable this, append `-nofix`.
+8. With `VPN_CONF` you can set the name used for your WireGuard config. This is an example of how your `wg0.conf` file should look like. If there's a lot of extra stuff, remove it unless you know what it's there for. The WireGuard config is automatically modified to use `AllowedIPs = 0.0.0.0/1,128.0.0.0/1` for compatibility with Synology/QNAP/Asustor systems if you append `-fix`, so `VPN_CONF=wg0-fix`.
 ```text
 [Interface]
 PrivateKey = supersecretprivatekey
-Address = xx.xx.xxx.xxx/32
+Address = xx.xx.xxx.xxx/32 # Yes, /32
 DNS = x.x.x.x
 
 [Peer]
@@ -41,4 +41,4 @@ Endpoint = xxx.x.xxx.x:51820
 
 16. When enabling the Unbound DNS server your requests will use DNS over TLS to Cloudflare. Except for requests made to `.internal` and `.vpn` TLDs, those are done to the local docker DNS server on 127.0.0.11. So if you want to use container hostnames to connect to other containers within a bridge network, you'll have to use `--hostname` and use `container-name.internal` or `container-name.vpn`. Currently `.vpn` is a non existing TLD, but that can change in the future. The TLD `.internal` should become the standard for internal networks, so it's the safest choice. Unbound can be used regardless of `VPN_ENABLED` being `true` or `false`.
 
-17. Possible values are `auto`, `legacy`, `nft` or `nftables`. The default is `auto`, this will try to use the most modern method available. If this doesn't work, you can try the others. Any other value besides these, will disable the firewall.
+17. Possible values are `auto` or `legacy`. The default is `auto`, this will try to use the most modern method available. If this doesn't work, you can try forcing it to `legacy`.