# Provision the VPN DuploCloud integrates with OpenVPN by provisioning VPN users that you add to the DuploCloud Portal. This integration allows users to securely access your cloud infrastructure. Below are the steps for setting up OpenVPN and managing VPN users. ## Accepting OpenVPN in the Azure Marketplace 1. Navigate to [Azure Marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/openvpn.openvpnas?tab=Overview) and accept OpenVPN. 2. Follow the instructions in the [Quick Start Guide](https://openvpn.net/vpn-server-resources/microsoft-azure-byol-appliance-quick-start-guide/) provided in the Marketplace to set up OpenVPN. ## Provisioning the VPN 1. In the DuploCloud Portal, navigate to **Administrator** -> **System Settings**. 2. Click on the **VPN** tab.
3. Click **Provision VPN.** {% hint style="info" %} **Note:** In Azure environments, VPN provisioning may require manual setup by the DuploCloud team. If VPN access does not become available shortly after provisioning, please contact DuploCloud Support for assistance. {% endhint %} ## **Provisioning the VPN and Creating a User** 1. In the DuploCloud Portal, navigate to **Administrator** -> **Users**. 2. Click **Add**. The **Create User** pane displays.

The Create User pane

3. Enter a valid email address in the **Username** field. 4. In the **Roles** field, select the appropriate role(s) for the User. 5. Select **Provision VPN**. 6. Click **Submit**. The user will be provisioned with VPN access and can connect using the OpenVPN credentials. ### Deleting VPN Access for a User To remove VPN access for a user, refer to the section [Deleting a VPN user](/docs/automation-platform/access-control/user-access-and-permissions/add-and-delete-vpn-access-for-users.md#deleting-a-vpn-user) (Administrator privileges are required). ## Opening a VPN Port By default, users connected to a VPN can SSH or RDP into virtual machines and access an application's internal Load Balancers and endpoints. However, to connect to other Services, such as databases, you must configure the appropriate security rules to allow traffic from the VPN. 1. In the DuploCloud Portal, navigate to **Administrator** -> **Infrastructure**. 2. Select the Infrastructure that hosts your Tenant from the **NAME** column. 3. Click the **Security Group Rules** tab. 4. Click **Add**. The **Add Infrastructure Security** pane displays. 5. Fill in the fields:
NameA descriptive name for the rule (e.g., VPN Access to DB).
SubnetSelect the DuploCloud-managed subnet (e.g., custom-default).
DirectionInbound
Source TypeIP Address
Source ValueEnter the CIDR block for your VPN (e.g., 10.10.0.0/24).
Source Port Range* (or specify if you're limiting source ports)
Destination TypeIP Address (leave blank to allow traffic to all destinations in the subnet, or specify a target if needed)
Destination ValueLeave blank or enter an internal IP range
Destination Port RangeEnter the port or port range required (e.g., 5432 for PostgreSQL, or 6379 for Redis)
PriorityEnter a priority number (typically between 100 and 4096). Lower numbers = higher priority.
ProtocolTCP, UDP, or Both, depending on the service
ActionAllow
6. Click **Add** to save the security rule and allow VPN traffic to the specified internal service. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.duplocloud.com/docs/automation-platform/overview-2/prerequisites/vpn-setup.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.