GITBOOK-192: change request with no subject merged in GitBook

SUMMARY.md

@@ -76,4 +76,5 @@
 
 ## Tutorials
 
-* [Step by step setting up a VPN server](tutorials/step-by-step-setting-up-a-vpn-server.md)
+* [Step by step setting up a VPN server](tutorials/step-by-step-setting-up-a-vpn-server/README.md)
+  * [Adding additional VPN locations](tutorials/step-by-step-setting-up-a-vpn-server/adding-additional-vpn-locations.md)

tutorials/step-by-step-setting-up-a-vpn-server.md → tutorials/step-by-step-setting-up-a-vpn-server/README.md

@@ -64,53 +64,53 @@ You can log into the UI using the default admin user:
 
 When you log in to your instance with user admin and the password that was generated for you, you should see that the VPN gateway is connected:
 
-<figure><img src="../.gitbook/assets/SCR-20240118-ralh.png" alt=""><figcaption><p>defguard live status of WireGuard VPN gateway</p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/SCR-20240118-ralh.png" alt=""><figcaption><p>defguard live status of WireGuard VPN gateway</p></figcaption></figure>
 
 ### Connecting to your VPN using defguard desktop client
 
 Download the latest client from: [https://github.com/DefGuard/client/releases](https://github.com/DefGuard/client/releases) and install it - which is (during writing this article) version 0.1.1.
 
 No go to **defguard** Web UI (in this example: _https://my-server.defguard.net_) and go to _My Profile_ and click on _Add Device:_
 
-<figure><img src="../.gitbook/assets/SCR-20240118-rzqf.png" alt=""><figcaption><p>Adding a new device/desktop client in defguard user profile</p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/SCR-20240118-rzqf.png" alt=""><figcaption><p>Adding a new device/desktop client in defguard user profile</p></figcaption></figure>
 
 Then choose _Defguard Client Remote Desktop Activation_ - which will easly configure your Desktop client:
 
-<figure><img src="../.gitbook/assets/SCR-20240118-sajv.png" alt=""><figcaption><p>Defguard supports both it's desktop client and configuring any Wireguard Client</p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/SCR-20240118-sajv.png" alt=""><figcaption><p>Defguard supports both it's desktop client and configuring any Wireguard Client</p></figcaption></figure>
 
 Defguard will show what **URL** (which is - as you see - your enrollment service URL) and **token** to paste to your desktop client:
 
-<figure><img src="../.gitbook/assets/SCR-20240118-sfkc.png" alt=""><figcaption><p>Just by simply providing URL &#x26; token your client will be automatically configured</p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/SCR-20240118-sfkc.png" alt=""><figcaption><p>Just by simply providing URL &#x26; token your client will be automatically configured</p></figcaption></figure>
 
 You can easily copy those with buttons provided in defguard, and paste to your desktop client.
 
 In desktop client click on \_**+ Add instance** \_ and provide the URL and token:
 
-<figure><img src="../.gitbook/assets/SCR-20240118-sfnm.png" alt=""><figcaption><p>Configuring the client with a new instance</p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/SCR-20240118-sfnm.png" alt=""><figcaption><p>Configuring the client with a new instance</p></figcaption></figure>
 
 After that, the client will ask you to name your device (however you like), after that click finish:
 
-<figure><img src="../.gitbook/assets/SCR-20240118-sfsj.png" alt=""><figcaption><p>Naming your device</p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/SCR-20240118-sfsj.png" alt=""><figcaption><p>Naming your device</p></figcaption></figure>
 
 The client will instantly show your defguard instance and the VPN (we named _Example):_
 
-<figure><img src="../.gitbook/assets/SCR-20240118-sfuz.png" alt=""><figcaption><p>Client after succesfully adding a new instance</p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/SCR-20240118-sfuz.png" alt=""><figcaption><p>Client after succesfully adding a new instance</p></figcaption></figure>
 
 Also, in defguard you should see in your profle, that the client is configured and visible (for now - no details of IPs, etc - will automaticaly show details when you connect with your client):
 
-<figure><img src="../.gitbook/assets/SCR-20240118-sfyi.png" alt=""><figcaption><p>Defguard showing the newly configured client in user profile</p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/SCR-20240118-sfyi.png" alt=""><figcaption><p>Defguard showing the newly configured client in user profile</p></figcaption></figure>
 
 Now let's click _**Connect**_ and see if the VPN works, the best way to do so, is to open a terminal app and **ping** the VPN server address. Also to see nice statistics, choose in the client menu from _Grid view_ (which is nice if you have multiple VPNs) the option _Detailed view:_
 
-<figure><img src="../.gitbook/assets/SCR-20240118-sjkg.png" alt=""><figcaption><p>Nice statistics in defguard client</p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/SCR-20240118-sjkg.png" alt=""><figcaption><p>Nice statistics in defguard client</p></figcaption></figure>
 
 Now let's test if the VPN network is accessible. To do so, let's ping the VPN gateway internal IP: _10.22.33.1_
 
-<figure><img src="../.gitbook/assets/SCR-20240118-siml.png" alt=""><figcaption><p>VPN gateway responding to ping after connecting to VPN</p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/SCR-20240118-siml.png" alt=""><figcaption><p>VPN gateway responding to ping after connecting to VPN</p></figcaption></figure>
 
 As an administrator, you will probably be happy to see this - defguard VPN dashboard:
 
-<figure><img src="../.gitbook/assets/SCR-20240118-sthz.png" alt=""><figcaption><p>defguard VPN dashboard</p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/SCR-20240118-sthz.png" alt=""><figcaption><p>defguard VPN dashboard</p></figcaption></figure>
 
 {% hint style="info" %}
 This completes your VPN setup - both server and client.
@@ -231,13 +231,13 @@ To                         Action      From
 
 Defguard is the only (known to us) WireGuard client, that enables to choose during connetion if you would like to **route all your traffic through the VPN.** Just (before connecting) choose the option: **Allow all traffic** and click connect!
 
-<figure><img src="../.gitbook/assets/SCR-20240118-smil.png" alt=""><figcaption><p>Choosing to forward all traffic through VPN</p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/SCR-20240118-smil.png" alt=""><figcaption><p>Choosing to forward all traffic through VPN</p></figcaption></figure>
 
 This is very usefull, since some of the times you just want to be connected to your VPN to have the server/vpn networks accessible, and sometimes (like in the scenarious mentioned before) you want to hide and encrypt your traffic.
 
 In order to check if everything works, let's visit a website [https://ifconfig.co](https://ifconfig.co) - that will show our public IP. If everything went smootly, you should see **your VPN server public IP** (which in our example is: _185.33.37.51_):
 
-<figure><img src="../.gitbook/assets/SCR-20240118-smsu.png" alt=""><figcaption><p>Success! Defguard is AWESOME!</p></figcaption></figure>
+<figure><img src="../../.gitbook/assets/SCR-20240118-smsu.png" alt=""><figcaption><p>Success! Defguard is AWESOME!</p></figcaption></figure>
 
 ## Final thoughts
 

tutorials/step-by-step-setting-up-a-vpn-server/adding-additional-vpn-locations.md

@@ -0,0 +1,65 @@
+---
+description: >-
+  If you have used our one-line install setup (for example described in this
+  tutorial)
+---
+
+# Adding additional VPN locations
+
+If you have used our one-line install setup (for example [described in this tutorial](./)) one VPN location (one gateway instance) is done automatically.
+
+There is often a need to launch additional locations (e.g. to separate groups of users or clients), to do this you need to add another location (and launch another gateway controlling this location).
+
+Here is a step-by-step way to do so:
+
+### Adding a new Location
+
+In defguard interface in VPN Location please click: **Edit location settings** (button in the top right corner):
+
+<figure><img src="../../.gitbook/assets/Screenshot 2024-08-15 at 21.40.38.png" alt=""><figcaption></figcaption></figure>
+
+Then _**Add new location**_ and configure the new VPN location.
+
+{% hint style="warning" %}
+Rember that the:
+
+* VPN IP address needs to be different then in the first location
+* Gateway address should be the same (same public IP)
+* Gateway port **must be different**
+{% endhint %}
+
+After configuring the location, please:
+
+* copy the gateway token
+* and note that the gateway is disconnected
+
+<figure><img src="../../.gitbook/assets/Screenshot 2024-08-15 at 21.28.25.png" alt=""><figcaption></figcaption></figure>
+
+### Adding new gateway in docker
+
+Now go to the server and open the docker-compose.yml file, and scroll to the gateway section, it should look like this:
+
+<figure><img src="../../.gitbook/assets/docker-gw1.png" alt=""><figcaption></figcaption></figure>
+
+Now copy the **whole gateway section and:**
+
+* **name it in a uniqe way,** eg. _gateway-customer2_&#x20;
+* in the enviroment variable `DEFGUARD_TOKEN`: add the token you have copied from the new location, like so:
+
+<figure><img src="../../.gitbook/assets/Screenshot 2024-08-15 at 21.52.19.png" alt=""><figcaption></figcaption></figure>
+
+Now you need to launch the new gateway, just by the following command:
+
+```
+docker compose up -d gateway-customer2
+```
+
+<figure><img src="../../.gitbook/assets/Screenshot 2024-08-15 at 21.54.02.png" alt=""><figcaption></figcaption></figure>
+
+Now if you go back to the location settings you will see **instantly that the new gateway has connected for that location:**
+
+
+
+<figure><img src="../../.gitbook/assets/Screenshot 2024-08-15 at 21.29.37.png" alt=""><figcaption></figcaption></figure>
+
+And that's it, you have a new VPN location ready.