VPN Configuration Guide for Sensitive Cloud

A Virtual Private Network (VPN) enables connection to secure environments isolated from the public internet. CERIT-SC utilizes WireGuard VPN technology. To access the VPN, you must first request access and configuration details.

Refer to the next section for obtaining access.

Obtaining VPN Access

If you’re interested in accessing secure resources through our VPN solution, please reach out to our support:
trusted(at)e-infra.cz.

Connecting to VPN with WireGuard

Below is a guide detailing how to configure WireGuard VPN using provided configuration files you received upon registration.

Windows

1. Install WireGuard:
   Download the WireGuard installer for Windows here and follow installation instructions.

2. Create Configuration File:

   • Create a configuration file named sensitive-vpn.conf. Save this file securely within your personal directory, for example:

     C:\Users\<username>\Documents\sensitive-vpn.conf

   • Example configuration file contents (replace placeholders with values provided by our support team):

   [Interface]
   PrivateKey = DESKTOP_CLIENT_PRIVATE_KEY
   Address = 10.0.0.2/24
   
   [Peer]
   PublicKey = SERVER_PUBLIC_KEY
   Endpoint = SERVER_IP_ADDRESS:PORT
   AllowedIPs = 0.0.0.0/0

3. Launch WireGuard Application.

4. Import VPN Configuration:

   • From the WireGuard interface, click “Import tunnel(s) from file”.
   • Select the previously created sensitive-vpn.conf.

5. Connect to VPN:
   • Select the imported VPN tunnel.
   • Click “Activate”.

6. Disconnecting:
   • To deactivate the VPN, select the active tunnel and click “Deactivate”.

Linux

1. Install WireGuard:

   • Follow official WireGuard installation instructions for your Linux distribution found here.

2. Configure VPN:

   • Create the file /etc/wireguard/wg0.conf with the configuration details provided by our support team.
   • Example configuration file:

   [Interface]
   PrivateKey = DESKTOP_CLIENT_PRIVATE_KEY
   Address = 10.0.0.2/24
   
   [Peer]
   PublicKey = SERVER_PUBLIC_KEY
   Endpoint = SERVER_IP_ADDRESS:PORT
   AllowedIPs = 0.0.0.0/0

3. Start VPN:

   • Open your terminal and execute:

   sudo wg-quick up wg0

4. Check VPN Status: To verify if the VPN tunnel is active, run:

   wg-quick show

5. Disconnect VPN:

   To deactivate the VPN tunnel, execute:

   wg-quick down wg0

MacOS

Install WireGuard:

1. Download and install WireGuard VPN Client from the Mac App Store.

2. Create VPN Configuration:

   • Securely create the file sensitive-vpn.conf in your home directory (e.g., /Users/<username>/sensitive-vpn.conf) with contents provided by our support team.
   • Example configuration:

   [Interface]
   PrivateKey = DESKTOP_CLIENT_PRIVATE_KEY
   Address = 10.0.0.2/24
   
   [Peer]
   PublicKey = SERVER_PUBLIC_KEY
   Endpoint = SERVER_IP_ADDRESS:PORT
   AllowedIPs = 0.0.0.0/0

3. Launching WireGuard Application.

4. Import VPN Configuration File:

   • Open WireGuard, select “Import tunnel(s) from file”.
   • Choose your previously created configuration file (sensitive-vpn.conf).

5. Activate VPN Connection:

   • Select imported configuration and click “Activate”.

6. Disconnect VPN:

   • To disconnect, select the active VPN tunnel and click “Deactivate”.