CipherGraph CAG Cloud VPN for CloudSigma is an offering from CipherGraph Networks Inc. which allows you to securely connect to your cloud deployments as well as bridging deployments across data centers.
Setting up the VM
Prerequisites
- CipherGraph Cloud VPN image cloned to your account’s Drives.
- One static public IP address
- Optional: One network policy with the following inbound rules:
- Create the Server with a minimum of 2GB RAM and 2GHz CPU.
- Paste in your public SSH key into the SSH Key field (assuming you want to connect to your server over SSH).
- Attach the static public IP address to the server with the network policy mentioned above applied.
- Attach the cloned CipherGraph Cloud VPN Image to the server.
- Save the server configuration and boot up the server.
| Port | Protocol | Action | Comment |
| 22 | TCP | Accept | Grants SSH access to the CipherGraph VM (optional). |
| 9080 | TCP | Accept | Grants access to the CipherGraph VM’s Management Console via a web browser. |
| 50 | UDP | Accept | Grants CipherGraph Clients access to the server. |
| 500 | UDP | Accept | Grants CipherGraph Clients access to the server. |
| 4500 | UDP | Accept | Grants CipherGraph Clients access to the server. |
Initial Setup
Once the server has successfully booted, go to the server properties and look up the “VNC Password.” This is what is going to be used as the default password for both the management interface and for console login. Password authentication is disabled over SSH, so you will need to use an SSH key.
Now point your web browser to https://[CipherGraph_VM Static IP Address]:9080
This should bring up a login prompt. You should be able to login using the following credentials:
- Username: cgnadmin
- Password: [VNC Password]
For further information on how to configure the CipherGraph VM, please see the Admin Guide.
If you want to login to the server using the console, the default username is cloudsigma and the password is the VNC password. For SSH access, the username is the same, but you need to use your public SSH key.
Frequently Asked Questions
How do I configure access to various VLANs in my deployment on CloudSigma?
- Shutdown the CipherGraph VM
- Attach one network interface each for each of the VLANs you want to be accessible through CipherGraph CAG Cloud VPN.
- Start the CipherGraph VM.
The new interfaces are detected automatically and configured with DHCP. Login to the CipherGraph CAG Cloud VPN Management Console and verify the settings in the Advanced Networks Page. Make necessary changes if required and apply the changes.
Please note that this cannot be done in the initial setup. You must add the VLANs afterwards.
How do I change the Management Console Certificate to a certificate owned by me?
Please ensure that SSL Certificate, RSA private Key file and SSL certificate chain files are PEM encoded. Also ensure that the private key File is not password protected.
Then follow these steps
- Copy the SSL Certificate file to /etc/ssl/ciphergraph/admin.crt on the CipherGraph VM.
- Copy the Private Key File to /etc/ssl/ciphergraph/admin.key on the CipherGraph VM.
If you have a certificate chain or intermediate certificate, copy it to /etc/ssl/ciphergraph/admin_chain.crt. You will also need to tell Apache to use the certificate chain file by removing the ‘#’ on line 43 in /etc/apache2/sites-enabled/admin-ssl. Alternatively, you can simply run this command:
[bash light=”true”] $ sed ‘s/^.*#SSLCertificateChainFile \/etc\/ssl\/ciphergraph.*/ SSLCertificateChainFile \/etc\/ssl\/ciphergraph\/admin_chain.crt/g’ -i /etc/apache2/sites-enabled/admin-ssl[/bash]
Finally, you need to restart Apache:
[bash light=”true”]
$ service apache2 restart
[/bash]
More frequently asked questions can be found at here.