Introduction to vGateway
Overview
In this document, you’ll become familiar with the concepts and basic features of Acreto vGateway.
Functionality
Acreto vGateway is a software appliance that allows simple connectivity between branch offices, on-premise data centers, cloud platforms, and Acreto.
vGateway uses 2 network interfaces:
- WAN (usually the first interface on the device / VM) - used to communicate with the Internet.
- LAN (usually the second interface on the device / VM) - used to communicate with the local network.
vGateway acts as a gateway, allowing bidirectional communication between Acreto and the local network using an IPsec connection.
Devices (workstations, VMs, servers, etc.) in the local network should use vGateway’s LAN IP address as their default gateway. vGateway forwards traffic coming to its LAN interface to Acreto, and then sends traffic received from Acreto to its local destination.
Requirements
Supported Platforms
Acreto vGateway is supported on the following platforms:
- KVM (qcow2)
- VMware ESXi (.vmdk)
- VirtualBox (.vdi)
- Microsoft Hyper-V (.vhdx)
- Microsoft Azure (.vhd)
- Raspberry Pi 3 and 4
Network Connectivity
vGateway LAN interface should be connected to the LAN network. All devices in the LAN network should use vGateway as a default gateway.
vGateway WAN interface should be connected to the internet router.
Firewall
Acreto vGateway communicates with Acreto using IPv4 and IPsec protocol. To allow networking connectivity, the firewall needs to allow communication on the following ports and protocols:
- Protocol: UDP, ports: 500, 4500
- Protocol: ESP
You can find a list of IP networks used by Acreto on IPv4 and IPv6 subnets page.
NAT
Acreto vGateway can be installed behind NAT. However, if you are installing more than one vGateway behind the same NAT device, each of them must get a different public IP address.
In addition, the NAT device should have IPsec Passthrough enabled.
Example
In a deployment involving two vGateway devices (192.0.2.10, 192.0.2.11), the NAT device needs to have at least two public IP addresses (198.51.100.10, 198.51.100.11) and define Source NAT rules to assign a different public IP address to each vGateway. In this case:
- to vGateway 1 - 198.51.100.10
- to vGateway 2 - 198.51.100.11
Specification
- Base OS:
- Raspberry Pi version: Ubuntu 20.04 (LTS)
- Other platforms: Ubuntu 18.04.5 (LTS)
- Disk size (raw): 5400 MB
- Open ports:
- TCP 22 (SSH)
- UDP 500, UDP 4500 (ipsec)
Configuration
Web-based Configuration
The recommended way to configure Acreto vGateway is to modify configuration at https://wedge.acreto.net, and then generate and download a new image.
Manual Configuration
Acreto vGateway is a Linux-based solution. Administrators can connect and manage vGateways using SSH protocol and standard Linux tools. To get access credentials for your vGateway, please contact support.
vGateways with configuration modified by administrators might not be supported by Acreto.
The network configuration of Acreto vGateway is implemented using Netplan configuration files, placed in /etc/netplan. Refer to the Netplan website for more information.
IPsec connections are established using a Strongswan ipsec.conf
configuration format, placed in /etc/ipsec.d/*.conf
on the vGateway. The list of subnets that should be routed through Acreto is stored in /etc/ipsec.d/*.route
files.
Alternatives
You can find other connectivity options on the Connect to the Acreto platform page.
Licensing Information
Acreto vGateway uses OpenSource software that is part of Ubuntu Linux. You can find more licensing information on the Ubuntu website, at https://ubuntu.com/licensing.