Multi-Path Room - Add and Manage Connections
This article goes over the process to configure and manage a connection in a Multi-Path Room, a Tehama Room with network access type 'Multi-Path'.
See the Multi-Path Room Connectivity User Guide for more information on Multi-Path Rooms.
Overview
Configure a connection to your Multi-Path Room to provide access to your private network.
Note: Multi-Path connections are optional in a Multi-Path Room. Without any connections, the Room will provide access to the internet (constrained by your Room's firewall settings).
There are two parts involved in forming a new connection:
- Add/initiate a new connection entry in your Multi-Path Room. This creates a unique pre-shared key. Enter your private network's public IP address and at least one target subnet (with a descriptive name) from your private network.
See the section 'Add a Connection' below for instructions to add an entry in your Multi-Path Room. - Create a VPN IPSec connection in your private network and link it to your new connection entry using the pre-shared-key value, and the Room's IP address and subnet.
See the section 'Create a VPN IPSec Connection' below for a list of examples of such connections in different 3rd-party private network environments.
After forming the new connection be sure to:
- configure your private network's firewall configuration to allow access to your Room's IP address and ports.
and
- configure your Room's firewall rules to allow your Room to access resources in your private network.
You can view and edit connection details, and delete the connection:
What is a Multi-Path Pre-shared key
Each Multi-Path connection has a unique pre-shared key. This is a string of text. It is generated when you first add the connection to your Multi-Path Room, and exists for the lifetime of the connection.
You use this pre-shared key to form a VPN IPSec connection in your private network. It is used to authenticate the VPN tunnel with the connection infrastructure in your Multi-Path Room.
View a Multi-Path Connection's Pre-shared key
Only the Org Admin users and Org Managers and Room Managers (who are members of the Room) of a Room's connected organization (owner+connected or connected-only) can view/edit the details of a connection in the Room, including the pre-shared key. Check the description of your custom role, to see if you can view/edit connection details.
You can find the pre-shared key for a connection in your Room as follows:
- Log in to the Tehama Web UI.
- Click on the ROOMS tab.
- Click on the name of the Room you want to access. You will see the Room's interface. The tabs you will see depends on the role you have within your organization.
- Click on the CONNECTION tab.
- Click on the STATUS sidebar item.
- Look for the table of connections midway down the STATUS page. There will be one entry for each VPN IPSec connection you have added to your Room. (If you do not see the table then you do not have permission to see the connection info in this Room - and remember that the table is only visible when 'Network Access' is set to 'Multi-Path'.)
- Locate the entry for your connection.
- Click on the name of the connection. This displays the Network connection details page.
- Click on the EDIT button. This displays the Edit connection page.
- Observe the Pre-shared key field in the Room information section of the page. It displays the value of the key. Copy it by clicking on the copy icon at the end of the field.
Add a Connection
Only the Org Admin users and Org Managers and Room Managers (who are members of the Room) of a Room's connected organization (owner+connected or connected-only) can add a connection to the Room. Check the description of your custom role, to see if you can perform this action.
- Log in to the Tehama Web UI.
- Click on the ROOMS tab.
- Click on the name of the Multi-Path Room you want to connect to your private network. You will see the page for the Room.
- Click on the Room's CONNECTION tab, if you are not already on this tab.
- Click the ADD CONNECTION button. You will see the form for creating a new connection.
- In the new connection form, enter the following information:
- Name - enter a meaningful name for your new connection.
- Description (optional) - enter a description for your new connection.
- Target Subnets - enter at least one subnet from your private network.
- click on + Add more to bring up fields for more target subnets.
- Public IP Address - enter your private network's public IP address.
Note: You may not have the public IP address at this point, nor the target subnet(s). This may be the case if, for example, your network is in an AWS VPC, and you need to create the VPN (using the pre-shared key) before you can get these values. In that case, just leave these fields blank, skip ahead to copying the values below, then leave this connection form up while you create a VPN IPSec connection in your private network. Once you have the public IP address and target subnet(s), come back to this form, enter the values, and click CONNECT.
- Copy the Pre-shared key value, to use when creating a VPN IPSec connection in your private network.
- Copy the Room IP value, to use when creating a VPN IPSec connection in your private network,
- Copy the Room subnet value, to use when creating a VPN IPSec connection in your private network.
- Click CONNECT. The new entry will show up in the table on the Room's CONNECTIONS page.
Now move on to create a VPN IPSec connection in your private network using the data you copied above.
Create a VPN IPSec Connection
- You will need access to the connections details, including the pre-shared key and the Room's IP address and subnet. Only the Org Admin users and Org Managers and Room Managers (who are members of the Room) of a Room's connected organization (owner+connected or connected-only) can view/edit these details of a connection in the Room. Check the description of your custom role, to see if you view/edit connection details.
- You will need the ability to create a VPN IPSec (IKE2) connection in your private network. This may mean you require admin access to the network's router, or management privileges in the network's cloud environment.
You will need to create a VPN IPSec (IKE2) connection in your private network and link it to the new connection entry you have added to your Multi-Path Room, using its pre-shared-key value, and the Room's IP address and subnet.
Each network setup has a different way of adding such connections. Tehama provides you with instructions to create connections in four of the more common network setups.
- Connect to an AWS VPC
- Connect to an Azure VNet
- Connect to a Cisco (IOS) Router
- Connect to an OCI VCN
- Connect to a VyOS Router
If your network setup is not in the above list, look for documentation for your network router, or cloud environment that describes how to add a VPN IPSec (IKE2) connection.
After your VPN IPSec connection has been created, be sure to configure your private network's firewall configuration to allow access to your Room's IP address and ports.
View Connection Details
Only the Org Admin users and Org Managers and Room Managers (who are members of the Room) of a Room's connected organization (owner+connected or connected-only) can view/edit the details of a connection in the Room. Check the description of your custom role, to see if you can view/edit connection details.
The details for a connection include the private network's public IP address and all the target subnets in the connection.
You can view the details of a connection in your Room as follows:
- Log in to the Tehama Web UI.
- Click on the ROOMS tab.
- Click on the name of the Room you want to access. You will see the Room's interface. The tabs you will see depends on the role you have within your organization.
- Click on the CONNECTION tab.
- Click on the STATUS sidebar item.
- Look for the table of connections midway down the STATUS page. There will be one entry for each VPN IPSec connection you have added to your Room. (If you do not see the table then you do not have permission to see the connection info in this Room - and remember that the table is only visible when 'Network Access' is set to 'Multi-Path'.)
- Locate the entry for your connection.
- Display the Network connection details page in one of two ways.
Either:- Click on the three vertical dots action menu in the entry. This brings up the list of actions in a dropdown menu.
- Select the 'View' action.
or:
- Click on the name of the connection.
- Observe the public IP address for the private network and a table of all of its target subnets in the connection.
- Note that you can delete all but one of the target subnets in the connection from this page. To do so, click on the trashcan icon () in the entry you wish to delete.
Note: You can view the pre-shared key for the connection from the Edit connection page.
- Note that you can delete all but one of the target subnets in the connection from this page. To do so, click on the trashcan icon () in the entry you wish to delete.
Edit a Connection
Only the Org Admin users and Org Managers and Room Managers (who are members of the Room) of a Room's connected organization (owner+connected or connected-only) can edit the details of a connection in the Room. Check the description of your custom role, to see if you can perform this action.
You can edit a connection in your Room as follows:
- Log in to the Tehama Web UI.
- Click on the ROOMS tab.
- Click on the name of the Room you want to access. You will see the Room's interface. The tabs you will see depends on the role you have within your organization.
- Click on the CONNECTION tab.
- Click on the STATUS sidebar item.
- Look for the table of connections midway down the STATUS page. There will be one entry for each VPN IPSec connection you have added to your Room. (If you do not see the table then you do not have permission to see the connection info in this Room - and remember that the table is only visible when 'Network Access' is set to 'Multi-Path'.)
- Locate the entry for your connection.
- Display the Edit connection page in one of two ways.
Either:- Click on the name of the connection. This displays the Network connection details page.
- Click on the pen icon in the top right of the page.
or:
- Click on the three vertical dots action menu in the entry. This brings up the list of actions in a dropdown menu.
- Select the 'Edit' action.
- Make the desired changes.
- Note that you can delete all but one of the target subnets in the connection from this page. To do so, clear the fields containing the target subnet and name that you wish to delete.
- Click SAVE.
Delete a Connection
Only the Org Admin users and Org Managers and Room Managers (who are members of the Room) of a Room's connected organization (owner+connected or connected-only) can delete a connection from the Room. Check the description of your custom role, to see if you can perform this action.
You can delete a connection from your Room as follows:
- Log in to the Tehama Web UI.
- Click on the ROOMS tab.
- Click on the name of the Room you want to access. You will see the Room's interface. The tabs you will see depends on the role you have within your organization.
- Click on the CONNECTION tab.
- Click on the STATUS sidebar item.
- Look for the table of connections midway down the STATUS page. There will be one entry for each VPN IPSec connection you have added to your Room. (If you do not see the table then you do not have permission to see the connection info in this Room - and remember that the table is only visible when 'Network Access' is set to 'Multi-Path'.)
- Locate the entry for your connection.
- Click on the three vertical dots action menu in the entry. This brings up the list of actions in a dropdown menu.
- Select the 'Delete' action. This will delete the entry.
Network Firewall Configuration
If you have a firewall in your network, be sure to allow access to the Room IP and ports, or the Room subnet for your Multi-Path Room.
Look for documentation for your network router, or cloud environment that describes how to add rules to your firewall.