2.3.5.1. ON VPNGW Basic Configuration

Access the machine with the following default credentials:

Note

  • User: root

  • Password: opennac

2.3.5.1.1. Keyboard configuration

To modify the keyboard language by console, you can execute the following command:

[root@vpngw ~]# loadkeys es
Loading /lib/kbd/keymaps/i386/qwerty/es.map.gz

2.3.5.1.2. Network configuration

To assign an IP, execute the graphical network manager:

nmtui
../../../_images/cmix.png


In the initial window, select Edit a connection.

../../../_images/cmix1.png


Select the interface and click on Edit.

../../../_images/cmix2.png


In the IPv4 Configuration section, select Manual.

Display the IPv4 configuration by selecting the <Show> option

../../../_images/cmix3.png


  • Addresses: Add the IP of the node with the corresponding network mask (<IP>/<MASK>).

  • Gateway: Add the gateway of the node.

  • DNS Servers: Add a DNS server (for example, Google).

We mark the option Require IPv4 addressing for this connection.

Finish the configuration by clicking on <OK> at the bottom-right corner.

Now, you must activate and deactivate the interface to apply the changes to the interface that you have edited. In the menu, we select the option Activate a connection.

../../../_images/cmix4.png


Deactivate and activate the interface and return to the initial menu.

../../../_images/cmix5.png


Now you have the node configured, verify it with the command ifconfig or ip a:

../../../_images/cmix6.png


You must modify the /etc/hosts file and include the appropriate ON Core address identified as onprincipal as well as the others nodes, onanalytics, onaggregator, and onsensor, if they are part of the module architecture. It should also appear as Modified IP in the previous step as emmafront.

It is important to keep these machine names with the corresponding IPs of the installation.

[root@core ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
192.168.45.254 onprincipal
192.168.45.253 onanalytics
192.168.45.253 onaggregator
192.168.56.252 sensor
10.10.10.184 onvpngw

2.3.5.1.3. Repository configuration and corporate proxy

Before updating the nodes it is necessary that:

  • The nodes have access to the internet, either directly or through a corporate proxy.

  • We must have the credentials to access to OpenNAC repositories for node updates.

Manually configure the repository with user and password in the /etc/yum.repos.d/opennac.repo file:

../../../_images/core9.png


2.3.5.1.4. Update to latest version

One of the recommended steps to take when the system is newly deployed is to update it to the latest version available.

To update the ON VPNGW component, go to the ON VPNGW Update Section. Once the update is finished, you can continue with the basic configuration.

2.3.5.1.5. Healthcheck configuration

Healthcheck is the system monitoring module. It has service controls that ensure that all necessary system services are running properly.

On a fresh installation of ON VPNGW, the first step is to check if the package is installed:

rpm -qa | grep opennac-healthcheck

If the healthcheck package is not installed, you need to install it:

dnf install opennac-healthcheck -y

After the installation, you need to configure it:

cd /usr/share/opennac/healthcheck/
cp -rfv healthcheck.ini.vpngw healthcheck.ini

2.3.5.1.6. Installing the Node on the ON Core

To install the node in the ON Core, access the Administration Portal.

../../../_images/admin1.png


In the main menu, open the VPNGW > Manage VPNGW section.

../../../_images/manage_vpngw.png


You will have to configure the following fields within the Add new pop-up window:

../../../_images/add_new1.png


  • Farm: Location of the node to be able to identify where the node is located.

  • Description: Description of the node.

  • Service IP: IP assigned to the node to be imported.

  • Management ip: Field for the management IP of the node.

  • SSH password for root: SSH credentials of the node, by default root/opennac.

  • ON Principal IP: Field for the ON Principal IP.

  • ON Analytics IP: Field for the ON Analytics IP.

  • Configure Workers: In this subsection you can configure Workers. By clicking on the Add new button you will see the following pop-up window:

    ../../../_images/add_new_worker.png


  • Name: The onworker identification name.

  • Description:You can enter a worker description.

  • Value: The worker’s IP.

  • HTTPS Certificate: By clicking on the Upload Certificate button, you can upload the Certificate file. You can also copy and paste it to the HTTPS Certificate field.

    If you don’t have a certificate you can create it with the following commands:

mkdir certificates
cd certificates/
openssl genrsa -out mydomain.key 2048
openssl req -new -key mydomain.key -out mydomain.csr
openssl x509 -req -days 365 -in mydomain.csr -signkey mydomain.key -out mydomain.crt
bash -c 'cat mydomain.key mydomain.crt' >> mydomain.pem
cat mydomain.pem

Copy the content of mydomain.pem to the HTTPS Certificate field. This file also includes the RSA Private Key in the certificate.

Click on Accept and the node will be installed. This process may take a few minutes. It is important not to close the browser in the middle of the process.

Note

Once the node is installed, it is necessary to restart from the console (reboot) to apply the changes.