Configure VPN Connections

In order to use Cove Data Protection (Cove)'s Disaster Recovery as a Service, you must ensure the correct configuration of VPN Connections.

Before beginning with configuration, ensure you have met the Requirements.

VPN configuration is completed by following these steps:

Step 1: Download VPN Appliance

  1. Sign in to the Cove Management Console using a SuperUser or Manager account.
  2. Navigate to Continuity > DRaaS > VPN Connections
  3. Select the inactive VPN Connection Name for the customer/tenant or highlight and click Configure VPN connection

  4. In the Download and deploy VPN appliance section, click Download appliance
  5. Select the VPN appliance of either:
    1. Hyper-V appliance

      The .zip file that is downloaded includes the Virtual Hard Disk containing the Hyper-V Virtual Machine image

    2. VMWare appliance

      The .ova file that is downloaded is the VMWare virtual machine image

  6. Click Generate token

    A token cannot be reused. If you have lost the token or it has expired, to generate a new one you need to go to VPN connection settings and click the Generate token button.

    Regenerating the token will break the VPN connection. To restore access, update your appliance with the new token.

  7. Take a copy of the token to be used in Step 3.
  8. Click Save Changes to close the window.

Step 2: Deploy and configure VPN Appliance VM

Extract the files from the VPN appliance download folder to create or import the Virtual Machine on your on-premises host using the instructions below:

Hyper-V (Recommended)

  1. Open Hyper-V Manager.
  2. Select New > Virtual Machine.
  3. Specify the VM Name and Location.
  4. Select Generation 2.
  5. Set Startup Memory to 4094 MG (recommended).

    Dynamic Memory is optional

  6. Select the virtual switch that should provide VPN connectivity to restored Cove DRaaS devices.
  7. Select Use an existing virtual hard disk, then choose the disk file from the VPN Appliance download folder.
  8. Finish and close the wizard.

After the Virtual Machine is created:

  1. Open the VM Settings
  2. Go to Security, then enable Trusted Platform Module.
  3. Change the Template from Microsoft Windows to Microsoft UEFI Certificate Authority.
  4. Navigate to Network Adapter > Advanced Features, and enable MAC address spoofing.
  5. If required, change the number of virtual processors to 2.

    Dynamic Memory is optional; if enabled, set minimum RAB to at least 1024 MB.

  6. Select OK to save changes and close Settings.

Now Configure VPN Connections.

VMWare ESXi

Before beginning, ensure that your ESXi network is configured with Promiscuous Mode, MAC Address Changes, and Forged Transmits all set to Accept.

  1. Log in to the ESXi web interface.
  2. Right-click on your host name and select Deploy OVF Template.
  3. Upload the .ova file from the extracted archive when prompted.
  4. Continue through the wizard, specifying the VM name, storage location, and other configuration details.
  5. Assign the VM to the network adapter corresponding to the segment you intend to stretch toward DR.
  6. Click Finish and wait for the deployment to complete.
  7. Navigate to the VPN appliance VM then click Actions > Edit Settings > Add New Device > Trusted Platform Module.
  8. Click OK and wait for the VM to be reconfigured.

    9. vTPM on ESXi requires a configured Key Provider. If TPM cannot be added, verify your key provider setup and VM compatibility level.

Step 3: Configure VPN Connections

  1. Login to the Hyper-V Manager or ESXi web interface
  2. Start the Virtual Machine
  3. When logging in to the VPN appliance VM for the first time, use the temporary credentials:
    • Username: vpn-agent
    • Password: vpn-agent

    4. You are prompted to reset the credentials after successfully logging in the first time.

    For all subsequent times logging on to the VM, login using your custom password.

  4. If you do not use DHCP in your network, or wish to change the settings automatically assigned by your DHCP server:
    1. From the appliance console, select 2. Configure Network Settings
    2. Select 2. Use Static Settings mode and configure: 
      1. IPv4 address with prefix
      2. Default gateway
      3. DNS Servers (separated by a space)
      4. Confirm the static settings by entering Yes or No
  5. From the appliance console, select 3. Initialize VPN Agent
  6. Enter the token taken from Step 1.6 as the initialization token
  7. Press Enter to complete initialization
  8. Return to the VPN Connections Dashboard in Cove's Management Console
  9. Check the VPN connection's tunnel status. If successful, the VPN connection status is changed to Active

    10. If the tunnel is showing as inactive, check that the VM appliance has internet access and firewall allowance.

For test failover, ensure that you use different IPs from your real production workload to avoid conflicts.

To disconnect the VPN connection, you can power off the VPN appliance on your production side, keeping it available for future recovery tests.

Optional: Switch to DHCP Settings

If you have previously configured Static Settings, but wish to switch back to using your networks DHCP automatically assigned settings:

  1. Login to the VPN appliance VM
  2. From the appliance console, select 2. Configure Network Settings
  3. Select 1. Use DHCP mode: 
    1. Switch to DHCP: Yes or No
  4. Hit Enter to confirm the change and exit the network settings configuration