Managing VPN
This topic does not apply to Oracle Cloud at Customer.
Topics
- Listing VPN Gateways
- Modifying the Reachable Subnets for a VPN Gateway
- Workflow for Adding IP Networks to an Existing VPN Connection
- Deleting a VPN Gateway
- Listing Third-Party VPN Devices
- Updating a Third-Party Device
- Deleting a Third-Party Device
- Listing VPN Connections
- Updating a VPN Connection
- Stopping, Restarting, and Deleting a VPN Connection
Note:
You must have the Compute_Operations
role to access the pages under the VPN tab. If you don’t have this role, you won’t be able to view these pages.
Listing VPN Gateways
This topic does not apply to Oracle Cloud at Customer.
To complete this task, you must have the Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
- Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
- Click the Network tab.
- In the Network drop-down list, expand VPN, expand Corente, and then click VPN Gateways.
Note:
This page also displays Corente Services Gateways deployed on hosts outside of Compute Classic.
Each gateway can have any of the following statuses:
Status | Description |
---|---|
Active | The Corente Services Gateway instance is running. |
Inactive |
The Corente Services Gateway instance has been shut down or is being restarted. Action: If the instance is restarting, wait for it to return to the running state. If the instance has been shut down, start it to return to the Active state. |
Download |
The configuration file for the Corente Services Gateway is available to download, but hasn’t been downloaded to the gateway instance. Action: Check that the required security rules or ACLs are in place and enabled, to allow the gateway instance to download the configuration file. |
Downloaded |
The configuration file for the Corente Services Gateway has been downloaded but not activated. This status usually indicates that the Corente Services Gateway is not yet installed or started. Action: Check that the gateway instance is running or restart the instance if required. Check that the required security rules or ACLs are in place and enabled. |
Upgrade |
A software upgrade is available for the Corente Services Gateway. Action: Schedule a maintenance time for the Corente Services Gateway in App Net Manager. The upgrade will occur automatically during the scheduled maintenance time. See the App Net Manager online help for more information. |
Disconnected |
The Corente Services Gateway has lost connectivity, without being powered off safely. Action: Check your network configuration to see if outbound connectivity has been blocked by firewall rules. |
Denied |
The Corente Services Gateway connection has been denied. Action: Contact Oracle Support. |
New |
A new Corente Services Gateway instance has been created using App Net Manager, but the configuration of this new gateway instance hasn’t been completed. Action: Complete and save the configuration of the new gateway using App Net Manager. The new configuration will then be downloaded. |
Unknown |
The Corente Services Gateway is in an unknown state. Action: Check the status again after some time, or contact Oracle Support. |
Modifying the Reachable Subnets for a VPN Gateway
This topic does not apply to Oracle Cloud at Customer.
To complete this task, you must have the Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Workflow for Adding IP Networks to an Existing VPN Connection
This topic does not apply to Oracle Cloud at Customer.
Prerequisites
-
You’ve configured a supported third-party device at your data center.
-
You’ve created an IP network in your Compute Classic account.
-
You’ve created a dual-homed Corente Services Gateway instance in Compute Classic.
-
You’ve registered your third-party device.
-
You’ve created a connection between the registered third-party VPN device in your data center and the dual-homed Corente Services Gateway in Compute Classic.
-
To complete this task, you must have the
Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Procedure
Here’s an overview of the process for adding IP networks to an existing VPN connection.
-
Create another IP network, if you haven’t created it yet. See Creating an IP Network.
-
Create an IP network exchange, if you haven’t created it yet. See Creating an IP Network Exchange.
-
Update both IP networks to add them to the IP network exchange. See Updating an IP Network.
-
In App Net Manager, update user groups for your Corente Services Gateway to add the new IP network. See Adding IP Networks to an Existing VPN Connection in Setting Up VPN from a Third-Party Gateway to an IP Network in Oracle Cloud.
-
In App Net Manager, add a route to the subnet of the new IP network. See Adding IP Networks to an Existing VPN Connection in Setting Up VPN from a Third-Party Gateway to an IP Network in Oracle Cloud.
Note:
You must also add the subnets that you specify here to the list of destination IP addresses that you specify in your third-party device.
Deleting a VPN Gateway
This topic does not apply to Oracle Cloud at Customer.
Prerequisites
-
If you want to delete a dual-homed VPN gateway instance, the VPN gateway must not be connected to any device. If the gateway is used in a VPN connection, stop the connection first. See Stopping, Restarting, and Deleting a VPN Connection.
-
To complete this task, you must have the
Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Procedure
Listing Third-Party VPN Devices
This topic does not apply to Oracle Cloud at Customer.
To complete this task, you must have the Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
- Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
- Click the Network tab.
- In the Network drop-down list, expand VPN, expand Corente, and then click Customer Devices.
Updating a Third-Party Device
This topic does not apply to Oracle Cloud at Customer.
To complete this task, you must have the Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
- Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
- Click the Network tab.
- In the Network drop-down list, expand VPN, expand Corente, and then click Customer Devices.
- Go to the device that you want to update. From the menu, select Update.
- In the Update VPN Device dialog box, modify the information as required. Note that you can’t change the device name or type. If you need to modify that information, add a new device. You can modify the following device information:
- Model: The model of your third-party VPN device.
- WAN IP Address: The IP address of the WAN interface of your third-party VPN device.
- Visible IP Address: The public IP address of your third-party VPN device that the Corente Services Gateway should connect to. If you use network address translation (NAT), then this IP address would be different from the WAN IP address. Otherwise, the visible IP address would be the same as the WAN IP Address.
- Subnets: A list of IP addresses or subnets in your data center that should be reachable by this third-party device.
- PFS: Perfect Forward Secrecy.
- DPD: Dead Peer Detection.
- Click Update. The device information is updated.
Deleting a Third-Party Device
This topic does not apply to Oracle Cloud at Customer.
Prerequisites
-
The device that you want to delete must not be used in a connection with a dual-homed VPN gateway. If the device is used in a VPN connection with a dual-homed VPN gateway, stop the connection first. See Stopping, Restarting, and Deleting a VPN Connection.
-
To complete this task, you must have the
Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Procedure
Listing VPN Connections
This topic does not apply to Oracle Cloud at Customer.
To complete this task, you must have the Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
- Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
- Click the Network tab.
- In the Network drop-down list, expand VPN, expand Corente, and then click Connections.
When a dual-homed gateway is used in a connection — that is, the gateway instance has one virtual network interface on an IP network and one interface on the shared network — then an IP route is created with the subnet of the third-party device as the destination. This IP route uses the vNIC of the cloud gateway as the next hop vNICset, to route traffic from the IP network to the third-party VPN device. An orchestration is created to manage the required vNICset and IP route and the IP Route column displays the status of the route. When a single-homed gateway is used, this column is blank.
The Connections page also shows the status of each of your VPN connections. If a VPN connection has any status other than Up, check the status again after some time. If the status doesn’t change to Up, then contact Oracle Support.
Updating a VPN Connection
This topic does not apply to Oracle Cloud at Customer.
The IKE ID and shared secret that you enter here must match the corresponding entries on the third-party device used in this connection. If you make any changes to these fields, ensure that the corresponding changes are made on the connected third-party device.
To complete this task, you must have the Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Stopping, Restarting, and Deleting a VPN Connection
This topic does not apply to Oracle Cloud at Customer.
To complete this task, you must have the Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
After stopping or deleting a VPN connection, you can also delete the gateway instance or delete the information about the third-party device used in this connection. See Deleting a VPN Gateway or Deleting a Third-Party Device.