Managing Environment VPN
In the portal, the environment VPN is managed through the VPN container modal.
To get there:
- Select Environments from the main, left-hand navigation.
- Select the environment from the first column.
- Scroll down the environment dashboard and click on the Manage button next to VPN.
Dependency on Load Balancer
To use the VPN the environment load balancer must be running.
VPN Dashboard
The service is automatically created in every environment, but as per Cycle's security philosophy, it is disabled by default.
To configure:
- Check to see if the load balancer service is running. If not, click on the link to the load balancer container from the list of services below container count and start it manually by holding the start button located at the top of the page.
- Select the VPN tab underneath the environment name.
- Click the Enable button.
- Choose Generate VPN Files, then Download VPN files.
- Unzip the download and add the connection to a local OpenVPN compatible client.
Renewing VPN Certificate
The certificate generated by the VPN service is good for 1,000 days. If the certificate expires the user should:
- Use the two-way console to log into the VPN container.
- Delete the following folder
/usr/share/easy-rsa/pki
. - Restart the VPN container.
- Redownload the VPN config and install the new connection.
Configuring Authentication
For simplicity, the VPN service provides the option to allow any Cycle user with permission to access the environment, permission to access the VPN as well. They will be able to log in with their Cycle username/password. Check the box that says "Allow Cycle User Access", then click "Update".
The VPN service also provides the option to use an Access Control List (ACL) to limit who can connect. Specify a username and password for the user and add them to the list. Enabling either form of user authentication requires the checkbox next to the preferred method on the VPN dashboard.