LogoLogo
Partner Portal Login
  • Welcome
  • Getting Started
    • Becoming A Partner
    • Getting Support
      • Community Services
        • SMTP Servers
        • DNS Servers
      • Service Status and Incidents
        • Status Page
        • nbn Incident Notifications
    • Accounts & Billing
      • Billing Overview
      • How to pay
  • Services
    • Connectivity
      • nbn TC4
        • Getting Started
        • Troubleshooting
          • nbn Self-Diagnostic Tool
        • Technical References
          • nbn TC4 Sevice Classes
          • nbn TC4 AVC-ID
      • nbn Enterprise Ethernet
        • Getting Started
      • Internet Services
        • IP Geolocation
        • Troubleshooting
          • Advanced Troubleshooting
            • nbn Enterprise Ethernet
            • Telstra Ethernet Access and AAPT Fibre
            • nbn TC4 Connectivity
              • FTTP (Fibre to the Premise)
              • FTTN/B (Fibre to the Node/Basement) or VDSL2
              • FTTC (Fibre to the Curb)
              • HFC (Hybrid Fibre Coaxial)
              • Wireless
          • Logging a fault for your WAN Service
          • WAN Diagnostic Tool
          • WAN Monitoring
        • Technical Reference
          • What is CGNAT and How does it work?
          • Ethernet Service Shaping Requirements
          • Router configuration for Telstra 4G/5G services
      • SD-WAN
        • Getting Started
          • How to login to Antares V2 Portal
          • Getting Familiar with Antares Portal
      • Requesting co-managed router access
    • Voice over IP (VoIP)
      • Best Practices to Protect You from Toll Fraud
      • Best Practice Guidelines
      • Inbound Numbering System
        • How to access the Inbound Numbering System?
        • Creating a new user
        • Diverting a 1300/1800 number
        • Moving a DID between services
        • Creating a basic IVR
      • Grandstream Device Management System (GDMS)
        • How to login to the GDMS platform
        • How to run diagnostic tests within the GDMS
        • How to add a site and move a VoIP Device into it
        • How do I add/remove users from the GDMS Portal?
      • 3CX Guides
        • How to configure our CTS Trunk on 3CX
        • Resolving Call Quality issues on 3CX deployments
        • How to configure a SIP Trunk on 3CX
        • Changes to default 3CX Headers
      • Microsoft Teams Direct Routing
        • Getting Support for Microsoft Direct Routing
        • Configuration Guide
        • Troubleshooting Call Routing
        • Unable to Dial Internationally from Teams
        • Creating a resource account and assigning a Direct Routing DID
        • "Call cannot be connected" error with Auto-Attendants and Queues
        • Creating Dial Plans to Prefix Outbound Calls
      • Brand Specific Guides
        • NetComm Router/ATA
          • How to register VOIPnow extension to NetComm device (NL1901ACV)
        • Cisco
          • SPA112 - Fax Settings
        • Grandstream
          • How to enable TLS encryption on Grandstream phone
          • Upgrading the firmware on Grandsteam phones
          • Setting up voicemail on the DP720 (Cordless Handset)
          • How to setup a VoIP Account on a Grandstream phone
          • Grandstream GXP2140 Voicemail
          • Setting up Monitored Call Parking
      • General
        • Getting Started with your VoIP Reseller Account
        • How much bandwidth do I need for VoIP?
      • VoIP Troubleshooting
        • VoIP Troubleshooting Guide
        • VoIP Fault Guide
        • SIP ALG and turning it off
        • Emails from VoIPNow going to SPAM
      • Number Porting
        • Can I port my existing phone numbers over?
        • How do I port numbers over to Hosted Network?
        • Reasons for Number Port Rejection
      • VoIPNow Guides
        • How to activate call recording in VOIPnow
        • Configuring Charging Plans to add margin to outbound calls
        • Configuring Charging Plans to add margin to 13/1300/1800 Inbound calls
        • What is a valid Caller ID?
        • How can I make Anonymous Calls?
        • Getting a breakdown on the resources for an Organization
        • Configuring Fax to Email
        • VoIP Bundle Creation & Implementation
        • Uploading Sound files to VoIPNow
        • How does Call Parking work on VoIPNow?
        • Transferring Calls Waiting in Queues
        • How to setup a Queue (Hunt Group)
        • How to find a list of all the numbers assigned to your Service Provider account
        • How to do a context jump based on the incoming Called DID
        • How to change Music on Hold for an extension
        • Creating and updating a time interval
        • How to apply a time interval to an Incoming Call Rule
        • How to add an Incoming Caller ID Prefix with an IVR
        • Applying sound files to an IVR
        • How to configure an IVR to transfer to an external number
        • How to enable International Call barring on Organizations and Users
        • List of the common issues submitted by the partners
        • How to Configure BLF on Virtual Multi-Purpose Key
        • How to configure Intercom/Paging
        • How to configure TLS and SRTP on VOIPnow and Grandstream Phones
        • How to give end customer an access to VOIPnow to view/manage the CDR and Call recordings
      • SIP Trunk Requirements: Ports, Protocols, and Codecs
    • Cloud
      • Infrastructure as a Service
        • Getting Started
          • How to login to vCloud Director
          • vCloud Resource Allocation
        • Virtual Machines & vApps
          • Creating a new Virtual Machine
          • What is a vApp and how to create one?
          • Mounting an ISO to a VM
          • Accessing the VM console
          • Using VM snapshots
          • Converting a VM to a Template
        • Backup and Restorations
          • Accessing Veeam Self Service Backup Portal
          • Creating a Backup Job
          • Enabling Application-Aware Processing in Veeam Self-Service Portal
          • Setting up Guest Processing
          • How to start a File Level Restore
          • How to carry out a full VM restore
          • Archived: Restoring a VM or guest files
        • Networking
          • Routed, Isolated and Direct networks in vCloud
          • How to create/delete a vApp network
          • How to create/delete a new Organization level network
        • Administrative Tasks
          • Creating Users
          • What is a 'Catalog' and how to create one
          • Uploading ISO files or OVA/OVF templates
          • Setting up Azure AD SAML based authentication for vCloud
          • Microsoft Software Licensing
          • Activating Windows Servers
          • Checking and Decreasing IaaS resources
      • Backup as a Service
        • Tenant Management via VSPC
          • VSPC Overview
          • Creating Companies
          • Adjusting tenant storage allocation
        • Configuration with Veeam B&R
          • Getting Started
          • Configuring Backup Jobs
          • Configuring Backup Copy Jobs
            • Seeding Backup Copies
        • Configuration of Veeam Agents via VSPC
          • Getting Started
          • Installing Agents
          • Using backup policies
      • Disaster Recovery as a Service
        • Getting Started
        • Configuring Replication Jobs
        • Seeding Replicas
        • Failover
          • Partial Failover
          • Full Site Failover
          • Accessing replica VMs
  • Partner Portal
    • General
      • Manage Contacts
      • How to cancel services in the Partner Portal
    • Rebilling System
      • End Customers Management
        • Services
        • Recurring and Once-Off Charges
      • Charging Plans
      • Rebilling Configuration
        • Integrations
        • Integration Errors
        • Email Settings
        • Product Settings
        • Bank Account
        • Invoice Details
    • Service Qualifications
      • How perform a WAN Service Qualification
      • WAN Service Qualifications Drafts
      • WAN Service Qualification History
      • FTTP Upgrade
    • Security
      • Multi-Factor Authentication
      • Microsoft Single Sign-On (SSO)
      • Account Permissions
Powered by GitBook
On this page
  • Overview
  • Requirements
  • Process
  • Advance Edge SSL VPN-Plus Setup
  • Upload and configure the SSL Certificate
  1. Services
  2. Cloud
  3. Infrastructure as a Service
  4. Networking

Configure the SSL VPN on the VMware Edge Gateway

Last updated 2 months ago

Overview

This Knowledgebase (KB) article covers the high-level process of configuring the SSL-VPN Plus function of the VMware vCloud Edge Gateway provided by Hosted Network.

Please keep in mind this guide assumes you already have an Edge Gateway configured and in production prior to trying to configure the VPN.

The SSL VPN-Plus functionality on the Advanced Edge Gateway allows users to connect to an internal VPN managed by the Edge. In this way, end users can connect directly to the edge gateway’s external IP in order to access their servers. This gives users a secure method by which they can remotely manage and connect to their Hosted Network IaaS environment.

Requirements

In order to complete this KB, you will need the below information, and have a few items preconfigured:

  • Optional, configure a hostname to point to the WAN IP of the Edge Gateway (if multiple are available for use you can define which one to use in a later step)

  • Optional, A valid SSL Certificate (if you want to set it up securely)

  • An IP Pool for the SSL-VPN to use, it can be part of an existing subnet or a new subnet

  • A free port if port 443 is already in use

Process

Quick Links:

Advance Edge SSL VPN-Plus Setup

Login to your vCloud Director account and navigate to the Edge Gateway. In order to begin SSL VPN-Plus configuration, navigate to the Edge Gateway, then select the assigned edge gateway to your vDC then click "Services". A new window will popup.

  1. Configure Authentication Service

On the SSL VPN-Plus, click the Authentication tab. To add a new server, click the "+ LOCAL" and configure all of your required settings, (you can leave everything as default if you like). Click "Keep" once done.

  1. Enable and Configure SSL Server

Navigate to the SSL VPN-Plus tab, then the Server Settings sub-tab.

Click the "Enable" switch to turn on the SSL VPN service, and select the external IPv4 address and port for external access to the VPN. Select one or more Ciphers, the save the settings. This will automatically populate a Firewall rule which can be verified below.

  1. Verify Firewall Rule

Enabling the server from the SSL VPN Server Settings should automatically populate a Firewall rule as shown below. This rule should correspond to the external IP for the VPN and should allow TCP traffic on the specified port.

  1. Configure IP Pools

Once the SSL VPN Server has been enabled, select the IP Pools tab to create a range of internal IPs for use by the VPN. Click on the "+" symbol in the upper left to create a new pool. This pool will be the set of internal IPs which are mapped to each remote user when they connect to the VPN. These IPs will need to be on the subnet which has access to the existing environment. This IP Pool should not correspond to the Org VDC Network. It needs to have a Gateway address configured, which will be the Edge Gateway's IP on that subnet. DNS options are not required.

Once the IP Pool has been created, verify that the pool appears in the list and that the information is correct.

  1. Configure Private Networks

Select the Private Networks tab and click the "+" symbol in the upper left to add VPN access to an internal network. This subnet should include addresses for any servers which should be accessible to users connected to the VPN.

After adding the Private Network, verify that the network appears in the Private Networks list and that the information appears correct.

  1. Configure Users

Select the Users tab to add user accounts to the VPN. Any users should be added manually here before attempting to download the client and join the VPN. Forcing users to reset their password on login can be enforced at this screen as well.

  1. Configure Installation Package

Select the Installation Packages tab to configure the package users will receive when joining the VPN. Add the Gateway IP and the Port for VPN Access (as configured at the VPN Server tab above). Please note that if the Gateway IP or Port changes for any reason, the Installation Package profile needs to be deleted and re-created. Enable any necessary installation parameters (such as silent mode, or starting the client at login) and save the configuration.

Once the installation Package is configured and saved, it will appear in the list of packages. Verify that the Gateway and Port are correct.

  1. Configure Client Tunneling

Under the SSL VPN-Plus tab, select Client Configuration. The tunnel should be configured to Split mode to enable simultaneous external communication, but can be set to Full mode if application demands it. Any subnet exclusion can be configured here as well.

At this point, the VPN tunnel is configured. Users can navigate to the access point IP, download the installer, install the VPN client, and connect to the network.

  1. Download and Install Client

For each end user, navigate in a web browser to https://###.###.###.###:####/, the access address configured in the Server Settings tab. If the server is properly configured, the following login prompt will appear.

Enter the credentials for that user and select "Login". After logging in, the link to download the VPN client will appear under "List". Click the name of the installer Package configured in the Installer Package tab. The download will begin automatically per the instructions of the following page.

  1. Connect and Log In

After installing the VPn client, run the program. A login window will appear. Click "Login" to prompt the user for credentials.

If the login process is successful, the VPN client will minimize to the tray and the VPN will establish automatically. To verify, double click on the arrow icon in the tray as show below to open Statistics.

In the Statistics window, select the Advance tab to verify the assigned addresses and connection information.

Upload and configure the SSL Certificate

You can upload a valid SSL to use with the SSL VPN to avoid security/certificate warnings when connecting. To do this follow the steps below.

Step 1. In the Edge Gateway services click on 'Certificates'.

Step 2. Click '+ SERVICE CERTIFICATE'.

Step 3. Upload the SSL and SSL Key (it asks for PEM format, but a .crt file is also accepted) and click 'KEEP' saving the SSL.

Step 4. Click on the 'SSL VPN-Plus' tab and then click 'Server Settings'.

Step 5. At the bottom of the page click the 'CHANGE SERVER CERTIFICATE' button, this should bring up a window.

Step 6. Select the SSL you uploaded and tick the slider next to 'Configure Service Certificate' and then click 'OK' to save it

The SSL will now be used for inbound connections to the SSL VPN

Advance Edge SSL VPN-Plus Setup
Upload and configure the SSL Certificate
Example
Example