Most intranet services are brokered through auth.k-space.ee — VPN is rarely needed.
VPN provides access to VLAN 23 "management", which is reserved for IPMI (iLO, IDRAC), SNMP, etc. It is meant for users hosting physical servers.
To receive a configuration file, ask and provide a reason to a Network admin.
VPNs today are MikroTik native WireGuard, issued manually.
The received config is accepted by various tooling, including in MacOS and Windows.
Basic configuration on Linux:
/etc/wireguard/k-space.conf
systemctl start wg-quick@k-space
From OpenVPN era.
Tailscale and a few other always-on VPNs conflict with the CGNAT IPv4 subnet (100.64.0.0/10
), which is currently used in K-SPACE. Turn off Tailscale, and reconnect (every time) / ask to redo the network.
The VPN is meant for remote access to the local networks. Don't route porn through the VPN.
Check Use this connection only for resources on its network
for both IPv4 and IPv6.
Check 'Use only for resources on this connection' for boht IPv4 and IPv6. Access the dialogue via the 'Routes…' button. Don't forget to apply changes.
172.16.0.0/12 subnet is used in the K-SPACE internal network.
When using VPN these subnets are pushed to your local machine. This will clash with local Docker bridge which uses a same subnet.
Edit /etc/docker/daemon.json
and change default address pool:
{
"default-address-pool":
[
{"base":"10.32.0.0/16","size":60000}
]
}