Set up and connect to the VPN for DuploCloud GCP users
Configure and implement secure VPN connections using OpenVPN. These configurations help optimize network security and ensure you can securely access your cloud resources. It includes two subsections:
VPN Setup: This page outlines the two-step process for setting up OpenVPN, including accepting the OpenVPN agreement in the GCP Marketplace and provisioning a VPN in the DuploCloud Portal.
Connect to the VPN: This section guides users through connecting to the provisioned VPN, enabling secure communication between local environments and cloud resources.
Integrate DuploCloud with OpenVPN by provisioning VPNs for users
DuploCloud integrates with OpenVPN by provisioning VPNs for users added through the DuploCloud Portal. The OpenVPN setup involves a two-step process: accepting the OpenVPN agreement in the GCP Marketplace, and Provisioning a VPN in the DuploCloud Portal.
Accept the OpenVPN Free Tier (Bring Your Own License) agreement in the GCP marketplace:
Log into your GCP account.
In the Google Cloud Console, navigate to the Marketplace.
Search for OpenVPN in the Marketplace.
Select the product (OpenVPN Free Tier) and accept the agreement.
In the DuploCloud Portal, navigate to Administrator -> System Settings.
Select the VPN tab.
Click Provision VPN. Behind the scenes, DuploCloud launches a cloud formation script to provision the OpenVPN. OpenVPN is ready to use.
You can find the OpenVPN admin password in the cloud formation stack in your GCP console.
In the DuploCloud Portal, navigate to Administrator -> Users.
Click Add. The Create User pane displays.
Enter the username in the Username field.
In the Roles field, select the appropriate role(s) for the user.
Select Provision VPN.
Click Submit.
See Deleting a VPN user. To delete VPN access, you must have administrator privileges.
By default, users connected to a VPN can SSH or RDP into virtual machines (VMs). Users can also connect to internal Load Balancers and application endpoints. However, you must open a VPN port to connect to other Services, such as databases and ElastiCach.
In the DuploCloud Portal, navigate to Administrator -> Tenants.
Select the Tenant in the NAME column.
Select the Security tab.
Click Add. The Add Tenant Security pane displays.
In the Source Type field, select Ip Address.
In the IP CIDR field, enter the VPN IP address range in CIDR notation, for example, 10.0.0.0/24 or 192.168.1.0/24.
In the Protocol list box, select the protocol you wish to allow through the VPN port.
Enter the range in the Port Range field, specify the port or range of ports that need to be opened.
Enter a brief description of the security rule being added in the Description field.
Click Add. The VPN port is open.
Connect to the DuploCloud VPN with the OpenVPN client
DuploCloud integrates with OpenVPN by automatically provisioning VPNs for users added through the DuploCloud Portal. As a DuploCloud user, you can securely access resources within the private network by connecting via the OpenVPN client.
The OpenVPN Access Server only forwards traffic intended for resources within DuploCloud-managed private networks. Traffic to external internet resources does not pass through the VPN tunnel.
Click on your user name in the upper right corner of the DuploCloud Portal, and select Profile. Your Profile page displays.
VPN credentials are displayed in the VPN Details area of the Profile page.
Click on your user name in the upper right corner of the DuploCloud Portal, and select Profile. Your Profile page displays.
Click the VPN URL link in the VPN Details section. Browsers may call the link unsafe since it is using a self-signed certificate. Proceed to it anyway.
Log in to the OpenVPN Access Server portal using the credentials from your Profile page.
Click on the OpenVPN Connect Recommended for your device link to install the OpenVPN Connect application on your local machine.
Click the link labeled Yourself (user-locked profile) to download your OpenVPN user profile.
Open the .ovpn file and click OK in the Import .ovpn profile dialog.
Click Connect. The OpenVPN user profile and client app are set up.
