Oracle Cloud Platform Corente VPN For PaaS and IaaS

Oracle Cloud Platform
Corente VPN for PaaS & IaaS

Step-by-Step Deployment
Version 1
03.06.2016
Oracle Cloud Platform - Corente VPN for PaaS & IaaS
TABLE OF CONTENTS
Introduction ............................................................................................................................................... 3
Chapter 1. Understanding the Architecture ................................................................................................ 5

1.1 Architecture of the solution .................................................................................................................... 5
1.2 Key components of the solution ............................................................................................................. 5
Chapter 2. Setting up Corente Services Gateway on-premise ..................................................................... 7

2.1 Accessing the APP Net Manager Lite ...................................................................................................... 7
2.2 Login to the APP Net Manager Lite ......................................................................................................... 8
2.3 Creating the location for the on-premise gateway ................................................................................. 8
2.4 Creating the Corente VPN virtual machine ........................................................................................... 19
Chapter 3. Setting up Corente Services Gateway on Oracle Cloud ............................................................ 29

3.1 Creating the Corente VPN virtual machine ........................................................................................... 29
3.2 Creating the location for the on-cloud gateway ................................................................................... 32
3.3 Creating the Corente VPN instance ...................................................................................................... 55
Chapter 4. Configure the partnership between gateways......................................................................... 62

4.1 Enabling partnership for the on-cloud gateway ................................................................................... 62
4.2 Enabling partnership for the on-premise gateway ............................................................................... 67
Chapter 5. Testing the VPN connection .................................................................................................... 73
Appendix .................................................................................................................................................. 77
Copyright 2016, Oracle and/or its affiliates. All rights reserved 2

Oracle Cloud Platform - Corente VPN for PaaS & IaaS
INTRODUCTION
This paper describes how to set up Corente Services Gateway for secure access to your
Oracle Compute Cloud Service, Oracle Java Cloud Service and Oracle Database Cloud Service
instances.
Oracles Corente Cloud Services Exchange (Corente CSX) is a cloud-based software-
defined networking (SDN) solution that enables distributed enterprises to deliver trusted
connectivity services to and from any location with less complexity, in significantly less time, and
at a greatly reduced cost, when compared to more-traditional approaches. Corente CSX enables
organizations to transform their wide area network (WAN) into a cost-effective, agile network.
Corente CSX relies on the Oracle-hosted Service Control Point (SCP), which is a centralized
service management platform that provides secure policy-based service brokering, mediation,
and virtual network orchestration.
Companies want to connect applications securely into private networks over the internet
and facilitate hybrid cloud services to seamlessly connect applications running locally into the
cloud. Today many of these tasks require significant planning, acquisition, and integration
efforts, often requiring expensive networking technology and equipment that are often difficult
to manage.
A component of Corente CSX, the Corente Services Gateway (CSG) is a distributed virtual
appliance located at the network edge that provides secure endpoints for virtual private
networks over any IP networks with zero-touch installation. A Services Gateway is installed at
each branch or partner location, and creates a secure end-to-end connection for application
traffic. The Services Gateways also maintain separate out-of-band connections with the SCP
database for monitoring, administration, and logging.
Services Gateway software can be installed on commodity x86 bare metal hardware, on
supported hypervisor virtual machines (VMs), or on local Oracle VM VirtualBox VMs (Windows,
Linux, and Solaris) where local applications can be deployed, managed, and monitored.
The App Net Manager service-portal in Corente CSX is a web-based application that
provides centralized, role-based access to service lifecycle management tools for service
subscribers, including provisioning, managing, and monitoring of their global private networks.
The network infrastructure including gateway configuration and deployment is managed from a
single interface through App Net Manager. In addition, the portal allows administrators to
configure system policies; create fine-grained access policies for users, applications, servers, and
other network resources; manage all connections through the simplicity of a drag-and-drop user
interface; set thresholds for alerts; monitor real-time status of resources; and view historical
reports.
Copyright 2016, Oracle and/or its affiliates. All rights reserved 3

Oracle Cloud Platform Corente VPN for PaaS & IaaS
App Net Manager portal for consolidated service management and monitoring:
4
Copyright 2016, Oracle and/or its affiliates. All rights reserved
Chapter 1. Understanding the Architecture
1.1 Architecture of the solution
Here is a quick overview of the architecture of the VPN solution being offered to Oracle Compute
Cloud Service, Oracle Java Cloud Service, and Oracle Database Cloud Service (DBCS) customers.
1.2 Key components of the solution
App Net Manager Service Portal: App Net Manager is a secure web portal that you use to
create, configure, modify, delete, and monitor the components of your Corente-powered
network.
Corente Services Gateway: Corente Services Gateway acts as a proxy that facilitates
secure access and data transfer in the VPN solution.
The solution consists of two separate installations of Corente Services Gateway:
The first gateway (referred to as on-premise gateway) is installed on a host in your on-
premises data center. The gateway may be run as a guest VM on your physical host.
Note: you should set up the on-premises gateway manually on a host with Internet access
in your data center. One edge of this on-premises gateway connects to the Internet to
establish connectivity with the Corente Services Gateway (the first one) installed in Oracle
Cloud and the other edge of the on-premises gateway communicates with hosts or virtual
machines of your users and administrators in your private network.
5
Your administration can access the App Net Manager service portal only via a computer
connected to the Corente Services Gateway installed in your data center. Direct access to
App Net Manager without the Corente Services Gateway in your data center is not
permitted.
The second gateway (referred to as cloud gateway) is installed on an Oracle Compute
Cloud Service instance running on Oracle Cloud.
Note: you should manually set up and configure a Generic Routing Encapsulation (GRE)
tunnel from your Oracle Compute Cloud Service instances (virtual machines) to the
Corente Services Gateway running on another Oracle Compute Cloud Service instance.
6
Chapter 2. Setting up Corente Services Gateway on-premise
2.1 Accessing the APP Net Manager Lite
In order to create a location of a Corente VPN Gateway you will have to use a web-browser that
meets the requirements for Corente network administration (see below) and access the
administration homepage: http://www.corente.com/web/
To access the administration homepage you will need Oracles Java Web Start and version
1.5.0_10 or later of Java Runtime Environment (JRE).
Note: version 1.6.0 of the JRE may not be compatible with older versions of Linux. If your OS
does not support 1.6.0 or does not appear to be compatible, you must download an earlier
version (1.5.0_10 or 1.5.0_11).
If you do not yet have an active location in your Corente network, click the hyperlink for App Net
Manager Lite. App Net Manager Lite will not allow you enable more than the basic location
gateway options; however you can add additional functionality to your gateway once it has been
activated.
If you already have an active location gateway, click the hyperlink App Net Manager. After the
first location gateway has been activated in your Corente network, all administrative activities
must take place across a secure tunnel using App Net Manager.
7
2.2 Login to the APP Net Manager Lite
Login to the APP Net Manager Lite using the Corente VPN credentials youve received.
2.3 Creating the location for the on-premise gateway
Navigate to File - Wizards - Location in order to create the location of the first Corente VPN
Gateway.
8
Selecting Location Wizard form the File menu launches the location wizard which takes you step
by step through the process of creating a location gateway with basic functionality.
Click Next to start configuring the location.
9
Enter the alphanumeric identifier for the location gateway that you are creating (in our case it is
corentegw-onprem) and click Next.
Enter the address and time zone of the physical location of this location gateway and click Next.
10
Select your automatic reboot preferences for the location gateway and click Next.
Select your maintenance time preferences for the location gateway and click Next.
11
Choose the appropriate configuration option for your location gateway:

A Peer configuration for a location gateway requires the use of only one Ethernet port.
An Inline configuration for a location gateway requires the use of two Ethernet ports
one facing your internal network and one facing the external network (i.e. Internet). All
traffic between the internal and external network flows through the location gateway.
For the on-premise gateway the configuration has to be set to Inline Configuration. Click Next.
12
Select how the Inline location gateways IP address, Subnet Mask and Default Gateway will be
assigned:
DHCP select this option to allow a DHCP server to automatically assign and IP address,
Subnet Mask and Gateway address to this location.
Static when this option is selected you must manually enter addressing information for
the location gateways Ethernet interface.
PPPOE select this option if your location gateway will use PPPOE to connect to the
Internet.
In our case we will select DHCP. Click Next.
13
Some ISPs require a particular name be present when a request for a DHCP address is made. If
applicable you may enter that name here.
If you dont have a DHCP client name leave the field empty and click Next.
14
Enter the IP address and Subnet Mask that you want to assign to the LAN interface of the
location gateway and click Next.
15
Select the Get DNS Dynamically option if the IP address of the DNS servers will be provided by
a DHCP server when it serves the location gateways IP address, Subnet Mask and Default
Gateway address. Click Next.
Review the information provided and click Next.
16
Click Finish in order to finalize the configuration of the on-premise Corente VPN Gateway.
17
Expand the Locations tab and you will see the location of the on-premise Corente VPN Gateway.
The orange arrow means the configuration file is ready to be downloaded by the virtual machine
with Corente VPN Gateway installed.
To continue installing the new gateway in your domain, you must download the location
gateway. Until the icon turns green your location is not yet ready to create secure tunnels to
other locations.
Note: Do not download the location configuration from the App Net Manager Lite otherwise you
wont be able to download it again during the gateway installation.
18
2.4 Creating the Corente VPN virtual machine
Download the Corente Services Gateway software (Corente Gateway Image) from one of the
following URLs:
http://www.oracle.com/technetwork/topics/cloud/downloads/network-cloud-service-
2952583.html
http://www.corente.com/web
19
Create a new virtual machine in Virtual Box for the on-premise Corente VPN Gateway using as an
example the following configuration settings.
20
Configure the network adapters for the on-premise Corente VPN Gateway (the virtual machine
should have two network adapters: one for Internet connection and one the internal
communication with the Corente guest virtual machines).
Select Adapter 1 and configure the appropriate connectivity type (in our example it will use the
wireless adapter of the laptop and a bridged connection (VirtualBox connects to your installed
network card and exchanges network packets directly, circumventing your host operating
system's network stack).
21
Select Adapter 2 and set it to perform internal connectivity inside the LAN (select Internal
Network)
22
Edit the virtual machine settings by adding the downloaded image (.iso) to the optical drive in
order to boot from it.
Power-on the virtual machine to start the installation of the Corente VPN Gateway and type yes.
23
Wait for the installation to complete and remove the .iso image from the optical drive of the
virtual machine. Reboot the machine after that.
Highlight Download Config and click Enter.
24
Type in the download site (www.corente.com) and select the appropriate connection type that
best suits your infrastructure (DHCP, PPPoE or Manual Configuration). Click Next.
Type in the Corente VPN Gateway credentials and click Continue.
25
Switch to the APP Net Manager Light Service Portal and observe that the location has modified
its icon to a grey background which means the configuration has been downloaded by the on-
premise Corente VPN Gateway.
26
When the Corente virtual machine has completed downloading the configuration from the APP
Net Manager the login screen appears.
Note: The Corente Gateway is a blackbox. You wont be able to log into it.
27
Switch to the APP Net Manager Service Portal and see that the location has disappeared. This is
the expected behavior.
28
Chapter 3. Setting up Corente Services Gateway on Oracle

Cloud
The following steps will be done from a Linux machine connected to the internal LAN of the on-
premise Corente location.
3.1 Creating the Corente VPN virtual machine
Create a new virtual machine in Virtual Box. This VM will play the role of the Corente guest.
Navigate to the VM Settings - Network and choose the same adapter settings as you have used
for the Corente VPN Gateway machine as depicted in the pictures below.
Select Adapter 1 and configure it to perform internal communication inside the LAN (select
Internal Network).
29
Select Adapter 2 and configure it to perform external communication (in this case we used a
bridged adapter).
Download an Oracle Linux distribution from https://edelivery.oracle.com/linux and mount it to

the optical drive of the newly created virtual machine.
Power-on the virtual machine and perform the installation of the operating system.
30
When the installation process completes, log in to the virtual machine and check the following:
a. Type ifconfig eth0 and make sure that the machine is on the same subnet as the
Corente VPN Gateway
b. Type netstat nr and confirm the default gateway is the IP address of the Corente
VPN Gateway
31
3.2 Creating the location for the on-cloud gateway
Download the App Net Manager from http://corente.com/web
32
Login to the App Net Manager with the same Corente VPN credentials used when you configured
the on-premise gateway.
33
Expand the Locations tab and see that the on-premise gateway is already configured.
Navigate to File - Wizards - Location and configure the second gateway (corentegw-oncloud).
34
Enter the alphanumeric identifier for the location gateway that you are creating (in our case it is
corentegw-oncloud) and click Next.
35
Enter the address and time zone of the physical location of the new location gateway and click
Next.
36
Select your automatic reboot preferences for the location gateway and click Next.
37
Select your maintenance time preferences for the location gateway and click Next.
38
For the on-cloud gateway the configuration has to be set to Peer Configuration. Click Next.
39
Select the type of the interface that is going to be used for the WAN connection and click Next.
40
Some ISPs require a particular name be present when a request for a DHCP address is made. If
applicable you may enter that name here.
If you dont have a DHCP client name leave the field empty and click Next.
41
Select the Get DNS Dynamically option if the IP address of the DNS servers will be provided by
a DHCP server when it serves the location gateways IP address, Subnet Mask and Default
Gateway address. Click Next.
42
User Groups let you identify groups of machines on the local network (computers, servers,
printers) that will be allowed to participate in your Corente network.
43
If you would like you can choose an optional Firewall Policy that will apply to all traffic to and/or
from the Default User Group. Click Next.
44
Click Add to configure the address range for the Default User Group.
45
Default User Group Configuration:

Include select this option to specify a range that will be included in the group
Exclude if there are IP addresses or ranges of addresses within the subnets that you
have already Included that you do not want to be in your Default User Group, you can use
the Exclude Range option to remove these addresses.
Select the Include Subnet and click Next.
46
Type in the subnet range for the cloud instances that are going to use this gateway.
47
You must now set the appropriate Oubound NAT settings for this subnet. In this case we will use
Permitted. Click Next.
48
Review the configuration details and click Next.
49
Click Finish to complete the configuration of the Corente VPN on-cloud gateway.
50
Click on each of the two gateways and see that the both have to connections (one for the
internal connection to the guest VMs/instances and one for the Internet access).
51
Open a terminal window and enter the following command: uuidgen
Return to the APP Net Manager Service Portal and edit the on-cloud gateway in order to enter
the above generated UUID.
52
Enable Zero Touch Configuration and enter your own UUID in the Unique Identified field.
Click OK button at the bottom of the Add Location screen. You will return to the main App Net
Manager screen, and the Save button at the top of the screen will be active. Note that the red
square with yellow center to the upper left of the location icon; it indicates that there are
unsaved changes.
The UID HAS TO BE UNIQUE for each OPC Corente Gateway. One on-prem Corente Gateway can
have X number of OPC GW partners. You will have to use this UUID in the csglaunchplan.json
JSON file that you will create in a later step.
53
Click Save at the top of the App Net Manager screen. A Save All Changes pop-screen is displayed.
Click Start at the bottom of this screen to save the configuration.
54
3.3 Creating the Corente VPN instance
Download the orchestration examples from

2952583.html
Sign in to the Oracle Cloud using the following address: https://computeui.us.oraclecloud.com/
55
Create an IP reservation for the gateway.
56
Notes:
Update the ID and username above in ALL files to match your current OPC environment.
Update csg-nat-ip secipentries to match your RESERVED NAT IP
Make sure you run uuidgen and update the uid info above as well. The UID needs to be
unique for each OPC gateway youre provisioning.
DO NOT start the JSON Orch files till you have created a Corente OPC gateway and
inserted its unique ID into the gateway configuration with App Net Manager utility.
Suggest using the ANM Wizard for it. Once the new OPC Gateway is created along with its
unique UUID and you are seeing the download icon then you can go ahead and start the
JSON Orchs
Edit the secrule.json file that you previously downloaded with the reserved IP address and with
your identity domain and username.
57
Upload the orchestration.
58
Edit the storage_vol1.json file that you previously downloaded with your identity domain,
username and location of the Corente gateway image.
59
Edit the csglaunchplan.json file you previously downloaded with your identity domain,
username, location of the Corente gateway image and the UUID you used when configured the
corentegw-oncloud.
60
Start the orchestration in the following order:
secrule.json
storage_vol1.json
csglaunchplan.json
61
Chapter 4. Configure the partnership between gateways
4.1 Enabling partnership for the on-cloud gateway
Once the Cloud gateway has been started, the Corente configuration file will be downloaded and
the GW icon will be changed in the App Net Manager. Now, youre ready to start the Partnership
configuration and it should be done ONLY after both gateways icons are GREEN.
62
Click on the cloud gateway and select Approve Partner Connections.
63
Expand the location of the on-premise gateway, select Partners and click on Add Partner.
64
Click Add and accept the default options.
65
Click OK to complete the partnership configuration.
66
4.2 Enabling partnership for the on-premise gateway
Observe that only half of the configuration is done (we have configured the partnership between
the corentegw-onprem and the corentegw-oncloud. We will also have to configure the
partnership between the corentegw-oncloud and the corentegw-onprem).
67
Expand the location of the corentegw-oncloud, select Partners and click on Add Partner.
68
Click Add and accept the default options.
69
Click OK to complete the partnership configuration.
70
Now the partnership between the two gateways is complete (see the green connection between
them).
71
Click on Locations to see the details for both gateways (when they were creating, IP addressing
etc).
72
Chapter 5. Testing the VPN connection
Create a Corente guest instance using two orchestrations (one for creating the boot volume and
the other one for creating the actual instance). Edit the orchestrations using your identity
domain, username, IPs, SSH key etc.
Boot volume orchestration:
73
Instance launchplan:
Download the GRE configuration script from the following location on any directory on your
running Compute Service guest instance:
2952583.html
After downloading it make sure the script is executable before running it. If it is not run the
following command as root:
chmod +x oc-config-corente-tunnel
Run the following commands after changing the IP addresses with your own:
sudo bash
nohup ./oc-config-corente-tunnel --local-tunnel-address=172.16.1.1 --csg-

hostname=csg.compute-gse00000632.oraclecloud.internal --csg-tunnel-address=172.16.254.1 -
-onprem- subnets=192.168.1.0/24 &
74
Note: The csg-tunnel-address is hardcoded to 172.16.254.1, you cannot change it!
Add the following entry to the /etc/rc.local file.
bash /usr/bin/oc-config-corente-tunnel --local-tunnel-address=172.16.1.1 --csg-

hostname=csg.compute-gse00000632.oraclecloud.internal --csg-tunnel-address=172.16.254.1 -
-onprem- subnets=192.168.1.0/24
Note: Customize the command-line parameters, as needed (same syntax as the corente-tunnel-
args user data attribute). You must run the script in background, as the script wont exit.
Open a new terminal console and run the following command:
sudo bash oc-config-corente-tunnel
Check the interface configuration by issuing the ifconfig command and see that a gre1 interface
was created as a result of running the above script.
75
Test the connection between the Cloud guest instance and the on-premise guest virtual machine
by issuing the ping command.
Successful ping between 172.16.1.1 (Cloud guest instance) and 192.168.1.2 (on-premise guest
virtual machine) using the GRE tunnel.
If you want to add an existing PAAS instance as VPN guest you will have to download the script
onto that instance, run it as youve seen above and also adding that instance to the internal
security list used by the Corente gateway (in our case csg-internal) in order to facilitate the
communication between the instance and the gateway.
76
Appendix
1. Orchestrations used for the corentegw-oncloud.
a. storage_vol1.json
{
"name" : "/Compute-gse00000632/cloud.admin/orch-csg-vol",
"description" : "The bootable volume for a compute instance hosting Corente Gateway",
"oplans" : [
{
"obj_type" : "storage/volume",
"label" : "csg-boot-vol",
"objects" : [{
"name" : "/Compute-gse00000632/cloud.admin/csg-boot-
vol",
"size" : "44G",
"properties" : ["/oracle/public/storage/default"],
"bootable" : "true",
"imagelist" : "/oracle/public/gateway9.3.165-nimbula-6"
}
]
}
]
}
77
b. secrule.json
{
"name": "/Compute-gse00000632/cloud.admin/orch-secrules",
"relationships" : [
{
"oplan" : "secrule-1",
"to_oplan" : "seclist-1",
"type" : "depends"
},
{
"to_oplan" : "seciplist-1",
"type" : "depends"
},
{
"to_oplan" : "secapplication-1",
"type" : "depends"
}
],
"description": "Secure Rules for Corente Gateway",
"oplans": [
{
"obj_type": "seclist",
"label": "seclist-1",
"objects": [
{
"name": "/Compute-gse00000632/cloud.admin/csg-external"
},
78
{
"name": "/Compute-gse00000632/cloud.admin/csg-internal",
"policy": "permit"
}
]
},
{
"obj_type": "seciplist",
"label": "seciplist-1",
"objects": [
{
"name": "/Compute-gse00000632/cloud.admin/csg-nat-ip",
"secipentries": ["140.86.0.91/32"]
}
]
},
{
"obj_type": "secapplication",
"label": "secapplication-1",
"objects": [
{
"name": "/Compute-gse00000632/cloud.admin/csg-tcp",
"dport": 551,
"protocol": "tcp"
},
{
"name": "/Compute-gse00000632/cloud.admin/csg-udp",
"dport": 551,
"protocol": "udp"
},
79
{
"name": "/Compute-gse00000632/cloud.admin/csg-gre",
"protocol": "GRE"
}
]
},
{
"obj_type": "secrule",
"label": "secrule-1",
"objects": [
{
"name": "/Compute-gse00000632/cloud.admin/Public-CSG-TCP-Rule",
"application": "/Compute-gse00000632/cloud.admin/csg-tcp",
"src_list": "seciplist:/oracle/public/public-internet",
"dst_list": "seclist:/Compute-gse00000632/cloud.admin/csg-external",
"action": "PERMIT"
},
{
"name": "/Compute-gse00000632/cloud.admin/Public-CSG-UDP-Rule",
"application": "/Compute-gse00000632/cloud.admin/csg-udp",
"action": "PERMIT"
},
{
"name": "/Compute-gse00000632/cloud.admin/Public-CSG-SSH-Rule",
"application": "/oracle/public/ssh",
"action": "PERMIT"
80
},
{
"name": "/Compute-gse00000632/cloud.admin/CSG-Internal-GRE-Rule",
"application": "/Compute-gse00000632/cloud.admin/csg-gre",
"src_list": "seciplist:/Compute-gse00000632/cloud.admin/csg-nat-ip",
"dst_list": "seclist:/Compute-gse00000632/cloud.admin/csg-internal",
"action": "PERMIT"
}
]
}
]
}
c. csglaunchplan.json
{
"name" : "/Compute-gse00000632/cloud.admin/orch-launchplan",
"description" : "Launch plan for Cloud Corente Gateway",
"oplans" : [
{
"obj_type" : "launchplan",
"label" : "csg-launchplan-1",
"objects" : [
{
"instances" : [
{
"shape" : "oc3",
"imagelist" : "/oracle/public/gateway9.3.165-
nimbula-6",
"name" : "/Compute-
gse00000632/cloud.admin/cloud-csg",
81
"storage_attachments" : [
{
"index" : 1,
"volume" : "/Compute-
gse00000632/cloud.admin/csg-boot-vol"
}
],
"label" : "cloud-csg",
"networking" : {
"eth0" : {
"model" : "e1000",
"dns" : ["csg"],
"seclists" : [
"/Compute-
gse00000632/cloud.admin/csg-external",
"/Compute-
gse00000632/cloud.admin/csg-internal"
],
"nat" :
"ipreservation:/Compute-gse00000632/cloud.admin/corentegw-ip-reservation"
}
},
"boot_order" : [1],
"virtio" : false,
"attributes" : {
"csg" : {
"uid" : "350ecefc-a546-4be2-
bb71-d9262629f45c"
}
}
}
82
]
}
]
}
]
}
2. Orchestrations used for the Corente guest instance.
a. corente-guest-bootvol.json
{
"name" : "/Compute-gse00000632/cloud.admin/corente-guest-bootvol",
"description" : "The bootable volume for a Corente guest instance",
"oplans" : [
{
"obj_type" : "storage/volume",
"label" : "corente-guest-vol",
"objects" : [{
"name" : "/Compute-gse00000632/cloud.admin/corente-
guest-vol",
"size" : "25G",
"properties" : ["/oracle/public/storage/default"],
"bootable" : "true",
"imagelist" : "/oracle/public/OL-6.6-20GB-x11-RD"
}
]
}
]
}
83
b. corente-guest-launchplan2.json
{
"name" : "/Compute-gse00000632/cloud.admin/corente-guest-instance",
"label" : "corente-guest",
"description" : "The Corente guest instance",
"oplans" : [
{
"obj_type" : "launchplan",
"label" : "corente-guest-launchplan-1",
"objects" : [
{
"instances" : [
{ "name" : "/Compute-gse00000632/cloud.admin/corente-
guest" ,
"networking" : {
"eth0" : {
"model" : "e1000",
"dns" : ["corente-guest"],
"seclists" : ["/Compute-
gse00000632/cloud.admin/csg-internal" ],
"nat" :
"ippool:/oracle/public/ippool"
}
},
"boot_order" : [1],
"storage_attachments" : [
{
"index" : 1,
"volume" : "/Compute-
gse00000632/cloud.admin/corente-guest-vol"
}
],
"label" : "corente-guest",
"shape" : "oc3",
"imagelist" : "/oracle/public/OL-6.6-20GB-x11-RD",
"attributes" : {
"userdata": {
"corente-tunnel-args": "--local-
tunnel-address=172.16.1.1 --csg-hostname=csg.compute-gse00000632.oraclecloud.internal --csg-
tunnel-address=172.16.254.1 --onprem-subnets=192.168.1.0/24"
84
}
},
"sshkeys": [ "/Compute-
gse00000632/cloud.admin/iaas"]
}
]
}
]
}
]
}
85

Oracle Cloud Platform Corente VPN For PaaS and IaaS

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Oracle Cloud Platform Corente VPN For PaaS and IaaS

Enviado por

Direitos autorais:

Formatos disponíveis

Oracle Cloud Platform

Corente VPN for PaaS & IaaS

Chapter 1. Understanding the Architecture ................................................................................................ 5

Chapter 2. Setting up Corente Services Gateway on-premise ..................................................................... 7

Chapter 3. Setting up Corente Services Gateway on Oracle Cloud ............................................................ 29

Chapter 4. Configure the partnership between gateways......................................................................... 62

Chapter 5. Testing the VPN connection .................................................................................................... 73

Copyright 2016, Oracle and/or its affiliates. All rights reserved 2

Copyright 2016, Oracle and/or its affiliates. All rights reserved 3

Chapter 1. Understanding the Architecture

1.1 Architecture of the solution

1.2 Key components of the solution

Chapter 2. Setting up Corente Services Gateway on-premise

2.1 Accessing the APP Net Manager Lite

2.2 Login to the APP Net Manager Lite

2.3 Creating the location for the on-premise gateway

Choose the appropriate configuration option for your location gateway:

Review the information provided and click Next.

2.4 Creating the Corente VPN virtual machine

Highlight Download Config and click Enter.

Type in the Corente VPN Gateway credentials and click Continue.

Chapter 3. Setting up Corente Services Gateway on Oracle

3.1 Creating the Corente VPN virtual machine

Download an Oracle Linux distribution from https://edelivery.oracle.com/linux and mount it to

3.2 Creating the location for the on-cloud gateway

Download the App Net Manager from http://corente.com/web

Default User Group Configuration:

Review the configuration details and click Next.

Open a terminal window and enter the following command: uuidgen

3.3 Creating the Corente VPN instance

Download the orchestration examples from

Create an IP reservation for the gateway.

Upload the orchestration.

Upload the orchestration.

Upload the orchestration.

Start the orchestration in the following order:

Chapter 4. Configure the partnership between gateways

4.1 Enabling partnership for the on-cloud gateway

Click on the cloud gateway and select Approve Partner Connections.

Click Add and accept the default options.

Click OK to complete the partnership configuration.

4.2 Enabling partnership for the on-premise gateway

Click Add and accept the default options.

Click OK to complete the partnership configuration.

Chapter 5. Testing the VPN connection

Boot volume orchestration:

nohup ./oc-config-corente-tunnel --local-tunnel-address=172.16.1.1 --csg-

Note: The csg-tunnel-address is hardcoded to 172.16.254.1, you cannot change it!

Add the following entry to the /etc/rc.local file.

bash /usr/bin/oc-config-corente-tunnel --local-tunnel-address=172.16.1.1 --csg-

Open a new terminal console and run the following command:

sudo bash oc-config-corente-tunnel

1. Orchestrations used for the corentegw-oncloud.

2. Orchestrations used for the Corente guest instance.

Você também pode gostar