Skip to Content
DocsDashboardSystem AdminVPN Control

VPN Control

The VPN Control page lets you manage your WireGuard VPN directly from the dashboard. Add peers, monitor active connections on a geographic map, configure app-scoped VPN routing, and generate NordVPN configurations — all without touching the command line.

Admin only

VPN Control requires admin privileges (admin.system.vpn permission). Navigate to System > VPN Control from the sidebar.

WireGuard required

WireGuard must be installed before the VPN Control page is functional. If WireGuard is not installed, the page displays a prompt with a link to the Package Management panel where you can install it. You can also install it from the CLI with qb install wireguard.

Key features

🌍 Geographic Visualization

View active VPN connections on an interactive map showing peer locations

👥 Peer Management

Add, activate, deactivate, and remove WireGuard peers with configuration upload

🔀 App-Scoped Routing

Route specific applications through the VPN using network namespaces with kill switch support

📊 Connection Monitoring

Real-time data transfer statistics and connection history for all peers

🔑 Server Keys

View WireGuard server public and private keys, listen port, and DNS configuration

🛡️ NordVPN Generator

Generate WireGuard-compatible NordVPN configurations by selecting a country

VPN overview

The top of the page features a hero section divided into two areas:

  • Active Connection Carousel — Displays your active VPN connections (both system VPN and app routing connections) in a rotating carousel. Each card shows the connection name, status, endpoint, and data transfer statistics. The carousel auto-rotates and pauses when you interact with it.
  • Geographic Map — An interactive map that highlights the geographic location of the currently selected connection. As the carousel rotates or you select a connection, the map updates to show where that peer is located.

Peer management

The peer table below the hero section lists all configured WireGuard peers. Each row shows the peer name, endpoint, status, and available actions.

Adding a peer

Upload a WireGuard configuration file to add a new peer:

  1. Click Add Peer or the upload button
  2. Select a .conf file containing the WireGuard peer configuration
  3. The peer appears in the table in a deactivated state

Activating and deactivating peers

  • Activate — Bring a peer connection online. Only one system VPN connection can be active at a time — activating a new one deactivates the current one
  • Deactivate — Take a peer connection offline without removing it

Click the expand arrow on any peer row to view the full WireGuard configuration details.

Removing a peer

Click Delete on a peer row to permanently remove its configuration from the server.

NordVPN config generator

The VPN Control page includes a built-in NordVPN configuration generator. Select a country from the dropdown, and the dashboard generates a WireGuard-compatible configuration file that you can use to connect through NordVPN’s network.

This is particularly useful for routing specific applications through a VPN for privacy or geo-restriction bypass.

App-scoped VPN routing

One of the most powerful VPN features is the ability to route specific applications through the VPN while keeping everything else on the direct connection. This uses Linux network namespaces to isolate VPN traffic per application.

How it works

  • Enable routing for an app — The selected application’s traffic is routed through the active VPN connection
  • Kill switch — When enabled, the app loses network access entirely if the VPN disconnects, preventing unprotected traffic
  • Live stats — Real-time routing statistics streamed via server-sent events show data transfer per routed app

Use cases

App-scoped routing is commonly used with download clients (rTorrent, qBittorrent, Deluge, Transmission) to route torrent traffic through a VPN while keeping other services on the direct connection.

Server configuration

The footer drawer shows your WireGuard server configuration:

  • Server keys — Public and private WireGuard keys for your server
  • Listen port — The UDP port WireGuard listens on
  • DNS settings — DNS servers configured for VPN clients
  • Peer statistics — Summary of total peers, active connections, and data transferred

Connection monitoring

The VPN Control page provides real-time monitoring of all VPN connections:

  • Data transfer stats — Bytes sent and received per peer
  • Connection history — View past connections and their duration
  • Active session tracking — See which peers are currently connected

Statistics update in real time via server-sent events.

CLI equivalents

Dashboard ActionCLI Command
Install WireGuard
qb install wireguard
Add a peer
qb manage wireguard add
Remove a peer
qb manage wireguard remove
Check VPN status
qb manage wireguard check

Dashboard advantage

The dashboard provides features not available via the CLI, including the geographic map visualization, NordVPN config generator, app-scoped routing management, and real-time connection statistics.

For the full WireGuard installation and CLI reference, see the WireGuard application documentation.

Best practices

Do

  • Enable the kill switch on routed apps to prevent unprotected traffic if the VPN drops
  • Use app-scoped routing to keep only relevant traffic on the VPN — this avoids unnecessary bandwidth overhead
  • Test your VPN connection by checking your public IP from a routed application after activation
  • Keep WireGuard configurations organized — use descriptive names for peers so you can identify them easily
  • Monitor data transfer stats to verify traffic is flowing through the VPN as expected

Don't

  • Don't activate a VPN peer without verifying the configuration file is correct — invalid configs can disrupt network connectivity
  • Don't route all applications through the VPN unless necessary — it adds latency and reduces throughput
  • Don't delete a peer configuration while it is actively routing app traffic — deactivate it first
  • Don't share your WireGuard private keys or configuration files — treat them like passwords

FAQ

WireGuard must be installed before the VPN Control page can function. Install it from the Package Management panel on the App Dashboard or via the CLI with qb install wireguard.
Only one system VPN connection can be active at a time. However, app-scoped routing connections operate independently — you can route multiple applications through the VPN simultaneously while having a single system VPN active.
The kill switch prevents an application from accessing the network if the VPN connection drops. This ensures that traffic from that application never travels over your direct internet connection unprotected.
Use the built-in NordVPN config generator on the VPN Control page. Select a country, and the dashboard generates a WireGuard-compatible configuration. Upload this config as a new peer to connect through NordVPN.
App-scoped routing works with applications that QuickBox manages via systemd services. It is most commonly used with download clients like rTorrent, qBittorrent, Deluge, and Transmission.
WireGuard (Application)

Full WireGuard installation guide and CLI reference

SSL Certificates

Manage HTTPS certificates for your domains

System Monitoring

Monitor server health and network throughput

App Management

Install WireGuard and manage other applications

Join the Community

Media server operators sharing configs, getting support, and shaping the future of QuickBox Pro.

Dedicated Support
Feature Previews
Community Configs
Active Discussions
Join Discord Server
Updates & ChangelogSystem Monitoring