Create a new Gateway

Prerequisites

This procedure required:

  1. Active Acreto Account.
  2. Basic knowledge about local network configuration.

Overview

Gateway is a device that allows you to connect your local network to Acreto and secure whole network traffic and end-user devices without configuring them one-by-one. Take a look at the images below to compare standard network connection with the network secured by Acreto with the Gateway method.

Gateway may be configured in IPsec or vGateway mode. Each of these configurations may be used for different purposes and in different network structures:

  • choose vGateway when you want to download a preconfigured Acreto vGateway appliance and install it on a Raspberry Pi device or some virtualization platform (like KVM or VMware)
  • choose IPSec if you prefer to manually configure your existing device (like router or Linux machine) which supports IPSec protocol

To create a Gateway, you need to:

  1. Create a Gateway object inside your Ecosystem
  2. Create one or more security policies to allow traffic from that Gateway to the Internet

How to create a new Gateway

  1. Log in to an Acreto platform at wedge.acreto.net
  2. Select your ecosystem and go to Objects using the left menu.
  3. Click Add new Object and select Gateway.
  4. Fill at least:
    1. Name: - the name of the gateway that you creating, needs to be compatible with Strongswan connection name requirements (basically, only letters and numbers)
    2. Category: IoT
    3. Fill gateway type-specific settings described here: IPsec | vGateway
  5. Save the created Gateway by pressing Add.
  6. Add security policy that will allow communication from the Gateway device to the Internet.
  7. Commit pending changes (top of the screen)

How to create Acreto Gateway - animation How to create Acreto Gateway - animation

Notice: To successfully test your connectivity, you also need to create a security policy that will allow traffic to go through your device.

IPsec Gateway

Set specific setting for IPsec Gateway:

  1. Allow connection from: Empty (describes the source IP address where the connection will be permitted)
  2. Local Networks: - your local network addresses that should be routed through this gateway

Tip: To simplify testing, add IP addresses of all interfaces connected to your gateway as Local Networks (you can use /32 prefix for public interface). This will allow testing connectivity from the gateway through Acreto using ping, traceroute, and similar tools.

vGateway

Set specific setting for IPsec Gateway:

  1. DHCP/Static: - select the method of assigning addresses on the network
  2. vGateway Local IP: - address of local (LAN) interface of your device (for example 192.168.200.1/24)
  3. Local Networks: - your local network addresses that should be routed through this gateway
  4. vGateway Internet IP - IP address with a netmask of internet-facing (WAN) interface, for example 1.2.3.4/24
  5. vGateway Default Route - IP address of your Internet gateway/router that allows access to the Internet, for example 1.2.3.1

Tip: To simplify testing, add IP addresses of all interfaces connected to your gateway as Local Networks (you can use /32 prefix for public interface). This will allow testing

Next Steps

When Gateway is ready you should configure the gateway device on your end to act as a gateway to the Acreto platform and pass traffic from your endpoints through the gateway device. connectivity from the gateway through Acreto using ping, traceroute, and similar tools.

When gateway device is created then verify Acreto secured connection.