Advanced Configuration

6 Advanced Configuration

Topics

Adding IP Networks to an Existing VPN Connection

When you set up a VPN connection using a dual-homed Corente Services Gateway, all instances that have an interface on the same IP network as the gateway instance are reachable over the VPN connection. You can expand the network of reachable instances by creating other IP networks and adding all the IP networks to an IP network exchange.

Prerequisites

You've already created a VPN connection from a third-party gateway to an IP Network in Oracle Cloud.
To complete this task, you must have the Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

Procedure

To add an IP network to an existing VPN connection, complete the following steps:

Let’s consider that you want to add IP network 2 to an existing VPN connection, which has the Corente Services Gateway on IP network 1. Create IP network 2. See Creating an IP Network in Using Oracle Cloud Infrastructure Compute Classic.
Create an IP network exchange. See Creating an IP Network Exchange in Using Oracle Cloud Infrastructure Compute Classic.
Update both IP networks (IP network 1 and IP network 2) to add them to the IP network exchange. See Updating an IP Network in Using Oracle Cloud Infrastructure Compute Classic.
Download App Net Manager from https://www.corente.com/appnet, if you haven’t downloaded it already. A JNLP file is downloaded.
Start App Net Manager by launching the downloaded JNLP file.
Log in to App Net Manager using the Corente credentials that you received in an email when you subscribed to Compute Classic.
In App Net Manager, update user groups for your Corente Services Gateway to add the new IP network.
1. From the Domains panel on the left, under Locations, right-click the location file of the Corente Services Gateway on Oracle Cloud, and then click Edit. The Edit Location dialog box appears.
2. In the User Groups tab, double-click Default User Group. The Edit User Group dialog box appears.
3. Click Add. The Add Address Range dialog box appears.
4. Select Include Subnet, and then provide details of the IP network that you want to add. Let’s consider that IP network 2, which you want to add, has the IP address prefix 192.168.2.0/24. The following image shows the details provided for IP network 2.
5. Select Permitted in the Outbound NAT drop-down list, and then click OK. A new row is added to the User Group Subnets/ Address Ranges pane. Click OK to close the Edit User Group dialog box.
In App Net Manager, add a route to the subnet of the new IP network.
1. From the Domains panel on the left, under Locations, right-click the location file of the Corente Services Gateway on Oracle Cloud, and then click Edit. The Edit Location dialog box appears.
2. In the Routes tab, click Add. The Add Route dialog box appears.
3. Enter details about the IP network that you want to add to the existing VPN connection in the Network Address and Subnet Mask. Let’s consider that IP network 2, which you want to add, has the IP address prefix 192.168.2.0/24. Then, you’ll enter 192.168.2.0 as the Network Address and 255.255.255.0/24 as the Subnet Mask.
4. In the Gateway/Router IP Address box, specify the first IP address of the IP subnet defined for IP network 1. The first IP address of the IP network subnet is reserved as the default gateway address for that IP network. For example, if the IP subnet defined for IP network 1 is 192.168.3.0/24, then you’ll provide 192.168.3.1 as the Router IP Address.
5. Click OK to add the route.
Add the subnets that you specify here to the list of destination IP addresses that you specify in your third-party device.

Configuring Active-Active HA

To set up active-active HA, two Corente Services Gateways, configured identically, are deployed as failover partners. Each Corente Service Gateway is connected to a separate third-party VPN device, setting up two VPN tunnels between Oracle Cloud network and your data center. When both VPN tunnels are available, load is balanced between the two Corente Services Gateways. If one of the VPN tunnel fails, Corente Services Gateway detects the failure and forwards the outgoing traffic to its failover partner. This offers redundancy against VPN tunnel failures.

Note:

Skip this section if you don’t want to set up active-active HA.

Prerequisites

Before you begin configuring active-active HA, ensure that you have completed the following tasks:

Set up two Corente Services Gateways (cloud gateway), configured identically. See Creating a Cloud Gateway.
Registered two third-party VPN devices. See Registering a Third-Party VPN Device.
Connected the cloud gateways with the third-party VPN devices. See Connecting the Cloud Gateway with the Third-Party Device.

Complete the following steps to configure active-active HA:

Download App Net Manager from http://www.oracle.com/technetwork/server-storage/corente/downloads/index.html, if you haven’t downloaded it already.
Log in to App Net Manager using the Corente credentials that you received in an email when you subscribed to Compute Classic.
From the Domains panel on the left, under Locations, right-click a location file, and then click Edit. The Edit Location dialog box appears.
In the Cloud Failover pane, enter the LAN IP address of the partner Corente Services Gateway in the Failover Location Address, and then click OK.
Repeat steps 3 and 4 for the other Corente Services Gateway in the cloud.
From the Domains panel on the left, under 3rd-Party Devices, right-click one of the third-party devices that you have added, and then click Edit. The Edit 3rd-Party Device dialog box appears.
In the Settings pane, select the DPD checkbox, and then click OK.

Dead Peer Detection (DPD) is used to detect VPN failure to a remote VPN device.
Repeat steps 6 and 7 for the other third-party device.