Skip to Content

How to install and configure Eztunnel?

                                                                  

 

How to install and configure Eztunnel?

Follow the instruction to install and configuration Eztunnel software

Eztunneld Server :

a. On the Tunnel server, download the setup script from:

[email protected]:~# wget https://downloads.ezeelogin.com/setupserver.zip

b. Extract the downloaded setup script

[email protected]:~# unzip setupserver.zip

c. Run the downloaded setup script :

[email protected]:~# bash setupserver.sh

 

 d. Follow the step to generate certificates 

  1. Log in to the eztunnel folder

[email protected]:~# cd /usr/local/etc/eztunneld/

  2. Run the following command to generate the certificates

[email protected]:~#       COUNTRY='IN' STATE='Karnataka' ORGANIZATION='HPE'  ROOT_DOMAIN='hpe.com' SERVER_IP='1.1.1.1' AGENT_IP='2.2.2.2'  USER_IP='3.3.3.3' ./gencerts.sh

   

    e. Start the eztunnel service with the following command

[email protected]:~#  systemctl start eztunneld.service

 


2. Eztunnel Agent:


a. On the Tunnel agent gateway(Ezeelogin installed server), download the setup script with the following command

[email protected]:~# wget  https://downloads.ezeelogin.com/setupagent.zip

b. Extract the downloaded setup script

[email protected]:~# unzip setupagent.zip

c.  Run the downloaded setup script 

[email protected]:~# bash  setupagent.sh

 d. Copy the root cert, agent cert and agent key generated from the Tunnel Server  to: /usr/local/etc/eztunnela/


 e. Set the CUSTOMER_NAME and SERVER_IP (Tunnel Server public IP) in the  config file: /usr/local/etc/eztunnela/eztunnel.yaml

  Sample  eztunnel.yaml configuration

name: CUSTOMER_NAME
server_addr: SERVER_IP:443
tls_crt: /usr/local/etc/eztunnela/agent.crt
tls_key: /usr/local/etc/eztunnela/agent.key
root_ca: /usr/local/etc/eztunnela/rootCA.crt
tunnels:
webpanel:
proto: tcp
addr: localhost:80
remote_addr: 0.0.0.0:8080
webpanelssl:
proto: tcp
addr: localhost:443
remote_addr: 0.0.0.0:8443
ssh:
proto: tcp
addr: localhost:22
remote_addr: 0.0.0.0:2222
webssh:
proto: tcp
addr: localhost:52222
remote_addr: 0.0.0.0:52222
webrdp:
proto: tcp
addr: localhost:52555
remote_addr: 0.0.0.0:52555
webproxy:
proto: tcp
addr: localhost:52666
remote_addr: 0.0.0.0:52666


 f.  Start the service with the following command

[email protected]:~# systemctl start eztunnela.service 

 

3. Eztunnel User:


a. On the user desktop, download the appropriate app for the OS.

Windows: https://downloads.ezeelogin.com/eztunnel_windows_amd64.zip
macOS: https://downloads.ezeelogin.com/eztunnel_darwin_amd64.zip
Linux: https://downloads.ezeelogin.com/eztunnel_linux_amd64.zip

b. Extract it.

unzip {filename.zip}


c. Copy the root cert, user cert and user key generated from the Eztunnel  Server.


d. Execute it:

./eztunnel.exe -server AWS_IP:8443 -client CUSTOMER_NAME -rootCA ./rootCA.crt -tlsCrt ./user.crt -tlsKey ./user.key 

 

You can find the logs on the CLI /Terminal / Command prompt itself. Execute the command to start tunnel with -log-level 3 at the end of the command.
 
 
./eztunnel.exe -server AWS_IP:8443 -client CUSTOMER_NAME -rootCA ./rootCA.crt -tlsCrt ./user.crt -tlsKey ./user.key -log-level 3
  You can check the log file to check If the packet coming from customer Ezeelogin and If the Tunnel request coming from Customer Ezeelogin server
 
 
Use the following command to view expiration date /issuer etc (replace with your certificate name)
 

openssl x509 -text -noout -in yourcertificate.crt

 
 
You can use the following command to test SSL connectivity from Ezeelogin-tunnel-agent to Ezeelogin-tunnel-server.
 

openssl s_client -connect <hostname>:<port> -showcerts

 
You can use the following command to check the version of eztunnela and eztunneld
 

[email protected]@~# eztunnela --version

78acf80

[email protected]:~# eztunneld --version

78acf80
 
You can use the following command to find the TLS version used and to test SSL connectivityfrom Ezeelogin-tunnel-agent to Ezeelogin-tunnel-server.
 

openssl s_client -connect <hostname>:<port>

 

 
 
 

Latest version of eztunnel will enforce to  use TLS 1.3  and older version will support TLS 1.3, but it will not enforcing to use TLS 1.3.

 

Customer side application (Tunnel Agent):
Linux: https://downloads.ezeelogin.com/eztunnela_linux_amd64.zip
Tunnel Server application:
Linux: https://downloads.ezeelogin.com/eztunneld_linux_amd64.zip
User side application (Tunnel Client):
Windows: https://downloads.ezeelogin.com/eztunnel_windows_amd64.zip
macOS: https://downloads.ezeelogin.com/eztunnel_darwin_amd64.zip
Linux: https://downloads.ezeelogin.com/eztunnel_linux_amd64.zip