Q100656: Creating a VPN server for Flix cloud setup

  1. The Foundry SANDBOX
  2. Flix
  3. Flix Installation and Getting Started

SUMMARY

This article is part of a series intended to show an example of how to set up Flix in the Cloud. You can find the full series in Q100655: Creating a Flix setup in the Cloud.
The steps outlined below cover how to set up a VPN server that can be used to access your Flix cloud setup. The article assumes some knowledge of networking and Linux administration and it is targeted toward IT administrators.



MORE INFORMATION


This guide shows how to create a VPN server in AWS. A VPN server will encrypt and secure the connection between your users and the Flix servers.

Here are the steps needed to create the VPN server:

  1. Go to https://aws.amazon.com/ and Sign In to the Console (an AWS account is required).
  2. Under Build a solution, click the Launch a Virtual Machine link.

    image4.jpg


  3. Under the Name and tags section enter “OpenVPN” in the option “Name” field. This will help you later to distinguish the server you are creating in your AWS account (it will be named OpenVPN).
  4. In the Application and OS images section search for “OpenVPN” and click on the Select link next to it.

    image3.jpg

  5. In the Instance type section select the t2.small (default option) as the server type (1 CPU and 2 GB memory). t2.small is enough for up to 5-10 simultaneous users. If you expect more people to be connected at the same time, you should use t2.medium (2 CPUs and 4 GB memory).

    image4.jpg


  6. If you have a key pair already, go ahead and use it. If not, click Create new key pair, enter a name for the key, and click on Create Key Pair to download a .pem file. Keep it safe as this will be the only way to access your instance.
  7. Creating additional servers in AWS requires all servers to be on the same VPC (Virtual Private Cloud) and subnet.
    It is important to take note of the VPC and subnet (all Flix servers will need to use the same VPC and subnet so they can communicate with each other). Check the subnet’s IP range here - https://console.aws.amazon.com/vpc/home#subnets
    The IP information is available under the IPv4 CIDR section. The IP range in this example is 172.31.16.0/20
  8. To change the default network settings click on the Edit link next to Network Settings and:

    image7.jpg
    1. Make sure the Auto-assign Public IP option is Enabled.
    2. The predefined rules are sufficient - TCP: 22, 443, 943, 945, and UDP 1194. The rules must be open to the IP addresses users will be using. 0.0.0.0/0 will allow access from every IP on the internet.
    3. At the bottom of the Networking section click on the “Advanced Networking Configuration”
    4. Under “Network interface 1” add a custom “Primary IP”. This IP will need to be in the IP range for the subnet you are using. In this example, it is 172.31.16.101
  9. Check all the details are correct, then click Launch Instance.
  10. A popup will appear asking you to select a key pair. Select the key you created.
  11. Wait until the instance is done initializing.
  12. Left as is, the instance will have a different public IP address every time it is restarted. This will require users to manually change their VPN settings, every time the VPN server is restarted. To prevent that, assign the VPN server an elastic IP.
    1. Go to https://console.aws.amazon.com/vpc/home#Addresses: and click on Allocate Elastic IP address.
      image2.jpg

    2. Optionally add an identifier tag, for example, Key: Name Value: OpenVPN (this will help you identify the Elastic IP address).
    3. Click on Allocate
    4. Select the OpenVPN instance and click on Associate. Take note of this IP address, you will need it to connect to the server.
  13. Connect to the server using the command below where KEY is the key pair used to create the server, and IP is the elastic IP address of the VPN server. You can start ssh from an OSX terminal, Windows PowerShell, or a separate program.ssh -i KEY openvpnas@IP
  14. Once connected to the server, the OpenVPN software installation will initiate. Default settings are sufficient. At the end of the setup process, you will see an “Admin UI” address. Take a note of it.
  15. Change the password for the openvpn user on the VPN server by running the following command:sudo passwd openvpn
  16. Connect to the OpenVPN admin web interface using the “Admin UI” address from step 14. It should look like - https://IP:943/admin where IP is the elastic IP created in step 12. The VPN server uses a self-signed certificate. Chrome actively blocks self-signed certificate connections, but you can use a different browser such as Firefox. You need to click on “Advanced” and “Accept the Risk and Continue”. This is the page to change VPN settings.

    image1.png


  17. Connect to the OpenVPN client web interface. The URL is the same as for the admin interface except for the admin part at the end - https://IP:943/ Use this page to download the VPN Client.
  18. Install the VPN Client on the artist's computer. This will need to be installed on every computer which will use Flix.

NOTE: All cloud and third-party technologies mentioned in this article are reference examples only and are not supported by Foundry. The above list of steps and example setups are provided as guidance only and are not intended to be followed and used in production. Please coordinate with your IT Administrator to set up a similar network or cloud workflow that can be used by your studio.

 

NOTE: This guide is using the latest version of Amazon and Foundry technologies available in June 2022.

 

FURTHER READING 

This article is part of a series of articles explaining how to set up a Flix cluster in the cloud behind a VPN server. The full list can be found here: 

    We're sorry to hear that

    Please tell us why