Differences

This shows you the differences between two versions of the page.

--- groupsettings [2020/10/28 08:50]
rafi [GEO Settings]
+++ groupsettings [2020/12/13 07:26] (current)
rafi
@@ Line 91: / Line 91: @@
 ==== GEO Settings ====
-If you have a ROC enabled, it will override GEO Settings as for security, endpoints will be forced to connect to the ROC/VLAN. For users that do not require advanced security and want to use Privatise to surf from different locations, for example for research. You can put the min a group without a ROC and enable GEO Settings as seen below.
+If you have a ROC enabled, it will override GEO Settings as for security, endpoints will be forced to connect to the ROC/VLAN. For users that do not require advanced security and want to use Privatise to surf from different locations, for example for research. You can put the user or device in a group without a ROC and enable GEO Settings as seen below.
  {{:geo-settings.png?400|}}
+==== Global Trusted Networks ====
+Sometimes you might want to set up automated, global Trusted Networks for users and devices in the group. You would do this if:
+. You want to deploy Privatise primarily on remote devices. For example a laptop that an employee brings back and forth from home to the office. Trusted Networks can turn Privatise off when in the office, and on again when back at home.
+. Some employees travel to different client sites, and you want to disable Privatise on those sites because they need access to that internal DNS for whatever reason.
+To set up Global Trusted Networks, go to "Trusted Networks" under group settings. There you will see three options:
+. The SSID of the network you want to add. This is for your internal use so you remember what network you're adding.
+. The BSSID of the network you want to add. This is the most important part, as the Privatise app will check for the BSSID of the network interface on the gateway it's connected to to see whether or not it's trusted.
+. Whether WiFi or Ethernet. WiFi and Ethernet typically are on different radio devices on the router/gateway device used to connect to the Ethernet. Because of that, you must specify whether you are adding WiFi or Ethernet to Trusted Networks.
+{{::add-global-trusted-networks.png?400|}}
+Here's how to get the BSSID of the interface card on the router/gateway you want to add to Trusted Networks.
+For WiFi:
+  Type netsh wlan show interfaces in the command line (CMD).
+  Check the WiFi that you are currently connected to, and look for the physical address. That is the BSSID .
+  Enter that BSSID along with a nickname for your SSID into the Portal.
+{{::get-bssid-wifi.png?400|}}
+For Ethernet:
+  Type arp -a into the command line (CMD).
+  Check for Internet Address/NAT of your gateway (generally a router). Next to that will be the Physical Address of the gateway. That is your BSSID.
+  Enter the BSSID along with a nickname where it says SSID into the Portal. Make sure to click "Ethernet" in the dropdown.
+{{::get-bissid-ethernet.png?400|}}
+==== Custom DNS ====
+Sometimes you'll want to override the ROC-DNS with a custom DNS solution you might be using. We recommend switching to ROC-DNS, but if you're locked in a contract, here's how to override Privatise ROC-DNS with your own.
+  Go to Custom DNS under Group Settings on the right.
+  Click "Enable Custom DNS".
+  Add the IP of your custom DNS solution
+{{::customdns.png?400|}}
+==== Allow List/Reverse Split Tunnelling ====
+There are some websites that try to actively block VPN connections. In general, there are three ways you can try to bypass a VPN block:
+. Activate TCP under Settings in the app itself (currently available in Windows)
+. Active WireGuard if you have a ROC enabled
+. Add the website to an allow list (Recommended).
+To add a website to the allow list, go to "Whitelisting" in group settings, and add the website you want to unblock there. The syntax is:
+//https://WEBSITE.com And https://www.WEBSITE.com
+//
+{{::split-tunnel.png?400|}}