GuidesDiscussions
GuidesAPI ReferenceJoin the Mailing List

VPN Connection

Orka firewall overview. How to connect to your Orka cluster via VPN. VPN client options.

🚧

Quick navigation

On this page, jump to: OpenConnect | Cisco AnyConnect

For Orka Small Teams, see here.

πŸ“˜

You need:

  • The server address from Step 1: VPN in the IP Plan. For Orka Small Teams, see here.
  • The username and password from Step 1: VPN in the IP Plan. For Orka Small Teams, see here.

To protect your environment, MacStadium deploys your Orka cluster with a dedicated Cisco Adaptive Security Virtual Appliance (ASAv) firewall. Cisco ASAv runs the same software as physical Cisco ASAs and delivers full ASA firewall and VPN capabilities to the cloud.

πŸ‘

TIP: Looking for more information about your firewall?

See MacStadium Docs: Firewall Overview and MacStadium Docs: Logging into Cisco Firewall.

Your Orka cluster sits behind its dedicated Cisco ASAv firewall. You need to be connected to the cluster via VPN to do any of the following tasks:

  • Manage your Orka VMs and K8s pods.
  • Log in to the firewall and manage connectivity between your cluster and the outside world (for example, enterprise networks, other private and public clouds).

MacStadium has pre-configured the firewall and has enabled VPN access. All you need to do is run a VPN client and provide the server address and credentials for the connection.

(Open-source option) OpenConnect

πŸ“˜

Why OpenConnect?

If you are a pre-dominantly CLI user, you might want to use OpenConnect - an open-source VPN client available from the command line.

Download and install OpenConnect

  • If you have Homebrew on your system, you can run brew install openconnect from your command line.
  • If you're running on Windows, you can download and build the OpenConnect package yourself or you can use Cisco AnyConnect instead.

Use OpenConnect

  1. From your command line, run the following command. Replace <SERVER ADDRESS> with the server address from Step 1: VPN in the IP Plan. For Orka Small Teams, see here.
sudo openconnect <SERVER ADDRESS> --protocol=anyconnect
// OR if running on Windows
openconnect <SERVER ADDRESS> --protocol=anyconnect
  1. Follow the prompts.
    • On the immediate Password prompt, provide your sudo password (the password for your current computer user) and press Enter.
    • On the Enter 'yes' to accept, 'no' to abort; anything else to view: prompt, type yes and press Enter.
    • On the Username prompt, provide the username from Step 1: VPN in the IP Plan and press Enter. For Orka Small Teams, see here.
    • On the Password prompt, provide the password from Step 1: VPN in the IP Plan and press Enter. For Orka Small Teams, see here.

When the connection is established, you will see a similar output:

πŸ‘

TIP: Want to terminate the VPN connection?

At any time press Ctrl+C on the command line.

Cisco AnyConnect Secure Mobility Client

πŸ“˜

Why Cisco AnyConnect?

Cisco firewalls are designed to work with the Cisco AnyConnect Secure Mobility Client as a VPN client. If you prefer a GUI VPN client or you're running on Windows, you might want to use Cisco AnyConnect.

Download and install Cisco AnyConnect

  1. In your browser, navigate to the server address from Step 1: VPN of your IP Plan. You might need to use https://. For Orka Small Teams, see here.
  2. Ignore the certificate warning and proceed to the address.
  3. When prompted, enter the credentials from Step 1: VPN in the IP Plan. For Orka Small Teams, see here.

  1. When prompted, download, install, and run the Cisco AnyConnect desktop client.

Use Cisco AnyConnect

  1. Run Cisco AnyConnect Secure Mobility Client.
  2. When prompted, enter the server address from Step 1: VPN of your IP Plan and click Connect. For Orka Small Teams, see here.

  1. If prompted that an untrusted server was blocked, perform the following steps:
    1. Click Change Setting... and deselect Block connections to untrusted servers.
    2. Close the Preferences - VPN window.
    3. Click Connect again.

  1. If prompted that the server certificate is untrusted, click Connect Anyway.
  2. When prompted, provide your login credentials and click OK.

What's next


Β© 2019-2023 Copyright MacStadium, Inc. – Documentation built with readme.com. Orka is a registered trademark of MacStadium, Inc.