Doorman is a VPN (virtual private network) service that helps to secure traffic between you and your servers for management purposes. This is not a VPN solution between servers for web traffic.
To leverage Doorman, you will need to have Two Factor Authentication (2FA) enabled on your the Equinix Metal™ account.
Once you have 2FA enabled, a new section will be available; the Customer VPN. Click the toggle to enable Doorman.
To enable Doorman through the API, send a
POST request to the
curl -X POST -H 'X-Auth-Token: <API_TOKEN>' https://api.equinix.com/metal/v1/user/vpn
Downloading the VPN Configuration
After you turn it on, you will see the option to download the OpenVPN configuration files for each of Equinix Metal’s facilities. Configuration files are only available for a few locations, but any doorman can reach any of your server's backend IP in any facility (except
hkg1). Select the location from the menu that is the closest point of entry. Save the configuration file.
You can also retrieve the config files from the API by sending a
GET request to the
/user/vpn endpoint. You need to specify which location you would like the configuration files from as the query parameter
?code=<facility_code>. For example, if you would like the configuration files from the Amsterdam, you would use
curl -X GET -H 'X-Auth-Token: <API_TOKEN>' https://api.equinix.com/metal/v1/user/vpn?code=<facility_code>
You can then save the response as a configuration file. If you do not have Doorman VPN enabled on your account, the response will be an error.
Connecting with Doorman VPN
After downloading the config files, and importing them into your VPN client, start the connection. The login credentials will be:
- Username: - The username is your Equinix Metal account email.
- Password: - The password is the current 2FA token concatenated with your Equinix Metal account password. (This does mean that the password changes over time).
For example, if the your account password is
equinixmetal-rocks-2021 and the 2FA token is
123456, the VPN password would be
Once the connection is successful, you will be able to ping your server’s Private IPs, as well as connect via SSH.
ssh email@example.com Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-47-generic x86_64) ... root@vpn:~#
To disable Doorman, you can click the toggle next to Configure VPN in the Security tab of your Personal Settings.
To disable Doorman through the API, send a
DELETE request to the
curl -X DELETE -H 'X-Auth-Token: <API_TOKEN>' https://api.equinix.com/metal/v1/user/vpn