Quick start for two nodes

In this setup you will know how to install MCC nodes and a tunnel.

Prerequisites

Two Debian/Ubuntu Linux based machines with Internet access. Other distributions are also possible however you may need to use another package manager. See here for more details.

Prepare a network certificate

Sign in to your Staex account or create a new one at https://cas.staex.io/. On the New network page of self-service portal create a new network certificate. You will get a private key of your network - save it for further steps. Also copy the network certificate.

Install the nodes

Install MCC client on both nodes.

curl -o /tmp/staex-repo.noarch.deb \
  https://packages.staex.io/linux/deb/staex-repo.noarch.deb
sudo apt-get install /tmp/staex-repo.noarch.deb
sudo apt-get update
sudo apt-get install mcc

Now you need to initialize nodes with your network certificate. You will be asked for the network certificate and the private key of your network.

sudo mcc init --parents public.staex.io
sudo systemctl enable --now mcc

Check the logs to validate MCC is running:

sudo journalctl -u mcc

Example output would be:

Started mcc.service - Staex VPN daemon.
INFO  [mcc::core::node] node id: gbkjnr7ydpj13bwjf8wcpwkemrnpfch0cfdtsvvgwpedjaa3we70
INFO  [mcc::core::node] trying parent 88.99.68.57:9376
INFO  [mcc::core::node] active parent is 88.99.68.57:9376
INFO  [mcc::crypto::cas_client] network certificate `/etc/mcc/network-certificate.txt` has been updated
INFO  [mcc::crypto::cas_client] network certificate `/etc/mcc/public-network-certificate.txt` has been updated

When both nodes are installed and running, you can proceed with creating a tunnel.

Get the ID of the first node

Go to the first node and run the following command to obtain an ID:

mcc id

Example output would be:

root@mcc1:~# mcc id
gbkjnr7ydpj13bwjf8wcpwkemrnpfch0cfdtsvvgwpedjaa3we70

Install the demo service on the second node and create a tunnel

Go to the second node. We need a service that we will be accessing through a tunnel. Let's use a simple web server running on port 8080. Install Docker if it is not yet there.

docker run --rm -d -p 8080:80 --name mcc-demo-service nginx

Once the web server is running, create a tunnel. Replace <NODE_1_ID> with the one from the previous step. You will be asked for the private key of your network.

sudo mcc create-tunnel \
  --targets tcp:8080 \
  --dns-names my-service1 \
  --remote-node <NODE_1_ID>

Once the tunnel is created you need to wait 2-3 minutes until changes are propagated over the network. Or you can run sudo systemctl restart mcc to force it.

Use the tunnel

Go to the first node and resolve the tunnel address by its name.

mcc resolve my-service1

Example output would be:

10.83.0.2

Now you can use it to access the service:

curl http://my-service1.staex:8080

You should see nginx welcome page, and the tunnel is working!

What's next?

  1. Explore MCC DNS service
dig my-service1 @127.0.0.1 -p 8353 +short
dig my-service1.staex @127.0.0.1 -p 8353 +short
  1. Exlore other nodes of your network
mcc nodes
  1. Explore how to create tunnels to remote devices
sudo mcc create-tunnel \
  --external-ip-address 192.168.1.1 \
  --targets tcp:8080 \
  --dns-names my-service-remote \
  --remote-node <NODE_1_ID>

Know more about tunnels.