Doorman VPN
Doorman is a VPN (virtual private network) service that helps to secure traffic between you and your servers for management purposes. This is not a VPN solution between servers for web traffic.
To leverage Doorman, you will need to have Two Factor Authentication (2FA) enabled on your the Equinix Metal™ account.
Enabling Doorman
Once you have 2FA enabled, a new section will be available; the Customer VPN. Click the toggle to enable Doorman.
To enable Doorman through the API, send a POST
request to the /user/vpn
endpoint.
curl -X POST -H 'X-Auth-Token: <API_TOKEN>' https://api.equinix.com/metal/v1/user/vpn
Downloading the VPN Configuration
After you turn it on, you will see the option to download the OpenVPN configuration files for each of Equinix Metal’s facilities. Configuration files are only available for a few locations, but any Doorman can reach any of your server's backend IP in any facility (except hkg1
). Select the location from the menu that is the closest point of entry. Save the configuration file.
You can also retrieve the config files from the API by sending a GET
request to the /user/vpn
endpoint. You need to specify which location you would like the configuration files from as the query parameter ?code=<facility_code>
. For example, if you would like the configuration files from the Amsterdam location, you would use ?code=ams1
.
curl -X GET -H 'X-Auth-Token: <API_TOKEN>' https://api.equinix.com/metal/v1/user/vpn?code=<facility_code>
You can then save the response as a configuration file. If you do not have Doorman VPN enabled on your account, the response will be an error.
Connecting with Doorman VPN
After downloading the config files, and importing them into your VPN client, start the connection. The login credentials will be:
- Username: - The username is your Equinix Metal account email.
- Password: - The password is the current 2FA token concatenated with your Equinix Metal account password. (This does mean that the password changes over time).
For example, if the your account password is equinixmetal-rocks-2021
and the 2FA token is 123456
, the VPN password would be 123456equinixmetal-rocks-2021
.
Once the connection is successful, you will be able to ping your server’s Private IPs, as well as connect via SSH.
ssh root@10.100.237.133
Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-47-generic x86_64)
...
root@vpn:~#
Disabling Doorman
To disable Doorman, you can click the toggle next to Configure VPN in the Security tab of your Personal Settings.
To disable Doorman through the API, send a DELETE
request to the /user/vpn
endpoint.
curl -X DELETE -H 'X-Auth-Token: <API_TOKEN>' https://api.equinix.com/metal/v1/user/vpn