Skip to main content

VPN Service

Joining the environment VPN will join your machine to the private network of the environment. This gives you the choice to never expose critical container instances (like databases) to public internet.

Configuring the VPN Service#

The service is automatically created in every environment, but as per Cycle's security philosophy, it is disabled by default.

To configure the VPN service, follow these steps:

  1. Click the Environments tab on the navigation menu to the left.
  2. Select the environment who's VPN service you wish to configure from the list.
  3. Check to see if the load balancer service is running. If not, click on the link to the load balancer container from the list of services below container count and start it manually by holding the start button located at the top of the page.
  4. Select the VPN tab underneath the environment name.
  5. Click the Enable button.

User Login#

For simplicity, the VPN service provides the option to allow any Cycle user with permission to access the environment, permission to access the VPN as well. They will be able to log in with their Cycle username/password. Check the box that says "Allow Cycle User Access", then click "Update".

The VPN service also provides the option to use an Access Control List (ACL) to limit who can connect. Specify a username and password for the user and add them to the list. Enabling either form of user authentication requires you to click the checkbox next to your preferred method on the VPN dashboard.

Make sure you click Update VPN Access after making any changes.

Download Connection File#

Cycle automatically generates the OpenVPN file necessary to connect to the service. In the top right corner, click Download VPN File.

Interacting with Your Environment while Connected to the VPN#

Now that you are connected to the environment VPN, your local machine is a part of the private network group. If you want to reach a container you can access it via hostname. Try using ping hostname where hostname = the container instance your trying to reach or if your containers are a part of a Cycle network try ping hostname.network to reach an instance in another environment. If your container is a browser based program, you can access it via the browser by using the address http://hostname.cycle:port.

Cycle TLD

You may need to append the .cycle TLD to your container hostname. The reason would be to let your terminal or browser know that you want to use the Cycle discovery service explicitly instead of letting it decide on its own.