IP Access provides clients (e.g. a roadwarrior operator, or automation tools) with IP access to remote networks.
IP Access connects a client to Lighthouse using an OpenVPN tunnel, via UDP port 8194. The GRE protocol is then used to bridge this connection, encrypted inside the resilient Lighthouse VPN tunnel which has been established from the node to Lighthouse.
The client can then access target devices on the remote network directly by their usual IP addresses and network ports. Requests from the client are masqueraded behind the node's remote IP address, so no additional routing configuration is required on the target devices.
Note: See also How do I enable remote IP Access? for a complete step by step guide.
The basic configuration of this feature is as follows:
- Activate the Software-Defined Infrastructure NetOps module – this starts the OpenVPN service in a Docker container on Lighthouse
- Activate the Software-Defined Infrastructure NetOps module on each node you wish to use for IP Access – this installs a remote connector service to allow the IP Access bridge to be created
- Generate a certificate and export an associated OpenVPN client configuration file
- Import the configuration into your preferred OpenVPN client
The basic operation of this feature is as follows:
- Connect the tunnel – this starts a connection to Lighthouse on UDP port 8194
- Authenticate when prompted using your Lighthouse credentials, appending the node name to your Lighthouse username – client certificate authentication is automatic, this is a second factor of authentication
- Wait a moment for the connection to complete – this builds the GRE bridge between the client and pushes routes to the node's remote network(s)
While connected, the client can access IP addresses on the node's remote network(s) LAN directly, e.g. by using the ping command or by typing them into the browser address bar.