VPN

Configure and manage VPN functionality between Trustgrid nodes

  2 minute read  

Trustgrid nodes can be configured to provide VPN-like functionality, allowing network address translation (NAT) and routing between nodes.

The VPN feature enables the routing of IP packets by utilizing a virtual IP space that is configured on the nodes. In this configuration, the node can be used as the next hop for a route destined for the virtual IP space, or the node can be used as the default gateway for a network. The virtual IP space is used as a transit network with NAT being utilized to translate IP addresses between the virtual IP space and local network IP space.

The Trustgrid VPN feature provides the capability to securely route IP packets between remote networks. In this configuration, Trustgrid nodes can operate as a distributed mesh virtual private network (VPN) that can allow applications to access remote data and services at layer 3 (L3) of the network OSI model. This is done by defining a virtual L3 network (similar to an Amazon VPC) and then selecting how local node networks are exposed and translated into the virtual address space.

Attaching a Virtual Network

To use VPN functionality, a node or cluster must be attached to a domain virtual network.

Navigate to the VPN section for your node or cluster, and select Actions->Attach.

Attach Network dialog with options to select network, Validation CIDR and Virtual Management IP
Attach Virtual Network dialog on a Node
Field NameDescription
Select NetworkDrop down list to select defined virtual networks.
Validation CIDR
  • Used to validate NATs defined on this node or cluster. If the Virtual CIDR of Inside NATs or the Network Group value of Outside Nats are outside the Validation CIDR a warning will appear.
  • Must be a subnet equal to or smaller than the Virtual Network’s Network CIDR.
Virtual Management IP
  • This IP address is used by the node as the source IP for running VPN troubleshooting tools.
  • Only visible in this dialog when attaching the network to a node. If attaching to a cluster, you will need to navigate to each member node to set the Virtual Management IP.

Once attached, navigate into the network to manage the VPN configuration.

Network Address Translation (NATs)

Configure Network Address Translation for traffic entering or leaving the virtual network

DNS

Configure a DNS

Dynamic Routing

Configure import and export rules for dynamic routes on the virtual network

Port Forwarding

Configure port forwarding rules to expose local services as virtual IPs on the virtual network

Static Routing

Configure static routes for the virtual network for the selected node or cluster

WireGuard ®

Configure and manage a Wireguard server on the node to expose the virtual network