Doorman is a virtual private network (VPN) service provided by Equinix Metal™ that helps to secure traffic between you and your servers for management purposes. By enabling Doorman, you will be able to access your servers at their Private IP addresses (which can be helpful if you decide to deploy servers without a Public IP address). Doorman is not a VPN solution between servers for web traffic.
Doorman is also an open-source project developed and maintained by Equinix Metal and available on GitHub.
This document covers configuration and use of Doorman on your Equinix Metal account.
To leverage Doorman, you will need to have Two Factor Authentication (2FA) enabled on your the Equinix Metal account.
Once you have 2FA enabled, a new section will be available in the Security section of your Personal Settings: the Customer VPN. Click the toggle to enable Doorman.
To enable Doorman through the API, send a
POST request to the
curl -X POST -H 'X-Auth-Token: <API_TOKEN>' https://api.equinix.com/metal/v1/user/vpn
Downloading the VPN Configuration¶
After you turn it on, you will see the option to download the OpenVPN configuration files for each of Equinix Metal’s facilities.
Notice that configuration files are only available for a few locations. All of the options can reach any of your server's Private IP address in any facility (except
hkg1), as long as you have enabled Backend Transfer.
Select the location from the menu that is the closest point of entry. Save the configuration file.
You can also retrieve the config files from the API by sending a
GET request to the
/user/vpn endpoint. You need to specify which location you would like the configuration files from as the query parameter
?code=<facility_code>. For example, if you would like the configuration files from the Amsterdam location, you would use
curl -X GET -H 'X-Auth-Token: <API_TOKEN>' https://api.equinix.com/metal/v1/user/vpn?code=<facility_code>
You can then save the response as a configuration file. If you do not have Doorman VPN enabled on your account, the response will be an error.
Connecting with Doorman VPN¶
After downloading the config files, and importing them into your VPN client, start the connection. The login credentials will be:
- Username: - The username is your Equinix Metal account email.
- Password: - The password is the current 2FA token concatenated with your Equinix Metal account password. (This does mean that the password changes over time).
For example, if the your account password is
equinixmetal-rocks-2021 and the 2FA token is
123456, the VPN password would be
Once the connection is successful, you will be able to ping your server’s Private IP address, as well as connect via SSH.
ssh firstname.lastname@example.org Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-47-generic x86_64) ... root@vpn:~#
To disable Doorman, you can click the toggle next to Configure VPN in the Security tab of your Personal Settings.
To disable Doorman through the API, send a
DELETE request to the
curl -X DELETE -H 'X-Auth-Token: <API_TOKEN>' https://api.equinix.com/metal/v1/user/vpn