Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Set the variable batm.vpn-skip to true in the file /batm/config/gate.properties

    1. Disables This change disables VPN distribution via the gate Gate service.

    2. See: https://generalbytes.atlassian.net/wiki/x/CYBtz

  2. Delete the /batm/config/vpn file to prevent VPN implementation.

  3. Connect your BATMs to the hardware VPN.

  4. Connect your hardware VPN to your CAS server (or server-side VPN).

...

  • the Gate service on the port 7741, and

  • the Master service on the port 7741.

  • The Gate and Master services use their specific IP addresses, and

  • the Gate service must be able to communicate with the Master service (via port 7747).

...

Notes

Gate service

The Gate service listens for your terminals' pairing requests. After a successful pairing, the gate Gate service sends the terminal the VPN configuration, including information on how to connect to the master Master service.

The Gate service uses the batmgate unix user, which is a member of the batm group. The Gate service listens on port 7741. The master Master service uses the same port - but on a different interface.

Info

The Gate service’s TCP port 7741 should be temporarily accessible from the Internet only when performing a pairing. For security reasons - don’t leave it open. Leaving it open will encourage attackers to focus on your server.

Note

The Gate service is only compatible with terminals running on version 20230801 and newer!

  • Terminals using older firmware will automatically be automatically upgraded to version 20230801

...

  • The Master service uses batmmaster unix user, which is a member of the batm group.

  • The Master service listens on port 7741.

    • Please note that the same port uses gate Gate service but on a different interface.

...