VPN

In the previous post How to apply load balancing in BCOS?, we applied load balancing between two virtual machines.

In this post, we will apply a VPN between two different projects, making them connect through this feature. VPN consists of connecting two projects over a public network, VPN is used, for example, to join branches of a corporation even if they are located in regions distant from each other.

Note: To perform the VPN test you need to have access to another project, so contact the Binario Cloud team for permissioning your test account.

In this new project you need to create a router, a network and instance (VM07) with the following settings:

Network:

Network Name: network-development
Subnet Name: subnet-development
Network Address: 10.20.30.0/24
Gateway IP: 10.20.30.1

Note: If you have questions about networking go to How to create a network in BCOS?.

Router:

Router Name: router-development
External Network: PUBLIC NETWORK

Note: If you have questions about creating routers go to How to create and configure a router in BCOS?.

Instance

Instance name: VM07
Select Boot Source: Image.
Create New Volume: No.
Image Name: Cirros-Image
Flavor: bc-1-1024-30
Network: network-development
Security Group: default, ALLOW ICMP

Note: If you do not have a security group that allows ICMP go to How do I create and join security groups in BCOS? to create it.

Note: If you have questions about creating instances go to How to create instances in BCOS?

First, from the virtual machine arranged in the first project (in this case VM03 of the production project), try pinging the IP of the second project machine (VM07 located in the development project)

Example:

Ping from VM03 on VM07 located in the development project: 10.20.30.x.
Project 2: Development.

Note that this is not possible, as the two instances are in different projects, to allow access you need to configure a site-to-site VPN.

Check which are the public gateway IPs of the two projects. In the production project, in Project / Network / Routers click in router-production:

Then find the router IP address, keep in mind, as you will need it later:

In the development project, in Project / Network / Routers click in router-development:

Now find the IP address and remember it as you will also need it later:

From the project production, em Project/Netowrk/VPN click in Add IKE Policy:

Enter the name of the IKE Policy, then click in Add:

Example:

Name: IKEpolicy1.

In the IPSec Policies tab click in Add IPSec Policy:

Enter the name of the IPSec Policy and click in Add:

Example:

Name: IPSecPolicy1.

Go to the VPN Services tab and click in Add VPN Service:

Enter the name of the VPN Service, select a router, a subnet, and click in Add:

Example:

Name: VPNService1.
Router: router-production.
Subnet: 192.168.83.0/24.

Access the tab IPSec Site Connections and click in Add IPSec Site Connections:

Enter a name, add to VPNService, Endpoint,IKEpolicy and IPSecPolicy:

Example:

Name: IPSecSite-Conn1.
VPN Service associated: VPNService1.
IKE Policy associated: IKEpolicy1.
IPSec Policy associated: IPSecPolicy1.

Add the corresponding IP addresses and pre-shared key (you must enter the Gateway IP of the other project to which the VPN will connect), click in Add:

Example: