...
The VPN will need to be manually started each time you wish to access the private network and only computers that have connected to the VPN in this manner can access the private network, however multiple computers can access the network at the same time if they each have the VPN configured.
Table of Contents
...
macOS
Install Tunnelblick, a free OpenVPN application for Mac OSXmacOS.
Download the Rapid Access Cloud VPN configuration files. VPN access is configured per region:
Calgary (https://vpn-yyc.cloud.cybera.ca/vpn-yyc-tblk.zip)
Edmonton (https://vpn-yeg.cloud.cybera.ca/vpn-yeg-tblk.zip)
Unzip the file locally and double-click the unzipped file vpn-yyc.tblk. This will automatically run Tunnelblick and add the VPN configuration.
In the top right corner of your screen, you will see the Tunnelblick icon. Click on it and choose "Connect vpn-yyc".
When prompted, enter your RAC username and password. To check whether
See the section Verifying Connectivity to confirm the VPN connection is working, open a terminal and attempt to ping a private IP address associated with an instance. For example, “ping 10.0.0.73”.
Note |
---|
If you see the following message, you can safely ignore it:
The reason for this message is because the Rapid Access Cloud VPN is not routing all of your traffic through the VPN. Only traffic destined for the Rapid Access Cloud's IP space. |
Windows
Download and Install the community version of OpenVPN from openvpn.net.
Download the Rapid Access Cloud VPN configuration files. VPN access is configured per region:
Calgary (https://vpn-yyc.cloud.cybera.ca/vpn-yyc-win.zip)
Edmonton (https://vpn-yeg.cloud.cybera.ca/vpn-yeg-win.zip)
Unzip then copy the contents to c all of the files (ca.crt, client.crt, client.key, and client.ovpn) to
C:\Program Files\OpenVPN\config
.On the Windows Desktop, right-click on the OpenVPN GUI shortcut, select Properties and then the Compatibility tab. Check the box to "Run this program as an administrator".
Double-click on the OpenVPN GUI shortcut and an OpenVPN icon should now appear on your taskbar.
Right-click on the OpenVPN taskbar icon and choose "connect".
When prompted, enter your Rapid Access Cloud username and password. To check whether
See the section Verifying Connectivity to confirm the VPN connection is working, open a terminal and attempt to ping your private IP address. For example, “ping 10.0.0.73”.
Ubuntu Linux
Install and configure the openvpn package for your distribution: . For example, on Ubuntu 16.04, run the following commands:
Code Block $ sudo apt-get update $ sudo apt-get install openvpn unzip
Download the Rapid Access Cloud VPN configuration files. VPN access is configured per region:
Unzip the file and move the contents to /etc/openvpn/. For example:
Code Block wget https://vpn-yyc.cloud.cybera.ca/vpn-yyc-ovpn.zip unzip vpn-yyc-ovpn.zip sudo mv ca.crt client.conf client.crt client.key /etc/openvpn/
Start the OpenVPN client service:
Code Block sudo systemctl start openvpn@client Enter Auth Username: Enter Auth Password:
Enter your Rapid Access Cloud username/email address and password to authenticate.
To check whether See the section Verifying Connectivity to confirm the VPN connection is working, open a terminal and attempt to ping your private IP address. For example, “ping 10.0.0.73”.
Note Make sure that the security group for the instance has rules to allow ingress ICMP.
To disconnect from the VPN:
sudo systemctl stop openvpn@clientCode Block .
To disconnect from the VPN:
Code Block sudo systemctl stop openvpn@client
Verifying Connectivity
To verify you have successfully connected to the VPN, please do the following
Ping the VPN Gateway
Pinging the VPN Gateway will confirm you have successfully connected and can communicate with the VPN server. Open a command-prompt and run the following:
Code Block |
---|
ping 10.254.0.1 |
Ping Your Instance
Each of your instances has a private IPv4 address:
- For the Calgary region, these IP address look like
10.1.x.y
. - For Edmonton, these IP addresses look like
10.2.x.y
.
Open a command-prompt and run the following:
Code Block |
---|
ping 10.1.x.y |
where x.y
is the rest of your instance's IP address. For example:
Code Block |
---|
ping 10.1.11.44 |
Note |
---|
For the ping to work, make sure your instance's Security Group allows ICMP traffic |
Security Groups and the VPN Service
You may need to alter your security groups to allow traffic from the VPN server to reach your instance. You will see Calgary VPN traffic reaching your instance locally from 10.1.8.18, while Edmonton VPN traffic will reach your instance from 10.2.1.9
Example rules:
Allow all ICMP/ping traffic from the local private network
Calgary: Allow ALL ICMP from 10.1.0.0/20
Edmonton: Allow ALL ICMP from 10.2.0.0/20
Allow port 22 (SSH) from only the VPN exit point:
Calgary: Allow TCP Port 22 from 10.1.8.18/32
Edmonton: Allow TCP Port 22 from 10.2.1.9/32