...
The VPN will need to be manually started each time you wish to access the private network and only computers that have connected to the VPN in this manner can access the private network, however multiple computers can access the network at the same time if they each have the VPN configured.
Table of Contents
...
macOS
Install Tunnelblick, a free OpenVPN application for Mac OSXmacOS.
Download the Rapid Access Cloud VPN configuration files. VPN access is configured per region:
Calgary (https://vpn-yyc.cloud.cybera.ca/vpn-yyc-tblk.zip)
Edmonton (https://vpn-yeg.cloud.cybera.ca/vpn-yeg-tblk.zip)
Unzip the file locally and double-click the unzipped file vpn-yyc.tblk. This will automatically run Tunnelblick and add the VPN configuration.
In the top right corner of your screen, you will see the Tunnelblick icon. Click on it and choose "Connect vpn-yyc".
When prompted, enter your RAC username and password. To check whether
See the section Verifying Connectivity to confirm the VPN connection is working, open a terminal and attempt to ping a private IP address associated with an instance. For example, “ping 10.0.0.73”.
Note |
---|
If you see the following message, you can safely ignore it:
The reason for this message is because the Rapid Access Cloud VPN is not routing all of your traffic through the VPN. Only traffic destined for the Rapid Access Cloud's IP space. |
Windows
Download and Install the community version of OpenVPN from openvpn.net.
Download the Rapid Access Cloud VPN configuration files. VPN access is configured per region:
Calgary (https://vpn-yyc.cloud.cybera.ca/vpn-yyc-win.zip)
Edmonton (https://vpn-yeg.cloud.cybera.ca/vpn-yeg-win.zip)
Unzip then copy the contents to c all of the files (ca.crt, client.crt, client.key, and client.ovpn) to
C:\Program Files\OpenVPN\config
.On the Windows Desktop, right-click on the OpenVPN GUI shortcut, select Properties and then the Compatibility tab. Check the box to "Run this program as an administrator".
Double-click on the OpenVPN GUI shortcut and an OpenVPN icon should now appear on your taskbar.
Right-click on the OpenVPN taskbar icon and choose "connect".
When prompted, enter your Rapid Access Cloud username and password. To check whether
See the section Verifying Connectivity to confirm the VPN connection is working, open a terminal and attempt to ping your private IP address. For example, “ping 10.0.0.73”.
Ubuntu Linux
Install and configure the openvpn package for your distribution: . For example, on Ubuntu 16.04, run the following commands:
Code Block $ sudo apt-get update sudo apt-get install openvpn openvpn unzip
Download the Rapid Access Cloud VPN configuration files. VPN access is configured per region:
Unzip the file and note the path where it is located. move the contents to /etc/openvpn would be a good location to store it.
You can either interactively enter your Rapid Access Cloud account credentials each time or store the credentials in a text file.
To interactively enter Rapid Access Cloud account credentials each time/. For example:
Code Block sudo openvpn --config /path/to/config.ovpn <enter RAC email> <enter RAC password> # Put process in background <ctrl-z> # suspend process bg # resume suspended process and sends to background disown -h # process is not killed when terminal is shutdown
To store your credentials in a text file so you don't have to enter it each time. Replace rac-username and rac-password with the username/email and password for your Rapid Access Cloud account.
Code Block sudo su touch /etc/openvpn/rac-credentials printf '%s\n' 'rac-username' 'rac-password' > /etc/openvpn/rac-credentials sed -i 's/auth-user-pass/auth-user-pass \/etc\/openvpn\/rac-credentials/g' /path/to/config.ovpn # To start vpn in background nohup openvpn --config /path/to/config.ovpn & # process output will be logged in nohup.out
To check whether the VPN is working, open a terminal and attempt to ping your private IP address. For example, “ping 10.0.0.73”.
Note Make sure that the security group for the instance has rules to allow ingress ICMP.
wget https://vpn-yyc.cloud.cybera.ca/vpn-yyc-ovpn.zip unzip vpn-yyc-ovpn.zip sudo mv ca.crt client.conf client.crt client.key /etc/openvpn/
Start the OpenVPN client service:
Code Block sudo systemctl start openvpn@client Enter Auth Username: Enter Auth Password:
Enter your Rapid Access Cloud username/email address and password to authenticate.
See the section Verifying Connectivity to confirm the VPN connection is working.
To disconnect from the VPN:
Code Block sudo systemctl stop openvpn@client
To disconnect from the VPN:
Verifying Connectivity
To verify you have successfully connected to the VPN, please do the following
Ping the VPN Gateway
Pinging the VPN Gateway will confirm you have successfully connected and can communicate with the VPN server. Open a command-prompt and run the following:
Code Block |
---|
ping 10.254.0.1 |
Ping Your Instance
Each of your instances has a private IPv4 address:
- For the Calgary region, these IP address look like
10.1.x.y
. - For Edmonton, these IP addresses look like
10.2.x.y
.
Open a command-prompt and run the following:
Code Block |
---|
ping 10.1.x.y |
where x.y
is the rest of your instance's IP address. For example:
Code Block |
---|
ping 10.1.11.44 |
Note |
---|
For the ping to work, make sure your instance's Security Group allows ICMP traffic |
Security Groups and the VPN Service
You may need to alter your security groups to allow traffic from the VPN server to reach your instance. You will see Calgary VPN traffic reaching your instance locally from 10.1.8.18, while Edmonton VPN traffic will reach your instance from 10.2.1.9
Example rules:
Allow all ICMP/ping traffic from the local private network
Calgary: Allow ALL ICMP from 10.1.0.0/20
Edmonton: Allow ALL ICMP from 10.2.0.0/20
Allow port 22 (SSH) from only the VPN exit point:
Calgary: Allow TCP Port 22 from 10.1.8.18/32
Edmonton: Allow TCP Port 22 from 10.2.1.9/32