Connecting to Cloud Networks with Datto VPN Keys
Topic
This article discusses how to connect to a Datto cloud network with OpenVPN 2.4.9 by using VPN keys.
Environment
- Datto Partner Portal
- New Recovery Launchpad
Description
Prerequisites
This article assumes you have already created a network and downloaded the VPN keys for your virtualization.
IMPORTANT To complete this process, you'll need to use an OpenVPN client that supports layer 2 bridging (TAP). Newer versions utilizing layer 3 (TUN) are not supported at this time. You can now access your VPN keys as a preconfigured script for Windows, Linux or Mac OS available for download from the New Recovery Launchpad. Refer to Datto Partner Portal: Adding an organization VPN to a network for more information. You can find download links for OpenVPN 2.5.7 and earlier releases on the OpenVPN downloads page or for Mac OS on the Tunnelblick.net downloads site.
Connecting to cloud networks with your Datto VPN keys
IMPORTANT Do not connect a machine to an offsite VLAN if the networking configuration is the same on both. This configuration can cause conflicts and communication issues.
- Ensure you are using an OpenVPN organization that support layer 2 bridging (TAP), such as OpenVPN 2.5.7 or earlier. Later versions (e.g. 3.x) are not supported
- Open the new Recovery Launchpad and create and download a VPN key (Once created, keys will remain available for 8 hours).
- Right click on the OpenVPN config file on the machine that you'd like to have connected to the cloud network, and select Start OpenVPN on this config file.
- Once the software launches, you will see a pop-up box that displays multiple lines of read and write code. You can minimize the pop-up box to access other network connections such as terminal or VNC.
Figure 1: Connection in progress
Once the software installs, you will be connected automatically.
Troubleshooting
If you experience any connection issues or errors here are some items to check:
- Ensure you are using an OpenVPN organization that support layer 2 bridging (TAP), such as OpenVPN 2.5.7 or earlier.
- Ensure the offsite subnet you are connecting to is different than the local subnet
- The openvpn connection will create a virtual ethernet “tap” adapter on the machine you are connecting from. Double check the adapter’s settings via network and sharing center and/or ipconfig /all. If you have connected to an openvpn network previously and set the adapter to static, it may have the previous address still configured. It also may have failed to grab a dhcp address if there is no dhcp server available on the offsite vlan.
-
Ensure your main LAN interface has a lower metric than the openvpn tap adapter. This is an issue that occurs more often with wifi connections, but can occur when wired as well. To get a list of metric values run
Get-NetIpInterface
from a powershell window.
Use the “InterfaceAlias” column along with network and sharing center, or ipconfig /all to identify your tap adapter and main connection. In the above two images “Ethernet 4” is the tap adapter with a metric set to 80.
The metric can be set with an admin powershell window:
Set-NetIPInterface -InterfaceIndex $Index -InterfaceMetric $metric
Example:
PS C:\windows\system32> Set-NetIPInterface -InterfaceIndex 17 -InterfaceMetric 50
Alternatively network and sharing center can be used:
Figure 4: Network and sharing center