ACSC FAQ

Here are some frequently asked questions about Anti-Cloud Secure Connect (ACSC).

What is an ACSC network?

An ACSC network is a private secure network to which nearly any kind of device can be connected. It is entirely software based, and runs over regular Ethernet and WiFi connections.

Each organization using ACSC has their own network, completely isolated from all other organizations. Each ACSC network uses its own private address space, and each member of the network uses a private IP address within the network that is cryptographically bound to its identity.

See the Terminology page for more details.

What is an ACSC host?

Each device connected to an ACSC network is an ACSC host (it hosts an ACSC network interface). The host runs the ACSC agent/client software, which provides the host with a private IP address that is accessible only through the same ACSC network. The ACSC client encrypts all traffic sent through the ACSC network.

See the Terminology page for more details.

How do I access an ACSC host?

To access an ACSC host, you need to be connected to the same ACSC network as it. From one ACSC host, you can connect to a remote ACSC host by using the remote host’s private ACSC IP address.

For example, if the remote host’s ACSC address is 10.12.34.56, and it’s running a web server on TCP port 80, you can connect to the web server from any other host on the same ACSC network by opening the URL http://10.12.34.56/ in a web browser.

How do I change an ACSC address?

To change the ACSC IP address of a host, you need to make corresponding address and routing changes to both sides of an ACSC connection. Follow these steps:

  1. Log into the ACSC management UI, and switch to the appropriate organization.

  2. Click the Hosts link in the page header. This will take you to the Hosts page.

  3. Click the name of the host. If you don’t see this host in the list, use the Filter by name… input at the top of the page to search for it by name. Clicking the name of the host will take you to the main page for the host.

  4. Click the name of the interface (“acsc0”) in the Interfaces panel. This will take you to the main page for interface.

  5. Click the Edit (pencil) icon in the Interface panel.

  6. Change the old address in the Addresses field to the new address.

    NOTE: this field will usually contain two addresses: an IPv4 address and an IPv6 address; plus each address will have a netmask representing the size of the ACSC network to which it belongs. If only changing one address, keep the other address as is; and always keep the netmasks the same.

    For example, if the existing Addresses value is 10.12.34.56/24, fd00:ab:cd:ef::38/64, and you want to update the IPv4 address from 10.12.34.56 to 10.12.34.78, change the field value to 10.12.34.78/24, fd00:ab:cd:ef::38/64.

  7. Click the Update button. This will take you back to the main page for the interface.

  8. Click the to Anti-Cloud Hub link in the Endpoints panel. This will take you to the main page for the endpoint which connects the host to the Anti-Cloud hub (the endpoint on the host’s own side of the connection).

  9. Scroll down to the Preshared Key panel, and click the name of the host (eg “to Alice’s Laptop”) in the Corresponding Endpoint field. This will take you to the main page for endpoint which connects the Anti-Cloud hub to the host (the endpoint on the Anti-Cloud side of the connection – ie the other side of the connection).

  10. Click the Edit (pencil) icon in the Endpoint panel.

  11. Change the old address in the AllowedIPs field to the new address.

    NOTE: this field will usually contain at least two network addresses: an IPv4 address and an IPv6 address; plus each address will have a netmask representing the size of the address. If only changing one address, keep the other addresses as is; and always keep the netmasks the same (beware that the netmasks in the AllowedIPs field usually will be different than the netmasks in the Addresses field).

    For example, if the existing AllowedIPs value is 10.12.34.56/32, fd00:ab:cd:ef::38/128, and you want to update the IPv4 address from 10.12.34.56 to 10.12.34.78, change the field value to 10.12.34.78/32, fd00:ab:cd:ef::38/128.

  12. Click the Update button.

This will queue changes to both sides of the connection. Once the ACSC agent on each side of the connection has applied the change, the host will be accessible via its new address.

How do I move an ACSC config from one host to another?

ACSC client config files cannot be copied from host to host.

The best way to replace an old host on an ACSC network with a new host (like to replace an old file server with a new file server) is to add a new host record in ACSC for the new host (with a new ACSC IP address and identity), and then change the DNS entry for the old host to point to the new host.

The second best way is to follow these steps:

  1. On the new host, if ACSC had previously been installed, completely uninstall it, including deleting its old configuration files in the C:\Program Files\Anti-Cloud\Secure Connect\ directory.
  2. On the old host, uninstall ACSC.
  3. Log into the ACSC management UI, and switch to the appropriate organization.
  4. Click the Hosts link in the page header. This will take you to the Hosts page.
  5. Click the name of the old host. If you don’t see this host in the list, use the Filter by name… input at the top of the page to search for it by name. Clicking the name of the host will take you to the main page for the host.
  6. Click the Set Up (gear) icon in the Agent panel. This will take you to the set-up page for the host.
  7. Click the acsc.conf and acsc-setup.conf links. This will download unique acsc.conf and acsc-setup.conf files that can be used on the new host.
  8. Install the ACSC agent on the new host.
  9. Return to the main page for the host in the ACSC management UI.
  10. Click the name of the interface (“acsc0”) in the Interfaces panel. This will take you to the main page for interface.
  11. Scroll down to the Config Changes panel.
  12. Click the Restore to Point (circle-with-arrow-and-dot) icon next to the last change before the interface was shut down. This will open a Restore to Point In Time dialog.
  13. Select the Include all endpoint changes radio button.
  14. Click the Restore button.

This will queue several changes to restore the full interface configuration of the old host to the new host. The next time the ACSC agent on the new host pings the ACSC management server, the agent will apply these changes. This will connect the new host to the ACSC network in place of the old host, using the old host’s ACSC IP address and identity.

How do I completely uninstall ACSC?

On Windows, you can uninstall the ACSC agent and client software by uninstalling the ACSC agent MSI package:

> msiexec /x acsc-x64-latest.msi /qn

However, this will leave the agent and client configuration files behind. To fully uninstall ACSC, make sure you delete the home ACSC directory:

> del "C:\Program Files\Anti-Cloud\Secure Connect\"