VPN Connection

Orka firewall overview. How to connect to your Orka cluster via VPN. VPN client options.

🚧

Quick navigation

On this page, jump to: OpenConnect | Cisco AnyConnect

📘

You need:

  • The server address from Step 1: VPN in the IP Plan.
  • The username and password from Step 1: VPN in the IP Plan.

To protect your environment, MacStadium deploys your Orka cluster with a dedicated Cisco Adaptive Security Virtual Appliance (ASAv) firewall. Cisco ASAv runs the same software as physical Cisco ASAs and delivers full ASA firewall and VPN capabilities to the cloud.

👍

TIP: Looking for more information about your firewall?

See MacStadium Docs: Firewall Overview and MacStadium Docs: Logging into Cisco Firewall.

Your Orka cluster sits behind its dedicated Cisco ASAv firewall. You need to be connected to the cluster via VPN to do any of the following tasks:

  • Manage your Orka VMs and K8s pods.
  • Log in to the firewall and manage connectivity between your cluster and the outside world (for example, enterprise networks, other private and public clouds).

MacStadium has pre-configured the firewall and has enabled VPN access. All you need to do is run a VPN client and provide the server address and credentials for the connection.

(Open-source option) OpenConnect

📘

Why OpenConnect?

If you are a pre-dominantly CLI user, you might want to use OpenConnect - an open-source VPN client available from the command line.

Download and install OpenConnect

  • If you have Homebrew on your system, you can run brew install openconnect from your command line.
  • If you're running on Windows, you can download and build the OpenConnect package yourself or you can use Cisco AnyConnect instead.

Configure OpenConnect to access Orka via custom domain

To be able to reach your custom Orka domain API endpoint, you need to add a DNS server to your network configuration.

📘

What's the DNS address?

The DNS server address is the .251 address for the Private-1 network from your IP Plan. For example: 10.10.10.251 or 10.221.188.251.

macOS

  1. Go to System Preferences > Network.
  2. From the list of network connections, select your current Internet connection, locate and click the Advanced... button at the right bottom corner of the dialog.
  3. Go to the DNS tab.
  4. At the bottom of the DNS Servers list, click +.
  5. Type the Orka DNS address and press Enter.
  6. If not already at the top, drag and drop the Orka DNS server to the top. It must be the first item in the list.
  7. Click OK, click Apply, and exit System Preferences.

Linux

  1. Use a text editor to open /etc/resolv.conf.
  2. Locate the nameserver section and add the Orka DNS address:
nameserver <ORKA-DNS-ADDRESS>
  1. Make sure that this is the first nameserver entry in the list.

Windows

  1. Go to Control Panel > Network and Internet.
  2. Under Network and Sharing Center, select View network and status.
  3. In the Network and Sharing Center, in the sidebar, select Change adapter settings.
  4. In the Network Connections window, right-click your current Internet connection and select Properties.
  5. Go to the Networking tab, scroll down and click Internet Protocol Version 4 (TCP/IPv4).
  6. With Internet Protocol Version 4 (TCP/IPv4) highlighted, click Properties.
  7. Go to the General tab and select Use the following DNS server addresses.
  8. Add the Orka DNS server as the Preferred DNS server. You can add any other name server as the Alternate DNS server (for example, 8.8.8.8).
  9. Click OK .
  10. Click Close.

Use OpenConnect

  1. From your command line, run the following command. Replace <SERVER ADDRESS> with the server address from Step 1: VPN in the IP Plan.
sudo openconnect <SERVER ADDRESS> --protocol=anyconnect
// OR if running on Windows
openconnect <SERVER ADDRESS> --protocol=anyconnect
  1. Follow the prompts.
    • On the immediate Password prompt, provide your sudo password (the password for your current computer user) and press Enter.
    • On the Enter 'yes' to accept, 'no' to abort; anything else to view: prompt, type yes and press Enter.
    • On the Username prompt, provide the username from Step 1: VPN in the IP Plan and press Enter.
    • On the Password prompt, provide the password from Step 1: VPN in the IP Plan and press Enter.

When the connection is established, you will see a similar output:

👍

TIP: Want to terminate the VPN connection?

At any time press Ctrl+C on the command line.

Cisco AnyConnect Secure Mobility Client

📘

Why Cisco AnyConnect?

Cisco firewalls are designed to work with the Cisco AnyConnect Secure Mobility Client as a VPN client. If you prefer a GUI VPN client or you're running on Windows, you might want to use Cisco AnyConnect.

Download and install Cisco AnyConnect

  1. In your browser, navigate to the server address from Step 1: VPN of your IP Plan. You might need to use https://.
  2. Ignore the certificate warning and proceed to the address.
  3. When prompted, enter the credentials from Step 1: VPN in the IP Plan.
  1. When prompted, download, install, and run the Cisco AnyConnect desktop client.

Configure AnyConnect to access Orka via custom domain

On Windows, to be able to reach your custom Orka domain with AnyConnect, you need to add a DNS server to your network configuration.

On macOS and Linux, you don't need to make any changes.

📘

What's the DNS address?

The DNS server address is the .251 address for the Private-1 network from your IP Plan. For example: 10.10.10.251 or 10.221.188.251.

Windows

With Cisco AnyConnect already connected to your cluster:

  1. Go to Control Panel > Network and Internet.
  2. Under Network and Sharing Center, select View network and status.
  3. In the Network and Sharing Center, in the sidebar, select Change adapter settings.
  4. In the Network Connections window, right-click Cisco AnyConnect Secure Mobility Client Connection and select Properties.
  5. Go to the Networking tab, scroll down and click Internet Protocol Version 4 (TCP/IPv4).
  6. With Internet Protocol Version 4 (TCP/IPv4) highlighted, click Properties.
  7. Go to the General tab and select Use the following DNS server addresses.
  8. Add the Orka DNS server as the Preferred DNS server. You can add any other name server as the Alternate DNS server (for example, 8.8.8.8).
  9. Click OK.
  10. Click Close.

You need to this every time you re-connect to your Orka cluster with Cisco AnyConnect.

Use Cisco AnyConnect

  1. Run Cisco AnyConnect Secure Mobility Client.
  2. When prompted, enter the server address from Step 1: VPN of your IP Plan and click Connect.
  1. If prompted that an untrusted server was blocked, perform the following steps:
    1. Click Change Setting... and deselect Block connections to untrusted servers.
    2. Close the Preferences - VPN window.
    3. Click Connect again.
  1. If prompted that the server certificate is untrusted, click Connect Anyway.
  2. When prompted, provide your login credentials and click OK.

What's next

Updated 5 months ago


VPN Connection


Orka firewall overview. How to connect to your Orka cluster via VPN. VPN client options.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.


© 2019-2020 Copyright MacStadium, Inc. – Documentation built with readme.io. Orka is a registered trademark of MacStadium, Inc.