DxOdyssey v19.5 DxCli Guide

Summary

This KB contains the list of DxCLI commands used for DxOdyssey administration.

Table of contents.

activate-server 

add-addressfilter 

add-client 

add-client-group 

add-gateway 

add-tunnel 

clear-otpk 

collect-log 

encrypt-text 

export-config 

gateway-group-add-tunnel-group 

gateway-group-get-licenses 

gateway-group-remove-tunnel-group 

gateway-group-resync 

gateway-group-set-secret 

get-alerts 

get-addressfilter 

get-client-connections 

get-client-detail

get-coordinators 

get-coordinator-status 

get-dxversion 

get-gateway-detail 

get-gateway-detail-xml 

get-gateway-group-gateways 

get-globalsettings 

get-license 

get-license-request 

get-otpk 

get-producttype 

get-tunnel-group 

get-tunnel-groups 

join-gateway-group 

remove-client 

remove-client-group 

remove-gateway 

remove-gateway-group-members

remove-globalsetting

set-appcoordinator 

set-coordinator 

set-globalsetting 

set-license 

set-otpk 

set-server 

test-connection 

tunnel-group-start-gateway 

tunnel-group-stop-gateway 

tunnel-group-update-vips 

update-addressfilter 

update-client 

update-client-group 

update-tunnel 

update-tunnel-clients 

update-tunnel-group

Information

activate-server

  • Description: Activates the server via internet using the provided license key. See get-license-request for off-line gateway activation.
  • Syntax: 
dxcli activate-server <key> [gateway]
  • Parameters:
Name Description Required
key The license key. TRUE
gateway The name of the gateway (comma separated list for multiples). FALSE

  • Example: 
dxcli activate-server AAAA-BBBB-CCCC-DDDD

 

add-addressfilter

  • Description: Adds an address filter to accept or deny connections from specific IP addresses or subnets.
  • Syntax: 
dxcli add-addressfilter <name> <address>,<action[accept|deny]>|<address>,<action[accept|deny]> <default_action[accept|deny]>
  • Parameters:
Name Description Required
name The name of the filter. TRUE
address The IP address or subnet. TRUE
action[accept|deny] Whether or not to accept or deny the IP address or subnet. TRUE
default_action[accept|deny] Whether or not the default action for the filter is to accept-all or deny-all connections outside of the specified IP or subnet. TRUE

  • Example: 
dxcli add-addressfilter filter1 "10.1.1.0,accept|10.1.2.0,accept" deny

 

add-client

  • Description: Adds a DxConnect client to the gateway group.
  • Syntax: 
add-client <client_name> <password> [client_description] [max_session_count] [group_name]
  • Parameters:
Name Description Required
client_name The name of the client. TRUE
password The password for the client. TRUE
client_desciption The description for the client. FALSE
max_session_count The maximum sessions for the client. FALSE
group_name The name of the group to add the client FALSE

  • Example: 
dxcli add-client client1 passw0rd "Accounting admins" 25 group1

 

add-client-group

  • Description: Adds a client group.
  • Syntax: 
dxcli add-client-group <group_name> <member_delta_list [+|-]> [group_description]
  • Parameters:
Name Description Required
group_name The name of the group. TRUE
member_delta_list The name of the client(s) (comma separated list for multiples). TRUE
group_description The description for the group. FALSE

  • Example: 
dxcli add-client-group group1 client1,client2,client3

 

add-gateway

  • Description: Adds gateway(s) to a tunnel group.
  • Syntax: 
dxcli add-gateway <tunnel_group> <gateway>
  • Parameters:
Name Description Required
tunnel_group The name of the tunnel group. TRUE
gateway The name of the gateway to add to the tunnel (multiple gateways can be specified by delimiting with a comma). TRUE

  • Example: 
dxcli add-gateway tunnelgroup1 gateway1,gateway2,gateway3

 

add-tunnel

  • Description: Add a tunnel to the cluster.
  • Syntax: 
dxcli add-tunnel <name> <enabled [true|false]> <destination_gateway> <destination_address:destination_port> <origin_gateway,origin_address:origin_port,[address_filter]>|<origin_gateway,origin_address:origin_port,[address_filter]>
  • Parameters:
Name Description Required
name The name of the tunnel. TRUE
enabled Enable the tunnel (true or false). TRUE
destination_gateway The name of the destination gateway. TRUE
destination_address The IP address of the tunnel destination. TRUE
destination_port The port number for the destination IP. TRUE
origin_gateway The name of the gateway where the listener is active. TRUE
origin_address Set to 0.0.0.0 to allow all IP connections or 127.0.0.1 for local connections only. TRUE
origin_port The port number for the origin gateway. TRUE
address_filter The name of the address filter to add to the tunnel. FALSE
  • Example: 
dxcli add-tunnel tunnel1 true gateway1 10.1.200.62:30004 "gateway2/0.0.0.0:30004/FILTER1|gateway3/127.0.0.1:30004/FILTER2"

 

clear-otpk

  • Description: Clears and invalidates any generated one-time passkey for the gateway group.
  • Syntax: 
dxcli clear-otpk
  • Parameters:None.

 

collect-log

  • Description: Generates logs on all gateway group members; gateways can be specified using parameters. For Windows, the logs are created in the installation directory for DxOdyssey in the “Support” folder (Default “C:\Program Files\DH2i\Support”). For Linux, the logs are located in “/opt/dh2i/support”.
  • Syntax: 
dxcli collect-log [gateway]
  • Parameters:
Name Description Required
gateway The name of the gateway (multiple gateways can be specified by delimiting with a comma). FALSE

  • Example: 
dxcli collect-log gateway1,gateway2,gateway3

 

encrypt-text

  • Description: Encrypts text for use in other DxCLI commands.
  • Syntax: 
dxcli encrypt-text <text>
  • Parameters:
Name Description Required
text The text to be encrypted. TRUE

  • Example: 
dxcli encrypt-text passw0rd

 

export-config

  • Description: Exports a DxConnect configuration file to be used on DxConnect client machines. The file will be created in the working directory.
  • Syntax: 
dxcli export-config <filename>
  • Parameters:
Name Description Required
filename The name of the file, including the .dh2i extension. TRUE

  • Example: 
dxcli export-config dxo_client.dh2i

 

gateway-group-add-tunnel-group

  • Description: Creates a tunnel group.
  • Syntax: 
dxcli gateway-group-add-tunnel-group <tunnel_group> <virtual_ip> <gateway>
  • Parameters:
Name Description Required
tunnel_group The name for the tunnel group. TRUE
virtual_ip The virtual IP address(es) assigned to the tunnel group. If the loopback address is provided, add an asterisk (*) at the beginning of the address. Multiple virtual IPs can be specified by delimiting with a comma. TRUE
gateway The gateway(s) to add to the tunnel group. Multiple gateways can be specified by delimiting with a comma. TRUE

  • Example: 
dxcli gateway-group-add-tunnel-group tunnelgroup1 *127.0.0.1,10.1.201.170 gateway1,gateway2,gateway3

 

gateway-group-get-licenses

  • Description: Outputs the licenses used by each gateway group member.
  • Syntax: 
dxcli gateway-group-get-licenses
  • Parameters:None.

 

gateway-group-remove-tunnel-group

  • Description: Removes a tunnel group from the gateway group.
  • Syntax: 
dxcli gateway-group-remove-tunnel-group <tunnel_group>
  • Parameters:
Name Description Required
tunnel_group The name of the tunnel group. TRUE

  • Example: 
dxcli gateway-group-remove-tunnel-group tunnelgroup1

 

gateway-group-resync

  • Description: Forces a resynchronization of the gateway group.
  • Syntax: 
dxcli gateway-group-resync
  • Parameters:None.

 

gateway-group-set-secret

  • Description: Begins process of setting the gateway group passkey.
  • Syntax: 
dxcli gateway-group-set-secret
  • Parameters:None.

 

get-addressfilter

  • Description: Get address filter details.
  • Syntax: 
dxcli get-addressfilter <filter_name>
  • Parameters:
Name Description Required
filter_name The name of the address filter. TRUE

  • Example: 
dxcli get-addressfilter filter1

 

get-alerts

  • Description: Outputs any active alerts for the gateway group.
  • Syntax: 
dxcli get-alerts
  • Parameters:None.

 

get-client-connections

  • Description: Outputs DxConnect clients that are connected to the gateway group.
  • Syntax: 
dxcli get-client-connections
  • Parameters:None.

 

get-client-detail

  • Description: Outputs the details for the specified client.
  • Syntax: 
dxcli get-client-detail <client_name>
  • Parameters:
Name Description Required
client_name The name of the client. TRUE

  • Example: 
dxcli get-client-detail client1

 

get-coordinators

  • Description: Outputs which gateway group member(s) are the gateway group (cluster) and app coordinators.
  • Syntax: 
dxcli get-coordinators
  • Parameters:None.

 

get-coordinator-status

  • Description: Outputs detailed status information for the gateway group coordinator.
  • Syntax: 
dxcli get-coordinator-status
  • Parameters:None.

 

get-dxversion

  • Description: Outputs the version of DxOdyssey installed on the gateway group member.
  • Syntax: 
dxcli get-dxversion
  • Parameters:None.

 

get-gateway-detail

  • Description: Outputs detailed information about the current gateway.
  • Syntax: 
dxcli get-gateway-detail
  • Parameters:None.

 

get-gateway-detail-xml

  • Description: Outputs detailed information about the current gateway in XML format.
  • Syntax: 
dxcli get-gateway-detail-xml
  • Parameters:None.

 

get-gateway-group-gateways

  • Description: Outputs the name, IP, pubkey hash, status, role, and operating system of each gateway in the gateway group.
  • Syntax: 
dxcli get-gateway-group-gateways
  • Parameters:None.

 

get-globalsettings

  • Description: Outputs any non-default configurations of global settings.
  • Syntax: 
dxcli get-globalsettings
  • Parameters:None.

 

get-license

  • Description: Outputs the license key for the specified gateway.
  • Syntax: 
dxcli get-license <gateway>
  • Parameters:
Name Description Required
gateway The name of the gateway. TRUE

  • Example: 
dxcli get-license gateway1

 

get-license-request

  • Description: Outputs a license request for a gateway; use in conjunction with set-license. Go to https://clients.dh2i.com/Data/Activation.aspx and paste the output of get-license-request to obtain an activation response. The response from the website is used in the set-license command to activate the server.
  • Syntax: 
dxcli get-license-request <license_key> [gateway]
  • Parameters:
Name Description Required
license_key The license key used to activate the gateway. TRUE
gateway The name of the gateway (if no gateway is specified, the command defaults to the currently connected gateway). FALSE

  • Example: 
dxcli get-license-request 1A2B-3C4D-5E6F-7G8H gateway2

 

get-otpk

  • Description: Outputs the current OTPK for the gateway group and its expiration date.
  • Syntax: 
dxcli get-otpk
  • Parameters:None.

 

get-producttype

  • Description: Outputs the name of the DH2i software installed on the gateway.
  • Syntax: 
dxcli get-producttype
  • Parameters:None.

 

get-tunnel-group

  • Description: Outputs configuration information for the given tunnel group.
  • Syntax:
dxcli get-tunnel-group <tunnel_group>
  • Parameters:
Name Description Required
tunnel_group The name of the tunnel group. TRUE

  • Example: 
dxcli get-tunnel-group tunnelgroup1

 

get-tunnel-groups

  • Description: Outputs configuration information for all tunnel groups.
  • Syntax: 
dxcli get-tunnel-groups
  • Parameters:None.

 

join-gateway-group

  • Description: Begins process of joining a gateway to a gateway group.
  • Syntax: 
dxcli join-gateway-group
  • Parameters:None.

 

remove-client

  • Description: Removes a DxConnect client from the gateway group.
  • Syntax: 
dxcli remove-client <client>
  • Parameters:
Name Description Required
client The name of the client. TRUE

  • Example: 
dxcli remove-client client1

 

remove-client-group

  • Description: Removes a DxConnect client group from the gateway group.
  • Syntax: 
dxcli remove-client-group <client_group>
  • Parameters:
Name Description Required
client The name of the client group. TRUE
  • Example: 
dxcli remove-client clientgroup1

 

remove-gateway

  • Description: Removes gateway(s) from the specified tunnel group.
  • Syntax: 
dxcli remove-gateway <tunnel_group> <gateway>
  • Parameters:
Name Description Required
tunnel_group The name of the tunnel group. TRUE
gateway The name of the gateway (multiple gateways can be specified by delimiting with a comma). TRUE

  • Example: 
dxcli remove-gateway tunnelgroup1 gateway2,gateway3

 

remove-gateway-group-members

  • Description: Removes gateway(s) from the gateway group.
  • Syntax: 
dxcli remove-gateway-group-members <gateway>
  • Parameters:
Name Description Required
gateway The name of the gateway (multiple gateways can be specified by delimiting with a comma). TRUE

  • Example: 
dxcli remove-gateway-group-members gateway2,gateway3

 

remove-globalsetting

  • Description: Resets a global setting to its default value.
  • Syntax: 
dxcli remove-globalsetting <setting>
  • Parameters:
Name Description Required
setting The name of the setting that is modified from its default value. TRUE

  • Example: 
dxcli remove-globalsetting nat.enabled

 

set-appcoordinator

  • Description: Assigns the application coordinator role to the specified gateway.
  • Syntax: 
dxcli set-appcoordinator <gateway>
  • Parameters:
Name Description Required
gateway The name of the gateway. TRUE

  • Example: 
dxcli set-appcoordinator gateway2

 

set-coordinator

  • Description: Assigns the gateway group coordinator role to the specified gateway.
  • Syntax: 
dxcli set-coordinator <gateway>
  • Parameters:
Name Description Required
gateway The name of the gateway. TRUE

  • Example: 
dxcli set-coordinator gateway3

 

set-globalsetting

dxcli set-globalsetting <setting> <value>
  • Parameters:
Name Description Required
setting The name of the setting. TRUE
value The value to change the setting to. TRUE

  • Example: 
dxcli set-globalsetting nat.enabled true

 

set-license

  • Description: Activates a server that has no internet connection; used in conjunction with get-license-request.
  • Syntax: 
dxcli set-license <license_key> <license_response> [gateway]
  • Parameters:
Name Description Required
license_key The license key for the gateway. TRUE
license_response The activation response string given by the client portal. TRUE
gateway The name of the gateway (if no gateway is specified, the command defaults to the currently connected gateway). FALSE

  • Example: 
dxcli set-license 1A2B-3C4D-5E6F-7G8H 2ki44uOaLK4gbfjSStNVUXNQsM4eMwjVRBNyAQrp6UABN0frE9ZiGwhP1oxLD+y6F5UDwfaZkTZqQF0JfoEpGhu8V8WAS/dkOGNkBqGv2Qi+Nuc21kV/d2p4elTZSdI2rGrL== gateway2

 

set-otpk

  • Description: Sets the one time passkey (OTPK).
  • Syntax: 
dxcli set-otpk [ttl] [otpk]
  • Parameters:
Name Description Required
ttl The time to live. FALSE
otpk The one time passkey in base64. FALSE

  • Example: 
dxcli set-otpk 2020-01-06T13:48:54 7fd269d7-e788-3d40-d704-ce7bb00f5046

 

set-server

  • Description: Begins the process to log into a remote gateway for administration.
  • Syntax: 
dxcli set-server
  • Parameters:None.

test-connection

  • Description: Tests the connection between the gateway and the gateway group.
  • Syntax: 
dxcli test-connection
  • Parameters:None.

 

tunnel-group-start-gateway

  • Description: Starts hosting the tunnel group on the specified gateway.
  • Syntax: 
dxcli tunnel-group-start-gateway <tunnel_group> <gateway>
  • Parameters:
Name Description Required
tunnel_group The name of the tunnel group. TRUE
gateway The name of the gateway. TRUE

  • Example: 
dxcli tunnel-group-start-gateway tunnelgroup1 gateway2

 

tunnel-group-stop-gateway

  • Description: Stops the specified tunnel group.
  • Syntax: 
dxcli tunnel-group-stop-gateway <tunnel_group>
  • Parameters:
Name Description Required
tunnel_group The name of the tunnel group. TRUE

  • Example: 
dxcli tunnel-group-stop-gateway tunnelgroup1

 

tunnel-group-update-vips

  • Description: Changes the virutal IPs used by the tunnel group.
  • Syntax: 
dxcli tunnel-group-update-vips <tunnel_group> <vip>
  • Parameters:
Name Description Required
tunnel_group The name of the tunnel group. TRUE
vip The IP address(es) to use (multiple IP addresses can be specified by delimiting with a comma). TRUE

  • Example: 
dxcli tunnel-group-update-vips tunnelgroup1 10.1.201.170,*127.0.0.1

 

update-addressfilter

  • Description: Updates an address filter to accept or deny connections from specific IP addresses or subnets.
  • Syntax: 
dxcli update-addressfilter <name> <address>,<action[accept|deny]>|<address>,<action[accept|deny]> <default_action[accept|deny]>
  • Parameters:
Name Description Required
name The name of the filter. TRUE
address The IP address or subnet. TRUE
action[accept|deny] Whether or not to accept or deny the IP address or subnet. TRUE
default_action[accept|deny] Whether or not the default action for the filter is to accept-all or deny-all connections outside of the specified IP or subnet. TRUE

  • Example: 
dxcli update-addressfilter filter1 "10.1.1.0,accept|10.1.2.0,accept" deny

 

update-client

  • Description: Updates the specified client.
  • Syntax: 
dxcli update-client <client_name> <password> [client_description] [max_session_count]
  • Parameters:
Name Description Required
client_name The name of the client. TRUE
password The password of the client. TRUE
client_description The description for the client. FALSE
max_session_count The number of client sessions allowed. FALSE

  • Example: 
dxcli update-client client1 p@ssw0rd 10 "Accounting Admins"

 

update-client-group

  • Description: Adds or updates a client group for the gateway group.
  • Syntax: 
dxcli update-client-group <group>:<client>
  • Parameters:
Name Description Required
group The name of the client group. TRUE
client The name of the DxConnect client (multiple clients can be specified by delimiting with a comma). TRUE

  • Example: 
dxcli update-client-group group1:client1,client2,client3

 

update-tunnel

  • Description: Update an existing tunnel.
  • Syntax: 
dxcli update-tunnel <name> <enabled [true|false]> <destination_gateway> <destination_address:destination_port> <origin_gateway,origin_address:origin_port,[address_filter]>|<origin_gateway,origin_address:origin_port,[address_filter]>
  • Parameters:
Name Description Required
name The name of the tunnel. TRUE
enabled Enable the tunnel (true or false). TRUE
destination_gateway The name of the destination gateway. TRUE
destination_address The IP address of the tunnel destination. TRUE
destination_port The port number for the destination IP. TRUE
origin_gateway The name of the gateway where the listener is active. TRUE
origin_address Set to 0.0.0.0 to allow all IP connections or 127.0.0.1 for local connections only. TRUE
origin_port The port number for the origin gateway. TRUE
address_filter The name of the address filter to add to the tunnel. FALSE

  • Example: 
dxcli update-tunnel tunnel1 true gateway1 10.1.200.62:30004 "gateway2/0.0.0.0:30004/FILTER1|gateway3/127.0.0.1:30004/FILTER2"

 

update-tunnel-clients

  • Description: Updates the clients associated with a tunnel.
  • Syntax: 
dxcli update-tunnel-clients <tunnel_name> [modifier]<client_name>:<ip_address>:<endpoint> [modifier]<client_group>:<ip_address>:<endpoint>
  • Parameters:
Name Description Required
tunnel_name The name of the tunnel. TRUE
modifier Plus (+) or minus (-) symbol to add or remove a client or client group from the tunnel group (the plus sign may be omitted for add parameters). FALSE
client_name The name of the client to add or remove from the tunnel (multiple clients can be specified by delimiting the list with a comma after each endpoint). If no clients are specified, then this parameter needs to be replaced with empty quotes (""). TRUE
client_group The name of the client group to add or remove from the tunnel (multiple client groups can be specified by delimiting the list with a comma after each endpoint). FALSE
ip_address The IP address the client or client group uses to connect to the tunnel. TRUE
endpoint The listening port the client or client group uses to connect to the tunnel. TRUE

  • Example: 
dxcli update-tunnel-clients tunnel1 client1:127.0.0.1:30001,client2:127.0.0.1:40001,-client3:127.0.0.1:40001 clientgroup1:127.0.0.1:40001

 

update-tunnel-group

  • Description: Updates the list of tunnels that are in a tunnel group.
  • Syntax: 
dxcli update-tunnel-group <tunnel_group> <gateway>
  • Parameters:
Name Description Required
tunnel_group The name of the tunnel group. TRUE
gateway The name of the gateway(s) to add to the tunnel group (comma separated list for multiples). TRUE

  • Example: 
dxcli update-tunnel-group tunnelgroup1 gateway1,gateway2,gateway4