Does anyone know of a secure way for connecting a prometheus server to the the gateway that is in the field running the packet forwarder and gateway bridge and not at a static address? Having trouble identifying the best way to manage the address and connection.
Current setup is a Tektelic Micro Gateway, Azure IoT Hub, service bus and azure virtual machines hosting prometheus and the network and application servers.
To answer my own question. I was able to figure this out and thought I’d share.
There were two solutions I found - PushProx and OpenVPN
https://github.com/RobustPerception/PushProx and https://openvpn.net/
PushProx has a few noted security issues and I was unable to deploy this on the gateway, I think primarily due to the limited OS on the unit.
I followed these instructions for the OpenVPN - https://openvpn.net/vpn-server-resources/connecting-to-access-server-with-linux/
I built out the OpenVPN connection and setup a persistent tunnel with a static IP. OpenVPN does allow for two connections for free before you need to purchase a license pack. At that point, you’re looking at a minimum of 10 licenses.
Some trouble that I ran into - When starting the openVPN client, a folder permission was not setup correctly on the gateway.
This link provided the solution - https://unix.stackexchange.com/questions/501403/tun-module-loaded-but-openvpn-dev-net-tun-no-such-file-or-directory
And more specifically, the modification of the permissions:
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
chmod 600 /dev/net/tun
After this was all built out I could compare gateway metrics, compare to the cloud metrics to identify communication issues and see the uptime status of the gateway in a grafana dashboard.
Would be great to hear any improvements on this solution!
All The Best, Tom