SDA Gateway Requirements

Operating Systems

Linux

The SDA Glue service for Linux is built on SoftEther VPN Client, utilizing the native Linux IP stack and iptables for firewall management. While the service may function on other Linux distributions, it has not been extensively tested on nftables-based systems such as Red Hat Enterprise Linux. For optimal compatibility and support, we strongly recommend deploying the Gateway on Debian-based distributions.System Requirements:

  • Architecture: ARM, ARM64, i386, or AMD64

  • CPU & Memory: Minimum 1 GHz Dual-Core processor and 512 MB RAM

  • Service Management: systemd

  • Kernel Version: 5.6+

  • Distribution: Debian or Ubuntu based distributions

  • Dependencies: SoftEther VPN Client (installed automatically during setup); OpenVPN (optional, manual installation required)

Windows

The Windows implementation of SDA Glue utilizes the OpenVPN Community Client and depends on Windows Network Address Translation (WinNAT/NetNat) for network functionality.Note that WinNAT may not be enabled by default on all Windows versions and may require manual activation.System Requirements:

  • Operating System: Windows 10 Professional/Enterprise or Windows Server 2016 or later

  • Architecture: ARM, ARM64, i386, or AMD64

  • CPU & Memory: Minimum 2 GHz Dual-Core processor and 2 GB RAM

  • Permissions: Service requires elevated permissions to manage network resources

  • Dependencies: OpenVPN Community Client (installed automatically during setup)

  • Network Features: WinNAT/NetNat (see configuration instructions below)

Verifying WinNAT

To check if the WinNAT feature is enabled on your system:

  1. Open PowerShell as Administrator

  2. Execute the following command:

Get-NetNatExpected Results:

  • Feature Enabled: Command executes successfully (may return empty result if no NAT configurations exist)

  • Feature Disabled: Error message displays "Get-NetNat : Invalid class"

Enabling WinNATIf WinNAT is not enabled, follow these steps to activate it:

  1. Open PowerShell as Administrator

  2. Execute the following commands:

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux -NoRestartEnable-WindowsOptionalFeature -Online -FeatureName VirtualMachinePlatform -NoRestart

  1. Restart the computer after successful execution

  2. Verify activation by running Get-NetNat again

Docker & Kubernetes

SDA Glue can be deployed in containerized environments with specific configuration requirements to enable VPN functionality. The service requires access to the host's TUN device and network administration capabilities to establish secure tunnels.System Requirements:

  • Host Architecture: ARM64 or AMD64

  • TUN Device Access: --device=/dev/net/tun — access to the virtual network tunnel interface

  • Network Capabilities: --cap-add=NET_ADMIN — network interface configuration and routing management

TUN Device (/dev/net/tun): The TUN interface is a virtual network device that operates at layer 3 (IP level) of the networking stack, commonly used by VPN clients to establish secure tunnels. VPN clients use TUN devices to encrypt data before forwarding it through the VPN server via the tunnel. Without access to this device, the containerized SDA Glue cannot create the necessary network tunnels for connectivity.

NET_ADMIN Capability: This Linux capability allows the container to perform network-related operations including interface configuration, routing table modification, and firewall management. VPN containers require NET_ADMIN capability to manage network resources and establish proper routing for secure communications with SDA Cloud services.

 docker run -d \
   --name glue \
   --restart always \
   --device=/dev/net/tun \
   -p 8080:8080 \
   -v glue-data:/var/lib/sdaglue \
   --cap-add=NET_ADMIN \
   public.ecr.aws/t9c5s2d1/sdaglue:latest
LogoECR Public Gallerygallery.ecr.aws
Complete deployment details, configuration examples, and troubleshooting guidance.
PreviousNetwork & Firewall RequirementsNextSupported Browsers and OS

Last updated