Skip to main content
Support

Auto VPN

Evan L'Heureux
  • Updated

Who can modify this feature?

  • Partner
  • Company/Network Admins with write and read access
  • Meter Support

What is Auto VPN?

Auto VPN is a simple way to connect two or more Meter networks using a hub-and-spoke style topology using WireGuard. Spokes are referred to as Members. Auto VPN can be leveraged for cases like connecting a central office (Hub) with multiple branch offices (Members) to allow secure access to shared company resources.

Configuring Auto VPN

Prerequisites

VLANs that should be shareable over Auto VPN need to be configured as such. To make a VLAN shareable, log in to the Meter Dashboard and navigate to Network-wide > VLANs > Click on the VLAN to be shared > Edit. Ensure that ‘Can be shared via Auto VPN’ is toggled ON.

Default Behaviour for shared VLANs

On a Member network, VLANs designated as shareable will connect to the Hub. The Hub then facilitates access to these VLANs for other Members in the Auto VPN group. 

Similarly, VLANs shared by the Hub are accessible to all connected Members.

-

After VLANs are shareable, navigate to ‘Auto VPN’ in the Dashboard and click ‘Add group’.

  • Name - The name of the site-to-site VPN.
  • Member locations - Select every network that will participate in the site-to-site VPN (2 or more).
  • Hub - Select which location will act as the hub. All Members will connect here. Note that the network designated as the Hub must have a stable public IP address.
    • Subnet - Recommended to leave the default. This is the subnet WireGuard will utilize to establish communication for the VPN.
    • Bound WAN port - Select the WAN port that the VPN should be listening on.
    • Failover Enabled - If Toggled ON, the bound WAN port will change to whichever WAN is active.
  • Member
    • Permitted VLANs - Select which VLANs of the Member should connect to the Hub.

Viewing Auto VPN status

Once configured, the connections will be displayed in the ‘Auto VPN’ tab. Click on the name of a member to view their handshake information.

If the connection shows both RX and TX handshakes, as well as packet information, the tunnel is established. If only one side of the handshake is shown, and no packet information is displayed, the tunnel is not established:

Client VPN routing

Routing of the Client VPN over Auto VPN is in development and not currently supported. If this routing is needed, please use an IPsec site-to-site tunnel instead.

 

If you have questions or would like assistance creating a site-to-site VPN using Auto VPN, please don’t hesitate to reach out to Meter Support.

 

    Related articles

    Comments

    0 comments

    Please sign in to leave a comment.