Provision the VPN
Integrate DuploCloud with OpenVPN by provisioning VPN users
DuploCloud integrates with OpenVPN by provisioning VPN users that you add to the DuploCloud Portal. This integration allows users to securely access your cloud infrastructure. Below are the steps for setting up OpenVPN and managing VPN users.
Accepting OpenVPN in the Azure Marketplace
Navigate to Azure Marketplace and accept OpenVPN.
Follow the instructions in the Quick Start Guide provided in the Marketplace to set up OpenVPN.
Provisioning the VPN
In the DuploCloud Portal, navigate to Administrator -> System Settings.
Click on the VPN tab.
Click Provision VPN.
Provisioning the VPN and Creating a User
In the DuploCloud Portal, navigate to Administrator -> Users.
Click Add. The Create User pane displays.
The Create User pane Enter a valid email address in the Username field.
In the Roles field, select the appropriate role(s) for the User.
Select Provision VPN.
Click Submit. The user will be provisioned with VPN access and can connect using the OpenVPN credentials.
Deleting VPN Access for a User
To remove VPN access for a user, refer to the section Deleting a VPN user (Administrator privileges are required).
Opening a VPN Port
By default, users connected to a VPN can SSH or RDP into virtual machines and access an application's internal Load Balancers and endpoints. However, to connect to other Services, such as databases, you must configure the appropriate security rules to allow traffic from the VPN.
In the DuploCloud Portal, navigate to Administrator -> Infrastructure.
Select the Infrastructure that hosts your Tenant from the NAME column.
Click the Security Group Rules tab.
Click Add. The Add Infrastructure Security pane displays.
Fill in the fields:
Name
A descriptive name for the rule (e.g., VPN Access to DB
).
Subnet
Select the DuploCloud-managed subnet (e.g., custom-default
).
Direction
Inbound
Source Type
IP Address
Source Value
Enter the CIDR block for your VPN (e.g., 10.10.0.0/24
).
Source Port Range
*
(or specify if you're limiting source ports)
Destination Type
IP Address
(leave blank to allow traffic to all destinations in the subnet, or specify a target if needed)
Destination Value
Leave blank or enter an internal IP range
Destination Port Range
Enter the port or port range required (e.g., 5432
for PostgreSQL, or 6379
for Redis)
Priority
Enter a priority number (typically between 100
and 4096
). Lower numbers = higher priority.
Protocol
TCP
, UDP
, or Both
, depending on the service
Action
Allow
Click Add to save the security rule and allow VPN traffic to the specified internal service.
Last updated
Was this helpful?