- Platform Configurator
- Getting Started with Selenium for Automated Website Testing
- Getting Started with Appium for Mobile Native Application Testing
- Selenium Bootcamp by Dave Haeffner
- Appium Bootcamp by Dave Haeffner and Matthew Edwards
IPSec VPN allows test virtual machines in the Sauce Labs network to access application servers in customer's private network. However, IPSec VPN doesn't allow application servers to access Sauce test VMs. This diagram illustrates the architecture of IPSec VPN solution. The solution consists of two components, a VPN connection between two IPSec gateways, and a tunnel gateway.
A IPSec VPN connection is a tunnel between two IPSec gateways, one in the customer network and another in the Sauce Labs network. We recommend that you use an enterprise grade IPSec gateway to set up the IPSec VPN connection.
The tunnel gateway is always on for the lifetime of the IPSec VPN connection, and plays an important role in DNS resolution, routing and security.
The tunnel gateway runs a firewall and only authorized test VMs are allowed to connect through the firewall. Authorized test VMs include:
- Test VMs created by the IPSec VPN tunnel owner
- Test VMs created by accounts with which the tunnel is shared
By default all incoming connections from test VMs are blocked. Firewall rules are dynamically adjusted to allow connections from a new, authorized test VM and to block connections from a terminated test VM.
By default, the firewall allows these ports and protocols through the IPSec VPN connection.
|Outbound from Sauce||HTTP (TCP/80), HTTPS (TCP/443)|
|Outbound from Sauce||DNS (UDP/53, TCP/53, TCP/853)|
|Outbound from Sauce||Web Proxy (TCP/8080, TCP/8443)|
|Inbound from customer network, Outbound||ICMP|
|Inbound from customer network||BGP (TCP/179)|
You can request additional ports and protocols to be opened by contacting Sauce Labs Support.
Test VMs authorized to use the IPSec VPN tunnel are configured to route all their test traffic to the tunnel gateway.
Tunnel gateway routes all predefined customer subnets through the IPSec VPN tunnel and all other traffic is routed to the Internet.
In addition, the tunnel gateway also supports two options called
direct-domains. Both options are mutually exclusive and provide a list of domain names. Tunnel gateway routes any requests that match
tunnel-domains through the IPSec VPN tunnel and any requests that match
direct-domains directly to the Internet. Order of precedence is as follows:
- First, route based on tunnel-domains and direct-domains
- Next, route based on customer subnets.
We strongly recommend that you use subnets for routing.
By default, tunnel gateway uses predefined static routes. However, if you are running a BGP server, then the tunnel gateway can learn about new routes in the customer network. Please contact Sauce Labs Support to update static routes.
DNS requests for predefined user domains are forwarded through the tunnel to the user's DNS servers. All other requests are resolved through public DNS servers.
Sauce Labs IPSec VPN solution supports these protocols - HTTP, HTTPS, DNS, WebSockets and Secure WebSockets.
By default, the tunnel gateway acts as a Man-In-The-Middle proxy and re-encrypts all SSL connections with Sauce Labs certificate. If your tests don't access any servers with self-signed certificates, then we strongly recommended that you disable SSL re-encryption. SSL re-encryption can be disabled for all domains, or selected domains, by using that
no-ssl-bump-domains configuration option.
WebSocket servers with self-signed certificates are not supported.