A few weeks ago I wrote an article on how Veeam Powered Network can make accessing your homelab easy with it’s straight forward approach to creating and connection site-to-site and point-to-site VPN connections. Since then I’ve done a couple of webinars on Veeam PN and I was asked a number of times if Veeam PN can be setup without the use of a central hub appliance.
To refresh the use case that I went through in my first post, I wanted to access my homelab/office machines while on the road.
With the use of the Tunnelblick OpenVPN Client on my MBP I am able to create a point-to-site connection to the Veeam PN HUB which is in turn connected via site-to-site to each of the subnets I want to connect into.
Single Veeam PN Appliance Deployment Model
After fielding a couple of similar questions during the webinars it became apparent that the first use case I described was probably more complicated than it needed to be for the average home office user…that is create a simple point-to-site VPN to allows remote access into the network. This use case can also be used to access a simple (flat) company network for remote users.
In this scenario I want to have access via the OpenVPN endpoint client to my internal network of 192.168.1.0/24 via a single Veeam PN appliance that’s been deployed in my home office network. To go over the Veeam PN deployment process read my first post and also visit this VeeamKB that describes where to get the OVA and how to deploy and configure the appliance for first use.
Components
- Veeam PN Hub Appliance x 1
- OpenVPN Client
Networking Requirements
- Veeam PN Hub Appliance – Incoming Ports UDP 1194, 6179 and TCP 443
- OpenVPN Client – Outgoing access to at least UDP 6179
In my setup the Veeam PN Hub Appliance has been deployed into VMware Workstation and has picked up a DHCP address. Unlike the Azure Market Place deployment you need to go through an initial configuration wizard to setup the Hub appliance to be ready to accept connections. Go to the Veeam PN URL, enter in the default username and password and click through to the Initial Configuration wizard.
Next step is to configure the SSL certificate that is used for a number of services, but importantly is used to facilitate authentication between the Hub, site and endpoints.
Next step is to configure the Site-to-site and the Point-to-site VPN settings which will be used in the OVPN configuration files that are generated later on.
Once that’s done you are sent to the Veeam PN home dashboard page. In order to have the 192.168.1.0/24 network accessible remotely you need to configure it as a site, as shown below from the Clients menu. This is a bit of a workaround to ensure that the correct static routes are included in the endpoint OVPN configuration files but note that the site will never become connected in the client status window.
To be able to connect into my home office when on the road the final step is to register a standalone client. Again, because Veeam PN is leveraging OpenVPN what we are producing here is an OVPN configuration file that has all the details required to create the point-to-site connection…noting that there isn’t any requirement to enter in a username and password as Veeam PN is authenticating using SSL authentication. As a recap from my previous post, for my MPB I’m using the Tunnelblick OpenVPN Client that I’ve found it to be an excellent client but obviously being OpenVPN there are a bunch of other clients for pretty much any platform you might be running. Once I’ve imported the OVPN configuration file into the client I am able to authenticate against the Hub Appliance endpoint and the home office routing is injected into the network settings.
You can see above that the 192.168.1.0 static route has been added and set to use the tunnel interfaces default gateway which is on the Hub Appliance running in my home office. This means that from my MPB I can now get to any device on that subnets no matter where I am in the world…in this case I can RDP to my Windows workstation, and access other resources on 192.168.1.0/24.
Conclusion:
Summerizing the steps that where taken in order to setup and configure remote access into my home office using Veeam PN:
- Deploy and configure Veeam PN Hub Appliance
- Go through initial Hub Network Wizard
- Register local network as a Site
- Register Endpoints
- Setup Endpoint and connect to Hub Appliance
Those five steps took me less than 10 minutes which also took into consideration the OVA deployment as well. The simplicity of the solution is what makes it very useful for home users wanting a quick and easy way to access their systems…but also, as mentioned for configuring external access to simple office networks!
Again, Veeam PN is free and is deployable from the Azure Marketplace to help extend availability for Microsoft Azure…or downloadable in OVA format directly from the veeam.com site.