Oplon Secure Access Setup
IP Address Change (Optional)
If you want to change the IP address of your (virtual) machine, you need to elevate to root privileges using sudo -i
, then launch the Network Manager tool nmtui
(if available in the appliance).
sudo -i
nmtui
This command opens a semi-graphical interface that lets you easily configure network parameters that would otherwise require manual editing of system files, such as:
- IP Address
- Gateway
- DNS
Once you’ve assigned the desired settings, you can restart the network interface from within the nmtui
interface to apply the changes.
Verify IP and Login via SSH
Now verifying that our system has a fixed ip assigned with:
ip a
eg: 192.168.1.9
, we can continue the configuration from any ssh console:
ssh administrator@<the-ip-address>
First configuration Management Console and Password Delegate
To configure the root credentials of the Management Console it is necessary to open the graphical utility by typing:
sudo -i
oplonsetup
Now we configure:
- Management Address: i.e. the address where the Management interface listens
- Root password: used to access the interface
- Delegate password: used for multi-node Oplon Secure Access instances.
<Save and Exit>
and then:
oplonrestart
to restart the Oplon Secure Access services.
Accessing the Dashboard and Installing Licenses
To access Oplon Global Distributed Gateway services, open a browser and navigate to:
https://x.x.x.x:4444
Where x.x.x.x
is any IP address of the system, unless you changed the default 0.0.0.0
during oplonsetup
configuration.
- Login:
root
(or the username chosen during setup) - Password: The password defined during setup
For Oplon Secure Access to function correctly, you must install at least:
- the Catalog license (also known as Node license)
- and one of the available ADC licenses: Platform, Standard HA, or Enterprise HA
Make sure to select the license corresponding to the ADC type you plan to use in this installation.
This guide shows how to install the Catalog and Platform licenses.
Installing the Catalog License
- Click the gear icon in the upper-left menu to access Settings
- Select “Install License”
- Upload the
.xml
file for the Catalog license
Installing the Platform (or other ADC) License
- Go to “Modules > ADC & GLB”
- Select the desired ADC (e.g., Platform) using the arrow next to the name
- Click “Actions > Install License”
- Upload the
.xml
file for the ADC license
Quick Setup (Version >= 11.0.0)
Starting from version 11.0.0 of Oplon, you can skip the entire “Manual Setup” process. Just follow the steps below, which automatically include the required rewrite rule configuration.
- Go to ADC Settings > Listener
- Locate the SecureAccess listener (already preconfigured)
- Enable the listener by clicking the blue icon:
- Set Enable to
true
and configure the desired listening IP address - Click Save, then Reinit to apply changes
Quick Setup also includes the basic MFA setup.
You will still need to manually import the certificates and customize the 2faGeneric
rewrite rule, as explained in:
Manual Setup (All Versions)
⚠️ If you’re using Oplon version 11.0.0 or later, it’s recommended to follow the Quick Setup, which automates most of the configuration.
This section is intended for those who:
- are using an older version of Oplon
- or prefer to perform a fully customized and manually controlled setup
Manual Setup walks you through the essential configuration steps — like rewrite rules and listeners — which are automatically applied in the Quick Setup.
This is the recommended method for advanced environments, in-depth testing, or scenarios where default settings must be avoided.
Copy of the Rewrite Header Rules
- Rewrite Header Rules Research
we check the Templates view and search for the string
secure
in search.
- Rewrite Header Rules Copy
we copy the Templates in our
A10_LBLGoPlatform
Platform
Summary Video Rewrite Header Rules Research and Copy
Copy of the Rewrite Body Rules
- Rewrite Body Rules Research
we check the Templates view and search in search for the string
secure
- Rewrite Body Rules Copy
we copy the Templates in our platform
A10_LBLGoPlatform
Summary Video Rewrite Body Rules Research and Copy
Copy of the Endpoints Grouping
Accessing the section Grouping
from ADC Settings
we copy the group from templates
- Endpoints Grouping Research
we check the Templates view and search for the string
secure
in search
- Endpoints Grouping Copy
we copy the templates in our platform
A10_LBLGoPlatform
Summary Video Endpoints Grouping Research and Copy
Copy Of The Listener
at this point we can put a listener in Listener with associated OSA group we will proceed, as in the previous examples, to a copy from the templates inside our platform
- Listeners Research:
we check the Templates view and search for the string
secure
in search
- Listeners Copy:
we copy the templates in our platform
A10_LBLGoPlatform
- Listener Customization: according to our needs we proceed to give our listener a name, an ip address where it will be connected and an a port where it will be listening. To this we assign the right Endpoint Grouping previously copied.
- endPointsGrouping:
SecureAccess
Summary Video Listener Research and Copy
Automatic Module Startup
If you’re installing Oplon Secure Access for the first time, it’s essential to configure the automatic startup of the following modules:
- R00_DesktopBridge
- R00_SshBridge
- R10_RemoteAccessGateway
- A10_LBLGoPlatform (or alternative ADCs)
In this example, we’ll show how to configure the R10_RemoteAccessGateway module. The process is the same for the other modules.
How to Enable Automatic Startup for the R10_RemoteAccessGateway Module
-
Go to Modules > All Modules and use the search bar to find R10_*. Once you find the module, click the blue button:
-
On the module page, open the General Start Parameters menu and set the Module Start field to automatic.
Saving the Changes
After applying all the necessary changes, save them and proceed with a reinit to apply:
Verifying Proper Operation
To verify that everything is working correctly, open a browser and enter the following address:
https://<ip_address>:443
Depending on your configuration (with or without MFA), you’ll see one of the following:
- The MFA login screen, with a redirect to super.oplon.cloud.
- The Secure Access screen, which may display various errors due to missing MFA configuration. You can configure MFA from the appropriate section if needed: MFA Setup.