Connecting to Cloud Networks with Datto VPN Keys

Topic

This article discusses how to connect to a Datto cloud network with OpenVPN 2.4.9 by using VPN keys.

Environment

Datto Partner Portal
New Recovery Launchpad

Description

Prerequisites
Connecting to cloud networks with your Datto VPN keys

Prerequisites

This article assumes you have already created a network and downloaded the VPN keys for your virtualization.

IMPORTANT To complete this process, you'll need to use an OpenVPN client that supports layer 2 bridging (TAP). Newer versions utilizing layer 3 (TUN) are not supported at this time. You can now access your VPN keys as a preconfigured script for Windows, Linux or Mac OS available for download from the New Recovery Launchpad. Refer to Datto Partner Portal: Adding an organization VPN to a network for more information. You can find download links for OpenVPN 2.5.7 and earlier releases on the OpenVPN downloads page or for Mac OS on the Tunnelblick.net downloads site.

Connecting to cloud networks with your Datto VPN keys

IMPORTANT Do not connect a machine to an offsite VLAN if the networking configuration is the same on both. This configuration can cause conflicts and communication issues.

Ensure you are using an OpenVPN organization that support layer 2 bridging (TAP), such as OpenVPN 2.5.7 or earlier. Later versions (e.g. 3.x) are not supported
Open the new Recovery Launchpad and create and download a VPN key (Once created, keys will remain available for 8 hours).
Right click on the OpenVPN config file on the machine that you'd like to have connected to the cloud network, and select Start OpenVPN on this config file.
Once the software launches, you will see a pop-up box that displays multiple lines of read and write code. You can minimize the pop-up box to access other network connections such as terminal or VNC.

Figure 1: Connection in progress

Once the software installs, you will be connected automatically.

Troubleshooting

If you experience any connection issues or errors here are some items to check:

Ensure you are using an OpenVPN organization that support layer 2 bridging (TAP), such as OpenVPN 2.5.7 or earlier.
Ensure the offsite subnet you are connecting to is different than the local subnet
The openvpn connection will create a virtual ethernet “tap” adapter on the machine you are connecting from. Double check the adapter’s settings via network and sharing center and/or ipconfig /all. If you have connected to an openvpn network previously and set the adapter to static, it may have the previous address still configured. It also may have failed to grab a dhcp address if there is no dhcp server available on the offsite vlan.

Figure2: Adapter settings

Ensure your main LAN interface has a lower metric than the openvpn tap adapter. This is an issue that occurs more often with wifi connections, but can occur when wired as well. To get a list of metric values run Get-NetIpInterface from a powershell window.

Figure 3: Interface metric

Use the “InterfaceAlias” column along with network and sharing center, or ipconfig /all to identify your tap adapter and main connection. In the above two images “Ethernet 4” is the tap adapter with a metric set to 80.

The metric can be set with an admin powershell window:

Set-NetIPInterface -InterfaceIndex $Index -InterfaceMetric $metric

Example:

PS C:\windows\system32> Set-NetIPInterface -InterfaceIndex 17 -InterfaceMetric 50

Alternatively network and sharing center can be used:

Figure 4: Network and sharing center

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the ideas forum!
	Provide feedback for the Documentation team.