Help connecting vultr instance running access control software over site to site VPN

Hey guys,

As a proof of concept, I was tasked with setting up a vultr instance that runs access control software from a new vendor of ours

The access control software uses DNS to connect, so a VPN is a necessity as far as I understand.

I was able to test and got the vultr box seen on our local network using zerotier, but the IP based locks and controller has a UI that’s pretty bare bones so it’s not like I can install a client on them or anything.

Also, as far as I can tell, I’m pretty limited as far as my access to networking functions on the Vultr side. I can create a virtual adapter and assign it an address, but as far as configuring the remote side of a VPN that’s where I get a little lost.

Trust me, if it was up to me I’d just throw everything on the LAN and be done with it, especially since the vendor doesn’t provide support for anything cloud hosted. But I am genuinely curious what I might be missing here, as the vendor maintains plenty of their partners host in AWS with no issues. Any help would be appreciated.

I am not clear on how ZT plays into this. Normally for private tunnels to cloud hosted apps we connect the on premise firewall to the cloud system and then point the local devices to the IP or DNS entry of the server in the cloud.

Hey Tom,

Appreciate the quick reply

It may not, I was just using zero tier as a way to try and get them connected at all.

As far as your other point I guess I’m just confused about a couple things

My vultr instance doesn’t seem to want to connect to my the public IP of my USG at all. USG is pretty limited when it comes to jumping through this many hoops it seems.

And then the other piece is getting the IP based locks configured. My options there are just IP, Subnet mask and gateway. It’s clear that this wasn’t really designed to work in the cloud, and the documentation says as much.

You might want a better firewall to get the site to cloud VPN configured. The USG is pretty limited.

I figured as much, The USG seems to only work with other Unifi gear cleanly in that regard. Whole thing is probably an exercise in futility until I get a better firewall.

Appreciate the replies.

1 Like