Installation Guides
Secure Remote Access

Secure Remote Access Connector (on-prem) Installation

The following steps should be read carefully to successfully install the Secure Remote Access Connector on the regarding machine:

Check the Secure Reboot Enabled before the installation by running mokutil --sb-state command.

In case the secure reboot is enabled, it might cause an error during the wireguard installation. Please disable it to continue the installation!!!

  1. Download the Secure Remote Access Connector installation script on the machine that is used for Secure Remote Access Connector. The support team can provide the installation script. After downloading the script, unzip the installation script on the machine. The user can use the unzip command to extract the files from the installation script file.
    1. unzip RAP-MTC-ONPREM-1.1.0.zip
Document image


In case bash: unzip: command not found error is shown, the unzip should be installed via sudo dnf install -y unzip command.

If somehow the user needs to start the script again (maybe because of the wrong input or missing file, etc), please remove all installation files except for the compressed Secure Remote Access Connector installation script file and unzip the compressed installation script file again. After this, you can execute the script.

  1. Navigate to the on-prem directory:
    • cd on-prem/
Navigating the installation directory
Navigating the installation directory

  • Run the configuration script:
    • sh configure.sh
Running the Secure Remote Access Connector’s script
Running the Secure Remote Access Connector’s script


In case you need to set script permissions to execute it, you need to run chmod +x configure.sh command.

You should have root privileges to run this script.

  1. The installation script should be restarted after the forced reboot. The installation script asks the user either:
    • For the first-time installation on the premise, the whole Secure Remote Access Connector should be configured from scratch; thus, the first option should be selected by entering 1 and pressing the enter key.
Selecting the Secure Remote Access Connector Installation for the on-prem
Selecting the Secure Remote Access Connector Installation for the on-prem


The Secure Remote Access Connector installation script asks for several configuration details:

  • IP address that will be assigned to the Secure Remote Access Connector environment (on-prem) handled by Wireguard,
  • AWS public IP address (Remote Access Portal environment),
  • The port number for WireGuard service,
  • The IP segment of WireGuard,
  • The public IP address of Kron PAM,
  • The public IP address of the Secure Remote Access Connector,
  • A public key is generated by the Remote Access Portal’s script.

After all the information is filled in, the user should press y to continue; however, if the user fails to fill in all the information successfully (either missing or wrong info), the user can press n to reenter the information.

The example values:

10.0.0.2 (Wireguard IP address assigned to the RAP connector’s side)

54.193.91.7 (AWS Public IP (Remote Access Portal environment))

51820 (Port Number)

10.0.0.0/29 (IP segment)

10.20.42.129 (KronPAM’s Public IP)

10.20.42.155 (Secure Remote Access Connector’s Public IP)

H7THXCLy28P4pEn/ya2fJ0NgUgIWsV40NMBRyiz3iRI=

(Public Key generated by the Remote Access Portal’s script)

Entering the parameters for the Secure Remote Access Connector configuration
Entering the parameters for the Secure Remote Access Connector configuration


Once the Secure Remote Access Connector installation asks the user to enter the public key, if the user doesn’t know the public key generated by the Remote Access Portal’s script yet, the user can set the temporary public key for now.

(e.g., UBuRQ39N30NN0751JBnXoJ5R8M3uTw8NmAkTGI5bLy4=)

But please do not forget to set the public key by using the Secure Remote Access Connector’s script (please check Section-5.4.b), after the Remote Access Portal’s script generates a public key.

The public key generated by the Secure Remote Access Connector’s script
The public key generated by the Secure Remote Access Connector’s script


At the end of the Secure Remote Access Connector’s script, the public key generated by this script is ready to use on the Remote Access Portal (on-cloud) environment.

(e.g., nM8QW+q8tpC6nMNEzIzUtNxNuVePGDPvYF6rFHYBdmU= )

Please do not forget to add this info on the Remote Access Portal environment by using the Remote Access Portal’s script.

  • Once the Secure Remote Access Connector has been fully installed, only one configuration is missing here regarding the public key that would be generated by the Remote Access Portal’s script. If the user executes the Remote Access Portal’s script on the cloud (please, check Section-4.6.a), it generates a public key which would be used in the Secure Remote Access Connector here, thus now this option can configure the secure tunnel configuration file with the generated public key from Remote Access Portal’s side.

The user should select the second option by entering 2 and pressing the enter key.

Selection made to set the public key generated by the Remote Access Portal’s script to the on-prem
Selection made to set the public key generated by the Remote Access Portal’s script to the on-prem

The end of Secure Remote Access Connector Installation script
The end of Secure Remote Access Connector Installation script


Set the public key data of the secure tunnel configuration file with a public key generated by the Remote Access Portal’s script.

(e.g., H7THXCLy28P4pEn/ya2fJ0NgUgIWsV40NMBRyiz3iRI=)

PREVIOUS
Remote Access Portal (on-cloud) Installation
NEXT
The Locations of the Necessary Files
Docs powered by Archbee