after imprting a wiregard config file, do I need to install the VPN app locally
quick VPN/sort of N00B question; I am trying Mullvad, and generated a wiregard config file and imported it into firewalla. I assume it is working, since all my local devices IP range has changed from 192.168.49..... to 198.54.144......
Do I need to install the app on my local devices as well, to get VPN protection when I am on my home network, or, only need to use the app when leaving my home network?
Also, its a Wiregard config file; if and when I need to have VPN away from home, do I use the wiregard app or the Mullvad app?
thanks for helping, I am kinda embarassed that I am not sure about this!
-
No, the client is already installed.
EDIT: Sorry, misread. So each time you have your signal behind a VPN wrapper it’s going to get re-encrypted. That is, if you have Wireguard or NKEv2 or whatever else on your device, the message will be encrypted. Send that encrypted message through a router running OpenVPN or (another) Wireguard client, the encrypted message will be re-encrypted. Some providers, like Nord, provide this as a default feature—called ‘double VPN.’ But it has a serious tendency to drag your signal down.
if you have WG on your Firewalla, you’re safe. You’re encrypted. No need to also do it from your device. However, the down side is that absent a VPN on your device, your signal isn’t encrypted until it gets to the router to go to the WAN. That means that your local messages—those within the LAN—are not encrypted.
Suppose someone used a MiTM attack to hijack your router, they’re inside the LAN with you and your signals are not encrypted. It’s best to set Firewalla so all devices BUT your PC and iPhone or Android are under the router VPN. Then install a VPN client locally on the devices. That way your LAN comms are encrypted but you’re not re-encrypting encrypted signals.
If someone attacks from inside the LAN, via the access point, it’s less an issue. That’s less of an issue, in turn, however, at a public hot spot if you have a wired connection to the Firewalla so the firewall is between you and the access point. If you’re connecting directly to the access point via WiFi, it’s very much an issue.
So it all depends on how you’re connected to the WAN and how you’re connected to the AP, and how, if any way, the firewall is between you and others. Also, bear in mind that if you have a T2 Intel MacBook, there is a known issue with VPN profiles and kill switch functionality. The kill switch can make you processor unstable and expose all your information.
-
thank you, that makes more sense to me now!
so, I have Mullvad VPN config file, a wiregard config file, installed on my firewalla, so I do not need to have Mullvad installed and running on any of my clients on the local network, correct?
everything on my LAN is "protected" just by running/importing the wiregard config file that I generated from Mullvad, correct?
sorry for all the N00bness..
-
And yes, if it says that it connected successfully and you’ve applied it to all your networks it all your devices, that is sufficient.
If you like, you can ensure by going to a VPN confirmation site like https://nordvpn.com/blog/check-vpn-working/. Follow the steps in there and it SHOULD tell you whether or not your VPN is working.
-
Also, go to https://www.dnsleaktest.com/. If it says your location is somewhere other than you’re located, your VPN is working. If not, you could have a local VPN server. Larger VPN services have servers in most large cities. Go on to the test and do the extended test.
If it locates any servers (https://www…), find out if they’re owned by your VPN operator (Mullvad). You may be able to Google it, otherwise email Mulvad and ask. List the servers for them, tell them they were discovered during an extended DNS leak test, and ask whether they’re part of the VPN service. If so, you’re fine.
If not, you have a DNS leak and the owners of those servers can see all your information. Mullvad will know how to advise.
Please sign in to leave a comment.
Comments
7 comments