Skip to main content

Setting up the Virtual Appliance

Most of the magic of Autotunnel happens on the Autotunnel Virtual Appliance. We provide an image in the VMDK format that is compatible with both VMware Workstation and Oracle VM VirtualBox. Though we recommend using VMware Workstation over VirtualBox. The virtual appliance can be downloaded here and should be unzipped/extracted prior to being opened in Workstation or VirtualBox. Below we will detail the steps to get the virtual appliance up and running in either hypervisor software.

Setup Instructions

VMware Workstation

The process to get the virtual appliance running in Workstation and Workstation Player is very straightforward. First, download the Autotunnel Virtual Appliance and extract its contents somewhere appropriate. Then, simply open the .VMX file from within Workstation via File > Open, or Player > File > Open depending on if you are using Player or not. Verify that the expected configuration has been applied: we recommend a minimum of 2 GB of memory, and the network adapter should also be bridged, rather than NAT. You should now be able to power on the virtual machine.

Oracle VM VirtualBox

In order to run the virtual appliance within VirtualBox it's only slightly more involved. First navigate to Machine > New. Give the virtual machine a name of your choice. Set "Type" to Linux" and "Version" to "Debian (64-bit)". Set the memory size to at least 2048 MB. Then, select "Use an existing virtual hard disk file", select the folder icon next to the dropdown, select "Add" and find and open the .VMDK file from the location you extracted the contents of the zipped folder to. The virtual machine should now appear in your list of virtual machines, its network configuration may be incorrectly set to NAT. Select the virtual machine, navigate to Settings > Network and change your network adapters "Attached to" to "Bridged Adapter". Hit OK to save your settings. You should now be able to start the virtual machine.

Initial Boot of the VA

Once the virtual appliance has booted, you will be prompted to log in. The default password is autotunnel. You will need to enter this password whenever you boot the virtual appliance, or lock the screen. There is no remote login to the virtual appliance via SSH or otherwise, so there's no urgency to change this password (though we will detail later how you can do so).

After logging in for the first time, you will need to set your network configuration. The virtual appliance can either receive its configuration via DHCP (if DHCP is available on the network), or a static assignment. Remember, however, the node virtual appliance should be on the same subnet as the node subnet configured when the peering was defined on the Dashboard. By contrast, the subnet that the peer virtual appliance sits on only needs to be able to reach the peer subnets: either they are on the same subnet, or the subnet is reachable via the virtual appliances configured gateway.


Before going any further, ensure that there are no connectivity issues. The virtual appliance must have access to the Autotunnel Registry, Autotunnel Controller, as well as DNS. If there is a connectivity issue, the virtual appliance will alert you to this and provide suggestions on how to troubleshoot the problem. See Basic Connectivity Requirements for further details.

Claiming Your Key

The Autotunnel Virtual Appliance takes care of negotiating and setting up the secure tunnel between itself and a remote peer. In order to do this, the virtual appliance must first authenticate with the Autotunnel Controller. The node and peer keys generated in the previous section are used to authenticate the virtual appliance. On the main screen, simply press the C key and enter your key, followed by the agreed upon shared secret.

Tunnel Establishment

After you and the remote peer claim your respective keys, the two virtual appliances should negotiate a tunnel between one another. You can now set the gateway of any clients that need access to remote peer subnets to the virtual appliances IP address.


Remote (peer) subnets do not need to use the peer virtual appliance as their gateway, as all network traffic flows are initiated from the node side, and are NATed to the peer virtual appliance IP address prior to being forwarded to any peer subnets.

Any traffic that does not match the expected source and destination subnets will simply be forwarded to the gateway of the virtual appliance, and will not traverse the tunnel.


Changing the Default Password

The default password may be changed via the terminal. To obtain terminal access simply hit ALT+F2 and log in using the default credentials: autotunnel:autotunnel. Enter the passwd command and follow the prompt to set your new password.


Other than for the purposes of running basic troubleshooting commands and changing the default password, we do not recommend making any changes to your virtual appliance via the terminal. We cannot provide support for virtual appliances that have had their configuration modified from the factory default.

Next, we will take a look at how to troubleshoot common issues that may result in a tunnel not being established.