Skip to main content

Search

How to set up the WireGuard VPN Canarytoken

How to set up a WireGuard VPN Canarytoken to help monitor and detect unauthorized access attempts, providing an extra layer of security for your network and sensitive resources.

This token creates fake WireGuard VPN configurations to install on your phone or on servers that will alert when used. The value of this Canarytoken as a signal of compromise, is that the attacker —once they land on your device— will want to check what further privileged access the VPN gets them to spread their compromise further and grab more data. For more on the thinking behind this WireGuard Canarytoken see this blog post.

Step 1: Log in to your Console

Console Login.png

Step 2: Select the Canarytokens tile

tile.png

Step 3: Select WireGuard VPN Canarytoken

Select the WireGuard VPN Canarytoken from the list.

CleanShot 2024-07-23 at 09.31.24@2x.png

Step 4: Set a Reminder

Note

Over time, you will deploy thousands of tokens all over the place. Make sure that your Reminder is as descriptive as possible, and will remind you in the future of where the token was dropped. It may create confusion if a token generated an alert that reads “test" - and not remembering where you placed it.

Give a friendly name to remind you where this WireGuard VPN is configured and click on Create token.

CleanShot 2024-07-23 at 09.31.34@2x.png

Step 5: Deploy WireGuard VPN Canarytoken

The Canarytoken will then give you two options to deploy the WireGuard VPN Canarytoken.

CleanShot 2024-07-23 at 09.31.53@2x.png

Deploy using the QR code

1 . On your phone, open the WireGuard app and click Add a tunnel and then click Create from QR code.

CleanShot 2024-07-23 at 09.32.11@2x.png

2. Scan the QR code under the WireGuard VPN Canarytoken.

CleanShot 2024-07-23 at 09.32.35@2x.png

3. Give the tunnel a name and click Save.

Note

we named our tunnel Head Office VPN.

CleanShot 2024-07-23 at 09.32.59@2x.png

4. Your WireGuard VPN Canarytoken is now active and waiting for someone to trip on it!

CleanShot 2024-07-23 at 09.33.11@2x.png

How does this Canarytoken alert?     

When the connection is activated, you'll be alerted!

CleanShot 2024-07-23 at 09.33.31@2x.png

Sample Alert

CleanShot 2024-07-23 at 09.33.40@2x.png

Deploy using the config file

Alternatively, if the device you want to add the Canarytoken to doesn't support scanning of QR codes, you can simply download the Canarytoken configuration as a file, and import it into WireGuard:

  1. Download the WireGuard VPN Config File.

CleanShot 2024-07-23 at 09.42.52@2x.png

2. On the device you want to install the Token on, open the WireGuard application and click Import tunnel(s) from file.

CleanShot 2024-07-23 at 09.43.18@2x.png

3. Select the Token file, and click Allow when prompted.

CleanShot 2024-07-23 at 09.43.33@2x.png

4. Your WireGuard VPN Canarytoken is now active and waiting for someone to trip on it!

CleanShot 2024-07-23 at 09.43.43@2x.png

How does this Canarytoken alert?

When the connection is activated, you'll be alerted!

CleanShot 2024-07-23 at 09.43.55@2x.png

Sample Alert

CleanShot 2024-07-23 at 09.44.04@2x.png

Was this article helpful?
6 out of 6 found this helpful
Return to top