Published June 21, 2023, 8:20 a.m. by Liam Bradley
VPNs have been around a long while. However, for the most part, VPNs are difficult to manage, configure, and do not perform very well. However, I want to introduce you guys to a solution that takes a modern approach to implementing remote connectivity. It allows you to manage everything from the cloud, requires no firewall rules to be created, is built upon Wireguard, you can install it in Kubernetes and you can manage it with Terraform.
Subscribe to the channel: https://www.youtube.com/channel/UCrxcWtpd1IGHG9RbD_9380A?sub_confirmation=1
_____________________________________________________
Introducing Twingate as a modern VPN solution - 0:54
Describing the Twingate network connectivity and global network - 1:23
Zero-trust networking and introducing the concept - 2:07
A brief overview of the free tier and the pricing model - 3:12
Getting started creating a Twingate account - 4:30
Clicking the deploy connector and choosing the platform - 6:48
Describing the process to generate the access token - 7:25
Describing the vSphere virtual machines used for self-hosting Twingate - 8:40
SSHing into the Ubuntu Server virtual machines - 9:05
Pasting the command into the Twingate portal - 9:49
Refreshing the status of the connector and it is connected - 10:11
Overview of the dual Twingate connector architecture - 10:31
Looking at the network screen and the orange indicator - 10:47
After repeating the process with the second connector - 11:17
Adding resources and looking at the options availabe - 11:33
Talking about DNS resources and referencing resources by name - 11:53
Protocol restrictions and talking about the functionality for restricting certain traffic - 12:25
Assigning specific users to resources in the Twingate environment - 13:13
Looking at policies and authentication requirements - 15:05
Looking at connecting the Twingate Windows app and connecting to your network - 16:04
Looking at the Twingate Terraform provider - 16:46
https://www.virtualizationhowto.com/2022/06/twingate-download-and-configuration-review-of-zero-trust-vpn/
You may also like to read about:
I need a lot of coffee to tell you guys
about a solution that excites me this
much if you could have a modern VPN
solution that is cloud-based requires no
special firewall rules to be configured
uses a modern connector based approach
built upon the wire guard protocol you
can install the connectors inside of a
kubernetes cluster you can manage the
solution using terraform and by the way
the solution is free for you to use in
your home lab environment could this
potentially be the best VPN solution in
2022 for home lab environments stick
around let's Dive Right In let's see
what solution we're talking about
[Music]
the solution is called twin gate and
this is not a sponsored video by
twingate it's simply a solution that
I've been using in my home lab
environment and I want to introduce you
guys to it as well it's not just for
home labs this is a tried and true
Enterprise solution the great thing
about twin gate is that it offers a very
modern approach to both the management
as well as the implementation and
configuration of your VPN connections
across your environment as opposed to
traditional VPN Technologies twingate
helps to eliminate the normal choke
points of traditional VPN Technologies
such as a VPN concentrator that exists
in an on-premises network instead with
twingate you get the benefit of the
global Network that twingate has built
out so you're not backhauling traffic
all the way across inefficient routes
instead clients are connected via the
efficient Wingate Global Network so that
they have the best experience possible
twin gate is all also built upon the
wire guard technology so that you're
getting a fast efficient modern VPN
protocol and technology and again all of
this is exposed via efficient easy Cloud
management you also have the ability to
implement what's known as zero trust
networking what is zero trust networking
zero trust means that we do not give any
user access to resources that they
absolutely do not need so think about
micro segmentation as a lead-in
technology to your thoughts on zero
trust networking with micro segmentation
we only give resources access to other
resources that they absolutely need to
communicate with twingate and xero Trust
Network Technology allows you to
implement that same methodology with VPN
connections so clients no longer get
carte blanche access to an entire subnet
or entire sets of servers you can in a
very granular way Grant access to those
resources that users actually need what
I would like to do is Step you guys
through completely setting up a brand
new account with twingate showing you
exactly how easy it is to get up and
running with a couple of connectors that
you have running in your remote networks
and show you the true power of the zero
trust Network model that you can
Implement with twingate I want to give
you guys a brief overview of the pricing
model with twingate and why we are
saying you can use this for free
twingate is an Enterprise solution that
does have paid solution models however I
want to highlight this free tier or
starter model that they have and it's
has many great features for the free
version so no you can use it up to five
users with up to one device per person
and up to two remote networks and you
get many of the features that you get
with the paid solution so if you notice
you can deploy this on your Nas your
Raspberry Pi Cloud VMS even kubernetes
which I will show that in just a moment
you get remote access to Media servers
home automation native clients on
Android Linux Mac and windows so they've
really geared this free version to home
lab power users such as you and I
twingate is really the only vendor in
this space that is offering a free
version of zero trust network access
many of the other vendors while they may
Implement similar solutions they don't
really have this free tier that you can
take advantage of in a long-term way so
kudos to twingate for creating this free
tier model that really caters to the
home lab admin let's get started
configuring the twin gate solution I'm
going to click the try for free button
in the top right hand corner and
twingate allows you to create your
account with an existing Google
Microsoft GitHub LinkedIn or just simply
log into an account you've created
before so I'm going to sign up with
Google and we're going to enter our work
email now you can use a personal email
address if you've got a Gmail address
it's just simply a purse personal
address you can use that finish signing
up Wingate next ask a series of
questions see how you're going to use
twin gate so I'm going to click through
this are you going to be able to deploy
twingate on your own we're going to say
yes on the name Network field you're
going to want to name your network what
you actually are going to want that
address called in Twin gate so when we
think Network we're often thinking of IP
addresses or IP aliases here the network
name is the name of that Network that
you want it to be referenced in twingate
as so that's going to be the URL that
you're going to type into your twingate
VPN client as simple as that in a
three-step wizard process our network is
being built and here we go we have our
Network configured so the first thing
that we want to do is to add a remote
Network now in the context of twingate
the remote network is our on-premises
Network it could be an Azure Network it
can be be an AWS network but for the
purposes of Home lab we're going to
Simply add a remote Network and install
connectors so let's do that let's click
on the add a remote Network and we're
going to choose on premise on premise on
premises on-premise here and we're going
to call this home lab remote Network and
as you can see we have added our remote
Network in this case we've called home
lab now one thing you will note as soon
as you add your remote Network you're
going to see the red indicator that
tells us that we do not have
connectivity as of yet to that remote
Network that we have provisioned inside
of twingate and the reason for that is
we have not as of yet added our
connectors to establish that wire guard
connectivity between the cloud and our
on-premises home lab Network this is as
simple as deploying the connector so if
I click on the deploy connector we're
going to be presented with a screen that
allows us to choose the platform that we
want to use to actually deploy the
connector and this is one of the areas
where I think twingate is exceptionally
awesome here they give you all kinds of
options to deploy the connector which is
extremely lightweight as you can see you
can run this in a Docker container you
can use Helm to deploy this in a
kubernetes cluster of course Azure Linux
for a full-blown Linux virtual machine
which is the one we're going to
demonstrate today AWS ECS Ami instance
manually deploy the connector you can
also use terraform and other
infrastructure as code Solutions such as
palumi the process is very simple we're
going to generate an access token we're
going to use that access token in the
command that twingate is going to
generate automatically for us to paste
into our Ubuntu Linux virtual machines
and connect our on-premises connectors
with the twingate cloud let's now
generate the token that is going to be
needed to connect our connectors with
our twin gate Cloud environment so I'm
going to click the Linux option which
means we are going to be self-hosting
our twin gate connectors on Linux
virtual machines so I've clicked Linux
and I'm going to click the generate
tokens button for security purposes
twingate will ask us to re-authenticate
to the twingate account now we have our
tokens created as you can see we've got
the ability to copy the token we can
also down at the bottom if you scroll to
the bottom of the page notice step four
is install and launch connector service
what twingate has already done for us is
it has used the token that we've
generated using the generate tokens
button and it's automatically integrated
that with the command that we need to
run on our Linux virtual machines you
may wonder what I have spun up to
self-host the twin gate connectors I
have a lab VMware vsphere environment
that I have simply spun up to Ubuntu
2204 virtual machine as you can see I've
got T gate test01 and T GATE test O2 and
again nothing fancy they are simple
clean Ubuntu Server 2204 virtual
machines what I have gone ahead and done
is I have connected via SSH connection
to both virtual machines so as you can
see I've got SSH open to T gate Testo
one t gate testo2 what we're going to
now do is copy the custom command that
twingate has generated for us with our
access token and we're going to install
the first connector using the command
that was generated so now we are back at
the page where we can copy the command
we're going to click the copy command
button and we're going to go to our
first Linux virtual machine what we will
do is we will generate another token for
the second connector so each of the
tokens are generated per connector in
the first connector virtual machine I'm
simply going to paste the command that
I've copied from the twingate portal and
we're going to run that command
the installation will pull down our twin
gate connector insulation and it will
pass in the access token for our twin
gate environment in this way our
connector is tied to our specific twin
gate environment after running the
command on the Linux virtual machine and
waiting just a few seconds after
refreshing the page we can see that this
particular connector is now showing a
green indicator meaning that it is
successfully connected what we need to
do now is go back and repeat the process
for the second Twin gate connector
twingate recommends two connectors that
service the VPN Tunnels for your end
users and this is a good idea because if
you have anything happen to one or the
other connector users are automatically
failed over to the secondary connectors
if we go back to the network screen of
this particular Network that we are
configuring and the connectors that are
associated with it we can now see that
we've got one of the connectors
Associated so that's awesome now the
indicator for this network has went from
red to orange meaning that we are
partially there we have connectivity we
have one connector however it will not
go green until we have the second
connectors stood up and functional so
we're going to repeat that process with
a second connector we have repeated that
process with the second connector and
now you can see we've got a green
indicator on this particular twin gate
Network so now all we have to do is
provision the resources in this network
serviced by those connectors that we
just stood up that we want our end users
to have connectivity to let's now click
on the add resource button to see what
options we have available we have the
add resource dialog box that pops up we
have two options here we can provision
DNS resources or we can provision
Network level Resources with the cider
format most organizations or for your
home lab you will want to provision DNS
resources most likely since this will
will allow you to be able to reference
Resources by name and have those
actually resolve you can also though
simply add Network cider ranges if you
just simply want IP level connectivity
either way you can assign a label and if
you're adding a DNS level address you
can add the DNS address or you can click
cider add a label and The Cider level
address it's interesting too twingate
has recently added the functionality of
protocol restriction you can easily
select whether you want to allow or
restrict such traffic as TCP traffic UDP
traffic or icmp traffic and this is an
easy way to restrict pings for instance
if you don't want end users to be able
to Ping various resources but you want
to allow access to other services that
may exist on an endpoint well I'm going
to allow a subnet I'm going to click the
cider button I'm going to say homelab
servers and I'm going to add The Cider
address here again we can allow or we
can restrict TCP UDP your icmp traffic
and we can simply add resource once
we're finished after you've added the
resource you can also restrict that
resource based on the user that is
logging into the VPN so now we're
starting to get into the realm of being
able to enforce zero trust network
access we can assign various users to
different resources within the
environment that we have created in Twin
gate you can give access to network
resources based on the role that a user
actually has now we've added our first
resource so we have home lab servers
available as a network cider range I
want to point out a few of the other
really powerful features that you get
with twingate the following features
that we're going to cover are not
included in the Free Solution however I
wanted you guys to be aware of the
really powerful capabilities of twingate
when you start getting into the realm of
an Enterprise team assigning policies
and defining access and Trust profiles
based on certain types of devices if you
go up you can actually see which devices
have requested access to your network
you can also set trust profile so for
instance I can restrict access to a
particular Network resource or
application within the twingate network
based on certain requirements that I
have of that end user device and as you
know they already have many of these
built in that are pre-configured that
are readily available to use for example
I can go through on the minimum OS
requirements and I can configure which
are required for access to the twingate
network on the Windows requirements I
can set the minimum Windows requirements
to require hard disk encryption a screen
lock firewall to be enabled or antivirus
to be active and healthy you can set
those requirements and confirm your
changes so once again you can base and
restrict access to that twin gate
network based on the device security
health checks that you set forth and
twingate again refers to those as
trusted profiles on the policy screen we
can actually set the requirements that
add those requirements we set in the
profiles as well as authentication
requirement we can enforce whether users
are required to log in so many days or
after a time period and you can also
very importantly enforce two-step
verification which for remote access
systems should be mandatory under the
team menu and configuration of the
groups we can actually tie a policy with
the group so if I look at groups
underneath the team menu and I go to
groups and I click everyone for instance
we can see that the resource policy is
set to the default policy however I can
change that if I have an additional or a
custom policy created for my
organization I can then set policies
based on the user group a user is a
member of really powerful when we're
thinking about zero trust network access
the twin gate Windows app is very nice
and easy to get connected I have already
installed the twingate windows client
and as you can see all we need to enter
is our overall network name and going
back to the very beginning of this video
as you recall this is the name that we
enter that we had come up with when we
first were creating our twingate account
so you enter that here and it
automatically populates the.wingate.com
so there's no need to fill that in after
you enter your network name you simply
click the join Network Wingate will then
ask you to authenticate and after we've
authenticated twingate has now connected
to the network as I wanted to briefly
show you I mentioned terraform in the
very outset of the video I want to show
you what you can do with the terraform
provider for twingate as you notice I've
got the terraform registry page pulled
up for twin gate and you can just Google
for this and land on this page you can
configure via terraform many aspects of
the solution for instance your
connectors you can control those
connector tokens twin gate groups also
adding and configuring twingate remote
networks as well as resources not only
is this a modern solution that runs on
Modern infrastructure such as kubernetes
you can also use an infrastructure as
code approach in a declarative way to
control your VPN access for clients and
that is awesome we could never do
something like this with traditional VPN
Technologies guys after that I think I'm
going to need a coffee refill what do
you guys think about twin gate for me
the features the functionality the
capabilities are truly awesome
especially when you're thinking about
the home lab environment and accessing
your critical home lab services and
servers remotely I mentioned this
earlier but twin gate checks all the
right boxes for me for a modern VPN
solution that I can run in a kubernetes
cluster if I want to I don't have to
deal with firewall rules manage this
from the cloud and I can even use
terraform to configure it and add
resources manage it in a declarative way
but let me know what you guys think in
the comments please do like the video
subscribe to the channel keep your
coffee hot keep the VPN connected and I
will see you guys soon
[Music]
thank you
2CUTURL
Created in 2013, 2CUTURL has been on the forefront of entertainment and breaking news. Our editorial staff delivers high quality articles, video, documentary and live along with multi-platform content.
© 2CUTURL. All Rights Reserved.