Skip to Main Content
Cumulocity IoT Feedback Portal
Status Unlikely to support
Created by Guest
Created on Mar 31, 2020

OpenVPN termination within micro service containers

For NBIoT SIM cards it is necessary to create isolated VPN networks, where die devices are available. They create a VPN which can be reached by an openvpn client, which always gets the same IP within the vpn network.

Currently we run a docker container within a POC, which uses openvpn and a microservice, which is talking to c8y services.

To run open vpn within a container, it is necessary to have networking privileges (as the container needs a tun device)

The required feature would be the possibility of creating containers with network access (outwards) to create the vpn.

Security concerns should be reviewed to avoid complications in isolation to other tenants services.

Target is to create tenant based microservices with vpn termination,

  • ADMIN RESPONSE
    Apr 3, 2020

    Thanks a lot for the feedback. We have been discussing this internally, while generally outbound connectivity from a microservice is possible already today, it is not possible to do a VPN termination within a microservice inside Cumulocity IoT. Unfortunately, as Cumulocity IoT is a multi-tenant platform, we cannot change this behaviour for security reasons. Our recommendation is to host any application which does a VPN termination outside of Cumulocity IoT. Note, that it is possible to integrate external applications with Cumulocity IoT.

  • Attach files