Deployment Instructions
Pre-requisites
- Create a Workspace, if not already done
- Create a user group in the Workspace admin console that requires secure private access (if different from admin)
- Add more users to the user group created, as and if needed.
- Create CGW and add Trust Paths in the Workspace admin console. (Please see next section for details)
- Associate the user group with the Trust Path created
Steps to Add Cyber Gateway (CGW) in admin console
Click on “Add gateway” in Gateway section
Select Gateway Type as “LAN/WAN Interface”. Fill in the details and create Gateway, followed by Trustpath.
Subnet – Please enter LAN subnet ( i.e. 192.168.57.0/24). This will be added Trustpath automatically to Gateway, so no need to add this as Trustpath again.
DHCP (Yes/No) – Please select ‘Yes’ if DHCP server to be started with CGW
HA (Yes/No) – Please select ‘Yes’ if CGW to be deployed in High Availability mode. 2 Ubuntu VMs or Orange Pi boxes needed for HA setup.
SIA via Mesh – Please select ‘Yes’ if all traffic routed via Cybermesh. Traffic routing via mesh is not needed for most of the deployments as CGW provides required Firewall and security functions.
Steps to Install Cyber Gateway (CGW) on Primary Node
- Login to Ubuntu VM or OrangePi R1 Plus LTS box
- Copy Single click installation command from admin console as shown below
Click on icon as show below to copy script to clipboard
- Paste the command copied from admin console in VM/Pi box shell
- This will install all necessary packages for CGW. While installation is in progress, you will be asked to select LAN, WAN Interfaces as shown below
- This step not applicable for OrangePi based systems and reboot can be skipped. Ubuntu VM/BM needs restart after bootstrap
sudo reboot -h 0
- After reboot execute the commands below:
This command will bring up the CGW and once that is done, it show status. You can see connected status on admin console on Gateways section.
Steps to Install Cyber Gateway (CGW) on Secondary Node
- Paste the command copied from admin console in VM/Pi box shell in Secondary Node
sudo apt update; sudo apt install curl -y; bash <(curl -sSL https://clientreleases.s3.us-west-1.amazonaws.com/ngcgw/install/xncgw_install.sh) exiumngcnind,cgw.1111,cc258a62-1af1-11ee-aec3-111111,192.168.27.0/24,no,no,no,S
- Replace “P” with “S” in the command and execute in the shell
- This will install all necessary packages for CGW. While installation is in progress, you will be asked to select LAN, WAN Interfaces as shown below
- This step not applicable for OrangePi based systems and reboot can be skipped. Ubuntu VM/BM needs restart after bootstrap
sudo reboot -h 0
- After reboot execute the commands below:
DHCP configuration:
DHCP Server will be started and enabled when ./start-cgw.sh is invoked. You can verify the DHCP configuration by accessing DHCP server.
access DHCP server at http://x.x.x.x:8080/#dhcp. (You can use WAN IP to access this, x.x.xx: replace with WAN IP). You can edit configuration and enable DHCP on LAN as shown below if needed.
save DHCP configuration
Device connectivity
Once DHCP server is up, devices can get IPs from CGW – DHCP server
CGW UI
Access CGW UI at http://LAN_gateway_IP:
handling errors seen during installation:
while running ./start-cgw.sh if redis error seen as following
import redisModuleNotFoundError: No module named 'redis'Please run following command
pip3 install redis
while running ./start-cgw.sh script gives error as permission denied for docker-compose, Please run following commands from shell and execute script again
# Add current user to Docker group
sudo usermod -aG docker $USER
newgrp docker
Other utility tools:
static Ip can be allocated by editing net plan. Edit templates/01-netcfg.yaml for LAN IP
cp -fr 01-netcfg.yaml /etc/netplan/
sudo netplan apply