Skip to main content

User Guide - WPC with multiple WPC Egress locations

Overview

In this document, we examine a WPC set up to meet the needs of a fictitious company. A startup has a sales team in the USA and Europe. Their sales force is often at customer sites or traveling to customer sites. They access the Internet from hotels, cafes, airports, and other public Internet sites. The sales team relies on SaaS tools like Salesforce.

Owen is in charge of IT and Networking for this company. Owen is cognizant of the security risks that come with the use of public hotspots to access the Internet and is looking for a WPC solution that the sales team can use for secure access to the Internet. He does not want to manage, install and maintain WPC servers but wants to ensure that the company has control over the route to the Internet so that additional protections (for example, use of CASB) can be added later. The public IP address of the internet gateways can also be used in configuring login whitelists in some SaaS providers.

To improve internet access performance, Owen wants to route internet traffic via the Chicago Region for employees that connect in the USA. To improve internet access performance, Owen wants to route internet traffic via the London Region for employees that connect in Europe. This optimized routing will automatically be taken care of by the smart routing feature of CloudConnexa.

Owen completes the signup process as shown here. During the signup process, Owen selects technop.openvpn.com as the web domain for the User portal. This domain uniquely identifies the WPC that will be set up by Owen and is used by Connect Client applications (WPC Client software) to identify the WPC that it needs to connect to.

Setup

To route traffic that has entered the WPC to destinations on the Internet, Owen needs to set up one or more Networks configured with Internet Gateway turned ON. Each Network configured for Internet Gateway can have one or more Connectors. CloudConnexa will use Smart Routing to route internet traffic from Networks, Hosts, and User Groups that have their Internet Access set to Split-Tunnel OFF to one of the Connectors belonging to Internet Gateway Networks based on:

  • The geographic proximity of the Region that is the source of the traffic to the Region of the Internet Gateway Network’s Connector

  • Network characteristics of the connectivity between source and destination Regions

  • Load balancing is used when multiple destination Connectors are connected to the same Region

Owen followed the steps shown below to set up his WPC to accept traffic to the Internet and route it to the Internet via two Networks configured as Internet Gateway:

  1. Configured two Networks to act as Internet Gateway. As these Network’s sole purpose is to act as an internet gateway, Subnets for the Network was not added and Internet Gateway was turned ON. He set the Region of the Connector for one of the Networks as Chicago and the other Network as London. See, How to add a Network and Adding Internet Gateway

  2. Owen decided to run a server using a Virtual Private Server (VPS) hosting provider that had a hosting region near Chicago. He installed the Connector for the Chicago Network on it and configured the server to act as the Internet Gateway. The server was assigned a public IP address of 104.248.61.65. See, Connecting Networks to CloudConnexa Using Connectors on how to install Connectors and the corresponding settings to enable routing and NAT. We recommend using Linux operating system.

  3. Owen decided to run a server using a Virtual Private Server (VPS) hosting provider that had a hosting region near London. He installed the Connector for the London Network on it and configured the server to act as the Internet Gateway. The server was assigned a public IP address of 167.71.139.124 See, Connecting Networks to CloudConnexa Using Connectors on how to install Connectors and the corresponding settings to enable routing and NAT. We recommend using Linux operating system.

  4. After the Network came online, Owen changed the Internet Access setting for User Groups to Split-Tunnel OFF. See,Changing User Group’s Internet Access

  5. Owen connected to the Ashburn, Virginia Region of CloudConnexa (see, Connecting to CloudConnexa). On connection, Owen checked that the public IP address of his Device running the Connect Client showed up to be the same as the public IP address of the Chicago Connector instance proving that smart routing is working.

  6. Owen connected to the Frankfurt Region of CloudConnexa (see, Connecting to CloudConnexa). On connection, Owen checked that the public IP address of his Device running the Connect Client showed up to be the same as the public IP address of the London Connector instance proving that smart routing is working.

Demonstration Video

This WPC has two Networks configured for Internet Gateway. One Network has a Connector connected to London Region. The Connector is configured to NAT and has the public IP address of 167.71.139.124. All traffic exiting from this Connector will have IP address 167.71.139.124 as the source IP address

The other Network has a Connector connected to Chicago Region. The Connector is configured to NAT and has the public IP address of 104.248.61.65. All traffic exiting from this Connector will have IP address 104.248.61.65 as the source IP address

User Connects to Ashburn, Virginia Region and accesses a test web server running on the internet. The web server log will show access coming from public IP address of Chicago Connector (104.248.61.65)

User Connects to Frankfurt Region and accesses a test web server running on the internet. The web server log will show access coming from public IP address of London Connector (167.71.139.124)

In this section: