Connecting self-hosted software

Connect your self-hosted software via VPN

Violet can easily connect via VPN to any self-hosted tools (for example, Teamcenter). We recommend Tailscale, but are happy to consider any VPN solution you prefer.

How to Set Up a Tailscale VPN

Tailscale is a VPN solution that simplifies the setup of secure networks for accessing your on-premises applications. It uses WireGuard for its network traffic encryption and supports various devices like Linux, macOS, Windows, and even cloud servers.

Here’s how to set up Tailscale to connect on-premise applications to Violet securely.

Prerequisites

  1. A server or machine that can act as your Tailscale VPN gateway for your on-premises applications (AWS EC2, Azure VM, Google Compute Engine, etc.)

  2. Administrator privileges on all devices that will be part of the VPN network

  3. Internet access for installing Tailscale on the target machine


Step 1: Sign Up and Set Up Your Tailscale Account

  1. Sign up for a Tailscale account at tailscale.com using your preferred method (Google, Microsoft, or GitHub authentication).

  2. After signing up, you’ll be able to access the Tailscale admin console at https://login.tailscale.com/admin.


Step 2: Install Tailscale on Your Gateway Server

  1. Choose a machine inside your network to act as a gateway (e.g. a server or dedicated VM).

  2. Install Tailscale on your Linux gateway machine:

    curl -fsSL <https://tailscale.com/install.sh> | sh
  3. Authenticate the machine by running the following command:

    sudo tailscale up
    • This will open a browser for you to log in and authenticate the device to your Tailscale account.

    • Once authenticated, the machine will appear in your Tailscale admin console under Machines.


Step 3: Enable Subnet Routing on the Gateway

Subnet routing allows devices outside your on-premise network to access internal resources via the gateway machine.

  1. Identify the subnet you want to route (e.g., <subnet-to-route>).

  2. On the gateway machine, run the following command:

    sudo tailscale up --advertise-routes=<subnet-to-route>

    Replace <subnet-to-route> with the appropriate subnet of your network.

  3. After enabling subnet routing, go to the Tailscale admin console and approve the route:

    • Navigate to the Machines page.

    • Find the gateway machine and click on the gear icon next to it.

    • Under Route settings, approve the advertised route.


Step 4: Install Tailscale on Your Client Devices

  1. Install Tailscale on any device that will connect to your VPN (e.g., laptops, remote servers).

  2. Authenticate each client device to your Tailscale account using:

    sudo tailscale up
  3. Once the client devices are authenticated, they’ll appear in your admin console as part of your Tailscale network.


Step 5: Access Applications

Now that the Tailscale VPN is set up, any device on your Tailscale network can access the on-premises resources through the gateway machine.

  1. Ping test: From a client device, you can try pinging an internal IP address within your on-premises network to ensure connectivity:

    ping <internal-ip-addr>
  2. Access your applications: If you have a web application running on a server within your on-premise network, simply access it using the internal IP (e.g., http:/<internal-ip-addr>:8080).


Troubleshooting Tips

  • Check device connectivity: Ensure that your devices are visible on the Tailscale admin console and are connected to the same network.

  • Firewall issues: Ensure that your on-premise server's firewall allows incoming connections from the Tailscale subnet.

  • Routes not appearing: Ensure the gateway machine advertises routes correctly using sudo tailscale up --advertise-routes=<your-subnet>.


Next Steps

  • Violet needs a Reusable Tailscale Auth Key to connect to your new VPN. Once your VPN is set up, please provide a reusable auth key to Violet at your earliest convenience.

DANGER: Reusable Tailscale auth keys are sensitive. Please do not share over insecure forms of communication (slack, email, etc.). ONLY use reliable password sharing methods (1Password, Microsoft Entra, LastPass, etc.).

If Violet receives a key over an insecure form of communication, we will ask you to invalidate the existing API key and send us a new one.

  • Please also share an IP address or domain on your private network that we should be able to ping while connected to the VPN for testing.

Additional Reading

Last updated