Is it possible to run both the WireGuard client and Pulse Secure at the same time? I’ll try to explain what I want to do.
I have 3 locations: A, B, and C.
Normally I connect from B->A using Pulse Secure. This works fine.
I can also connect from C->B using WireGuard. This also works fine.
My problem is that I can only connect to A from B. If I am in location C I can’t connect to A. So what I want to do is connect from C->B using WireGuard, then from B->A using Pulse Secure so that A thinks I am in location B when really I am in location C.
My question is,
- Can I run both on the same computer? E.g. start WireGuard and connect to B, then start Pulse Secure and connect to A (and appear to A that I am in Location B). I am using Windows 10 if that matters.
- If the above doesn’t work because of conflicts using both clients on the same computer, would it work with intermediaries? E.g. Router C connects to B using WireGuard. Client C connects to Router C and then uses Pulse Secure to connect to A.
I’m not familiar with Pulse Secure personally other than it does appear to have an option for OpenVPN so I can try to at least answer these conceptually:
- Is B a linux machine? Some fancy iptables rules that are beyond me for the virtual interface of wireguard and the virtual interface of Pulse Secure (OpenVPN) might work server side. As far as iptables is concerned it’s just a matter of the interfaces, so you could probably research a ton of OpenVPN to OpenVPN server iptables rules. VPN services offering “double vpn” are essentially doing that to make the networking happens. As for running Pulse and wireguard on the same client I have no idea I’ve never tried it.
- I have manual (not scripted or “one-click”) installs of a wireguard and an obfuscated openvpn server set up on my VPS (linode, same thing as DigitalOcean basically) and resized down to image size for quick deployment. I can do any combination of both. Since my phone android has an unlimited data plan, I have pdanet installed (mostly to bypass hotspot throttling) via a USB tether. So I connect to the first VPN on the phone, doesn’t matter which I start with, confirm it’s working with ipleak.net, start the pdanet tether, and connect the second VPN on my windows PC. When I go to ipleak on the PC shows the IP of my second server, not the first server it has to route through (I have wifi disabled and no ethernet attached to be sure. Just the USB tether is supplying connection to the PC). Double VPN. And I didn’t have to do fancy iptables this way. I don’t have to do anything on the servers specifically to get them to work with each other for the tunnels. What I mean by that is as long as I can connect to them individually with the working tunnel services they both will simply work as a double VPN this way since they both have internet access. As far as they are concerned they are two entirely separate servers.
So to explain 2 in a way that applies to you:
pdanet is Phone As Modem fundamentally speaking. It’s a modem. OpenVPN Modem or Router at C acting as an opvpn client would be the intermediate device routed to the first VPN server B (Pulse OpenVPN), thus allowing a client behind it to the 2nd server A. However there is of course all kinds of google tracking on android and you might not have unlimted data plan so you might not want to do this through an android. Up to you. There are routers with built in OpenVPN functionality of course, you’d want to find out if it’s compatible with Pulse’s OpenVPN configuration (search youtube, someone’s probably already done it) AND it has to be able act as an OpenVPN client (some/most of the software for these routers can functionally only act as a opvpn server. Make sure it can act as a client!). Then just use Wireguard on the actual windows client device at C and it’ll reach A through server B 
B is a raspberry pi running wireguard.
So the plan is thus:
Windows 10 computer located in area C is physically connected to an OpenWrt router. The OpenWrt router uses Wireguard to connect to a raspberry pi running in location B.
Windows 10 computer then uses Pulse secure to connect to location A via the above.
I just don’t know if that will actually work?
Maybe if I rephrase the situation and what I am trying to do it will help:
Location A is only accessible via VPN (pulse secure). I have no control over this. Additionally, Location A only accepts access from 1 location (IP address), location B. I can connect from location B just fine, and it works.
What I want to do, is to physically be in Location C, and then connect to Location A. This isn’t normally possible because A will refuse a connection from Location C.
So what I need is a way to make it appear to Location A that I am in Location B, while I am actually in Location C.
What is the best way to do this? I was hoping I could VPN from C->B, then B->A but I am not sure if that is possible in the way I am trying to do it.
EDIT: I think this might be what I’m looking for: https://www.ckn.io/blog/2017/12/28/wireguard-vpn-chained-setup/
Though, that uses WireGuard for both, whereas I need to use wireguard+pulse secure.
