Accessing XCP host outside of private network
-
We're running a test XCP-NG host at our office and want to add it to our XOA appliance which is at our DC. I assume that we would need to do port forwarding from our local network.
Which ports are needed to be open and can we elect a custom port? I see when we add servers we can select the port, is just not sure if there are other ports that also need to be opened / forwarded?
-
Hi,
Don't do that if you don't have a tunnel in the first place. Alternatively you should use XO Proxies, that's exactly the use case if you don't have a VPN/tunnel and so on https://xen-orchestra.com/blog/xo-proxy-a-concrete-guide/
-
@olivierlambert when will there be any information on doing this via from the source?
-
Hi,
We have other priorities right now, but you should be able to build it yourself, everything is available. It won't be fully automated to deploy though
-
Have you considered mesh VPN like Tailscale?
-
@mauzilla We had all our servers on private 10 networks and were heavily firewalled plus used VPN to get in with fixed VPN individually assigned addresses that were the only ones allowed to access those hosts. It's not worth the security risk to leave your servers open to the world with public addresses.
-
@rRobbie would that run directly on the host or do you need to do a VM then have it loop back to the host kinda idea?
-
I studied all these possibilities, Tunnels, VPN etc.
The fastest, simplest, relatively safe, and very easy to implement was with wireguard, server to server.
I now have 2 networks connected via the internet using wireguard, completely transparent.
If you have any questions, I can help you.
-
@Finallf said in Accessing XCP host outside of private network:
I studied all these possibilities, Tunnels, VPN etc.
The fastest, simplest, relatively safe, and very easy to implement was with wireguard, server to server.
I now have 2 networks connected via the internet using wireguard, completely transparent.
If you have any questions, I can help you.
I forgot to mention that for this to work, you need to have 2 fixed real IPs.
At least one on each side -
@Finallf I'd love to hear about your setup. Are you installing wireguiard in dom0 or are you setting up an wireguard appliance as a domU VM?
-
@xcpnguser said in Accessing XCP host outside of private network:
@Finallf I'd love to hear about your setup. Are you installing wireguiard in dom0 or are you setting up an wireguard appliance as a domU VM?
I'm on a VM with debian12 minimal installation.
-
@johnd It would be great however when installed xcp doesn't see it a valid management interface
-
I'm using ZeroTier and access works, except for the console view.
