If your administrator has allowed you, you will be able to create devices from the main TunnelHound dashboard. You’ll need some information to get started:
- Endpoint Name – The name of the endpoint you wish to connect to. Ask your administrator for what this should be.
To add a new device, open the TunnelHound dashboard. It will look something like this.
Click on the Add Device button (which is highlighted in red above). This will open up the Add Device Modal, shown below.
In the Name field, type in what you’d like to name this device. Choose a descriptive name such as ‘Work Phone’ or ‘Home Laptop’. The name does not need to be unique.
In the Endpoint field type in the name of the endpoint given to you by your administrator, and then select the endpoint from the dropdown.
If you need to set advanced options, such as a custom key or IP address, click the Advanced Options collapse button and see the advanced options section.
Once you’ve set up your options as desired, click the + Add Device button. You’ll now see instructions to connect your device to the network (unless you’ve chosen not to generate encryption keys).
Download the credentials file and then click on your operating system. Follow the instructions provided by the appliance.
At this point, you should be connected to the VPN and should be able to connect to private hosts behind the appliance. Ask your administrator for more details on the hosts available to you.
That’s it! You should be all set up to connect to your VPN. For more information on TunnelHound, check out our user guide.
If something is not working, see our section on troubleshooting.
Some users may need further customization when creating a device, such as setting an explicit IP or customizing the WireGuard® credentials. If so, click the Advanced Options collapse button in the Add Device Modal. You’ll see the following pane.
There are two sections here. The first, labeled IP Address, lets you choose how the IP address for this device will be set. All TunnelHound devices have a static IP address. Most often, you want to keep the default option, which makes the appliance choose an IP address for you. You can view the IP address assigned after you save the device.
Some users may want to set a custom static IP address. This address must not be used by any other device and must be within the subnet of the endpoint chosen. To set a custom IP, choose the Use explicit IP option, and type the IP desired into the text box. You can only set a custom IP if your administrator has granted you this privilege.
The second section, labeled Encryption Keys, lets you set the WireGuard® keys used for this device. By default, TunnelHound will generate a new key pair in your browser and transmit only the public key to the server. You will then be given the option to download the credentials when you save the device. Your private key will only be available to you this one time. This is the best, most secure option, and perfect for most use cases.
Some users may want to defer the creation of credentials. To do so, select the Let user generate a key when logged in. No key will be generated for the device. Instead, an IP will be reserved for your device, but no one will be able to connect to it, until you create credentials for the device.
Finally, some users want to provide an explicit private key. To do so, select the Use custom private key function and paste in a text-based WireGuard® private key. You can generate such keys using the
wg genkey command line tool. When you do this, only the public part of the key will be transmitted to the server, and the generated WireGuard® configurations will contain this private key. This option is safe, but it leaves open the possibility that the private key ends up on your clipboard or another unsafe location. There is usually never a need to use this as WireGuard® credentials are easily updated, and it’s best to rotate credentials often.