Morro VPN is a Morro-deployed service that allows users to configure two types of VPNs:

  • VPN access from a client computer to a CacheDrive in Cloud
  • VPN access from a remote CacheDrive to a CacheDrive in an Active Directory Server's LAN to provide AD access to the remote CacheDrive


Note: VPN accounts are used only to create a VPN tunnel between the client PC and the CacheDrive. Users will still need standard accounts in the configured authentication mechanism (for example, an AD account) to access the shares and Team Portal.



Dashboard




The Dashboard has two panels:


VPN Server - Shows all of the VPN-enabled devices in the account.

  • CacheDrive Name - The name of the CacheDrive as configured by the Administrator.
  • Device Status - The status of the device.
  • Role - Global Access means the shares on this device can be accessed through the Morro-deployed VPN.
  • VPN Configuration - The unique part of the FQDN for this device. To get the full FQDN, append .morrodata.com to this value.


ADS Proxy - Show ADS Relay and ADS Proxy devices in the account. 

  • CacheDrive Name - The name of the CacheDrive as configured by the Administrator
  • Device Status - The status of the device.
  • Role - Role can be one of the following: 
    • ADS Relay - This on-prem device is used by the ADS Proxy to access an on-prem AD server.  
    • ADS Proxy - This device is connecting to an ADS Relay to access the on-prem AD server.  



VPN Servers


Install VPN Server


Use the Manage VPN Servers page to configure the VPN device.



The "Add VPN Server" dropdown list shows the CacheDrives in Cloud in your account that do not have the VPN server package installed.


Select a CacheDrive in Cloud and click the "Add" button to install the VPN server package to the selected CacheDrive in Cloud. 



After clicking the "Add" button, the above page will appear for VPN server configuration:

  • FQDN - The FQDN of the VPN server.  It must start with "vpn" and may only contain numbers, letters, dashes, and underscores.
  • First Address - The IP addresses of the VPN LAN.
  • VPN Users - User accounts for VPN server login.  This field can be left blank.  VPN Users can be added later in the "VPN Users" page.


Click the "Apply" button to install the VPN server package in the selected CacheDrive in Cloud.


Manage VPN Server


After the VPN server package has been installed in CacheDrive in Cloud, the CacheDrive in Cloud will be listed in Manage VPN Server table with a checkbox in the upper left corner.  Click the checkbox to show the VPN server management options.



The following options are available for managing the VPN server:

  • Pre-Shared Key - Change the pre-shared key used to connect to the VPN.
  • Server CIDR - This determines the IP addresses used for the devices at both ends of the VPN tunnel.  For example, if this is set to 192.168.44.2/24, the CacheDrive in Cloud will have an IP address of 192.168.44.2 for the VPN server, while the client may get an IP address of 192.168.44.3 for the VPN client.  The specified subnet should not be used for any other purpose on either side of the VPN tunnel. Note that this will not affect the local IP address of the CacheDrive in Cloud and the client, only the address for the VPN. 
  • Re-Set - Reset the configuration of the VPN server, including "FQDN", "First IP Address" and "VPN Users".  Note that this will remove all configurations settings and VPN users.
  • Delete - Remote the VPN server package from the selected CacheDrive in Cloud.



VPN Users


Use the VPN Users page to set up user accounts for VPN access.


Select a CacheDrive in Cloud and click Load to begin:



To delete a user, click the X icon in the user's row.


To change the user's VPN password, click the pencil icon in the user's row.


To add users, click the Add button:



Enter usernames, descriptions, and passwords for the new users, then click Save.  Use the Add New User button to add another row to the table for additional users.


Click Import Multiple Users to create users using a CSV file.  The CSV file should have the same fields as the table and in the same order.  The column headers must be "UserName", "Description", and "Password".



ADS Proxy


Use ADS Proxy to enable CacheDrives in Cloud and remote CacheDrives to join an Active Directory domain when they are not on the same LAN as the domain controller.  The ADS Proxy CacheDrive will communicate with an on-prem CacheDrive over a secure connection to make the domain join possible.


Add ADS Relay/Proxy


Select an ADS Relay device (only CacheDrives that have joined the domain will be listed) and an ADS Proxy device (a remote CacheDrive like a CacheDrive in Cloud) from the dropdown lists, then click the "Check" button. The "Check" button will check if the selected Relay and Proxy devices are on the same network.  If they are on the same network, the Proxy device should be able to join the domain directly without the need for an ADS Relay/Proxy setup.



If the selected Relay and Proxy devices are not on the same network, the following dialog box will appear.  Specify the port number to use (default is 22).  If the Relay device uses a static IP address, specify the IP address for Proxy device also.


Note that the Proxy device must be accessible over the WAN through the specified port.  If port forwarding must be configured, contact your Administrator for assistance.



After completing the check, if the selected Relay and Proxy devices are not in the same network, the "Add" button will be enabled after the user fills out the port number. Click the "Add" button to add the ADS Relay/Proxy pair. If the add is successful, the following message will appear:



Once the Proxy device is added, it can communicate with the domain controller.  The device can be joined to the domain from MCM.


Manage ADS Relay/Proxy


After an ADS Relay/Proxy pair has been added successfully, the ADS Relay/Proxy peer will be displayed in the "Manage ADS Proxy" list.



Check the checkbox of the Relay or the Proxy device to manage the ADS Relay/Proxy pair.



If you check the checkbox of the Proxy device, the following dialog box appears:



  • Delete Connection - Delete this ADS Relay/Proxy connection.
  • Reconnect - Re-establish the connection between the Relay and Proxy devices.
  • Get Config/Status - Get the configuration and status of the Relay and Proxy devices and their connection.



If you check the checkbox of the Relay device, the following dialog box appears:



  • Delete Connections - Delete the connections between this Relay device and all of its Proxy devices.


Multiple ADS Relay/Proxy Links


One Relay device can be connected to multiple Proxy devices.  One Proxy device can also connect to multiple Relay devices. 



Using the VPN


For more information on how to connect to a CacheDrive using the VPN, see the following articles:


How do I connect to a CacheDrive in Cloud over VPN? [Client PC settings for end users ]

How do I change my VPN password? [for end users]