How to Create a Tunnel

Applies to…

  • DxOdyssey 19.0 and newer

Summary

DxOdyssey utilizes TCP micro-tunnels to communicate between gateway members. The following steps guide the user through the creation of a tunnel and adding clients to the tunnel.

Information

Below are instructions for creating a tunnel to an application on a gateway:

    1. Select “Tunnel Manager” from the list at the top left, then select “Add Tunnel” at the bottom left above Advanced Settings. The Tunnel Management window will appear.
    2. Create a unique name for the tunnel.
    3. In the destination section, there are three fields that need to be completed:
      • Gateway Name: The name of the gateway that has access to the application.
      • Target Host/IP: The IP address or hostname of the server that gateway will forward tunnel traffic to. This will be the IP address of the application.
      • Target Port: The port the application is listening on.

The host/IP and port combination is the location within the destination gateway’s network that tunnel traffic will be sent to, and the destination gateway directs tunnel traffic to that IP address. In the picture above, the destination gateway IANPC is directing tunnel traffic to a SQL server instance on the local network with a static IP of 10.1.201.188 that is listening on port 50000. If the SQL server instance was located on the destination gateway, 127.0.0.1 (loopback) could be used instead of a hostname or static IP.

    1. There are three fields in the origin section that are required and one optional section. Click “Add Row” to add an origin:
      • Name: The name of the origin gateway.
      • NetworkAddress: The IP address the origin gateway will listen on.
      • ListeningPort: The port the origin gateway will listen on.
      • SourceFilter: Determines what machines are allowed to connect to the tunnel. Leaving this field empty means no source filter applied.

After selecting “OK”, the tunnel configuration is complete. By using the wildcard address 0.0.0.0 as the origin’s network address, any machine can connect to the application if they can connect to the origin. Access to the SQL instance may be restricted by adding a source filter to the origin.

OPTIONAL: Adding clients to the tunnel

    1. From the tunnel manager screen, select the tunnel to be configured for client access and click the “Manage Clients” box at the bottom of the screen.
    2. Select “Add client” in the top right corner of the new tunnel management window.
    3. A list of clients will appear. Select the client(s) to be added to the tunnel. Shift and ctrl may be used to select more than one client.
    4. At the bottom of the window there are boxes for an IP address and port. The IP address and port combination is what the client will use to connect to a gateway in the gateway group. Generally, the IP address used will be the client’s loopback address and the port will be whatever port the network administrator wants the client to use for the connection.
      • NOTE: The ephemeral (unassigned) port range in Windows is 49152-65535, but any port may be used for the client connection as long as it doesn’t conflict with other port assignments on the client’s machine.

    1. Click “Add Selected”, which will close the Client Search window. If all clients have been added, select “Submit” in the bottom right corner of the tunnel management window. This will save your selections and allow the client to access the tunnel.