VPN Service

The VPN service will extend your local machine into the private network group of an environment. This gives you the choice to never expose critical container instances (like databases) to public internet.

Configuring the VPN Service

The service is automatically created in every environment, but as per Cycle's security philosophy, it is disabled by default.

To configure the VPN service, follow these steps:

  1. Click the Environments tab on the navigation menu to the left.
  2. Select the environment who's VPN service you wish to configure from the list.
  3. Check to see if the load balancer service is running. If not, click on the link to the load balancer container from the list of services below container count and start it manually by holding the start button located at the top of the page.
  4. Select the VPN tab underneath the environment name.
  5. Click the Enable button.

User Login

For simplicity, the VPN service provides the option to allow any Cycle user with permission to access the environment, permission to access the VPN as well. They will be able to log in with their Cycle username/password. Check the box that says "Allow Cycle User Access", then click "Update".

The VPN service also provides the option to use an Access Control List (ACL) to limit who can connect. Specify a username and password for the user and add them to the list. Enabling either form of user authentication requires you to click the checkbox next to your preferred method on the VPN dashboard.

Make sure you click Update VPN Access after making any changes.

Download Connection File

Cycle automatically generates the OpenVPN file necessary to connect to the service. In the top right corner, click Download VPN File.

Interacting with Your Environment while Connected to the VPN

Now that you are connected to the environment VPN, your local machine is a part of the private network group. If you want to reach a container you can access it via hostname. Try using ping hostname where hostname = the container instance your trying to reach or if your containers are a part of a Cycle network try ping hostname.network to reach an instance in another environment. If your container is a browser based program, you can access it via the browser by using the address http://hostname.cycle:port.

You may need to append the .cycle TLD to your container hostname. The reason would be to let your terminal or browser know that you want to use the Cycle discovery service explicitly instead of letting it decide on its own.

Need Help?

If you've got questions about the platform or need some help getting started, our team is more than happy to assist. Whether you're new to containers or just new to Cycle, reach out to us via livechat by clicking the blue circle in the bottom right corner. Join our Slack channel, and get help from the dev team or other members of the community, and check out our Roadmap to see what's planned for the future!