XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Accessing XCP host outside of private network

    Scheduled Pinned Locked Moved Xen Orchestra
    13 Posts 9 Posters 2.6k Views 8 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • mauzillaM Offline
      mauzilla
      last edited by

      We're running a test XCP-NG host at our office and want to add it to our XOA appliance which is at our DC. I assume that we would need to do port forwarding from our local network.

      Which ports are needed to be open and can we elect a custom port? I see when we add servers we can select the port, is just not sure if there are other ports that also need to be opened / forwarded?

      R tjkreidlT 2 Replies Last reply Reply Quote 0
      • olivierlambertO Online
        olivierlambert Vates 🪐 Co-Founder CEO
        last edited by

        Hi,

        Don't do that if you don't have a tunnel in the first place. Alternatively you should use XO Proxies, that's exactly the use case if you don't have a VPN/tunnel and so on https://xen-orchestra.com/blog/xo-proxy-a-concrete-guide/

        J 1 Reply Last reply Reply Quote 2
        • J Offline
          johnd @olivierlambert
          last edited by

          @olivierlambert when will there be any information on doing this via from the source?

          1 Reply Last reply Reply Quote 0
          • olivierlambertO Online
            olivierlambert Vates 🪐 Co-Founder CEO
            last edited by

            Hi,

            We have other priorities right now, but you should be able to build it yourself, everything is available. It won't be fully automated to deploy though 🙂

            1 Reply Last reply Reply Quote 0
            • R Offline
              rRobbie @mauzilla
              last edited by

              @mauzilla

              Have you considered mesh VPN like Tailscale?

              J 1 Reply Last reply Reply Quote 1
              • tjkreidlT Offline
                tjkreidl Ambassador @mauzilla
                last edited by

                @mauzilla We had all our servers on private 10 networks and were heavily firewalled plus used VPN to get in with fixed VPN individually assigned addresses that were the only ones allowed to access those hosts. It's not worth the security risk to leave your servers open to the world with public addresses.

                1 Reply Last reply Reply Quote 0
                • J Offline
                  johnd @rRobbie
                  last edited by

                  @rRobbie would that run directly on the host or do you need to do a VM then have it loop back to the host kinda idea?

                  T 1 Reply Last reply Reply Quote 0
                  • FinallfF Offline
                    Finallf
                    last edited by

                    I studied all these possibilities, Tunnels, VPN etc.

                    The fastest, simplest, relatively safe, and very easy to implement was with wireguard, server to server.

                    I now have 2 networks connected via the internet using wireguard, completely transparent.

                    If you have any questions, I can help you.

                    FinallfF X 2 Replies Last reply Reply Quote 0
                    • FinallfF Offline
                      Finallf @Finallf
                      last edited by Finallf

                      @Finallf said in Accessing XCP host outside of private network:

                      I studied all these possibilities, Tunnels, VPN etc.

                      The fastest, simplest, relatively safe, and very easy to implement was with wireguard, server to server.

                      I now have 2 networks connected via the internet using wireguard, completely transparent.

                      If you have any questions, I can help you.

                      I forgot to mention that for this to work, you need to have 2 fixed real IPs.
                      At least one on each side

                      1 Reply Last reply Reply Quote 0
                      • X Offline
                        xcpnguser @Finallf
                        last edited by

                        @Finallf I'd love to hear about your setup. Are you installing wireguiard in dom0 or are you setting up an wireguard appliance as a domU VM?

                        FinallfF 1 Reply Last reply Reply Quote -1
                        • FinallfF Offline
                          Finallf @xcpnguser
                          last edited by

                          @xcpnguser said in Accessing XCP host outside of private network:

                          @Finallf I'd love to hear about your setup. Are you installing wireguiard in dom0 or are you setting up an wireguard appliance as a domU VM?

                          I'm on a VM with debian12 minimal installation.

                          1 Reply Last reply Reply Quote 0
                          • T Offline
                            timboau @johnd
                            last edited by

                            @johnd It would be great however when installed xcp doesn't see it a valid management interface

                            1 Reply Last reply Reply Quote 0
                            • U Offline
                              uwood
                              last edited by

                              I'm using ZeroTier and access works, except for the console view.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post