Command Line Deployments of DxOdyssey

Summary

DxOdyssey may be deployed on any server from the command line by using DxCLI without the need to use the DxOdyssey UI.

Information

This KB covers how to setup a gateway group and configure tunnels, clients and groups from the command line. For large deployments, it is recommended to use DH2i's automated deployment scripts. These scripts use the same steps outlined below but only require that the user configure a setup file and execute the script on each gateway server.

If setup is being performed within a Docker container, please see Creating a DxOdyssey Docker Container for initializing DxOdyssey Docker containers. Besides the initial setup of the container and port mappings, deployment is identical between Docker containers and any other server.

Setup the First Gateway

1. Execute dxcli gateway-group-set-secret to set the gateway group passkey. This is required for other gateways to join the gateway group without using DH2i's NAT match agent.

2. Activate the server with a license key by executing dxcli activate-server <license_key>.

3. Execute dxcli set-otpk to generate a One-Time Pass Key (OTPK) so other gateways may join using DH2i's NAT match agent.

4. Copy the key.

5. If the gateway is a Docker container, execute the runfirst.sh script in the container's root directory.

Setup Additional Gateways.

1. On another gateway, execute dxcli join-gateway-group.

2. Follow the prompts to use DH2i's NAT match agent and the previously generated OTPK to join the gateway to the gateway group.

   note

   If an alternative matchmaking service is being used, enter that web address instead. Pressing enter with no input will use the default matchmaking service.

3. Activate the server with a license key by executing dxcli activate-server <license_key>.

4. If the gateway is a Docker container, execute the runfirst.sh script in the container's root directory.

   info

   All proceeding steps in this KB are executable on any gateway in the gateway group, and all steps besides tunnel creation are optional. These commands have specific syntax requirements, so it is important to follow the supplied command usage and examples.

5. Add clients to the gateway group by executing dxcli update-client.

   Syntax: dxcli update-client <client_name> <client_password>

   Example:

   dxcli update-client client1 Passw0rd

6. Create client groups by executing dxcli update-client-group.

   Syntax: dxcli update-client-goup <group_name>:<client_name>,<client_name>

   Example:

   dxcli update-client-group group1:client1,client2,client3

7. Create tunnel groups by executing dxcli gateway-group-add-tunnel-group.

   Syntax: dxcli gateway-group-add-tunnel-group <virtual_ip> <gateway_node>,<gateway_node>

   info

   If you supply the loopback address for the virtual IP, then add an asterisk (*) at the beginning. This tells DxOdyssey not to bind that IP address.

   Example:

   dxcli gateway-group-add-tunnel-group *127.0.0.1 Server1,Server2

8. Create source filters by executing dxcli update-addressfilter.

   Syntax: dxcli update-addressfilter <filter_name> <filter_address>:<filter_action> <default_action>

   Example:

   dxcli update-addressfilter filter1 10.10.1.0:allow deny  
   dxcli update-addressfilter filter2 10.10.2.0:deny allow

9. Create tunnels by executing dxcli add-tunnel. It is optional to add a source filter and/or gateway group, so those options may be omitted.

   info

   Docker containers require that exposed ports are mapped before the container is started. For further details on port mapping, please see the Additional Information section at the end of this article.

   Syntax: dxcli add-tunnel <tunnel_name> <enabled_status> <destination_gateway> <destination_address>:<port> <origin_gateway>/<origin_address>:<port>[/<source_filter_name>] [<tunnel_group_name>]

   Example:

   dxcli add-tunnel Tunnel1 TRUE Server1 10.1.201.190:3389 Server2/0.0.0.0:25001 TUNNELGROUP1

10. Add clients and client groups to tunnels by executing dxcli update-tunnel-clients.

    Syntax: dxcli update-tunnel-clients <tunnel_name> <client_name:listener_ip:port> <group_name:listener_ip:port>

    info

    Clients need to be defined first and groups second. If no clients are being added, then replace the client section with empty double quotes ("").

    Example:

    dxcli update-tunnel-clients Tunnel1 client1:127.0.0.1:50001 group1:127.0.0.1:50001
    dxcli update-tunnel-clients Tunnel1 "" group1:127.0.0.1:50001

Additional Information

• Using DxConnect with Linux DxOdyssey Installations
• Creating a Docker Container for DxOdyssey
• Updating Port Mappings for DxOdyssey Docker Containers
• Updating Tunnel Group Port Mappings for DxOdyssey Docker Containers
• How to Setup a Docker Container as a Tunnel Origin without using DxConnect
• Adding a Tunnel Origin to a Docker Container