How to Configure a VPN Client to Connect Multiple Users from a Private Network

In this tutorial, you will learn how to configure a VPN connection in order to remotely connect multiple users from a private network.

These days, security is every company’s top priority, and most businesses work tirelessly to continually strengthen their network security measures. VPNs (Virtual Private Networks) are one way that companies can do this. It creates an encrypted connection across the internet, allowing users to remotely access services and documents securely from any location.

Unfortunately, the L2TP protocol only allows one session at a time when connecting from a private network. As a result, if you are using NAT, using an L2TP connection will block the connection port, thereby rejecting any attempts to connect a second user. In this tutorial, we will look at how you can solve this problem using WireGuard, a VPN session server that allows you to establish multiple connections at the same time.

We will explain how to install WireGuard and configure it to enable multiple clients to connect to a server simultaneously from the same private network, thereby keeping your remote connections secure when working remotely.

 

Configuring a VPN client to allow multiple sessions from a private network

 

Before you get started

To successfully complete this tutorial and establish a VPN connection between your client device and the server, you will need:

 

Part 1 – Installing WireGuard on GNU/Linux

The process to install WireGuard on a GNU/Linux server will depend on which version you are using, since the exact steps will vary between CentOs, Ubuntu or other distributions. To learn about the installation process for different systems, visit the installation section on the WireGuard website.

If you are using CentOS, you should log in as root user (system administrator) and run the following commands:

# yum install yum-utils epel-release
# yum-config-manager –setopt=centosplus.includepkgs=kernel-plus –enablerepo=centosplus –save
# sed -e ‘s/^DEFAULTKERNEL=kernel$/DEFAULTKERNEL=kernel-plus/’ -i /etc/sysconfig/kernel
# yum install kernel-plus wireguard-tools
# reboot

If you are using Ubuntu, you should run the following command, plus some additional commands to install requirements and dependencies, etc.

# sudo apt install wireguard

 

Part 2 – Installing the WireGuard client

You can use WireGuard on a number of different operating systems, including GNU/Linux, Mac or Windows. In this tutorial, we are going to explain the process for installing it on Windows, since it is the most commonly used OS. But don’t worry, we will continue to publish new tutorials which look at the process for other common operating systems.

First, go to the WireGuard website and download the Windows installer, which as you can see is really small, just 85kB in size.

Once downloaded onto your client device (the device you will use to connect to the VPN), run the installer as an administrator.

The program is very quick to install, although this may depend on your device specifications. In any case, it shouldn’t take more than a couple of minutes to install and you will only briefly see a couple of progress bars during the process.

Part 2 - WireGuard installation progress

Part 2 – WireGuard installation progress

Once the installation has finished, you will see the WireGuard configuration window.

Part 2 - WireGuard welcome screen and configuration window

Part 2 – WireGuard welcome screen and configuration window

NOTE: If you have any problems with the installation process, you can launch the installation using the MSI that you can find here.

 

Part 3 – WireGuard settings

So far, you have installed WireGuard on your Windows device. However, there are still some settings that you need to configure in order to establish a connection.

To configure a new connection, click on “Add Tunnel > Add empty tunnel…” (1). .

Part 3 - Create a new empty tunnel

Part 3 – Create a new empty tunnel

When a new empty tunnel is created, WireGuard automatically generates a public key (2) that you will see on the screen.

Part 3 - WireGuard configuration on Windows

Part 3 – WireGuard configuration on Windows

The text box shown contains the configuration settings for the connection. At the moment, it is incomplete.

To complete the configuration settings, you will need to add other fields such as the IP address, DNS server, allowed IPs and the connection point. To do this, you need to add these details so that the configuration settings look as follows:

[Interface]

 PrivateKey = iuurt328rtf98sdpcg98eawtf982wgfwpeefgt98g

 Address = 194.128.1.23/32

 DNS = 192.168.1.1

 [Peer]

 PublicKey = iuurt328rtf98sdpcg98eawtf982wgfwpeefgt98g

 AllowedIPs = 0.0.0.0/0

 Endpoint = 12.15.12.15:12345

Each one of these fields has a fundamental role, which we will explain below:

  • PrivateKey: This is the private key provided by the client device.
  • Address: Your internal IP address.
  • DNS: The IP address of the DNS server on the network.
  • PublicKey: This is the public key for the WireGuard server.
  • Allowed IPs: These are the IP addresses that will be routed through the VPN. If you enter “0.0.0.0./0”, all traffic will be routed through the VPN.
  • Endpoint: The WireGuard server’s external IP address (published on the internet) and listening port.

Part 3 - Configuration example for WireGuard on Windows

Part 3 – Configuration example for WireGuard on Windows

 

Part 4 – Configuring the new client on the WireGuard server

To allow traffic between the client and the server, you need to add the client in the [Peer] section of the configuration file on the WireGuard server.

To do this, you will need to add something like the following lines, depending on your network configuration:

[Peer]

PublicKey = iuurt328rtf98sdpcg98eawtf982wgfwpeefgt98g

AllowedIPs = 194.128.1.23/32

Where:

  • PublicKey: is the public key that the Windows client provides to the WireGuard server.
  • AllowedIPS: Specify which IP addresses can use the tunnel. Here you should enter your internal IP address.

 

Part 5 – Checking the connection

Lastly, you should launch the VPN connection to check that you are browsing via the remote IP address.

To check this, you can use one of the classic web pages that check your IP address, such as Whatismyipaddress.com.

 

Conclusions and next steps:

Many organisations are keen to protect their connections to avoid exposure over the internet and prevent any unauthorised access.

In this tutorial, you have learnt how to create a VPN using WireGuard to allow remote access from any location in a secure way, allowing you to open various connections from the same network.

We hope that you have found this tutorial useful in configuring your VPN. However, if you do encounter any problems or have any questions about the information contained in this tutorial, please don’t hesitate to write to us at plataforma@jotelulu.com or call us on +34 91 133 37 10 and we will be happy to help you.

Have a nice day!

Categories:Remote Desktop, Servers

Fill out the form and one of our Sales team will contact you soon.

growth@jotelulu.com  |  jotelulu.com 

You can unsubscribe from these communications at any time. For more information,  check our Privacy Policy.

 

We make the difficult easy

Existing Disaster Recovery tools often require advanced knowledge to manage, demanding expertise that is difficult to acquire.

Jotelulu’s Disaster Recovery aims to make the difficult easy and offers a very simple deployment based on a three-step configuration:

Origin (Primary Site)
Determine the origin location of the subscription on which the Disaster Recovery service will be established.

Destination (Recovery Site)
Set the destination location (availability zone) where you want the Recovery Site to be deployed.

Replication characteristics
Specify the data related to the number of copies to be kept and the frequency at which the replication will be performed.