Laptop VPN for Public Networks and System Administration

Overview

NordLayer is our supported VPN (Virtual Private Network) platform for GitLab Team Members.

The use of NordLayer is optional, however it is recommended when working on guest networks or public Wi-Fi. In other words, you should connect to the VPN to secure your laptop’s traffic anytime that you’re not at home. That could be at a co-working location, an airport, a coffee shop or on a guest network at a customers office.

Some members may use a different VPN solution for these scenarios and we would recommend that they migrate to NordLayer when it’s convenient.

Background Context

When we first approached the idea of a simple VPN for those times that our employees work away from home (coffee shops, trains, planes, etc.), we found a lot of options out there. While many VPN options exist, some are much more than we need, and some far less.

When it comes to our decision on NordLayer, we had a number of things to look at:

  • Is it secure?
  • Is it easy to administer?
  • Does it support multiple operating systems?
  • Are admin actions logged?

We tested many options and while a number fit a few of these, NordLayer fit the most with security being our most important criteria.

NordLayer for System Administration

NordLayer is also used for system administration purposes, providing secure access to internal systems and resources. Here are some key points about using NordLayer for system administration:

  1. Access Control: NordLayer allows for granular access control, ensuring that only system administrators can access specific resources.

  2. Multi-Factor Authentication: For enhanced security, NordLayer is implemented with Okta Device Trust Authentication policies.

  3. Secure Remote Access: System administrators can securely access internal systems from any location, enabling efficient remote work and incident response.

  4. Network Segmentation: NordLayer supports network segmentation, allowing administrators to isolate sensitive systems and limit potential security risks.

  5. Encrypted Communication: All traffic between the administrator’s device and internal systems is encrypted, protecting sensitive data in transit.

  6. Centralized Management: The NordLayer admin panel provides a centralized interface for managing user access, monitoring connections, and configuring security policies.

When using NordLayer for system administration, always follow GitLab’s security best practices and ensure that you have the appropriate permissions before accessing any systems or data.

Dedicated IP’s are listed below for reference by Security teams or incident response.

Location IP
GitLab - Los Angeles 146.70.49.165
GitLab - New York 146.70.186.59
GitLab - Atlanta 205.234.251.167
GitLab - Belgium 146.70.55.7
GitLab - Hungary 217.138.192.12
GitLab - Japan 146.70.138.86
GitLab - Australia 88.216.59.30

System Owner and Support

  • DRI: @adamhuss
  • #security-corpsec Slack channel
Laptop VPN Setup Guide

Access Request

Please open an Access Request and add /label ~"corpsec-metric::ar".

NordLayer Installation

After your access request is provisioned, you will receive an email from nordlayer@nordlayer.com with a link to download the application.

  • MacOS:

    1. Enter gitlab as the organization.
    2. Authenticate with Okta.
    3. When prompted, select to Allow an upcoming prompt.

  • Linux:

    1. Follow https://help.nordlayer.com/docs/installing-on-linux to download the application and add your user to the user group.
    2. Log out and log back in.
    3. In your terminal, run nordlayer login.
    4. Enter gitlab as the organization.
    5. Open the URL you get in your browser and authenticate with Okta.

  • Android:

Laptop VPN Troubleshooting Guide

Overview

FAQs

Linux VPN Protocol

In case you are experiencing any issues with your NordLayer connection, the first course of action would be to change the VPN protocol. You can do so by running the following command nordlayer settings set and selecting VPN protocol.

Windows 10 Sufficient Privileges

Verify that you have sufficient privileges to start system services

If you are getting an error ‘Verify that you have sufficient privileges to start system services’ on Windows 10 while installing the NordLayer application - please make sure that you are using an up-to date Windows 10 version.

Last modified October 4, 2024: Fix GitLab capitalization (7104f09a)
View page source - Edit this page - please contribute. Creative Commons License