We would like to introduce you to a new type of VPN called WireGuard. All other VPN’s (UGent Anyconnect, Telin OpenVPN) move your computer completely to the UGent or Telin network but this is not always good especially when you use videoconferencing tools like Zoom and Teams.
In a full VPN all your local network has to travel two times encrypted to and from the UGent network, resulting in bad quality and interruptions.
This is where WireGuard excels. As we set this up, it lets you connect to the Telin servers, but if you use other websites or teleconferencing tools, it uses your local network.
However sometimes you need to access external websites which have a license to some service e.g. Web of Science, IEEE, ACM,… so in this case you want your computer to have a full VPN. Well, Wireguard can have this too with profiles. So, you can have the best of 2 worlds.
In your research folder you will find a folder wireguard with your personal keys. They are labeled client-%your_id%-%number%.conf and client-%your_id%-%number%-full.conf. So, the first key is only to connect to the Telin network and the second is the full VPN, emulating the Telin OpenVPN. The number in the name indicates a device (laptop, smartphone,tablet..), so every device need it’s own config files, you cannot put everywhere the same files! We provided 2 device keys for everybody, with a normal and a full VPN. If you need more keys, you can ask your sysadmin.
The normal VPN profile also includes the UGent license servers, so you will be possible to use Matlab, Maple, updates to Windows license and MS Office licenses. In Windows it will also continue to provide the Veeam backup service.
There are 4 sections in this page with install instructions: Windows, Linux, MacOS and Android.
Please scroll down to the desired section.
In your research folder you will find a directory wireguard which contains 4 WireGuard keys and 4 pictures with a QR code of these keys. Download them first on your local machine. You can use WinSCP, scp or sftp (see section https://telin.ugent.be/telin-docs/general/files-folders/).
The files are called client-%your_id%-%number%.conf and client-%your_id%-%number%-full.conf, QR codes have the .conf files with .png extension in the name added.
Make sure you stop your OpenVPN connection, because this will interfere with this WireGuard VPN! Wireguard is a replacement for OpenVPN and will be phased out. Don’t use them both at the same time!
client-%your_id%-%number%-full.conf keys are for a complete VPN, same like OpenVPN. This VPN type will slow down your videochat connections considerably, since all traffic passes the VPN router. Use this for smartphones to encrypt your internet of suspicious WiFi connections!
There is one key for one device only, hence the number -1 or -2 in the filename. If you have more devices to connect with a VPN, ask your sysadmin to generate a 3th or 4th key!
If you lose your device (laptop, smartphone) please inform your sysadmin to retract the keys for eliminate abuse.
Congrats. You succefully installed the WireGuard VPN. You can now connect straight from any location to all the internal Telin machines and the DICT vSphere server e.g. for your departments website development!
Full keys are practical for visiting Web of Science, IEEE en ACM. You can have both keys with the same config number and switch easily.
For Ubuntu it is (the $ sign is the command prompt):
$ sudo apt install wireguard
Create the WireGuard config directory with:
$ sudo mkdir /etc/wireguard
Copy your WireGuard client-%user_id%-1.conf config to /etc/wireguard/wg0.conf
.
$ sudo cp client-*-1.conf /etc/wireguard/wg0.conf
Start the VPN with:
$ sudo wg-quick up wg0
You can check with an internal server like packages.
$ ping packages
PING packages.telin (192.168.41.5) 56(84) bytes of data.
64 bytes from packages.telin (192.168.41.5): icmp_seq=1 ttl=63 time=15.7 ms
64 bytes from packages.telin (192.168.41.5): icmp_seq=2 ttl=63 time=16.4 ms
64 bytes from packages.telin (192.168.41.5): icmp_seq=3 ttl=63 time=16.3 ms
64 bytes from packages.telin (192.168.41.5): icmp_seq=4 ttl=63 time=34.2 ms
64 bytes from packages.telin (192.168.41.5): icmp_seq=5 ttl=63 time=16.1 ms
^C
If you want to stop the VPN use this:
$ sudo wg-quick down wg0
Congrats. You succefully installed the WireGuard VPN. You can now connect straight from any location to all the internal Telin machines and the DICT vSphere server e.g. for your departments website development!
It could be that the package resolvconf is missing. You can install it with
sudo apt install resolvconf
Full keys are practical for visiting Web of Science, IEEE en ACM. You can have both keys with the same config number and switch easily.
Congrats. You succefully installed the WireGuard VPN. You can now connect straight from any location to all the internal Telin machines and the DICT vSphere server e.g. for your departments website development!
Full keys are practical for visiting Web of Science, IEEE en ACM. You can have both keys with the same config number and switch easily.
It could be that you encounter an error that only IP adresses are allow in the DNS. In that case, you will have to remove the .telin search domain, or contact your sysadmin to do it for you.
Congrats. You succefully installed the WireGuard VPN. You can safely browse, read email on unreliable WiFi hotspots. Everything is encryted over the Internet.