Access Vault from another server

[Jason Novotny]

Hi,

The configuration for Vault has

listener "tcp" {
 address = "127.0.0.1:8200"

and I can't access my Vault server from my laptop, it's apparently only listening on the local interface. Is this normal usage? Or how do I configure it to be accessible to outside servers?

Thanks, Jason

[Jeff Mitchell]

Hi Jason,

127.0.0.1 is the localhost interface so is only accessible to the
local machine. Simply set it to the IP address of your machine, or
0.0.0.0 to listen on all interfaces.

Best,
Jeff

> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/0975ca2e-4f6c-4018-a5ca-418bb11a0b92%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[David Adams]

127.0.0.1 is the loopback IP, and will not be accessible from anywhere but the host itself. You probably want to change it to `address = "0.0.0.0:8200"`, which will listen on all available interfaces on your server.

There's still network routing, firewall rules, etc to consider which might cause problems, but binding to 0.0.0.0 (or the actual IP of a publicly-routed network interface on the server) is the first step to making your vault server available to other machines.

--

This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/0975ca2e-4f6c-4018-a5ca-418bb11a0b92%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

David Adams | Systems Administrator

E: dad...@instructure.com

[Sas]

You can use below configuration for Vault and then add iptable rule 

1-

listener "tcp" {
 address = "0.0.0.0:8200"  

2-  Below iptable rule is for Centos "/etc/sysconfig/iptables"

-A INPUT -m state --state NEW -m tcp -p tcp --dport 8200 -j ACCEPT

3- restart iptables service : service iptables restart

4- check iptables status after restart : service iptables status 

You should able to see new rule in place 

5- Check for port from a different VM using  : telnet vaultserver-ip 8200   

If telnet works then vault is listening on required port  depends on your network configuration . Like eth0  , eth1  so on 

Thanks 

Sas