# VPN Setup

DuploCloud integrates with OpenVPN by provisioning VPNs for users added through the DuploCloud Portal. The OpenVPN setup involves a two-step process: accepting the OpenVPN agreement in the GCP Marketplace, and Provisioning a VPN in the DuploCloud Portal.

## Accepting OpenVPN

Accept the OpenVPN Free Tier (Bring Your Own License) agreement in the GCP marketplace: 

1. Log into your GCP account.
2. In the Google Cloud Console, navigate to the [Marketplace](https://console.cloud.google.com/marketplace).
3. Search for **OpenVPN** in the Marketplace.
4. Select the product (OpenVPN Free Tier) and accept the agreement.

## Provisioning a VPN

1. In the DuploCloud Portal, navigate to **Administrator** -> **System Settings**.
2. Select the **VPN** tab.
3. Click **Provision VPN.** Behind the scenes, DuploCloud launches a cloud formation script to provision the OpenVPN. OpenVPN is ready to use.   

<figure><img src="https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2FuL18kv0HdJu8Az6ZyIOl%2FVPN.png?alt=media&#x26;token=b629acfa-24cf-47f1-a403-7259b7bc40ad" alt=""><figcaption><p>The <strong>VPN</strong> tab on the <strong>System Settings</strong> page in the DuploCloud Portal</p></figcaption></figure>

{% hint style="info" %}
You can find the OpenVPN admin password in the cloud formation stack in your GCP console.
{% endhint %}

## **Optional VPN Configurations**

### **Provisioning a VPN While Creating a User**

1. In the DuploCloud Portal, navigate to **Administrator** -> **Users**.
2. Click **Add**. The **Create User** pane displays.
3. Enter the username in the **Username** field.
4. In the **Roles** field, select the appropriate role(s) for the user.
5. Select **Provision VPN**.
6. Click **Submit**.

<div align="left"><figure><img src="https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2Few13iFbJJjrZ63FKlTDn%2Fcreate%20user.png?alt=media&#x26;token=e2d58b3a-3f64-4728-b000-8637c9a1ce34" alt=""><figcaption><p>The <strong>Create User</strong> pane</p></figcaption></figure></div>

### Deleting VPN Access for a User

See [Deleting a VPN user](https://docs.duplocloud.com/docs/access-control/user-access-and-permissions/add-and-delete-vpn-access-for-users#deleting-a-vpn-user). To delete VPN access, you must have administrator privileges.&#x20;

### Opening a VPN Port

By default, users connected to a VPN can SSH or RDP into virtual machines (VMs). Users can also connect to internal Load Balancers and application endpoints. However, you must open a VPN port to connect to other Services, such as databases and ElastiCach.&#x20;

1. In the DuploCloud Portal, navigate to **Administrator** -> **Tenants**.
2. Select the Tenant in the **NAME** column.
3. Select the **Security** tab.
4. Click **Add**. The **Add Tenant Security** pane displays.<br>

   <div align="left"><figure><img src="https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2FDAmVoZNoOK7dSyzoC42y%2FAdd_Tenant_Security.png?alt=media&#x26;token=695e4d27-5fa5-44bb-9390-9a8a67f91e0c" alt=""><figcaption><p>The <strong>Add Tenant Security</strong> pane</p></figcaption></figure></div>
5. In the **Source Type** field, select **Ip Address**.&#x20;
6. In the **IP CIDR** field, enter the VPN IP address range in CIDR notation, for example, `10.0.0.0/24` or `192.168.1.0/24`.
7. In the **Protocol** list box, select the protocol you wish to allow through the VPN port.
8. Enter the range in the **Port Range** field, specify the port or range of ports that need to be opened.
9. Enter a brief description of the security rule being added in the **Description** field.
10. Click **Add**. The VPN port is open.