Remote Access Portal (RAP) Configuration

the following steps should be read carefully to successfully install remote access portal (rap) on the regarding machine prerequisite check the secure reboot enabled status before the installation by running mokutil sb state command in case the secure reboot is enabled, it might cause an error during the wireguard installation please disable it to continue the installation! prerequisite the user must allow the necessary ports on the remote access portal (rap) environment sudo firewall cmd add port=443/tcp permanent sudo firewall cmd add port={selected wireguard port(e g , 51820)}/udp permanent sudo firewall cmd add port=7777/tcp permanent sudo firewall cmd add port=7777/udp permanent 1 download the remote access portal (rap)’s installation script on the machine that will be used for remote access portal (rap) the support team can provide the installation script after downloading the script, unzip the installation script on the machine the user can use unzip command to extract the files from the installation script file linux cli \[root\@rap ]# unzip rap mtc oncloud 1 2 0 zip in case bash unzip command not found error is shown, the unzip package should be installed via sudo dnf install y unzip command if somehow the user needs to start the script again (maybe, because of the wrong input or missing file etc…), please remove all installation files except for compressed remote access portal (rap)’s installation script file and unzip the compressed installation script file again after this you can execute the script we highly recommend this method since the extracted files might be modified after the script execution for the first time, and executing the script with modified files might cause the problematic installation! 2 navigate to the cloud directory linux cli \[root\@rap ]# cd cloud/ 3 run the configuration script linux cli \[root\@cloud ]# sh configure sh in case you need to set script permissions to execute it, you need to run chmod +x configure sh command you need root privileges to run this script 4 the remote access portal (rap)’s installation script should be restarted after the forced reboot the installation script asks user either to install mt outbound connector, or to install mt inbound connector, or to install remote access portal (rap) module on the cloud (the pam side is installed on prem by means of the kron pam server’s installation script (e g , rap mtc onpam 1 2 0 zip )) 5 to continue with remote access portal (rap) installation, the user should select the third option by entering 3 and pressing the enter key 6 the remote access portal (rap)’s installation script asks user either a for the first time installation on the cloud, the whole remote access portal (rap) system should be configured from scratch, thus, the first option should be selected by entering 1 and pressing the enter key the remote access portal (rap)’s installation script asks several configuration details o the remote access portal (rap) hostname, o the port number of wireguard, o the ip segment of wireguard, o the wireguard ip address that will be assigned to remote access portal (rap) environment, o the wireguard ip address that will be assigned to kron pam server environment, o a public key generated by the kron pam server ’s installation script description example values remote access portal (rap) hostname https //rap company com port number of the wireguard 51820 ip segment of the wireguard 10 0 0 0/29 wireguard ip address assigned to the remote access portal (rap) ’s side 10 0 0 1 wireguard ip address assigned to the kron pam server ’s side 10 0 0 2 public key generated by the kron pam server ’s installation script aaaaaaa0nn0751jbnxoj5r8m3utw8nmaktgi5bly4= after every information are filled in, the user should press y to continue, however, if the user fails to fill in every information successfully (either missing or wrong info), the user can press n to reenter information again once the remote access portal (rap)’s installation script asks the user to enter the public key, if the user doesn’t know the public key generated by the kron pam server’s installation script yet, the user can set temporary public key for now (e g , aaaaaaa0nn0751jbnxoj5r8m3utw8nmaktgi5bly4=) but please do not forget to set the public key by using the remote access portal’s installation script (please check 6 b below), after the kron pam server’s installation script generates a public key at the end of remote access portal (rap)’s installation script, the public key generated by this script is ready to use on the kron pam server (on prem) environment (e g , bbbbbbb28p4pen/ya2fj0ngugiwsv40nmbryiz3iri=) please do not forget to add this info on the kron pam server environment by using kron pam server’s installation script (please check 7 b at the section 4 1) in the last step here to change self signed certificate and generic rsa private key with the user’s own certificate and rsa private key the user should remove the self signed certificate and generic rsa private key on /etc/nginx/certs directory after this, the user should add the user’s aws certificate and rsa private key with the same names lastly, the user should restart nginx service by using sudo systemctl restart nginx service command a once the remote access portal (rap) has been fully installed, only one configuration is missing here regarding public key that would be generated by the kron pam server’s installation script if the user executes the kron pam server’s installation script on premise (please, check 4 a at the section 4 3), it generates a public key which would be used in the remote access portal (rap) here, thus now this option can configure the secure tunnel configuration file with the generated public key from kron pam server’s side the user should select the second option by entering 2 and pressing the enter key set the public key data of the secure tunnel configuration file with a public key generated by the kron pam server’s installation script (e g , cccccq8tpc6nmnezizutnxnuvepgdpvyf6rfhybdmu=)