If your Puavo installation and LDAP master server are not within the same network as the server that needs LDAP or kerberos access, you need to setup VPN connection that is used for connections.
OpenVPN is recommended for VPN connections. It uses the client certificate that puavo-register fetched during registration to authenticate the connection. On Debian/Ubuntu you need to install the openvpn package:
sudo apt-get install openvpn
The VPN configuration file needs to be written:
/etc/openvpn/puavo.conf
client
dev tap
proto tcp-client
remote vpn1.fqdn 443
remote vpn2.fqdn 443
ca /etc/puavo/certs/orgcabundle.pem
cert /etc/puavo/certs/host.crt
key /etc/puavo/certs/host.key
ns-cert-type server
verb 3
keepalive 10 60
persist-tun
persist-key
up-delay
To start the tunnel:
sudo /etc/init.d/openvpn start puavo
If everything works correctly, this opens a tapX device (tap0 if no other devices exist) that is used to connect to needed services.