...

The key-pair is (optionally) created and then assigned to the Charon cloud instance at first launch. If a new key-pair is created, the private key can be downloaded during creation.

Make sure to store the private key in a safe place. If it is lost, access to the instance may be permanently lost.

Adapting the SSH Daemon Configuration of the Charon Host System

...

The above commands are not persistent across reboots.

To make the configuration permanent, you can use ifcfg-files, nmcli commands, or a custom startup script - depending on your requirements and your host operating system version.Sample

...

...

Sample ifcfg-files for CentOS/RHEL 7:

# cat /etc/sysconfig/network-scripts/ifcfg-br_vpn0
DEVICE=br_vpn0
NAME=br_vpn0
TYPE=Bridge
ONBOOT=yes
DEFROUTE=yes
STP=no
BOOTPROTO=none
IPADDR=192.168.0.10
NETMASK=255.255.255.0
NM_CONTROLLED=no

# cat /etc/sysconfig/network-scripts/ifcfg-tap0
DEVICE=tap0
NAME=tap0
BRIDGE=br_vpn0
TYPE=Tap
ONBOOT=yes
NM_CONTROLLED=no

# cat /etc/sysconfig/network-scripts/ifcfg-tap0_vpn0
DEVICE=tap0_vpn0
NAME=tap0_vpn0
BRIDGE=br_vpn0
TYPE=Tap
ONBOOT=yes
NM_CONTROLLED=no

Note that on CentOS/RHEL 8 and later versions the interfaces must be under NetworkManager control (that is, the NM_CONTROLLED command must be removed or set to yes) if the interfaces are later to be managed by the Charon-SSP Manager.

Please note that the network-scripts package is no longer available in RHEL 9 and derivatives. While the ifcfg-rh plugin can handle many of the legacy ifcfg file configurations, it cannot handle TAP interfaces. Therefore nmcli should be used to make the bridge configuration permanent (as shown in the sample below).

...