diff --git a/includes/annotations.md b/includes/annotations.md index f2d10ef9..c601b72f 100644 --- a/includes/annotations.md +++ b/includes/annotations.md @@ -12,11 +12,11 @@ 7. By default the fastest server is used, but if you prefer a certain region you can fill in the region id. A list of available regions can be found in `/config/wireguard` after the first start. -8. With `VPN_CONF` you can set the name used for your WireGuard config. This is an example of how your `wg0.conf` file should look like. If there's a lot of extra stuff, remove it unless you know what it's there for. The WireGuard config is automatically modified to use `AllowedIPs = 0.0.0.0/1,128.0.0.0/1` for compatibility with Synology/QNAP/Asustor systems. If you'd like to disable this, append `-nofix`. +8. With `VPN_CONF` you can set the name used for your WireGuard config. This is an example of how your `wg0.conf` file should look like. If there's a lot of extra stuff, remove it unless you know what it's there for. The WireGuard config is automatically modified to use `AllowedIPs = 0.0.0.0/1,128.0.0.0/1` for compatibility with Synology/QNAP/Asustor systems if you append `-fix`, so `VPN_CONF=wg0-fix`. ```text [Interface] PrivateKey = supersecretprivatekey -Address = xx.xx.xxx.xxx/32 +Address = xx.xx.xxx.xxx/32 # Yes, /32 DNS = x.x.x.x [Peer] @@ -41,4 +41,4 @@ Endpoint = xxx.x.xxx.x:51820 16. When enabling the Unbound DNS server your requests will use DNS over TLS to Cloudflare. Except for requests made to `.internal` and `.vpn` TLDs, those are done to the local docker DNS server on 127.0.0.11. So if you want to use container hostnames to connect to other containers within a bridge network, you'll have to use `--hostname` and use `container-name.internal` or `container-name.vpn`. Currently `.vpn` is a non existing TLD, but that can change in the future. The TLD `.internal` should become the standard for internal networks, so it's the safest choice. Unbound can be used regardless of `VPN_ENABLED` being `true` or `false`. -17. Possible values are `auto`, `legacy`, `nft` or `nftables`. The default is `auto`, this will try to use the most modern method available. If this doesn't work, you can try the others. Any other value besides these, will disable the firewall. +17. Possible values are `auto` or `legacy`. The default is `auto`, this will try to use the most modern method available. If this doesn't work, you can try forcing it to `legacy`.