How to set up a VPN server?
VPN allows connecting to a remote network which is hidden behind firewall and the hosts in the remote network are not accessible directly via Internet. The connection is established over a secure, encrypted tunnel, created between a VPN client running on your desktop PC and the VPN server.
Here we have described a sample and simple scenario of creating a VPN server in CloudFerro infrastructure and setting-up a connection on the client's side, using OpenVPN
In order to define a new VPN server for your internal network open your Horizon Dashboard (https://cf2.cloudferro.com).
Note: It is important to write down names or IDs of internal network that should be accessible from VPN (most frequently it is the network with "private_" prefix).
Choose Project → Network from the dropdown menu on the left pane.
In this test case I am looking for private_network_02722.
When the names are written or copied, we can start to prepare a deployment of OpenVPN environment.
Choose App Catalog→ Browse→ Browse Local and locate the OpenVPN based Road Warrior VPN pane (usually on the second page)
Click "Quick Deploy" icon, enter application name that you want to set and click Next.
Next, you will be asked for ID or name (name would be sufficient) of network, which I have mentioned at the start of the article.
Please write down Clients CIDR address, it will be essential during further configuration!
If CIDR adress does not collide with rest of your networks, you can leave this fields unchanged.
Set up your admin password, and insert SSH key for gaining access to VPN. You can change also flavor of server instance, but eo1.small should be enough to work only as VPN.
After configuration, click on the "Deploy This Environment" button.
When you will see that "Application deployment has finished", go to Network → Routers, click on a "cf2-vpn-peering router", choose "Interfaces" tab, and write down Fixed IP of interface with "internal_port" in his name.
Get back to Network-Networks and choose network you want to be visible only via vpn. Click on their name, choose "Subnets", click on Edit Subnet→ Subnet Details. As "Host routes" enter two IP adresses you have written down divided by coma.
Now you can an attach interface with desired networks to VMs you want to be visible only using VPN.
If the machines are running currently, you have to restart network interface cards in order to apply a configuration properly.
Firstly, you have to verify the NIC name that is used in the specified network.
You can check it, using this command:
And then execute this command to turn off the interface and switch it on again: (use particular sufix e.g eth1, ens4, ens6)
sudo ifdown ens3; sudo ifup ens3
After that, proceed to enter:
ip route show
You should see "Clients CIDR address" via "Fixed IP of interface with "internal_port" in his name."
You can access administration panel. To do so, click on Compute→Instances, paste the floating IP of your VPN server onto your browser adress bar with https protocol.
You will be asked by your browser for confirmation of the security exception (for Mozilla Firefox click "Advanced" → "Add Exception..."→ "Confirm Security Exception")
Administration cockpit login screen will appear. Enter "admin" as your username, and password set during configuration of the environment. Click "LOG IN"
You will be able to change settings of your newly created VPN server.
Creating new user:
Click "Create user" buton on the top right corner. You will be asked for setting up username and password. You may also set if IP would be allocated static or dynamic.
IMPORTANT! You have to leave "Push GW" checkbox unticked. Otherwise, VPN will be set as default gateway and therefore you will be not able to access internet.
After that, go to Networks, and then click on the "+" icon, choose your profile and save your choice. (10--addtonetwork.png)
Gathering configuration file:
Click on diskette icon in order to download .ovpn user profile file necessary for estabilishing connection with VPN as a client.
Installing OpenVPN client on Windows:
Go to OpenVPN Download Site.
Download "Installer, Windows 7 and later" to your Windows PC.
Install the openvpn-install-<version>.exe file. It will install OpenVPN client, OpenVPN GUI and a TAP-windows interface. A restart may be required in order to run OpenVPN on Windows properly.
Once installed, you may import your .ovpn config file to the OpenVPN GUI and open the connection.
You should be connected to your virtual network in CloudFerro cloud environment, able to access your VMs using their private addresses.
OpenVPN client on Linux Ubuntu:
Log in to your Linux machine and follow the commands:
apt-get install openvpn
Copy your .ovpn config file to a folder of your choice and start openvpn with the config file as a parameter:
Now you should be connected to your VPN Server.