The IP Access feature is provided by the Software-Defined Infrastructure NetOps Module. This article walks through the steps required to activate the module and enable the feature.
1. Enable NetOps Automation
After deploying the Lighthouse, sync the latest NetOps Modules from Docker Hub:
- Login to the Lighthouse web UI as a Lighthouse Administrator or the root user
- From the menu, select SETTINGS > Services > NetOps Modules
- Click the Synchronize icon
Allow HTTPS outbound access to IP addresses of container registry (Docker Hub) that hosts NetOPs modules.
If Lighthouse can't reach Docker Hub for whatever reason, use the offline installer instead.
2. Activate the Software-Defined Infrastructure Module
NetOps Modules must be activated on Lighthouse and a per-node basis.
Login to the Lighthouse web UI as root or a Lighthouse Administrator, and upload the nom-sdi licence file under SETTINGS > System > Licensing > New.
Click CONFIGURE > NetOps Modules > Manage Modules and wait until Lighthouse activation is complete.
To activate on the node you wish to access IP networks via, use the following steps:
- Ensure CONFIGURE > NetOps Modules > Manage Modules > Software-Defined Infrastructure > Always Activate is unchecked and applied
- Select CONFIGURE > Configuration Templating > Apply Templates
- Under NetOps Module Activation choose the Software-Defined Infrastructure and click Next
- Select the nodes to to activate and click Next
- Refresh to ensure preflight checking is successful, then click Next
- Refresh to ensure activation is successful
See also: How do I activate a NetOps Module?
4. Generate a certificate and export client configuration
Clients connect to Lighthouse via an OpenVPN client, which in turn connects them to the Management LAN network of a particular node. IP Access provides a convenient means to configure the OpenVPN client by generating the configuration files that may be importing directly into your OpenVPN client of choice.
Login to the Lighthouse web UI as root or a Lighthouse Administrator, and click CONFIGURE > IP Access > Client Certificates. Enter a Certificate Name and click Create.
When the certificate is created, download an associated OpenVPN client configuration by clicking Export.
Note: Deleting a client configuration file from Lighthouse revokes that client certificate and any associated client configurations using that certificate will no longer be permitted to connect.
5. Connect the VPN client
The final step is to establish the VPN connection that allows IP Access to the Management LAN (and optionally other networks) behind a node.
Import the client configuration from the previous step into your preferred OpenVPN client and start the VPN connection.
When prompted to authenticate the VPN connection, you must also specify your Lighthouse credentials and the node that you want to establish remote IP access via.
Specify the node by adding :node-name to your Lighthouse username, e.g. authenticating with the username adal:my-acm7004-5 will authenticate as Lighthouse user adal and connect the VPN to the remote IP network(s) behind my-acm7004-5.
Note: The username including the node-name is case sensitive.
Note: To be permitted connection, the Lighthouse user must have at least Node User rights for the specified node.
Note: The IP Access NetOps module creates a Layer 2 TAP mode tunnel which is not supported by Android or iOS operating systems.