Requirements:

  • Existing VPC
  • 2x Subnets in VPC. WAN and LAN.
  • 2x Network interfaces for WAN snd LAN
    • Most likely  Private subnet for LAN, no internet gateway.  As VCL with WAN-subnet will work as a gateway. Wan-subnet requires internet gateway to work.
  • Availability zone.
  • Security groups for WAN and LAN.

VPCs and subnets

Getting started with Amazon VPC

Internet Gateway

Create a Private Subnet


Starting up the VCL Instance

  • From AWS Management Console, go to "Launch Virtual Machine"


  • Search: Tosibox, there should come up Community AMI named TBVCL_X_X_X. Select it.


  • Choose suitable Instance Type and go to "Configure instance Details"
  • At this point you should have VPC and subnet for WAN.
    • Select Network (VPC)
    • select Wan subnet.
    • Set "Auto-Assign Public IP"
  • Storage according to needs, 8gb should be enough.
  • Next step is to configure Security groups.
    • For activation purposes allow all traffic in. After VCL is activated, you can configure security group according to your needs, it is recommended to have non firewall WAN-port as VCL itself has firewall in WAN. But users can set stricter settings if needed. 
    • What ports do I need to open for TOSIBOX® to work?
    • Outgoing UDP-ports are required by iOS client.
    • Below example for initial security group for WAN:

Launch your EC2 Instance.


Activating the VCL


Go to your list of instances, remember to go to correct Availability zone. Chose your freshly installed VCL.

Under "Networking" tab you will find Public IPv4 Address or Public IPv4 DNS. Copy one of these values to your Browsers URL Field. If security group is open or otherwise configure to allow http Traffic, browser should be forwarded to VCL Activation Screen.



Paste in VCL Activation code. Leave site open and go back to your instance.

Open up system Log, under Action -> Instance setting -> System Log. 

Remote activation code will appear here when VCL is installed and activated.

How to remotely match TOSIBOX® Virtual Central Lock


After VCL is activated and matched to the Key, you can start configuring your WAN-security group and setting up Lan with Network interface and proper subnet.

Do not connect Lan site to same Subnet as WAN. Overlapping networks will cause routing and other networking issues.



Lan adapter settings


After Lan site adapter is attached, "Source / Destination check" has to be disabled for LAN adapter.

From instance view, select VCL -> Networking -> Click one of the Network interface ID´s.

New view should open, from here uncheck WAN-interface and check LAN interface.

Click "Actions" click "Change Source/Dest. Check", select "Disable".


This will allow traffic to flow towards Physical Locks from VCL Lan Virtual Machines.


How to connect Lock to the (V)CL

How to create Access Groups

How to take extra Keys into use