How to install VCL on Amazon AWS Cloud via CLI /command line interface

Modified on Fri, 14 Jul 2023 at 12:43 PM

TOSIBOX Virtual Central Lock images:


VCL System requirements

General information for AWS on Amazon Web-Portal: https://aws.amazon.com/de/

To install Tosibox VCL via CLI you have to install CLI to your computer and perform 3 steps:


1. Install CLI

2. CLI peliminary steps

3. Run VCL installer script


Important: VCL WAN and LAN interfaces have to be in different subnets! It is not allowed to use same subnet!


1. AWS CLI install for PC/MAC/LINUX/...

"aws" command line tools installer: 



Check current cli version on your machine:

Terminal command: $ aws --version

aws-cli/2.13.1 Python/3.11.4 Darwin/22.5.0 exe/x86_64 prompt/off


2. CLI preliminary steps


1. Navigate to My security credentials (under IAM/User)


2. Under "Access keys for CLI, SDK, & API access" Create access Key and

   make note of the access Key and secret Key


Access key: xxxxxxxxxxxxxxxxxxx 

Secret access key: xxxxxxxxxxxxxxxxxxxxxxxxxx


3. start configuration

  `# aws configure --profile [PROFILENAME]`

I used here: `# aws configure --profile awsprofile`


4. Fill in your details and enter the access key and secret key


user:aws user aws configure --profile awsprofile

AWS Access Key ID [****************HH26]: xxxxxxxxxxxxxxxxxxx

AWS Secret Access Key [****************QL70]: xxxxxxxxxxxxxxxxxxxxxxxxx

Default region name [None]: eu-north-1

Default output format [None]: 



5. Set the profile to your environment variable



I used: # export AWS_PROFILE=awsprofile




3. Run VCL installer script tosibox-virtual-central-lock.sh


user$ ./tosibox-virtual-central-lock.sh install


Here is the full LOG:


STEP 1: TOSIBOX(R) Virtual Central Lock deployment

In order to install VCL, you need to enter the

activation code that can be ordered from Tosibox Sales



Notice, that you need TOSIBOX(R) Key in order to start

using TOSIBOX(R) Ecosystem.


You may purchase TOSIBOX(R) Key from:

 - https://www.tosibox.com/contact-us/distributors/

 - https://www.verkkokauppa.com/ (search tosibox)



Enter a unique name for your deployment in lowercase (empty to cancel): newdep2

Using name: newdep2 for deployment..


If you want to get your IP automatically from ipinfo.io, use switch -i auto

Enter your source IP address (default to allow all)

Allowed IP-address is:  


More information: The IP is for  activation so that it blocks access to the activation screen from all expect your IP. (it is available even though it’s not seen when you use the script)

From the scripts –help:  -i, --source-ip [CIDR/auto]         CIDR or 'auto' for automatic from ipinfo.io to restricting activation traffic only to your IP. NOTICE: activation traffic is unencrypted and anyone in your local network or in the network path could eavesdrop the traffic.


Select the cloud service (number) to be used.

1) aws

2) az

#? 1


Enter the region (number) for your instance:

1) eu-north-1      5) eu-west-1            9) ca-central-1    13) us-east-1

2) ap-south-1      6) ap-northeast-2 10) ap-southeast-1  14) us-east-2

3) eu-west-3       7) ap-northeast-1 11) ap-southeast-2  15) us-west-1

4) eu-west-2       8) sa-east-1            12) eu-central-1    16) us-west-2

#? 1


Using region: eu-north-1

Enter the availability zone (number):

1) eu-north-1a

2) eu-north-1b

3) eu-north-1c

#? 1


Using availability zone: eu-north-1a

Creating an AWS CloudFormation deployment for TOSIBOX(R) Virtual Central Lock

Your AWS profile is: awsprofile

Finding AMI id for region: ami-026bd8fcaa648a508

Creating deployment bucket..

make_bucket: newdep2

Packaging deployment..

Uploading to 6e6fc2e7a5377fbfda86b410d18b0b6b.template   1046 / 1046.0  (100.00%)

Successfully packaged artifacts and wrote output template to file packaged-template.yaml.

Execute the following command to deploy the packaged template

aws cloudformation deploy --template-file /Users/user/Downloads/aws/aws/packaged-template.yaml --stack-name <YOUR STACK NAME>

Creating deployment..


Waiting for changeset to be created..

Waiting for stack create/update to complete

Successfully created/updated stack - newdep2



STEP 2: Activation

Next we start activation of the Virtual Central Lock

This will phase take about 10 minutes and as it will

Download the latest software packages from TOSIBOX

software repository.



Name: newdep2 given..

Using name: newdep2 for deployment..


Using aws for deployment..

Enter activation code (empty to cancel): 1p18axxxxxxxxxxxxxxxxxxCrQQvKf


The activation url is: http://ec2-13-49-80-169.eu-north-1.compute.amazonaws.com/cgi-bin/vcl-activation

Activating license..

  % Total     % Received % Xferd  Average Speed   Time    Time      Time  Current

                                 Dload  Upload    Total   Spent    Left   Speed

100    11     0    11    0      0     29      0 --:--:-- --:--:-- --:--:--    29


Waiting until VCL installs.

Activation in progress.

Installing license.

Downloading software.................................

Waiting until the VCL restarts.


Please wait until the VCL system restarts (may take 5-10 minutes).

Waiting for the remote matching code.........................................................................................................


Use remote matching code to serialize : 10011220xxxxxxxxxxxxxagqZTm3sX2Zf6



STEP 3: Remote matching

In order to start using the Virtual Central Lock,

start your TOSIBOX(R) Key and select:


 Devices -> Remote Matching


After that enter the remote maching code, and

access your TOSIBOX(R) Virtual Central Lock by

connecting your TOSIBOX(R) Key and accessing the

admin user interface.



Alternative STEP 2+3: Activation+Remote Matching


If you experience problems with activation via cli you can start VCL webinterface bei open it via public IPv4-address shown in AWS EC2 vcl-instance.

Put in activation code and wait a couple of minutes (activation process will not show finish in that window)

Go to AWS >/ec2/mark your instances-id (vcl) > Menu Action/Monitor/System protocol

In system protocol you get the remote matching code:

Connect to VCL via Tosibox Key:

A screenshot of a cell phone

Description automatically generated


AWS – Amazon Management Console:


A screenshot of a cell phone

Description automatically generated


A screenshot of a cell phone

Description automatically generated





A screenshot of a cell phone

Description automatically generated

Problems with installation regarding WAN/LAN adapter:

Make 100% sure WAN subnet is 

a) same availability zone where wanted LAN subnet is 

B) is different from LAN (no overlapping networks)
If not, both cases require reinstall.

If availability zone is anyway different, it cannot be changed after VCL is activated. WAN port is bound to first Virtual Adapter and that’s it. If it is wrong or has to be moved LAN Access is required or -> Reinstall.



Create WAN  and LAN interface before you start to install VCL, with that you can be 100% sure that WAN is in same availability zone, but not overlapping networks/same subnet as LAN.


You cannot add network adapters from different availability zones to one appliance.