@Xarishark 

QR Code? The developer probably doesn't know how to generate a QR Code! He doesn't even give us a simple FQDN on the wireguard endpoint parameter.

As of the latest update wireguard does not require to set an incoming WAN IP or FQDN. That is a good first step in the right direction! For easier config generation right now people can use the Wireguard Config Generator (wireguardconfig dot com) for key generation so they dont have to use the wg genkey command to generate private keys manually each time for each machine as the site autogenerates multiple keys and conf files from a HUGE seed. Wireguard is an amazing protocol right now and IMHO tp-link should focus to make allowed ips easier to configure so people can select to generate configs for split tunnels or full traffic tunnels easier.

Here is what I would like to see in future updates:

1)Make key generation easier and more user friendly for faster rollouts. Add a button next to the private key fields (Server AND peer tab) to allow users to click it in case they want to autogenerate the private keys. That way you help novice users to receive keys automatically in case they want and dont impede advanced users that want to input their own keys.

2)Give option to autofill the local ip (CIDR Field) by giving a generate ip/CIDR address/range button as most users dont you more than 4/5 ranges on sm businesses. That way advanced users have dont have to delete a CIDR every time they want to create a wireguard server but novice users can receive an ip with a simple click for their server. This should be an option for both the server AND client and for a simple clean view it should use a /32  single ip address. 

e.g. :

10.0.0.1/32 -> Server

10.0.0.2/32 -> Peer 1 Client

10.0.0.3/32 -> Peer 2 Client

10.0.0.4/32 -> Peer 3 Client

etc...

This makes rollout MUCH faster for multiple clients/peers by removing another input step that most users dont want to input manually but advanced users can edit themselves. REMINDER that nothing gets autofilled those addresses are filled only when the user clicks the autogenerate button next to the field of the address both for the server and the client!

3) Make the ALLOWEDIP field easier for admins by giving the option to add addresses from a dropdown the same way you select the WAN you want the vpn server to be able to use. Options on that dropdown should be:

0.0.0.0/0 

::/0

And all the current existing subnets that the local SDN manages.

This makes the creation of split tunnels or full traffic tunnels faster and easier

The field should just append the selections from the drop down with commas and also be editable in case the user wants to input custom ranges for a more advanced use. Most users want to pass all traffic through the tunnel (0.0.0.0/0, ::/0) or they want to connect to their local omada network resources securly from a remote network without passing any other traffic through the network (192.168.1.0/24 etc).

4) Add an endpoint field on the server setup for the purposes of config generation. Many users dont have a static IP and use a FQDN that tracks their dynamic IP. Something that TP-Link already has in their consumer routers as a DYNDNS service and would benefit but that is another problem for another time.

5) On the PEERS tab give the the option to download the conf file for each peer or generate a QR code (Very useful when it comes to mobile devices)

And lastly PLEASE make documentation better when the user hovers the cursor over a field. A tooltip would help immensely if the user does not know what a field is for.

ZX