SynthGrid Perimeter

Each Organization receives their own, dedicated and isolated SynthGrid.

SynthGrid Perimeter is the private gateway into your SynthGrid server. This is built on top of WireGuard.

WireGuard is a modern VPN standard now adopted by many global enterprises in place of older protocols such as IPsec and OpenVPN.

Standard Mode

flowchart LR
   U["`User Device`"] -- "`SynthGrid traffic`" --> S["`SynthGrid Mainframe`"]
   U -. "`(web, video, downloads)`" .-> I["`Public Internet`"]

Standard Mode is default for day-to-day work, tunnelling only SynthGrid data while ordinary internet traffic leaves on the local line.

Everyday browsing, video calls, and software updates go straight to the internet from the user’s device as they normally would.

Full Coverage Mode

flowchart LR
   F["`User Device`"] -- "`ALL traffic`" --> S2["`SynthGrid Mainframe`"]
   S2 --> I["`Public Internet`"]

Full Coverage Mode may be enabled upon request. This is typically issued on a case-by-case, usually for senior staff who work from hotels, airports, or client sites where the network cannot be trusted. By funnelling every packet - mail, web, video - through the WireGuard tunnel into the mainframe, the user gains a single, encrypted path that hides location and blocks local snooping. It also gives IT one audit point for traffic analysis if the trip involves sensitive negotiations or confidential data transfers.

Despite those benefits, Full Coverage is not the everyday choice because it adds complexity, latency and generally offers no benefit outside of these highly specific scenarios.

For those reasons, Standard Mode covers the vast majority of use cases, while Full Coverage is reserved for short, high-risk travel or strict compliance events where the added overhead is justified.

What Sets Perimeter Apart

Frequently Asked Questions

Will the VPN slow down my internet?

In the Standard Mode, No. Only SynthGrid data travels through the tunnel; everything else uses your regular line.

Do I need the VPN every time I use SynthGrid?

Yes. The tunnel is the front door to your company’s SynthGrid. If the tunnel is off, SynthGrid stays locked.

How can I confirm the tunnel is active?

Visit access.synthgrid.systems. This will confirm if your VPN is active and connected, and if so, will route you over to your organization’s private SynthGrid server.

We already run a corporate VPN. How does Perimeter fit?

Perimeter is optional when a corporate VPN is in place. SynthGrid can run inside your existing tunnel, or you can keep both. Administrators decide what meets policy.

Can I connect from several devices at once?

Yes. Laptop, phone, and tablet can stay online together. Each device receives its own profile for clarity and control.

Will SynthGrid Perimeter hide my personal internet traffic?

In the Standard Mode No. SynthGrid Perimeter secures only the data that flows between your device and your company’s private SynthGrid server. Everything else—web browsing, streaming, social media—continues to use your normal connection, exactly as before.

 Your organisation keeps full visibility of its own SynthGrid data while avoiding any responsibility for your personal traffic.

If you need a tool that hides or re-routes all of your internet activity, you would use a consumer privacy service (for example NordVPN or SurfShark), or using the Full Coverage mode via special request to MindFront.

Can I use Perimeter to protect ALL of my traffic?

Yes. MindFront can configure your Perimeter gateway for a full-tunnel profile on request. Ask your administrator to issue a WireGuard file (or QR code) that routes 0.0.0.0/0. After you import it and tap Connect, every packet—SynthGrid and non-SynthGrid—runs through the same encrypted link. Expect a small increase in latency, similar to any commercial VPN.

Is it safe to use SynthGrid on public Wi-Fi?

Yes. Once the Perimeter VPN shows “Connected,” every packet headed for SynthGrid travels inside an encrypted WireGuard tunnel; anyone on the same hotspot sees only cipher text. The standard profile protects SynthGrid traffic only—your web browsing, mail, and other apps still ride the open network unless you switch to a full-tunnel setup.

Which devices are supported?

Windows, macOS, Linux, iOS, iPadOS, and Android—via the free WireGuard app.

Will Perimeter drain my battery?

Impact is minimal. WireGuard stays idle until data flows; battery life remains near normal.

What happens if the Wi-Fi drops mid-session?

WireGuard automatically re-handshakes. Once connectivity returns, SynthGrid resumes without user action.

Can I set Perimeter to connect automatically?

Yes. Enable “On-Demand” (iOS), “Always-on VPN” (Android), or auto-start at login on desktop clients.

Does Perimeter work over mobile data?

Yes. 4G, 5G, and tethered hotspots behave the same as Wi-Fi.

Can other users access my computer through SynthGrid?

No. Packet forwarding is disabled by design, so traffic flows only between your device and the SynthGrid server - never peer-to-peer.

What if I lose a device with a profile?

Alert your server administrator. They will revoke the lost profile and issue a replacement.

Do I have to rotate keys on a schedule?

Not for normal operation. WireGuard keys already use strong, modern cryptography. Some organisations still rotate keys to satisfy formal policies - PCI-DSS, ISO 27001, SOC 2, or government frameworks - that mandate scheduled credential changes. If your compliance team insists, your administrator can issue a fresh WireGuard profile in a few minutes.

Does the VPN log everything I do online?

Only SynthGrid traffic enters the tunnel. Session records stay under your company’s data policy. Traffic itself is not logged. This data is governed by the same data policy as everything else in SynthGrid. see “Your Data in SynthGrid”.

Can I connect to my Organization’s SynthGrid when I travel abroad?

Yes. Almost anywhere.

A few places—mainland China, some corporate guest Wi-Fi chains may block or interfere with WireGuard-based VPN connections.

If difficult areas are expected, MindFront suggests asking your IT department for a fallback OpenVPN-TCP 443 profile into a bridged network to ensure your access to SynthGrid is available.

What is “DNS” and why should I care?

DNS is the internet’s address book. Perimeter answers those look-ups inside the tunnel so nothing leaks outside.

The tunnel will not connect - what next?

Please contact your system administrator. They will likely ask you for the WireGuard log and request that you confirm if a handshake is detected on your device.

Can I run Perimeter and Surfshark (or another service) at the same time?

Yes, provided the other service also uses WireGuard. Your admin can widen the allowed range so both tunnels coexist. A sample dual-VPN file is below:

[Interface]
PrivateKey = <your_private_key>
Address    = 10.16.0.6/16
DNS        = 10.250.0.1        # SynthGrid internal resolver

[Peer]
# SynthGrid - synthgrid traffic only
PublicKey   = <synthgrid_public_key>
AllowedIPs  = 10.250.0.0/24
Endpoint    = perimeter.your_org.com:51820
PersistentKeepalive = 25

[Peer]
# Surfshark – all other traffic
PublicKey   = <surfshark_public_key>
AllowedIPs  = 0.0.0.0/0
Endpoint    = us-moon.prod.surfshark.com:51820
PersistentKeepalive = 25

Plain-Language Glossary