Shulou(Shulou.com)06/03 Report--

Network environment:

The office network has no public network IP and does not support NAT function. IDC has a public network IP and supports NAT.

Usage requirements:

1. The interconnection between IDC and the office network

2. The mobile terminal can be used to access the intranet remotely.

Solution:

Step1. Registered account

Registered address: https://user.accesshub.cn/#/signUp

Step2. Log in to the management console

Login method 1: enter the domain name of the management platform in https://user.accesshub.cn/#/loginTo to jump to the landing page

Login method 2: enter the domain name and address of the management platform directly in the browser, such as https://yourdomain.accesshub.cn/

Page after login

Step3. Set firewall release policy

Configure NAT rules on the IDC side to allow public network access to the container host port: UDP/500,UDP/4500

Step4. Run the container on the server

To install for the first time, you need to turn on the IP forwarding function of the server, modify / etc/sysctl.conf, set net.ipv4.ip_forward = 1, and restart the server.

Install docker

Yum install-y docker

Start docker

Systemctl enable docker

Systemctl start docker

Run the container

On the deployment Container page of the administrative console, click copy and paste the command on the server to execute

Step5. Establish a connection between the container and the management console

Click next on the Container deployment page in the administrative console to set the container type and location

Register the server IP on the IDC side (in the case of a single IP environment, run curl ip.sb on the server on the IDC side, check the server IP address, and register with this IP; in the case of a multi-IP environment, the egress public network IP ingress public network IP is different, select NAT, enter egress IP and ingress IP respectively)

Register the office network side server IP (please run curl ip.sb on the IDC side server, check the server IP address, and register with this IP)

Click next to complete the installation

On the overview page, you can see the container information

Step6. Establish a peering connection

On the site counterpart page, click add

The gateway selects the IDC side gateway, registers the CIDRs; peer network of the IDC side network, selects the office network side gateway, registers the CIDRs of the right end network, and creates a connection (because the office network side initiates the connection to the IDC side, the order of the gateway and the peer gateway cannot be reversed)

Click the Change button, and the networks at both ends are connected by IPSec to achieve interworking.

On the overview page, you can see the connection status

Step7. Add rout

Add routing entries to the network devices at both ends, and add the CIDRs of the peer network to the routing table. The destination address is the local container host IP.

On the IDC side, the network of the office network realizes interworking.

Step8. Remote access server environment

A new container host needs to be prepared on the IDC side

Configure NAT rules on the IDC side to allow public network access to the container host port: UDP/500,UDP/4500,UDP/1701,TCP/5555

Step9. Run the container on the server

Install docker

Yum install-y docker

Start docker

Systemctl enable docker

Systemctl start docker

Run the container

On the deployment Container page of the management console, click the copy user access Container run command and paste the execution on the server.

Step10. Establish a connection between the container and the management console

Click next on the container deployment page in the management console to set the container type, container location, and register server public network IP (for a single IP environment, run curl ip.sb on the IDC side server, check the server IP address, and register with this IP; in a multi-IP environment, the egress public network IP ingress public network IP is different, select NAT, enter egress IP, and ingress IP)

Click next to complete the installation

On the overview page, you can see the container information

Step11. Configure remote access Gateway

Click the gateway configuration on the user access page, and enter the CIDR of the private network.

The access server name, DHCP network segment, and IPsec pre-shared key can be customized and modified according to the requirements.

Team members can be invited to register by distributing the registration address and registration code. After registration, you can use the client to access the network

Step12. Client Settin

Access client settings

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.