canonical · MariaBego56 · Oct 20, 2025 · Oct 26, 2025 · Nov 8, 2025 · s-makin
diff --git a/how-to/wireguard-vpn/peer-to-site-on-router.md b/how-to/wireguard-vpn/peer-to-site-on-router.md
@@ -5,20 +5,26 @@
 In this diagram, we are depicting a home network with some devices and a router where we can install WireGuard.
 
 ```
-```
+```{mermaid}
-```
+```{mermaid}
-                       public internet              ┌─── wg0 10.10.11.1/24
-10.10.11.2/24                                       │        VPN network
-        home0│            xxxxxx       ppp0 ┌───────┴┐
-           ┌─┴──┐         xx   xxxxx  ──────┤ router │
-           │    ├─wlan0  xx       xx        └───┬────┘    home network, .home domain
-           │    │       xx        x             │.1       10.10.10.0/24
-           │    │        xxx    xxx             └───┬─────────┬─────────┐
-           └────┘          xxxxxx                   │         │         │
-Laptop in                                         ┌─┴─┐     ┌─┴─┐     ┌─┴─┐
-Coffee shop                                       │   │     │   │     │   │
-                                                  │pi4│     │NAS│     │...│
-                                                  │   │     │   │     │   │
-                                                  └───┘     └───┘     └───┘
-```
+---
+config:
+  layout: elk
+---
+flowchart LR
+ subgraph home["Home network (.home) — 10.10.10.0/24"]
+        pi4["Raspberry Pi 4"]
+        nas["NAS"]
+        dots["..."]
+  end
+    laptop["Laptop<br>Coffee shop"] -- |wlan0| --> internet((("Public Internet")))
+    internet -- |ppp0| --> router[["Router<br>.home = 10.10.10.1"]]
+    laptop -. "wg0 10.10.11.2/24" .-> vpn[("WireGuard VPN<br>10.10.11.0/24")]
+    router -. "wg0 10.10.11.1/24" .-> vpn
+    router --- pi4 & nas & dots
+    style laptop fill:#C8E6C9
+    style internet fill:#BBDEFB
+    style router fill:#FFF9C4
+    style vpn fill:#D50000
+    style home fill:#FFD600```
 
 Of course, this setup is only possible if you can install software on the router. Most of the time, when it's provided by your ISP, you can't. But some ISPs allow their device to be put into a bridge mode, in which case you can use your own device (a computer, a Raspberry PI, or something else) as the routing device.
 

diff --git a/how-to/wireguard-vpn/peer-to-site.md b/how-to/wireguard-vpn/peer-to-site.md
@@ -10,20 +10,28 @@ Where to place the remote WireGuard endpoint in the network will vary a lot depe
 
 Here we will cover a simpler case more resembling what a home network could be like:
 
-```
-               public internet
-
-                xxxxxx      ppp0 ┌────────┐
- ┌────┐         xx   xxxx      ──┤ router │
- │    ├─ppp0  xxx      xx        └───┬────┘
- │    │       xx        x            │         home 10.10.10.0/24
- │    │        xxx    xxx            └───┬─────────┬─────────┐
- └────┘          xxxxx                   │         │         │
-                                       ┌─┴─┐     ┌─┴─┐     ┌─┴─┐
-                                       │   │     │   │     │   │
-                                       │pi4│     │NAS│     │...│
-                                       │   │     │   │     │   │
-                                       └───┘     └───┘     └───┘
+```{mermaid}
+ flowchart LR
+  %% ASCII -> Mermaid conversion
+  host["host"]
+  internet(("public internet"))
+  router["router"]
+
+  %% Home network
+  subgraph home["home 10.10.10.0/24"]
+    pi4["pi4"]
+    nas["NAS"]
+    dots["..."]
+  end
+
+  %% Paths
+  host --|ppp0|--> internet
+  internet --|ppp0|--> router
+
+  router --- pi4
+  router --- nas
+  router --- dots
+
 ```