Establishing a Software VPN Tunnel between OCI and Google Cloud

IT by javier mugueta

In this episode we are crating a tunnel between OCI and Google Cloud using the solution posted here

Step 1

Follow this post for the OCI side and grab the value of the public IP endpoint and network encryption domain configured.

Step 2

Create a vpn tunnel in google cloud, put the values of public IP and the network encryption domain of the OCI side previously created and grab the public IP of the public endpoint on the Google side.

Step 3

Modify the settings in the /etc/ipsec.d/myvpn.conf file on the OCI headend side with the proper values as in the following example

# vpn conf
 #
 conn myvpn
   # don't assume anything and double check everything!!!
   leftid=130.61.x.y
   leftsourceip=10.250.x.y
   leftsubnet=10.250.128.0/24
   right=35.204.x.y
   rightsubnet=10.164.0.0/20
   type=tunnel 
   authby=secret 
   left=%defaultroute 
   leftnexthop=%defaultroute  
   pfs=yes 
   auto=start

Modify the settings in the /etc/ipsec.d/myvpn.secrets file on the OCI headend side with the proper values as in the following example

10.250.128.10 35.204.x.y : PSK "ff7dd81be..........2756"
130.61.97.102 35.204.x.y : PSK "ff7dd81be..........2756"

Restart the OCI side

systemctl restart ipsec.service
ipsec auto --add myvpn
ipsec auto --up myvpn
ipsec status

If everything runs fine the tunnel will brig up!!

OCI side
Google side

Hope this helps! Enjoy šŸ™‚

2 Comments

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.