feat: add troubleshooting section and improve interface naming

- Add collapsible troubleshooting section to web interface with firewall fixes
- Include firewall-cmd commands for CentOS/RHEL/Fedora TCP connection issues
- Add common issues and solutions (app binding, handshake failures, permissions)
- Update interface naming from wg.conf to burrow.conf throughout documentation
- Improve user experience with better guidance for common problems

Author: mr-karan

README.md

@@ -8,13 +8,13 @@ Secure HTTP tunnels to localhost using WireGuard. Share your local development s
 
 ```bash
 # 1. Get tunnel config (replace 3000 with your local port)
-curl https://arbok.mrkaran.dev/3000 > wg.conf
+curl https://arbok.mrkaran.dev/3000 > burrow.conf
 
 # 2. Start tunnel
-sudo wg-quick up ./wg.conf
+sudo wg-quick up ./burrow.conf
 
 # 3. Stop tunnel when done
-sudo wg-quick down ./wg.conf
+sudo wg-quick down ./burrow.conf
 ```
 
 Your local service is now accessible at the HTTPS URL shown in the config file.
@@ -64,10 +64,10 @@ Test without DNS setup using Host headers:
 python3 -m http.server 3000 &
 
 # Create tunnel
-curl http://localhost:8080/3000 > wg.conf
-sudo wg-quick up ./wg.conf
+curl http://localhost:8080/3000 > burrow.conf
+sudo wg-quick up ./burrow.conf
 
-# Test with Host header (replace subdomain from wg.conf)
+# Test with Host header (replace subdomain from burrow.conf)
 curl -H "Host: your-subdomain.localhost" http://localhost:8080
 ```
 

docs/internals.md

@@ -22,7 +22,7 @@ This document provides a deep technical dive into how Arbok implements secure HT
 ### 1. Tunnel Provisioning
 
 ```bash
-curl https://tunnel.domain.com/3000 > tunnel.conf
+curl https://tunnel.domain.com/3000 > burrow.conf
 ```
 
 **Process:**
@@ -50,7 +50,7 @@ curve25519.ScalarBaseMult(&pub, &priv)
 ### 2. WireGuard Connection Establishment
 
 ```bash
-wg-quick up ./tunnel.conf
+wg-quick up ./burrow.conf
 ```
 
 **Network Setup:**

internal/api/handlers.go

@@ -205,9 +205,9 @@ func (s *Server) handleProvisionSimple(w http.ResponseWriter, r *http.Request) {
 # https://%s.%s
 #
 # Usage:
-#   1. Save this config: curl %s/%d > wg.conf
-#   2. Start tunnel: sudo wg-quick up ./wg.conf  
-#   3. Stop tunnel: sudo wg-quick down ./wg.conf
+#   1. Save this config: curl %s/%d > burrow.conf
+#   2. Start tunnel: sudo wg-quick up ./burrow.conf  
+#   3. Stop tunnel: sudo wg-quick down ./burrow.conf
 #
 %s`, 
 		t.CreatedAt.Format(time.RFC3339),

internal/api/web/index.html

@@ -37,8 +37,8 @@ <h1 class="hero-title">Secure HTTP tunnels to localhost</h1>
                 <div class="command-section">
                     <div class="command-label">Start tunnel:</div>
                     <div class="command-block">
-                        <code class="command-text">curl https://arbok.mrkaran.dev/3000 > wg.conf && sudo wg-quick up ./wg.conf</code>
-                        <button class="copy-button" data-copy="curl https://arbok.mrkaran.dev/3000 > wg.conf && sudo wg-quick up ./wg.conf">
+                        <code class="command-text">curl https://arbok.mrkaran.dev/3000 > burrow.conf && sudo wg-quick up ./burrow.conf</code>
+                        <button class="copy-button" data-copy="curl https://arbok.mrkaran.dev/3000 > burrow.conf && sudo wg-quick up ./burrow.conf">
                             <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
                                 <rect x="9" y="9" width="13" height="13" rx="2" ry="2"></rect>
                                 <path d="m5 15-4-4 4-4"></path>
@@ -55,8 +55,8 @@ <h1 class="hero-title">Secure HTTP tunnels to localhost</h1>
                 <div class="command-section">
                     <div class="command-label">Stop tunnel:</div>
                     <div class="command-block">
-                        <code class="command-text">sudo wg-quick down ./wg.conf</code>
-                        <button class="copy-button" data-copy="sudo wg-quick down ./wg.conf">
+                        <code class="command-text">sudo wg-quick down ./burrow.conf</code>
+                        <button class="copy-button" data-copy="sudo wg-quick down ./burrow.conf">
                             <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
                                 <rect x="9" y="9" width="13" height="13" rx="2" ry="2"></rect>
                                 <path d="m5 15-4-4 4-4"></path>
@@ -144,6 +144,49 @@ <h4 class="advanced-title">API Access</h4>
                 </div>
             </details>
         </section>
+
+        <section class="troubleshooting">
+            <details class="advanced-toggle">
+                <summary class="advanced-summary">Troubleshooting</summary>
+                <div class="advanced-content">
+                    <div class="advanced-section">
+                        <h4 class="advanced-title">🔥 Firewall Issues (CentOS/RHEL/Fedora)</h4>
+                        <p class="troubleshooting-desc">If you can ping through the tunnel but TCP connections fail, add the WireGuard interface to the trusted zone:</p>
+                        <div class="command-block">
+                            <code class="command-text">sudo firewall-cmd --permanent --zone=trusted --add-interface=burrow</code>
+                            <button class="copy-button" data-copy="sudo firewall-cmd --permanent --zone=trusted --add-interface=burrow">
+                                <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                                    <rect x="9" y="9" width="13" height="13" rx="2" ry="2"></rect>
+                                    <path d="m5 15-4-4 4-4"></path>
+                                </svg>
+                            </button>
+                        </div>
+                        <div class="command-block">
+                            <code class="command-text">sudo firewall-cmd --reload</code>
+                            <button class="copy-button" data-copy="sudo firewall-cmd --reload">
+                                <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                                    <rect x="9" y="9" width="13" height="13" rx="2" ry="2"></rect>
+                                    <path d="m5 15-4-4 4-4"></path>
+                                </svg>
+                            </button>
+                        </div>
+                    </div>
+                    
+                    <div class="advanced-section">
+                        <h4 class="advanced-title">🔍 Common Issues</h4>
+                        <div class="troubleshooting-item">
+                            <strong>App not accessible:</strong> Ensure your app binds to <code>0.0.0.0:PORT</code> not <code>127.0.0.1:PORT</code>
+                        </div>
+                        <div class="troubleshooting-item">
+                            <strong>Handshake fails:</strong> Generate a fresh config - old configs become invalid after server restarts
+                        </div>
+                        <div class="troubleshooting-item">
+                            <strong>Permission denied:</strong> WireGuard requires root/sudo privileges to create network interfaces
+                        </div>
+                    </div>
+                </div>
+            </details>
+        </section>
     </main>
 
     <script src="/static/script.js"></script>

internal/api/web/style.css

@@ -478,6 +478,46 @@ body {
     margin-bottom: var(--space-sm);
 }
 
+/* Troubleshooting Section */
+.troubleshooting {
+    padding: var(--space-xl) 0;
+    border-top: 1px solid var(--border-primary);
+}
+
+.troubleshooting-desc {
+    color: var(--text-secondary);
+    font-size: 0.95rem;
+    line-height: 1.5;
+    margin-bottom: var(--space-md);
+}
+
+.troubleshooting-item {
+    padding: var(--space-sm);
+    background: var(--bg-secondary);
+    border-radius: 6px;
+    margin-bottom: var(--space-sm);
+    border-left: 3px solid var(--accent-purple);
+}
+
+.troubleshooting-item:last-child {
+    margin-bottom: 0;
+}
+
+.troubleshooting-item strong {
+    color: var(--text-primary);
+    font-weight: 600;
+}
+
+.troubleshooting-item code {
+    background: var(--bg-primary);
+    padding: 2px 6px;
+    border-radius: 4px;
+    font-family: var(--font-mono);
+    font-size: 0.875rem;
+    color: var(--accent-purple);
+    border: 1px solid var(--border-primary);
+}
+
 /* Responsive Design */
 @media (max-width: 768px) {
     .nav-content {