All Products
Search

This Product

    Elastic Compute Service:Add the IP address of the Cloud Assistant server to a whitelist by using OpenVPN

    Document Center

    Elastic Compute Service:Add the IP address of the Cloud Assistant server to a whitelist by using OpenVPN

    Last Updated:Mar 27, 2024

    If OpenVPN is configured on a Windows instance, Cloud Assistant cannot run as expected on the instance. In this case, you can use OpenVPN to add the IP address of the Cloud Assistant server to a whitelist. This way, Cloud Assistant can run as expected.

    OpenVPN parameters

    For scenarios in which only specific IP addresses are required to use OpenVPN, you can configure the configuration file of the OpenVPN client. The following section describes the relevant parameters:

    • route-nopull

      After you specify this parameter in the client.ovpn configuration file of the OpenVPN client, no network requests are forwarded to OpenVPN.

    • vpn_gateway

      After you specify the route-nopull parameter in the client.ovpn configuration file of the OpenVPN client, you can specify the vpn_gateway parameter to allow specific network requests to be forwarded to OpenVPN.

    • net_gateway

      After you specify this parameter in the client.ovpn configuration file of the OpenVPN client, all network requests are forwarded to OpenVPN by default. You can specify the net_gateway parameter to allow network requests from specific IP addresses to bypass OpenVPN.

    Procedure

    1. Connect to the instance.

      For more information, see Connect to a Windows instance by using a password or key.

    2. Obtain the IP address of the Cloud Assistant server.

      You can obtain the IP address of the Cloud Assistant server by resolving the endpoint of Cloud Assistant. The Cloud Assistant endpoint is in the <region-id>.axt.aliyun.com format.

      Note

      Replace <region-id> with the ID of the region where the instance resides. For information about Alibaba Cloud regions, see Regions and zones.

      In this example, the China (Zhangjiakou) region is used. Run the following command to obtain the IP address of the Cloud Assistant server: 

      ping cn-zhangjiakou.axt.aliyun.com

    3. Find the path where the client.ovpn configuration file of the OpenVPN client is stored and modify the file.

      In this example, the configuration file is stored in the following path: C:\Program Files\OpenVPN\config\client.ovpn. The path may vary based on the installation path of OpenVPN.

      (Recommended) Method 1: Use the route-nopull and vpn_gateway parameters to add CIDR blocks to allow network requests from the CIDR blocks to be forwarded to OpenVPN. Make sure that the IP address of the Cloud Assistant server is not included. The following code provides an example on how to add CIDR blocks: 

      route-nopull

route 192.168.0.0 255.255.0.0 vpn_gateway

route 172.16.0.0 255.255.0.0 vpn_gateway

      Method 2: Use the net_gateway parameter to allow network requests from the IP address of the Cloud Assistant server to bypass OpenVPN. 

      route 100.101.XX.XX 255.255.0.0 net_gateway
      Note

      Replace 100.101.XX.XX with the IP address of the Cloud Assistant server that you obtained.

    4. Restart the OpenVPN client and reconnect to the VPN to which the OpenVPN client was previously connected.

      After the VPN is reconnected, you can use Cloud Assistant on the instance.