Manual Connection to eduVPN Using a Configuration File
Users who prefer to connect using the native WireGuard or OpenVPN applications have the option to generate a configuration file through the eduVPN portal. To generate it, you need to go to the manual configuration section. The generated file must then be manually imported into the respective Wireguard or OpenVPN application.
Generated configuration files have a limited validity. The default validity is 5 months, after which time the connection to eduVPN using this profile will expire. To reconnect, you must use a newly generated configuration file from the eduVPN portal.
Split Tunnel
Manual configuration allows the user to customize the configuration in such a way that they can set up a split tunnel according to their needs, even if it is not a split profile.
Split tunnel routes only certain traffic through eduVPN. This offers a great advantage for knowledgeable users who, for example, have their home or work network split into multiple subnets or need to use multiple VPNs simultaneously.
Example of changing a full tunnel profile to split tunnel (WireGuard)
In the following example, a configuration file has been generated for the student profile student-fi, which operates in full tunnel mode. In WireGuard, the VPN mode specifies an attribute called AllowedIPs. This attribute indicates the subnets that will be routed through eduVPN.
A value of 0.0.0.0/0,::/0 indicates that all data (except local network) will be routed through the WireGuard tunnel, making it the default gateway for all traffic
# Portal: https://eduvpn.muni.cz/vpn-user-portal/
# Profile: Student - FI (student-fi)
# Expires: 2024-06-14T22:23:32+00:00
[Interface]
PrivateKey = <secret>
Address = 100.65.176.2/22,2001:718:801:900:1b0::2/78
DNS = 147.251.4.33,147.251.6.10,muni.cz,fi.muni.cz
[Peer]
PublicKey = <not necessary>
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = 147.251.205.46:443Masaryk University has network resources and services usually on these networks:
- 147.251.0.0/16
- 100.64.0.0/10
- 10.0.0.0/8
- 2001:718:801::/48
Some faculties can also use different networks. E.g. the Faculty of Informatics additionally uses the range 172.16.0.0/12.
Adding the aforementioned networks to the configuration makes eduVPN a split tunnel.
# Portal: https://eduvpn.muni.cz/vpn-user-portal/
# Profile: Student - FI (student-fi)
# Expires: 2024-06-14T22:23:32+00:00
[Interface]
PrivateKey = <secret>
Address = 100.65.176.2/22,2001:718:801:900:1b0::2/78
DNS = 147.251.4.33,147.251.6.10,muni.cz,fi.muni.cz
[Peer]
PublicKey = <not necessary>
AllowedIPs = 147.251.0.0/16,100.64.0.0/10,10.0.0.0/8,2001:718:801::/48,172.16.0.0/12
Endpoint = 147.251.205.46:443