1. Using Oracle Cloud Infrastructure Compute Classic
  2. Connecting to Oracle Cloud Infrastructure Dedicated Compute Classic Instances Using VPN

19 Connecting to Oracle Cloud Infrastructure Dedicated Compute Classic Instances Using VPN

Not Oracle Cloud at Customer This topic does not apply to Oracle Cloud at Customer.

If you have an Oracle Cloud Infrastructure Dedicated Compute Classic account, you can use the Oracle Cloud Infrastructure Networking Classic – VPN for Dedicated Compute Classic service to establish a secure communication channel between your data center and the instances in your Compute Classic site.

After this service is provisioned, you can configure your VPN gateway device to connect to the Oracle Cloud VPN gateway. See About Oracle Cloud Infrastructure Networking Classic – VPN for Dedicated Compute Classic.

Alternatively, you can set up a VPN connection to your site using VPN as a Service (VPNaaS). See Setting Up VPN Using VPNaaS.

Note:

If you don’t have an Oracle Cloud Infrastructure Dedicated Compute Classic account, to configure VPN access to your instances see Connecting to Instances in a Multitenant Site Using VPN.

Topics

About Oracle Cloud Infrastructure Networking Classic – VPN for Dedicated Compute Classic

Not Oracle Cloud at Customer This topic does not apply to Oracle Cloud at Customer.

With Oracle Cloud Infrastructure Networking Classic – VPN for Dedicated Compute Classic you can configure a site-to-site VPN connection to access your instances. While you can continue to access your instances over the public internet securely using SSH or RDP, using a site-to-site VPN connection enhances security by creating secure IPSec-based tunnels between your data center and the instances in your Oracle Cloud Infrastructure Dedicated Compute Classic site.

Note:

Oracle Cloud Infrastructure Networking Classic – VPN for Dedicated Compute Classic is not available by default with Oracle Cloud Infrastructure Dedicated Compute Classic. It must be requested separately. See Requesting Oracle Cloud Infrastructure Networking Classic – VPN for Dedicated Compute Classic.

Using Oracle Cloud Infrastructure Networking Classic – VPN for Dedicated Compute Classic, you can create up to 20 VPN tunnels to your Oracle Cloud Infrastructure Dedicated Compute Classic site. You can use any internet service provider to access your Oracle Cloud Infrastructure Dedicated Compute Classic site, provided you have a VPN device to terminate an IPSec VPN tunnel.

IPSec is a suite of protocols designed to authenticate and encrypt all IP traffic between two locations. This allows sensitive data to pass securely over networks that would otherwise be considered insecure. Traffic between your data center and your Oracle Cloud Infrastructure Dedicated Compute Classic site is encrypted and transmitted through this secure tunnel. So your data can’t be stolen or intercepted. In other words, by using a site-to-site VPN connection, you're effectively extending your data center network to include instances in your Oracle Cloud Infrastructure Dedicated Compute Classic site.

Graphic showing a site-to-site VPN connection between your data center and your Compute Classic site.

Requesting Oracle Cloud Infrastructure Networking Classic – VPN for Dedicated Compute Classic

Not Oracle Cloud at Customer This topic does not apply to Oracle Cloud at Customer.

To set up your VPN connection, you must first request the Oracle Cloud Infrastructure Networking Classic – VPN for Dedicated Compute Classic service.
You can request this service either while subscribing to Compute Classic, or later on. To request the Oracle Cloud Infrastructure Networking Classic – VPN for Dedicated Compute Classic service, work with your Oracle sales representative to raise a Service Request (SR). You’ll receive a form asking you to provide detailed information. Use this form to provide the following information:

  • A preshared key (PSK) in the 128-bit/SHA1 format.

  • (Optional) A range of 8000 private IP addresses. These should be provided as network prefixes in the CIDR format (for example, n.n/19). When you create instances or restart existing instances, the private IP address of each instance is dynamically assigned from this range of IP addresses. Note that when your Compute Classic account is provisioned, a range of private IP addresses is assigned from the 100.64/10 address range. You can either use this assigned range or specify another range of private IP addresses. An 8000-address block can meet the IP address requirements of up to 2000 instances.

    Note:

    Ensure that the range of IP addresses that you provide doesn’t overlap with the private IP addresses used by other devices on your on-premises network.

    Also check that the private IP addresses of existing Compute Classic instances do not conflict with private IP addresses used by any of your on-premises devices. Such a conflict becomes relevant only when you configure a VPN tunnel and your Compute Classic instances become an extension of you on-premises network.

It can take up to two weeks to process your request. After your SR is processed, Oracle provides you the encoded PSK along with the name and public IP address of the Oracle Cloud VPN gateway. Use these to configure your VPN gateway to connect to the Oracle Cloud VPN gateway. See Configuring Your Oracle Cloud Infrastructure Networking Classic – VPN for Dedicated Compute Classic Gateway.

Accessing Your Instances Using VPN

Not Oracle Cloud at Customer This topic does not apply to Oracle Cloud at Customer.

After you’ve configured your VPN gateway and started a VPN connection, you can securely access your Oracle Cloud Infrastructure Dedicated Compute Classic site by using the private IP address of each instance.

Note:

The private IP address of an instance might be assigned dynamically. When an instance is restarted, this dynamically assigned private IP address might change.

Do the following:
  1. Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
  2. Go to the instance that you want to access. Make a note of the private IP address of the instance.
  3. After you’ve enabled a VPN tunnel, the instances in your Compute Classic site appear as an extension of the network in your site. You can use the private IP address of a Compute Classic instance to connect to the instance as you would connect to any host in your data center.

Note:

After you’ve enabled a VPN tunnel, you can also continue to access your instances over the public Internet, as you did earlier. Any security rules that you might have defined for your instances continue to apply.