TELIN helpdesk > General > WireGuard

WireGuard

Intro

We would like to introduce you to a new type of VPN called WireGuard. All other VPN’s (UGent Anyconnect, Telin OpenVPN) move your computer completely to the UGent or Telin network but this is not always good especially when you use videoconferencing tools like Zoom and Teams.

In a full VPN all your local network has to travel two times encrypted to and from the UGent network, resulting in bad quality and interruptions.

This is where WireGuard excels. As we set this up, it lets you connect to the Telin servers, but if you use other websites or teleconferencing tools, it uses your local network.

However sometimes you need to access external websites which have a license to some service e.g. Web of Science, IEEE, ACM,… so in this case you want your computer to have a full VPN. Well, Wireguard can have this too with profiles. So, you can have the best of 2 worlds.

In your research folder you will find a folder wireguard with your personal keys. They are labeled client-%your_id%-%number%.conf and client-%your_id%-%number%-full.conf. So, the first key is only to connect to the Telin network and the second is the full VPN, emulating the Telin OpenVPN. The number in the name indicates a device (laptop, smartphone,tablet..), so every device need it’s own config files, you cannot put everywhere the same files! We provided 2 device keys for everybody, with a normal and a full VPN. If you need more keys, you can ask your sysadmin.

The normal VPN profile also includes the UGent license servers, so you will be possible to use Matlab, Maple, updates to Windows license and MS Office licenses. In Windows it will also continue to provide the Veeam backup service.

There are 4 sections in this page with install instructions: Windows, Linux, MacOS and Android.

Please scroll down to the desired section.

In your research folder you will find a directory wireguard which contains 4 WireGuard keys and 4 pictures with a QR code of these keys. Download them first on your local machine. You can use WinSCP, scp or sftp (see section https://telin.ugent.be/telin-docs/general/files-folders/).

The files are called client-%your_id%-%number%.conf and client-%your_id%-%number%-full.conf, QR codes have the .conf files with .png extension in the name added.

Make sure you stop your OpenVPN connection, because this will interfere with this WireGuard VPN! Wireguard is a replacement for OpenVPN and will be phased out. Don’t use them both at the same time!

client-%your_id%-%number%-full.conf keys are for a complete VPN, same like OpenVPN. This VPN type will slow down your videochat connections considerably, since all traffic passes the VPN router. Use this for smartphones to encrypt your internet of suspicious WiFi connections!

There is one key for one device only, hence the number -1 or -2 in the filename. If you have more devices to connect with a VPN, ask your sysadmin to generate a 3th or 4th key!

If you lose your device (laptop, smartphone) please inform your sysadmin to retract the keys for eliminate abuse.

Windows

Goto https://www.wireguard.com/install/
Click on Download for 64-bit
Open and install the downloaded file
Run the Wireguard application from the Start menu.

Congrats. You succefully installed the WireGuard VPN. You can now connect straight from any location to all the internal Telin machines and the DICT vSphere server e.g. for your departments website development!

Full keys are practical for visiting Web of Science, IEEE en ACM. You can have both keys with the same config number and switch easily.

Linux

Goto https://www.wireguard.com/install/. You can see the install method for every Linux derivate.
For Ubuntu it is (the $ sign is the command prompt):
```
$ sudo apt install wireguard
```
Create the WireGuard config directory with:
```
$ sudo mkdir /etc/wireguard
```
Copy your WireGuard client-%user_id%-1.conf config to /etc/wireguard/wg0.conf.
```
$ sudo cp client-*-1.conf /etc/wireguard/wg0.conf
```

Start the VPN with:

$ sudo wg-quick up wg0

You can check with an internal server like packages.

$ ping packages
PING packages.telin (192.168.41.5) 56(84) bytes of data.
64 bytes from packages.telin (192.168.41.5): icmp_seq=1 ttl=63 time=15.7 ms
64 bytes from packages.telin (192.168.41.5): icmp_seq=2 ttl=63 time=16.4 ms
64 bytes from packages.telin (192.168.41.5): icmp_seq=3 ttl=63 time=16.3 ms
64 bytes from packages.telin (192.168.41.5): icmp_seq=4 ttl=63 time=34.2 ms
64 bytes from packages.telin (192.168.41.5): icmp_seq=5 ttl=63 time=16.1 ms
^C

If you want to stop the VPN use this:

$ sudo wg-quick down wg0

It could be that the package resolvconf is missing. You can install it with sudo apt install resolvconf

Full keys are practical for visiting Web of Science, IEEE en ACM. You can have both keys with the same config number and switch easily.

MacOS

Open The Apple App store and lookup wireguard
Get and install the WireGuard app
Click on the + sign and add the client-%user_id%-%number%.conf or full version which you have copied from your research folder
Now you can activate the WireGuard VPN.

Full keys are practical for visiting Web of Science, IEEE en ACM. You can have both keys with the same config number and switch easily.

It could be that you encounter an error that only IP adresses are allow in the DNS. In that case, you will have to remove the .telin search domain, or contact your sysadmin to do it for you.

Android

Open the Google Play store (or F-droid if you like) and lookup wireguard. Make sure you install the version from the WireGuard Development Team.
Click on the add tunnel blue button and choose scan from QR code. Scan the client-%your_id%-2-full.png QR code from your screen which you opened on your PC. Give it a name e.g. Telin.
Switch the Telin VPN on. Check with this URL in your favorite browser in Android: https://telin.ugent.be/ipecho/ You should get the IP address: 157.193.140.3.
Congrats. You succefully installed the WireGuard VPN. You can safely browse, read email on unreliable WiFi hotspots. Everything is encryted over the Internet.