Everyware Cloud provides the ability to establish a VPN connection to a remote devices on-demand. Once the VPN connection is established, the device can be remotely accessed from a PC using an OpenVPN client, even if the device is in a Network Address Translation (NAT) enabled network. Remote access to the device over the VPN is subject to the usual firewall rules that are set on the device.
The Everyware Cloud VPN provides account isolation, whereby a device will only be able to communicate with devices and VPN clients that belong either to the same account or to its child-accounts.
From the Everyware Cloud Console, open Devices section and select the device you want to open a remote VPN connection to. Then open the Configuration tab and select the VpnClient service as shown below. Configure the VpnClient properties with the username and the password of a user in the account with vpn:connect permission and save the changes.
Then, which the target device selected, open the VPN tab in the Devices section to view and manage the device connection status. To connect the ESF device’s VPN client, click the Connect button in the bottom portion of the Everyware Cloud Console. After the client successfully connects to the VPN server, its virtual IP address appears in the VPN tab as shown below.
Before a device may establish a VPN connection with EC, the following prerequisite is required:
- The device requires network access to the cloud. If the device is behind a firewall or proxy that limits outgoing connections, ensure that the VPN service URL may be reached on destination port. Often the port is 1194 but it can vary depending on the specific deployment, contact your system administrator for more information regarding the endpoints to be used.
The VPN section of the Everyware Cloud Console displays the active VPN connections under the currently selected account.
From the VPN section in Everyware Cloud Console, you can download the OpenVPN Profiles to establish a VPN connection from the administrator personal computer to the Everyware Cloud VPN server.
To remotely access a device over a VPN tunnel, download and install the OpenVPN client that is appropriate for your platform. Next, download the platform-compliant client configuration file by clicking on the OVPN Profile button on the VPN Connections toolbar.
When connecting the OpenVPN client to the Everyware Cloud VPN server, login with the username and password of a user in your account with vpn:connect permissions, using the format EC username[@childaccount][/device ID].
These parameters are defined as follows:
EC username - identifies a user with vpn:connect permissions as previously described (e.g., myAccount_vpn). (Required field.)
child account - specifies a user’s child account (e.g., mySubaccount). If this parameter is defined, the parent account will be able to connect to a VPN client that belongs to one of its child accounts. If this parameter is not defined, the parent account will only be able to connect to the VPN clients that belong to its account.
device ID - identifies the connecting VPN client. If this parameter is defined, the device ID appear in the Active VPN Connections portion of the Everyware Cloud Console.
Once the OpenVPN client is connected to the Everyware Cloud VPN server, the PC client appears as an active VPN connection in the Everyware Cloud Console.
At this point, the device may be accessed from the PC using SSH over the VPN connection. To verify the connection, note the IP address of the target device from the Everyware Cloud VPN client tab and connect to this IP address using SSH. An established SSH connection indicates that the VPN connection is working.
In the same way, for an ESF powered device, the ESF Gateway Administration Console may be accessed over the VPN from a browser.