What is a VPN, why do I need one, and how do I set one up?

April, 8 2020

Subscribe and stay up to date

No spam, we promise! You will only 
receive essential emails.
Written By
James Lawrence
Topic

1.) What is a VPN?

A VPN creates a network, much like your home or office network,

but instead of being geographically isolated a VPN can span the entire globe. Any person/device with the proper credentials and software can securely connect to the VPN from anywhere there is an internet connection.

 

2.) Why and when should you use a VPN?

There are a variety of use cases for VPNs, and some companies may not need one. particularly in this day and age of web-based services which are already available globally. but there are areas where VPNs are very useful.

  • Does your company have strict policies on internet access from work devices? a VPN can help you centralize your firewall settings. and have them applied anywhere in the globe. helping protect your devices.
  • Are there physical resources (camera's, doors, printers) at various locations that managing in a central location would be ideal?
  • Are there virtual resources (cloud based infrastructure,IoT devices) that need to be managed by employees?
  • Are you using legacy software systems that are insecure and you need to securely access them?

 

At talla our VPN is used as a bastion server for access to cloud based infrastructure for our engineering team.

It allows us to lock down the network while still giving our engineers the access they need to the system to perform their jobs.

 

3.) How do you choose the right VPN?

Picking a VPN is always a tough question. Setting up a VPN can be quite simple. a competent IT professional should be able to get one up and running within a day or two. But that is the easy part. The hard part of running a VPN is managing and distributing credentials to the users.

Today personally I only consider two options for running a VPN: OpenVPN, and Wireguard.

 

OpenVPN is an industry standard.

  • it’s open source.
  • It’s been audited.
  • works on every platform.
  • has the option of paid support.
  • It can handle any requirements you may have.
  • It can be complicated to manage once you have it setup.

 

Wireguard is an up and coming VPN technology.

  • it’s open source.
  • it’s now a part of the linux kernel, which means you don't need any additional software to set up a server.
  • it’s small. the codebase can be audited by a single individual.
  • it’s simple. setup is a breeze.
  • it’s fast, faster than openvpn.
  • it works on every platform.
  • credential management is easier than openvpn.
    • no need to move around sensitive information to setup users.

 

4.) How do you set up a VPN server? Please list and explain the

process in detail for each OS (Windows, Mac, iOS, Android)

 

Mac OSX Setup

  1. Download & Install the wireguard app
  1. Open the application
  2. Click import tunnel(s) from file
  1. Navigate to the configuration file from your IT department. e.g.)

[Interface]

Address = 172.16.0.2/24

PrivateKey = 0000000000000000000000000000000000000000000=

[Peer]

PublicKey  = 0000000000000000000000000000000000000000000=

AllowedIPs = 172.16.0.0/16, 172.31.0.0/16

Endpoint   = bastion.business.com:2100

PersistentKeepalive = 5

 

  1. Click import.
  2. Allow WireGuard to add VPN configurations
  1. Click activate
  1. You’re done. Wireguard will connect.
  2. You can control wireguard using the system tray.

Window Setup

  1. Download & Install the wireguard app
  2. Click `Import tunnel(s) from file`
  1. Navigate to the configuration file from your IT department. e.g.)

[Interface]

Address = 172.16.0.2/24

PrivateKey = 0000000000000000000000000000000000000000000=

[Peer]

PublicKey  = 0000000000000000000000000000000000000000000=

AllowedIPs = 172.16.0.0/16, 172.31.0.0/16

Endpoint   = bastion.business.com:2100

PersistentKeepalive = 5

  1. Click activate.
  1. You’re done.

iOS Setup

  1. Download the wireguard app
  2. Click add a tunnel
    1. Create from QR Code.
    1. Scan the QR code provided from your IT department.
  1. Allow wireguard to create VPN configurations.
  1. Name the new tunnel.
  2. Activate the tunnel by tapping the toggle.
  1. And you’re done.



Android Setup

  1. Download the wireguard app
  2. Open the app and click the + icon on the bottom right.
  3. For this android we’re going to use a QR code for simplicity.
    1. Select `Scan from QR code`
    2. Scan the provided QR code from your IT department.
  4. Give the VPN a name: business.com and click create tunnel.
  5. Activate the tunnel by clicking on the toggle button and you’re done.
View all posts

Recommended Reading

Subscribe and stay up to date

No spam, we promise! You will only 
receive essential emails.

Subscribe and stay up to date