This is one of the lightest-weight mainstream operating systems that Pritunl is compatible with right out of the box. Before you can do any installing, you must deploy a VPS from your chosen provider. For the purposes of this tutorial we will be using (LMG affiliate link), specifically their $3.50/month 1 core, 512MB of memory, 500GB of bandwidth plan (note: this plan is only available at their New York/New Jersey data center).Ĭreate an account at Vultr or your chosen VPS provider.ĭeploy a VPS at your desired tier and location, choosing Centos 7 as your operating system (it appears Pritunl does not yet support CentOS 8, although this may change).Stage 1 - VPS Install, Firewall, and Setup (before the video tutorial section): That's it - unless you intend to install Pritunl locally in which case you will need a system or VM to install CentOS onto.A credit card or PayPal account to rent a server with.Note: Image links will be coloured like this: (I still need to finish this, was posting at the end of the day and ran out of time D:) You should have access now.This is an accompanying guide for our recent video (currently on Floatplane) where we setup a DIY VPN server using Pritunl. You're done! Connect WireGuard first, then the corporate VPN. I set the corporate value to 3 and WireGuard to 5. If it's not, use this command to update InterfaceMetrics: Set-NetIPInterface -InterfaceIndex -InterfaceMetric The InterfaceMetric of the coroprate VPN interface must be lower than that of WireGuard. There may be duplicate entries, don't worry about that. IfIndex InterfaceAlias AddressFamily NlMtu(Bytes) InterfaceMetric Dhcp ConnectionState PolicyStoreĢ7 VPN - VPN Client IPv4 1500 1 Enabled Disconnected ActiveStoreĥ4 Pritunl 1 IPv6 1500 25 Enabled Disconnected ActiveStoreĥ3 se-sto-wg-011 IPv4 1420 10 Disabled Connected ActiveStore >HEADER Get-NetIPInterface | Sort-Object Interfacemetric Name: .comĪliases: On POSIX (in case your colleague uses MacOS or Linux): dig To find it out with a working corporate connection (ask your colleague?), use the follwing while the corporate VPN is connected and intranet resources are accessible. You need to know which DNS server the corporate intranet is using. Add your corporate intranet DNS server to the DNS property. Note that you can use the calculator to exclude more IP addresses from the VPN to access them directly. This is the range of all IPs except LAN subnets.Įdit your server ("tunnel") in the WireGuard app and put this line into the section. Luckily, there exist online calclators that do this for you. In order to do that, you need to specify all ranges between and around those LAN ranges, which is not a trivial task at all. The problem is that you don't want to allow ranges, you want to exclude ranges! Specifically, you need to exclude all the LAN subnets such as 10.x.x.x, 172.16.x.x and .x. Ranges that are not covered will work directly, outside the VPN. What it actually does is defines which IP ranges should be routed through the WireGuard VPN connection. The AllowedIPs configuration property name is misleading. Update the AllowedIPs property to exclude LAN IP ranges. Import the configuration to the WireGuard client. ![]() Pick just one server for starters, the one that the Mullvad client chooses by default (hopefully it's one of the fastest for you). Please note that you don't have to export all servers as the manual suggests. Export a server configuration from Mullvad and import it to the WireGuard clientĪfter log in, configuration exporting is available here: Don't worry, we got you covered!ĭownload the vanilla WireGuard client here: Their tech support recommend using the vanilla WireGuard client, but they refuse to assist configuring it. The Mullvad VPN client does not allow configuring AllowedIPS or DNS. But I was able to do it using this tutorial: Setting up a self-hosted WireGuard VPN server is wa-a-ay out of scope of this guide. Subscribe to Mullvad VPN if you haven't already or set up a self-hosted WireGuard server
0 Comments
Leave a Reply. |