![]() You're done! Connect WireGuard first, then the corporate VPN. I set the corporate value to 3 and WireGuard to 5. If it's not, use this command to update InterfaceMetrics: Set-NetIPInterface -InterfaceIndex -InterfaceMetric The InterfaceMetric of the coroprate VPN interface must be lower than that of WireGuard. There may be duplicate entries, don't worry about that. IfIndex InterfaceAlias AddressFamily NlMtu(Bytes) InterfaceMetric Dhcp ConnectionState PolicyStoreĢ7 VPN - VPN Client IPv4 1500 1 Enabled Disconnected ActiveStoreĥ4 Pritunl 1 IPv6 1500 25 Enabled Disconnected ActiveStoreĥ3 se-sto-wg-011 IPv4 1420 10 Disabled Connected ActiveStore >HEADER Get-NetIPInterface | Sort-Object Interfacemetric Name: .comĪliases: On POSIX (in case your colleague uses MacOS or Linux): dig To find it out with a working corporate connection (ask your colleague?), use the follwing while the corporate VPN is connected and intranet resources are accessible. You need to know which DNS server the corporate intranet is using. Add your corporate intranet DNS server to the DNS property. Note that you can use the calculator to exclude more IP addresses from the VPN to access them directly. This is the range of all IPs except LAN subnets.Įdit your server ("tunnel") in the WireGuard app and put this line into the section. Luckily, there exist online calclators that do this for you. In order to do that, you need to specify all ranges between and around those LAN ranges, which is not a trivial task at all. The problem is that you don't want to allow ranges, you want to exclude ranges! Specifically, you need to exclude all the LAN subnets such as 10.x.x.x, 172.16.x.x and .x. Ranges that are not covered will work directly, outside the VPN. What it actually does is defines which IP ranges should be routed through the WireGuard VPN connection. The AllowedIPs configuration property name is misleading. Update the AllowedIPs property to exclude LAN IP ranges. Import the configuration to the WireGuard client. Pick just one server for starters, the one that the Mullvad client chooses by default (hopefully it's one of the fastest for you). Please note that you don't have to export all servers as the manual suggests. Export a server configuration from Mullvad and import it to the WireGuard clientĪfter log in, configuration exporting is available here: Don't worry, we got you covered!ĭownload the vanilla WireGuard client here: Their tech support recommend using the vanilla WireGuard client, but they refuse to assist configuring it. The Mullvad VPN client does not allow configuring AllowedIPS or DNS. But I was able to do it using this tutorial: Setting up a self-hosted WireGuard VPN server is wa-a-ay out of scope of this guide. Subscribe to Mullvad VPN if you haven't already or set up a self-hosted WireGuard server Update the InterfaceMetric of your connections.Ġ.Add your corporate intranet DNS server to the DNS property.Update the AllowedIPs property to exclude LAN IP ranges.Export a server configuration from Mullvad.Subscribe to Mullvad VPN if you haven't already or set up a self-hosted WireGuard server. ![]() With solution above, your VPN account will be only as safe as account on machine where you put that file is. Keep in mind that your authorisation file is plain file. Here in this tutorial, we make use of the t3a.micro instance and it would cost around 6.86 for a month. Even if we use a t3a.medium instance it would just cost 27.44 and it would be more than enough for a small company. Usually it would be that you path to the file is wrong or auth file contains some whitespace like characters that affect your entry. For a Pritunl VPN setup, we can make use of the EC2 instance. If everything is valid login window should not appear but app should use your authorisation data! You can use debug option in case of any problems. You should restart pritunl app now in case if it was on. Open it in your editor and find line, with auth-user-pass and add path to file containing you authorisation credentials auth-user-pass /Users/user1/directory-to-keep-vpn-profile-data/auth.txtĪs Mat J pointed out: windows users may need to escape the backslash in the path with double backslash)Īuth.txt should be a plain txt file with just 2 lines: username Where profile_hash - would be alphanumeric hash like 028c16f93c.c6258 On MacOS installed pritunl with configured profile for VPN network go to: cd /Users//Library/Application\ Support/pritunl/profiles/.ovpn
0 Comments
Leave a Reply. |