-
Notifications
You must be signed in to change notification settings - Fork 2
General On Demand IPSec Setup
Taylor Zane Glaeser edited this page Nov 7, 2016
·
2 revisions
The recommended method to connect Crestron processors to the Crescendo Cloud (CC) servers, is setting up on-demand IPSec VPN connections.
At a high-level this involves the following:
- Router is set up to connect to CC server's VPN
- The client must request credentials from Crescendo Cloud to use the VPN functionality.
- This is currently a manual process, but will be ultimately automated
- Router is set up to allow requests for VPN connections
- This can be done through port knocking (e.g.
knockd
) - There may be other solutions if port knocking is not available
- Router has rules configured to redirect all traffic from the external CC server IP to the VPN CC server IP
- These can be set up to be enabled after a successful port-knock, in order to maintain connections to the CC servers if the VPN connection fails to connect, or if the Crestron processor's request to the router has failed for any reason
- Crestron processor notifies the router that it would like a VPN connection
- Router successfully connects to VPN
- Router enables traffic redirecting
- Router notifies the Crestron processor that the VPN connection is set up
- This may not be necessary as the traffic is being redirected at the router level. The processor may just notice a blip in traffic.
- Crestron processor disconnects from processor
- Router disables traffic redirecting
- Router closes VPN connection