Documentation
Guides
HomePortalStatus

Installing the Connector

Securely Connect Your Private Resources

Suggest Edits

💡Border0 seamlessly integrates VPN and Privileged Access Management (PAM) capabilities, providing a secure, identity-aware way to access private resources. At the core of this architecture is the Border0 Connector, which plays a critical role in securing and managing access.

The Connector’s Key Functions include:

  • An application-aware identity proxy for PAM, enabling granular, identity-aware access to private resources. It is the proxy, that terminates the SSH, Database, Kubernetes, etc sessions.
  • A VPN gateway, ensuring secure access without exposing resources to the internet. Ie, it terminates the Wireguard sessions from the clients.
  • A protocol-aware service, supporting session recording, policy validation, secrets management, and service discovery.

In this section we'll cover how to install your first Border0 connector.

Install a Border0 Connector from the Portal

In the Border0 admin portal, navigate to the Connectors page and Click "Add New Connector" to begin the process.

Border0 supports multiple installation methods to match your environment. Select the best option for your setup:

🔹 Linux – Works on any standard Linux machine
🔹 AWS EC2 – Deploy via a Border0-provided CloudFormation template
🔹 Docker – Run the Connector using the Border0 provided Docker image
🔹 Kubernetes – Deploy in Kubernetes using the Border0 provided Docker image

Installing a new connector

Installing a new connector

🚀 Most of the above methods are easy one click deployments, or well documented. Once installed, you can create resources, which will appear in your Border0 client—allowing you to securely access them with a single click!

Advanced - Install the Border0 connector manually

Take Full Control of Your Connector Installation

This section describes the Advanced installation option available in the Border0 Portal. Even though we call this "advanced," the process is straightforward and gives you full control over how and where the connector runs.

At a high level, the installation involves:

  1. Create a Connector and obtain a Connector Token
  2. Downloading the Connector
  3. Set up a system service (systemd or another service manager)

Create connector and a Connector Token

Log in to the Border0 Portal and navigate to Connectors and click "Add New Connector", here you can give it the name you prefer. Next, we need to create a token for this Connector. The token ensures only authorized Connectors can communicate with Border0.

After creation, go to the Tokens tab (top-right) and generate a new token. Choose an appropriate expiration period (Note: Your Connector will go offline if the token expires!)

Create a new connector and a token

Create a new connector and a token


Download the Border0 Connector

Next up we need to download the connector binary. Select and download the correct architecture for your system

sudo curl https://download.border0.com/linux_amd64/border0 \
    -o /usr/local/bin/border0 \
    && sudo chmod +x /usr/local/bin/border0

sudo curl https://download.border0.com/linux_arm64/border0 \
    -o /usr/local/bin/border0 \
    && sudo chmod +x /usr/local/bin/border0

sudo curl https://download.border0.com/linux_arm/border0 \ 
    -o /usr/local/bin/border0 \
    && sudo chmod +x /usr/local/bin/border0

sudo apt-get update && sudo apt-get -y install gpg curl
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.border0.com/deb/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/border0.gpg
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/border0.gpg] https://download.border0.com/deb/ stable main" | sudo tee /etc/apt/sources.list.d/border0.list
sudo apt-get update
sudo apt-get install border0

dnf -y install gpg wget
rpm --import https://download.border0.com/rpm/RPM-GPG-KEY
wget -O /etc/yum.repos.d/border0.repo https://download.border0.com/rpm/border0.repo
dnf install border0

docker run --rm  -d \
  --name border0-connector \
  --env BORDER0_TOKEN=${BORDER0_TOKEN} \
  --publish 32442:32442/udp \
  --cap-add NET_ADMIN \
  --device /dev/net/tun \
  --sysctl 'net.ipv6.conf.all.forwarding=1' \
  --sysctl 'net.ipv4.ip_forward=1' \
  ghcr.io/borderzero/border0 \
  connector start

sudo curl https://download.border0.com/darwin_amd64/border0 \
    -o /usr/local/bin/border0 \
    && sudo chmod +x /usr/local/bin/border0

Install the Border0 Connector Service

Unless you used the Linux (deb/rpm) installer, we need to install the connector service to make sure it's started.
The Border0 binary comes with a handy command to create the correct systemd (or inetd) service. Make sure to provide the token we just created as the environment variable BORDER0_TOKEN, so that it can register itself.

export BORDER0_TOKEN=<YOUR-TOKEN-HERE>...

next we can install the service:

sudo border0 connector install

This will start the connector process as a system service on your OS, making sure it's always running. After this the connector should show up as Online in the Portal.

If you did not provide a token, then the connector install process, will ask you to authenticate with your Border0 admin credentials. It will ask you to log in to your Border0 account, and will create a connector for you in your Border0 organization. 

$ sudo  border0 connector install  
Please navigate to the URL below in order to complete the login process:  
<https://portal.border0.com/login?device_identifier=IjJmMGY4YmY4LTQ5ZjYtNGU4ZC04NDJhLTk3NWQ1YmY3OWVlNCI>...  
Login successful  
🚀 Border0 connector "bofh" created successfully!  
🚀 Border0 connector token "bofh-token" created successfully!

 Install Border0 Connector Service:					[  OK  ]  
Starting Border0 Connector Service:					[  OK  ]  
📘 Web browser pop-up

📘

Web browser pop-up

We will attempt to open the login link for you, if that does not happen you just copy&paste the url into your favourite browser to complete the login

Managing the connector service

To see the current status of the Border0 connector service:

sudo systemctl status border0

To stop, start or restart the Border0 connector service:

sudo systemctl stop border0

sudo systemctl start border0

sudo systemctl restart border0

To check the connector logs on Linux

journalctl -fu border0

Configure your connector

Now that you have installed your first connector, it should show up in the admin portal in the connectors page.

The connector provides several built-in services, that can be enabled or disabled by configuring the connector details. By default the connector is configured to run a built-in SSH server, this allows you to get an SSH shell on the connector host.

For more information on connectors see the connectors section here.

Updated 10 days ago