In this tutorial, you will learn how to configure a VPN connection in order to remotely connect multiple users from a private network.
These days, security is every company’s top priority, and most businesses work tirelessly to continually strengthen their network security measures. VPNs (Virtual Private Networks) are one way that companies can do this. It creates an encrypted connection across the internet, allowing users to remotely access services and documents securely from any location.
Unfortunately, the L2TP protocol only allows one session at a time when connecting from a private network. As a result, if you are using NAT, using an L2TP connection will block the connection port, thereby rejecting any attempts to connect a second user. In this tutorial, we will look at how you can solve this problem using WireGuard, a VPN session server that allows you to establish multiple connections at the same time.
We will explain how to install WireGuard and configure it to enable multiple clients to connect to a server simultaneously from the same private network, thereby keeping your remote connections secure when working remotely.
Configuring a VPN client to allow multiple sessions from a private network
Before you get started
To successfully complete this tutorial and establish a VPN connection between your client device and the server, you will need:
- To be registered with an organisation on the Jotelulu platform and have logged in.
- To have registered for a Servers subscription or Remote Desktop subscription in order to enable the VPN on your network.
- To have a device on which to install WireGuard.
Part 1 – Installing WireGuard on GNU/Linux
The process to install WireGuard on a GNU/Linux server will depend on which version you are using, since the exact steps will vary between CentOs, Ubuntu or other distributions. To learn about the installation process for different systems, visit the installation section on the WireGuard website.
If you are using CentOS, you should log in as root user (system administrator) and run the following commands:
If you are using Ubuntu, you should run the following command, plus some additional commands to install requirements and dependencies, etc.
# sudo apt install wireguard
Part 2 – Installing the WireGuard client
You can use WireGuard on a number of different operating systems, including GNU/Linux, Mac or Windows. In this tutorial, we are going to explain the process for installing it on Windows, since it is the most commonly used OS. But don’t worry, we will continue to publish new tutorials which look at the process for other common operating systems.
First, go to the WireGuard website and download the Windows installer, which as you can see is really small, just 85kB in size.
Once downloaded onto your client device (the device you will use to connect to the VPN), run the installer as an administrator.
The program is very quick to install, although this may depend on your device specifications. In any case, it shouldn’t take more than a couple of minutes to install and you will only briefly see a couple of progress bars during the process.
Part 2 – WireGuard installation progress
Once the installation has finished, you will see the WireGuard configuration window.
Part 2 – WireGuard welcome screen and configuration window
NOTE: If you have any problems with the installation process, you can launch the installation using the MSI that you can find here.
Part 3 – WireGuard settings
So far, you have installed WireGuard on your Windows device. However, there are still some settings that you need to configure in order to establish a connection.
To configure a new connection, click on “Add Tunnel > Add empty tunnel…” (1). .
Part 3 – Create a new empty tunnel
When a new empty tunnel is created, WireGuard automatically generates a public key (2) that you will see on the screen.
Part 3 – WireGuard configuration on Windows
The text box shown contains the configuration settings for the connection. At the moment, it is incomplete.
To complete the configuration settings, you will need to add other fields such as the IP address, DNS server, allowed IPs and the connection point. To do this, you need to add these details so that the configuration settings look as follows:
[Interface]
PrivateKey = iuurt328rtf98sdpcg98eawtf982wgfwpeefgt98g
Address = 194.128.1.23/32
DNS = 192.168.1.1
[Peer]
PublicKey = iuurt328rtf98sdpcg98eawtf982wgfwpeefgt98g
AllowedIPs = 0.0.0.0/0
Endpoint = 12.15.12.15:12345
Each one of these fields has a fundamental role, which we will explain below:
- PrivateKey: This is the private key provided by the client device.
- Address: Your internal IP address.
- DNS: The IP address of the DNS server on the network.
- PublicKey: This is the public key for the WireGuard server.
- Allowed IPs: These are the IP addresses that will be routed through the VPN. If you enter “0.0.0.0./0”, all traffic will be routed through the VPN.
- Endpoint: The WireGuard server’s external IP address (published on the internet) and listening port.
Part 3 – Configuration example for WireGuard on Windows
Part 4 – Configuring the new client on the WireGuard server
To allow traffic between the client and the server, you need to add the client in the [Peer] section of the configuration file on the WireGuard server.
To do this, you will need to add something like the following lines, depending on your network configuration:
[Peer]
PublicKey = iuurt328rtf98sdpcg98eawtf982wgfwpeefgt98g
AllowedIPs = 194.128.1.23/32
Where:
- PublicKey: is the public key that the Windows client provides to the WireGuard server.
- AllowedIPS: Specify which IP addresses can use the tunnel. Here you should enter your internal IP address.
Part 5 – Checking the connection
Lastly, you should launch the VPN connection to check that you are browsing via the remote IP address.
To check this, you can use one of the classic web pages that check your IP address, such as Whatismyipaddress.com.
Conclusions and next steps:
Many organisations are keen to protect their connections to avoid exposure over the internet and prevent any unauthorised access.
In this tutorial, you have learnt how to create a VPN using WireGuard to allow remote access from any location in a secure way, allowing you to open various connections from the same network.
We hope that you have found this tutorial useful in configuring your VPN. However, if you do encounter any problems or have any questions about the information contained in this tutorial, please don’t hesitate to write to us at plataforma@jotelulu.com or call us on +34 91 133 37 10 and we will be happy to help you.
Have a nice day!