Configure VPN Connections

In order to use Cove Data Protection (Cove)'s Disaster Recovery as a Service, you must ensure the correct configuration of VPN Connections.

Before beginning with configuration, ensure you have met the Requirements.

VPN configuration is completed by following these steps:

Step 1: Download VPN Appliance

  1. Sign in to the Cove Management Console using a SuperUser or Manager account.
  2. Navigate to Continuity > DRaaS > VPN Connections
  3. Select the inactive VPN Connection Name for the customer/tenant or highlight and click Configure VPN connection

  4. In the Download and deploy VPN appliance section, click Download appliance
  5. Select the VPN appliance of either:
    1. Hyper-V appliance
    2. VMWare appliance

      3. The zip file that is downloaded includes two folders: Virtual Hard Disks containing the Virtual Machine image and Virtual Machines containing various Hyper-V or VMWare ESXi virtualization files.

  6. Click Generate token

    A token cannot be reused. If you have lost the token or it has expired, to generate a new one you need to go to VPN connection settings and click the Generate token button.

    Regenerating the token will break the VPN connection. To restore access, update your appliance with the new token.

  7. Take a copy of the token to be used in Step 3.
  8. Click Save Changes to close the window.

Step 2: Deploy and configure VPN Appliance VM

Extract the files from the VPN appliance download folder to create or import the Virtual Machine on your on-premises host using the instructions below:

Hyper-V (Recommended)

  1. Open Hyper-V Manager.
  2. Select Import Virtual Machine.
  3. Choose the extracted VM folder (cove-draas-vpn-appliance).
  4. During import, ensure the VM is connected to the correct on-premesis virtual switch/network.

    Attach the appliance to the network segment you intend to stretch/extend toward the DR environment.

  5. Right-click the VPN appliance VM and select Settings > Security.
  6. Under Encryption Support, enable Trusted Platform Module.

    7. Virtual TPM is supported for Generation 2 VMs. If TPM cannot be enabled, confirm the VM generation and redeploy accordingly.

  7. In the same Settings window, go to Network Adapter > Advanced Features.
  8. Enable MAC address spoofing.

During import, make sure that the Network Connection from the dropdown is the one corresponding to the subnet chosen when the failover was started.

VMWare ESXi

Before beginning, ensure that your ESXi network is configured with Promiscuous Mode, MAC Address Changes, and Forged Transmits all set to Accept.

  1. Log in to the ESXi web interface.
  2. Right-click on your host name and select Deploy OVF Template.
  3. Upload the .ova file from the extracted archive when prompted.
  4. Continue through the wizard, specifying the VM name, storage location, and other configuration details.
  5. Assign the VM to the network adapter corresponding to the segment you intend to stretch toward DR.
  6. Click Finish and wait for the deployment to complete.
  7. Navigate to the VPN appliance VM then click Actions > Edit Settings > Add New Device > Trusted Platform Module.
  8. Click OK and wait for the VM to be reconfigured.

    9. vTPM on ESXi requires a configured Key Provider. If TPM cannot be added, verify your key provider setup and VM compatibility level.

Step 3: Initialize VPN Application VM and Validate

  1. Login to the Hyper-V Manager or ESXi web interface
  2. Start the Virtual Machine
  3. When logging in to the VPN appliance VM for the first time, use the temporary credentials:
    • Username: vpn-agent
    • Password: vpn-agent

    4. You are prompted to reset the credentials after successfully logging in the first time.

    For all subsequent times logging on to the VM, login using your custom password.

  4. If you do not use DHCP in your network, or wish to change the settings automatically assigned by your DHCP server:
    1. From the appliance console, select 2. Configure Network Settings
    2. Select 2. Use Static Settings mode and configure: 
      1. IPv4 address with prefix
      2. Default gateway
      3. DNS Servers (separated by a space)
      4. Confirm the static settings by entering Yes or No
  5. From the appliance console, select 3. Initialize VPN Agent
  6. Enter the token taken from Step 1.6 as the initialization token
  7. Press Enter to complete initialization
  8. Return to the VPN Connections Dashboard in Cove's Management Console
  9. Check the VPN connection's tunnel status. If successful, the VPN connection status is changed to Active

    10. If the tunnel is showing as inactive, check that the VM appliance has internet access and firewall allowance.

For test failover, ensure that you use different IPs from your real production workload to avoid conflicts.

To disconnect the VPN connection, you can power off the VPN appliance on your production side, keeping it available for future recovery tests.

Optional: Switch to DHCP Settings

If you have previously configured Static Settings, but wish to switch back to using your networks DHCP automatically assigned settings:

  1. Login to the VPN appliance VM
  2. From the appliance console, select 2. Configure Network Settings
  3. Select 1. Use DHCP mode: 
    1. Switch to DHCP: Yes or No
  4. Hit Enter to confirm the change and exit the network settings configuration