IP Access provides clients (e.g. a roadwarrior operator, or automation tools) with IP access to remote networks.
IP Access connects a client to Lighthouse using an OpenVPN tunnel. The GRE protocol is then used to bridge this connection across the existing Lighthouse VPN tunnel established from the node to Lighthouse, onto the Management LAN network connected to the node.
The client (e.g. Network Operator in the diagram below) can then access target devices on the remote network directly.
The basic configuration of this feature is as follows:
- Activate the Software-Defined Infrastructure NetOps module – this starts the OpenVPN service in a Docker container on Lighthouse
- Enable the node for IP Access – this puts its Management LAN (eth1) interface in a bridging configuration
- Generate and download a client configuration file – this creates and signs the client VPN certificate
- Import the configuration into your preferred OpenVPN client
The basic operation of this feature is as follows:
- Connect the tunnel – this starts a connection to Lighthouse on UDP port 8194
- Authenticate when prompted using your Lighthouse credentials – client certificate authentication is automatic, this is a second factor of authentication
- Wait a moment for the connection to complete – this builds the GRE bridge between the client and Management LAN, and automatically selects and assigns the client an IP address
While connected, the client can access IP addresses on the remote Management LAN directly, e.g. by using the ping command or by typing them into the browser address bar.