01/29/2024

Seamless Remote Access: Setting Up a VPN with CloudConnexa

Introduction

The modern industrial landscape is increasingly relying on remote access solutions to enhance productivity and security. This is where setting up a VPN environment becomes crucial. It does not only ensure secure remote connections to manufacturing machinery but also allows precise control over who can access each machine. By following this guide, you will learn how to effectively implement a CloudConnexa VPN, optimizing both operational efficiency and security.

Overview

The diagram illustrates what will be set up in the next steps, a user access structure within a VPN environment that employs CloudConnexa's services. It breaks down into three main components:

  1. User Group Structure: In the diagram with the example of the "OEM" User Group, the company's internal structure where different users (like User01, User02) have various devices (Device01, Device02, etc.) assigned to them.

  2. User Groups: This segment shows the different user groups that have been created. There are groups for the OEM and separate groups for different customers (like customer01, customer02, etc.).

  3. Machines: This is a list of machines that are specific to each customer. For instance, customer01 has at least two machines listed under their name.

The lines connecting these components indicate the relationships and access privileges. For example, the OEM group has access to all machines, as shown by the line connecting the OEM user group to all the customer machines. This represents a hierarchical access control where the OEM can oversee and manage all devices, while customers are granted access only to their respective machines.

Prerequisites

Step-by-Step guide

The following steps will show how to configure the VPN network as shown in the diagram and how to connect the machines.

Step 1: Register on CloudConnexa

  • Open CloudConnexa.
  • Create your account and give your Wide-area Private Cloud (WPC) a name.

Create Your WPC

After that you should be logged into the platform.

CloudConnexa

Step 2: WPC Settings

Set your default connection region and change the Topology so that access rights can be configured.

WPC Settings

WPC Settings Topology

Confirm WPC Settings

Step 3: User Groups

Create customer01 and customer02.

Add User Group

Create Group

Overview over Groups

Step 4: Users

Create oem_user1, customer01_user1, customer02_user1

Create Users

User Details

Add User Customer

Overview Users

Step 5: Hosts (Machines)

Create customer01_machine1, customer01_machine2, customer02_machine1

Add Host

Host Details

Overview Hosts

Step 6: Access Groups

Create oem, customer01, customer02

Adding an Access Group

Create New Access Group

Set the OEM Access definitions

customer01

Name the new Access Group
Create the Customer01 Access Definition

customer02

Create New Access Group customer02

Define Access Group of customer02

Don't forget to delete the default group. If not it will allow all Users to access everything!

Delete Access Group which grants Full Access

Confirm Delete Access Group

Now it should look like this.

Overview over the Access Groups

Step 7: Connect the machines

Download the OpenVPN config file for the machine you want to connect.

Downlod the Connector Profile in .ovpn format

Open ctrlX OS on the corresponding machine and install VPN App.

Install from file in ctrlX OS

Open the VPN UI.

Overview of the ctrlX OS Settings

Upload the previously downloaded OpenVPN config file.

Upload VPN configuration file

Choose OpenVPN in Upload configuration file

Click upload in Upload configuration file

Optional: Set to automatically connect to VPN on restart of the device.

Edit the VPN configuration

Change to Automatic in Settings in VPN configuration

If not already connected you can connect manually.

If not already you can Start the VPN connection

The VPN status should show Connected

Check connection status in CloudConnexa.

One Connector should be online

Step 8: Login as user and test connection

As we connected a machine from customer01 we should log in as a user of the group customer01 to test the connection. First, get the password.

Show temporary password in Users

Copy the Temporary Password

Now act as the customer01 and open the URL which you defined for your WPC. Ideally in an anonymous browser window so you don't get automatically logged in as an admin.

Click on the given URL in Users

Paste Username and Password into the Login Form

You are asked to set a new password

Follow the instructions for your OS to connect to the network via OpenVPN.

This page describes how to get connected

When you are connected you can access the machine directly via the IP address of it. Look it up here.

Copy the IP address of the device in Connectors

Now connect from remote!

Remote Android Browser Client

When the other machines are connected you can test the permissions. You should be able to connect to the machines according to the drawing. All users of Customer 1 are able to connect to customer01_machine1 and 2. All users of Customer 2 are able to connect to customer02_machine1. All users of the group OEM can connect to all machines.

Related Links

2

Latest published/updated articles

Types
How-to
Categories
IOT