DxConnect for Mac Admin Guide
DxConnect allows the user to create direct secure connections (tunnels) between a remote client and one or more servers without the need for a VPN, expensive hardware, or data passing through a vendor portal. DxConnect transfers encrypted packages across system-assigned UDP ports so there is no need to open a TCP or UDP port to the internet. With DxConnect, data transfers securely between custom-designed tunnels. DH2i’s DxConnect uses a highly available proprietary cloud Matchmaking Service to keep connections alive, but no payload data is passed through the matchmaker – all data is directly encrypted between servers.
DH2i Tunneling features
Configuration and Management Simplicity
- Lightweight Windows or Linux install
- Simply install and connect
- No dedicated VPN routers
- No ACLs, no firewall rules
- No expensive cloud VPN services
Highest Level Security and Performance
- Application-level micro-tunneling
- Discreetly transports TCP payloads via UDP
- Eliminates lateral network attack surface
- Highly available, auto self-healing tunnels
- Invisible to port scanners
Minimum System Requirements
The following sections describe hardware and software requirements for DxConnect.
DxConnect is hardware-agnostic, and is distributed as a universal binary, including native support for x86 Macs as well as Apple Silicon Macs.
Supported Operating Systems
- macOS 10.15 (Catalina) and newer
Network Configuration Guidelines
DxConnect uses a proprietary communications protocol based on TCP and UDP for its gateway group communication.
DxConnect software requires internet access to register with the DH2i Matchmaking Service.
DxConnect for Mac may be distributed in DMG or PKG formats.
Double-click on the DxConnect DMG file
This will cause the Finder to mount the disk image, creating a new desktop icon.
It will also open a new window with the contents of the disk image.
In the disk image folder, drag the DxConnect.app into the Applications folder.
Unmount the disk image.
Right-click on the desktop icon, and select Eject "DxConnect Installer".
Double-click on the DxConnect PKG file.
Click through the installer wizard pages.
Open the Launchpad or the Finder Applications folder, and double-click the DxConnect icon.
On first launch, DxConnect will open its Settings dialog:
- List of Gateway Configurations - Contains a list of gateway configurations, including their names and fingerprints. The selected entry is the active gateway configuration.
The name of a gateway configuration can be edited by double-clicking on its name.
Add a Gateway Configuration ("+" button) - Opens a system file selector dialog, to choose a
*.dh2ifile containing a gateway configuration. The configuration file contains connection information about the client's cluster or gateway group. This file is exported from DxAdmin or DxOdyssey Client via the Client and Group Manager, or through DxCLI commands. Multiple gateway configurations may be added from files.
Remove a Gateway Configuration (Trash button) - Removes the selected gateway configuration.
Heartbeat - The client heartbeat setting determines how many seconds a client will wait before checking in with its cluster or gateway group. This number may be lowered if the client's connection is being aged out of the router's NAT table before it can check-in with the cluster or gateway group.
Connect on Startup - If checked, DxConnect will automatically attempt to connect to the active gateway configuration when it is started.
OK - Applies config file and heartbeat settings.
Cancel - Discards any pending changes.
When attempting to connect to a gateway group, DxConnect will request access to authentication information stored in the System Keychain. If you haven't connected before, macOS may display an allow/deny prompt. If allowed access, DxConnect will securely store your authentication information in the System Keychain. This may avoid later prompting for a password.
Access is controlled for each username used on each gateway group. If you use multiple user names on the same gateway group, or multiple gateway groups, you will be prompted to allow access to the system keychain for each.
Password - Your keychain password, which is usually your macOS account password.
Allow - Allow access once. The next time you try to connect, the prompt will be displayed again.
Always Allow - Allow access always, and do not prompt the next time. This is recommended.
Authenticate to a Gateway Group
When connecting to a gateway group for the first time, or if not saving authentication secrets to the system keychain, DxConnect will prompt for authentication information. DxConnect will also prompt for authentication if the credentials stored in the system keychain are invalid (user deleted and/or password changed).
Configuration - The name of the active gateway configuration, and the gateway group against which DxConnect is authenticating.
User - The user name being sent to the gateway group.
Password - The password being sent with the user name to the gateway group.
Remember Password - If checked, DxConnect will attempt to save the user name and password to the system keychain. If successful, the next time DxConnect tries to connect, it will authenticate using the specified user name and password without prompting.
Login - Attempt to log in to the gateway group using the specified user name and password.
Cancel - Abort the connection attempt.
The primary user interface for DxConnect is an icon that is displayed on the right side of the menu bar (a "Menu Extra"). The status of DxConnect, and all functions can be accessed through this menu.
- DxConnect is disabled and is not attempting to connect to any gateway group.
- DxConnect is enabled and is currently attempting to connect to the gateway group.
- DxConnect is currently connected to the gateway group.
- DxConnect failed to connect to the gateway group, and may automatically retry.
Top Switch Button - DxConnect remains idle if the switch is off, and will persistently try to connect to the active gateway configuration when the switch is on. When switched on, DxConnect may open the Settings dialog if no gateway configurations are present. It may also display the authentication dialog to authenticate to a gateway group.
Settings... - Opens the Settings dialog.
Quit - Terminates DxConnect.