RPi VPN Gateway
Raspberry Pi 4 (192.168.1.254) configured as a split-tunnel VPN gateway for a home LAN. All outbound traffic routes through AmneziaWG VPN; Russian IP ranges (fetched daily from russia.iplist.opencck.org) route directly via ISP (Keenetic). LAN devices use the RPi as their default gateway via Keenetic DHCP. Scripts and configs are managed in this local repo and deployed to the RPi via SSH/SCP.
Core Value: Non-RU traffic exits through AmneziaWG VPN; RU traffic exits direct via ISP — transparent to all LAN devices, survives reboots, fully reversible via a single rollback script.
- Hardware: Raspberry Pi 4 — Debian/Raspbian, arm64
- VPN protocol: AmneziaWG (not standard WireGuard) — requires custom kernel module or deb
- Safety: Scripts must be idempotent; routing.sh safe to re-run at any time
- Rollback: Full reversal must be possible without reinstalling OS
- Secrets: VPN private/public/preshared keys never stored in this repo
Technology stack not yet documented. Will populate after codebase mapping or first phase.
- After every commit, immediately run
git push. - After completing any task, review
README.md,docs/README.ru.mdanddocs/REFERENCE.md. If the work touched areas covered by either file — update them before closing the task. Keep both files in sync with each other. - Before closing any task, grep the entire project for references to every renamed, removed, or added concept (file names, variable names, config keys, stage numbers, CLI flags). Update all affected files: scripts, docs (
README.md,docs/README.ru.md,docs/REFERENCE.md), example configs, inline comments, and.planning/STATE.md. No stale references may remain in tracked files.
Architecture not yet mapped. Follow existing patterns found in the codebase.
No project skills found. Add skills to any of: .claude/skills/, .agents/skills/, .cursor/skills/, .github/skills/, or .codex/skills/ with a SKILL.md index file.
Before using Edit, Write, or other file-changing tools, start work through a GSD command so planning artifacts and execution context stay in sync.
Use these entry points:
/gsd-quickfor small fixes, doc updates, and ad-hoc tasks/gsd-debugfor investigation and bug fixing/gsd-execute-phasefor planned phase work
Do not make direct repo edits outside a GSD workflow unless the user explicitly asks to bypass it.
Profile not yet configured. Run
/gsd-profile-userto generate your developer profile. This section is managed bygenerate-claude-profile-- do not edit manually.