Skip to content

Doorman VPN

Doorman is a VPN (virtual private network) service that helps to secure traffic between you and your servers for management purposes. This is not a VPN solution between servers for web traffic.

To leverage Doorman, you will need to have Two Factor Authentication (2FA) enabled on your the Equinix Metal™ account.

Enabling Doorman

Once you have 2FA enabled, a new section will be available; the Customer VPN. Click the toggle to enable Doorman.

To enable Doorman through the API, send a POST request to the /user/vpn endpoint.

curl -X POST -H 'X-Auth-Token: <API_TOKEN>' https://api.equinix.com/metal/v1/user/vpn

Downloading the VPN Configuration

After you turn it on, you will see the option to download the OpenVPN configuration files for each of Equinix Metal’s facilities. Configuration files are only available for a few locations, but any doorman can reach any of your server's backend IP in any facility (except hkg1). Select the location from the menu that is the closest point of entry. Save the configuration file.

You can also retrieve the config files from the API by sending a GET request to the /user/vpn endpoint. You need to specify which location you would like the configuration files from as the query parameter ?code=<facility_code>. For example, if you would like the configuration files from the Amsterdam, you would use ?code=ams1. 

curl -X GET -H 'X-Auth-Token: <API_TOKEN>' https://api.equinix.com/metal/v1/user/vpn?code=<facility_code>

You can then save the response as a configuration file. If you do not have Doorman VPN enabled on your account, the response will be an error.

Connecting with Doorman VPN

After downloading the config files, and importing them into your VPN client, start the connection. The login credentials will be:

  • Username: - The username is your Equinix Metal account email.
  • Password: - The password is the current 2FA token concatenated with your Equinix Metal account password. (This does mean that the password changes over time).

For example, if the your account password is equinixmetal-rocks-2021 and the 2FA token is 123456, the VPN password would be 123456equinixmetal-rocks-2021.

Once the connection is successful, you will be able to ping your server’s Private IPs, as well as connect via SSH.

ssh root@10.100.237.133
Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-47-generic x86_64)
...
root@vpn:~#

Disabling Doorman

To disable Doorman, you can click the toggle next to Configure VPN in the Security tab of your Personal Settings.

To disable Doorman through the API, send a DELETE request to the /user/vpn endpoint.

curl -X DELETE -H 'X-Auth-Token: <API_TOKEN>' https://api.equinix.com/metal/v1/user/vpn