How to install VCL on Amazon AWS Cloud via WEB-GUI

Modified on Thu, 10 Aug 2023 at 12:23 PM

TOSIBOX Virtual Central Lock images can be found : https://downloads.tosibox.com/VCL/


Important: VCL WAN and LAN interfaces have to be in different subnets! It is not allowed to use same subnet!

  • Existing VPC
  • 2x Subnets in VPC. WAN and LAN.
  • 2x Network interfaces for WAN and LAN
    • Most likely a Private subnet for LAN, no internet gateway.  As VCL with WAN-subnet will work as a gateway. Wan-subnet requires internet gateway to work.
  • Availability zone.
  • Security groups for WAN and LAN.

More useful information:

VPCs and subnets

Getting started with Amazon VPC

Internet Gateway

Create a Private Subnet

VCL System requirements

Starting up the VCL Instance

  • From AWS Management Console, go to "Launch Virtual Machine"
  • Search: VCL or HUB, there should come up Community AMI named TBVCL_X_X_X. Select always latest.

  • Choose suitable Instance Type and go to "Configure instance Details"
  • At this point you should have VPC and subnet for WAN.
    • Select Network (VPC)
    • select Wan subnet.
    • Set "Auto-Assign Public IP"

  • Storage according to needs, 20 GB is enough.

  • Next step is to configure Security groups.
    • For activation purposes allow all traffic in. After VCL is activated, you can configure security group according to your needs, it is recommended to have non firewall WAN-port as VCL itself has firewall in WAN. But users can set stricter settings if needed. 
      What ports do I need to open for TOSIBOX® to work?
    • Outgoing UDP-ports are required by iOS client.
    • Below example for initial security group for WAN:

  • Launch your EC2 Instance.

Activating the VCL

Go to your list of instances, remember to go to correct Availability zone. Chose your freshly installed VCL. Under "Networking" tab you will find Public IPv4 Address or Public IPv4 DNS. Copy one of these values to your Browsers URL Field. If security group is open or otherwise configure to allow http Traffic, browser should be forwarded to VCL Activation Screen.

Paste in VCL Activation code. Leave site open and go back to your instance.

Open up system Log, under Action -> Monitor and troubleshoot -> System Log. 

Remote activation code will appear here when VCL is installed and activated.

How to remotely match TOSIBOX® Virtual Central Lock

After VCL is activated and matched to the Key, you can start configuring your WAN-security group and setting up Lan with Network interface and proper subnet.

Important! Do not connect Lan site to same Subnet as WAN. Overlapping networks will cause routing and other networking issues.

LAN adapter settings

After Lan site adapter is attached, "Source / Destination check" has to be disabled for LAN adapter.

  • From instance view, select VCL -> Networking -> Click one of the Network interface ID´s.
  • New view should open, from here uncheck WAN-interface and check LAN interface.
  • Click "Actions" click "Change Source/Dest. Check", select "Disable".

This will allow traffic to flow towards Physical Locks from VCL Lan Virtual Machines.

How to connect Lock to the (V)CL

How to create Access Groups

How to take extra Keys into use