Connect your Mac to Cloud VPN Server

In this tutorial, you’ll learn how you can connect your Macbook via WireGuard to a Cloud VPN server running in the Telnyx network.

Pre-requisites

Before following these steps, you'll need to create a Telnyx Account, grab your API key and create a Network. Head to our Networking Quickstart Guide to get started!

You'll also need WireGuard installed on your Mac. Head to wireguard.com/install for installation options.



Step 1: Add a WireGuard tunnel

Open the WireGuard application on your Mac and click on the “+” to “Add empty tunnel”. Enter an appropriate name.

The WireGuard application will generate the public and private keys required to set up an encrypted connection. You'll need the public key for later steps in this tutorial. Save this configuration for now - you'll open it again when you have created a Cloud VPN Interface.


Step 2: Create a Cloud VPN Interface

Create a Cloud VPN Interface associated with the Network you created in the Networking Quickstart Guide. This network interface is configured on the Telnyx network and acts as a tunnel interface.

Create a Cloud VPN Interface with the Telnyx API

curl -X POST \
  --header "Content-Type: application/json" \
  --header "Accept: application/json" \
  --header "Authorization: Bearer YOUR_API_KEY" \
  --data '{
  "network_id": "7c3c05f4-7d53-4edb-9224-371c6d659cd4", 
  "region_code": "ashburn-va", 
  "name": "WG_net01_VA_interface01"
  }' \
  https://api.telnyx.com/v2/wireguard_interface

Example Response

{
    "data": {
        "status": "provisioning",
        "network_id": "7c3c05f4-7d53-4edb-9224-371c6d659cd4",
        "id": "9122b687-30aa-47a6-8f64-2b8681476ec2",
        "updated_at": "2022-06-13T09:50:54.117345Z",
        "created_at": "2022-06-13T09:50:53.627044Z",
        "region_code": "ashburn-va",
        "public_key": "4sHgXncx9tgswHmQvxq8B8O8iJ1AuJjLNmT9Qfs/VV0=",
        "name": "WG_net01_VA_interface01",
        "region": {
            "code": "ashburn-va",
            "name": "Ashburn",
            "record_type": "region"
        },
        "record_type": "wireguard_interface",
        "endpoint": "64.16.243.3:5034",
        "server_ip_address": "172.27.1.17/29"
    }
}

Notes:

  • Don’t forget to update YOUR_API_KEY in each of these commands.
  • The 'server_ip_address' is the private ip of the Cloud VPN interface and will be used later to test the connectivity between the added peer and the interface

Step 3: Create a Cloud VPN Peer

Create a Cloud VPN peer associated with the Cloud VPN Interface. This adds a peer to the server configuration created on the Cloud VPN server on the Telnyx network. Input your public key generated on the Mac application in step 1 as an input parameter.

Create a Cloud VPN Peer with the Telnyx API

curl -X POST \
  --header "Content-Type: application/json" \
  --header "Accept: application/json" \
  --header "Authorization: Bearer YOUR_API_KEY" \
  --data '{
  "wireguard_interface_id": "9122b687-30aa-47a6-8f64-2b8681476ec2", 
  "name": "macbook", 
  "public_key": "5anBuJHY1ritZ6FHc2b5exQqXyLiVnPx9mrhZRqMtUw="
  }' \
  https://api.telnyx.com/v2/wireguard_peers

Example Response

{
    "data": {
        "updated_at": "2022-06-13T09:56:23.601577Z",
        "id": "e4916505-a638-4b1d-b076-3142e7f1516a",
        "wireguard_interface_id": "9122b687-30aa-47a6-8f64-2b8681476ec2",
        "created_at": "2022-06-13T09:56:23.601577Z",
        "public_key": "5anBuJHY1ritZ6FHc2b5exQqXyLiVnPx9mrhZRqMtUw=",
        "name": "macbook",
        "last_seen": null,
        "record_type": "wireguard_peer"
    }
}

Note:

  • Steps 2 and 3 can also be completed in the portal - simply head to Networking in the side navigation menu.

Step 4: Retrieve your configuration for the Cloud VPN Peer

Retrieve your configuration for the Cloud VPN Peer. This endpoint, when used with the id returned in the response in step 3, generates the configuration you will need for your peer.

Retrieve Configuration for a Cloud VPN Peer with the Telnyx API

curl -X GET \
  --header "Content-Type: application/json" \
  --header "Accept: application/json" \
  --header "Authorization: Bearer YOUR_API_KEY" \
  https://api.telnyx.com/v2/e4916505-a638-4b1d-b076-3142e7f1516a/Config

Example Response

{
  [Interface]
  PrivateKey = <! INSERT PEER PRIVATE KEY HERE !>
  Address = 172.27.1.18/32

  [Peer]
  PublicKey = 4sHgXncx9tgswHmQvxq8B8O8iJ1AuJjLNmT9Qfs/VV0=
  AllowedIPs = 172.27.1.16/29
  Endpoint = 64.16.243.3:5034
  PersistentKeepalive = 25
}

Step 5: Update Cloud VPN Peer configuration

Return to the WireGuard application on your Mac and complete the configuration you started in step 1. Click on the configuration and click “Edit”. The first 2 lines of the configuration are already present containing the private key. Paste the contents of the configuration that you retrieved in step 4 and remove these duplicate lines. Click “Save”.


Step 6: Activate the WireGuard Tunnel

In the WireGuard application, click on the “Activate” button.


Step 7: Test Connection

Test that a connection was established between your peer and the Telnyx network.

View Logs

In the WireGuard application, click on the menu and click on “View Log”. You should see, “Tunnel status is now 'connected'.”

Test Connection

Open a Terminal on your macbook and use the ping command to test the reachability of the connection to the Cloud VPN server on the Telnyx network.

% ping <server_ip_address>

Notes:

  • The 'server_ip_address' is the private ip of the Cloud VPN interface and can be found in the response of the Cloud VPN Interface create endpoint in step 2.
  • The cloud vpn interface private IP address can also be found from the "AllowedIPs" property returned in the config in step 4. The Cloud VPN interface private ip is this ip address+1

Example Response

[email protected] % ping 172.27.1.17
PING 172.27.1.17 (172.27.1.17): 56 data bytes
64 bytes from 172.27.1.17: icmp_seq=0 ttl=53 time=184.512 ms
64 bytes from 172.27.1.17: icmp_seq=1 ttl=53 time=183.202 ms
64 bytes from 172.27.1.17: icmp_seq=2 ttl=53 time=183.365 ms
64 bytes from 172.27.1.17: icmp_seq=3 ttl=53 time=183.040 ms
64 bytes from 172.27.1.17: icmp_seq=4 ttl=53 time=183.310 ms
64 bytes from 172.27.1.17: icmp_seq=5 ttl=53 time=183.980 ms
64 bytes from 172.27.1.17: icmp_seq=6 ttl=53 time=183.457 ms
64 bytes from 172.27.1.17: icmp_seq=7 ttl=53 time=183.097 ms
^C
--- 172.27.1.17 ping statistics ---
8 packets transmitted, 8 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 183.040/183.495/184.512/0.471 ms


Next Steps

Congratulations! You have successfully connected your Mac to a Cloud VPN server running in the Telnyx network.

By repeating the steps in this tutorial for multiple peers, you'll be able to link apps, devices and services together across the Telnyx backbone for low latency, secure communications across the globe.

Follow our other tutorials to learn how to connect a Digital Ocean Ubuntu Server to a Cloud VPN Server.

Was this page helpful?