HOOC > HOOC Gateways > Connect as a Service > HOOC Connect E > Getting started Debian

Getting started Debian

After you have created a site in the HOOC ManagementPortal, you can activate it as follows:

Enter your serial number in the HOOC ManagementPortal and link the HOOC gateway to your site.
Navigate to HOOC gateway -> Configuration.
Select the platform / processor with packet set to Binary and download the HOOC Connect Binary without VPN access data to your own hardware.
Rename the HOOC Connect Binary to app_embeddedgateway via command mv.
Make the app_embeddedgateway executable by using the command chmod +x.
Start the app_embeddedgateway with the parameter hwid.
Copy the 64-digit hardware identification code (Console Output app_embeddedgateway) into the corresponding field in the HOOC ManagementPortal and activate it.

The hardware identification code (hwid) is a code with which the hardware can clearly be identified. This ensures that a license key can only be used by the respective hardware. Only after the hardware identification code has been confirmed successfully, you can download the HOOC Connect Binary with the VPN access data.

Select the platform / processor with packet set to binary and then download the HOOC Connect Binary with the VPN access data to your own hardware.
Rename the HOOC Connect Binary to app_embeddedgateway via command mv.
Make the app_embeddedgateway executable by using the command chmod +x.
Start the app_embeddedgateway as root-user.

Now the Console Output INFO[0000] Successfully connected to VPN... should be visible and the status of the VPN connection displayed in the HOOC ManagementPortal.

Use Case Bridge

Please note that when starting up, the HOOC Connect Binary creates the network interface hooc-tap0. If you wish to activate the same functionality as e.g. with the HOOC Connect H, you will need to set up a bridge between the physical network interface (e.g.; eth0) and the hooc-tap0. In the configuration examples below, you can see that the bridge obtains an IP address via DHCP.

If you use iptables, you can ensure with the iptables -A FORWARD -j ACCEPT -i br-hooc -o br-hooc command that the bridge forwards packets correctly. If you use docker, you must use this command.

Non-persistent configuration

It is important to know that the non-persistent configuration will no longer exist after you have restarted the operating system. Therefore, make sure that the net-tools and bridge-utils packages are installed. Run the commands below as root user.

# Create the bridge br-hooc
brctl addbr br-hooc
# Add the physical eth0 to the br-hooc bridge
brctl addif br-hooc eth0
# Remove IP eth0
ifconfig eth0 0.0.0.0
# Bring eth0 up
ifconfig eth0 up
# Obtain IP from local DHCP-Server
dhclient br-hooc
# Start the embedded gateway as root user with the bridge parameter
./app_embeddedgateway --vpn.linux.bridge=br-hooc

Persistent configuration

Adapt the network bridge and the physical network interface in the corresponding network configuration file as follows:

iface eth0 inet manual
iface eth0 inet6 manual

auto br-hooc
iface br-hooc inet dhcp
    bridge_ports eth0

If you use dhcpcd, you must made the following adjustments in the file /etc/dhcpcd.conf:

denyinterfaces eth0
interface br-hooc

When you restart the device or network interfaces, the persistent configuration will be adopted.

Please note that the configuration above is just one example of a possible configuration. Don’t forget that your configuration must be individually adapted to your operating system and the corresponding version.

Examples Linux (Debian)

Example init.d Script

In order to run the binary separately, you need a an OS-specific init.d script.

  #! /bin/sh
  ### BEGIN INIT INFO
  # Provides:          app_embeddedgateway
  # Required-Start:    networking
  # Required-Stop:     networking
  # Default-Start:     2 3 4 5
  # Default-Stop:      0 1 6
  # Short-Description: This is app_embeddedgateway daemon
  # Description:       This is app_embeddedgateway daemon
  ### END INIT INFO

  # Using the lsb functions to perform the operations.
  . /lib/lsb/init-functions
  # Process name ( For display )
  NAME=app_embeddedgateway
  # Daemon name, where is the actual executable
  DAEMON=/usr/local/bin/app_embeddedgateway
  # pid file for the daemon
  PIDFILE=/var/run/app_embeddedgateway.pid
  # log file for the daemon
  LOGFILE=/var/log/app_embeddedgateway.log

  # If the daemon is not there, then exit.
  test -x $DAEMON || exit 5

  case $1 in
  start)
      # Checked the PID file exists and check the actual status of process
      if [ -e $PIDFILE ]; then
          status_of_proc -p $PIDFILE $DAEMON "$NAME process" && status="0" || status="$?"
          # If the status is SUCCESS then don't need to start again.
          if [ $status = "0" ]; then
              exit # Exit
          fi
      fi
      # Start the daemon.
      log_daemon_msg "Starting the process" "$NAME"
      # Start the daemon with the help of start-stop-daemon
      # Log the message appropriately
      if start-stop-daemon --start --quiet --oknodo --background --make-pidfile --pidfile $PIDFILE --exec $DAEMON -- --log.file $LOGFILE; then
          log_end_msg 0
      else
          log_end_msg 1
      fi
  ;;
  stop)
      # Stop the daemon.
      if [ -e $PIDFILE ]; then
          status_of_proc -p $PIDFILE $DAEMON "Stoppping the $NAME process" && status="0" || status="$?"
          if [ "$status" = 0 ]; then
              start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE
              /bin/rm -rf $PIDFILE
          fi
      else
          log_daemon_msg "$NAME process is not running"
          log_end_msg 0
      fi
  ;;
  restart)
      # Restart the daemon.
      $0 stop && sleep 2 && $0 start
  ;;
  status)
      # Check the status of the process.
      if [ -e $PIDFILE ]; then
          status_of_proc -p $PIDFILE $DAEMON "$NAME process" && exit 0 || exit $?
      else
          log_daemon_msg "$NAME Process is not running"
          log_end_msg 0
      fi
  ;;
  *)
  # For invalid arguments, print the usage message.
  echo "Usage: $0 {start|stop|restart|status}"
  exit 2
  ;;
  esac

logrotate.d File

If the function ‘writing a log file’ is enabled, it is recommended to set up log rotation.

  /var/log/app_embeddedgateway.log {
    rotate 7
    daily
    missingok
    compress
    sharedscripts
    postrotate
        touch /var/log/app_embeddedgateway.log
    endscript
  }

Network interface

Regarding the network interface, please note the following:

If you want to establish a bridge to a physical ethernet port, you must first create the bridge which then has to be passed as parameter --vpn.linux.bridge.bridge.
The HOOC embedded gateway requires NET_ADMIN and NET_BIND_SERVICE rights. Either the binary is privileged or the rights are granted using setcap.

  setcap cap_net_admin,cap_net_bind_service=+ep ./app_embeddedgateway