8 Managing VPN
Topics
- Listing VPN Gateways
- Modifying the Reachable Subnets for a VPN Gateway
- Deleting a VPN Gateway
- Listing Third-Party VPN Devices
- Updating a Third-Party Device
- Deleting a Third-Party Device
- Listing VPN Connections
- Updating a VPN Connection
- Stopping, Restarting, and Deleting a VPN Connection
Note:
You must have the Compute_Operations
role to access the pages under the VPN tab. If you don’t have this role, you won’t be able to view these pages.
Listing VPN Gateways
To complete this task, you must have the Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
- Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
- Click the Network tab.
- In the Network drop-down list, expand VPN, expand Corente, and then click VPN Gateways.
Note:
This page also displays Corente Services Gateways deployed on hosts outside of Compute Classic.
Each gateway can have any of the following statuses:
Status | Description |
---|---|
Active | The Corente Services Gateway instance is running. |
Inactive |
The Corente Services Gateway instance has been shut down or is being restarted. Action: If the instance is restarting, wait for it to return to the running state. If the instance has been shut down, start it to return to the Active state. |
Download |
The configuration file for the Corente Services Gateway is available to download, but hasn’t been downloaded to the gateway instance. Action: Check that the required security rules or ACLs are in place and enabled, to allow the gateway instance to download the configuration file. |
Downloaded |
The configuration file for the Corente Services Gateway has been downloaded but not activated. This status usually indicates that the Corente Services Gateway is not yet installed or started. Action: Check that the gateway instance is running or restart the instance if required. Check that the required security rules or ACLs are in place and enabled. |
Upgrade |
A software upgrade is available for the Corente Services Gateway. Action: Schedule a maintenance time for the Corente Services Gateway in App Net Manager. The upgrade will occur automatically during the scheduled maintenance time. See the App Net Manager online help for more information. |
Disconnected |
The Corente Services Gateway has lost connectivity, without being powered off safely. Action: Check your network configuration to see if outbound connectivity has been blocked by firewall rules. |
Denied |
The Corente Services Gateway connection has been denied. Action: Contact Oracle Support. |
New |
A new Corente Services Gateway instance has been created using App Net Manager, but the configuration of this new gateway instance hasn’t been completed. Action: Complete and save the configuration of the new gateway using App Net Manager. The new configuration will then be downloaded. |
Unknown |
The Corente Services Gateway is in an unknown state. Action: Check the status again after some time, or contact Oracle Support. |
Modifying the Reachable Subnets for a VPN Gateway
To complete this task, you must have the Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Deleting a VPN Gateway
Prerequisites
-
The VPN gateway that you want to delete must not be connected to any device. If the gateway is used in a VPN connection, stop the connection first. See Stopping, Restarting, and Deleting a VPN Connection.
-
To complete this task, you must have the
Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Procedure
Listing Third-Party VPN Devices
To complete this task, you must have the Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
- Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
- Click the Network tab.
- In the Network drop-down list, expand VPN, expand Corente, and then click Customer Devices.
Updating a Third-Party Device
To complete this task, you must have the Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
- Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
- Click the Network tab.
- In the Network drop-down list, expand VPN, expand Corente, and then click Customer Devices.
- Go to the device that you want to update. From the menu, select Update.
- In the Update VPN Device dialog box, modify the information as required. Note that you can’t change the device name or type. If you need to modify that information, add a new device. You can modify the following device information:
- Model: The model of your third-party VPN device.
- WAN IP Address: The IP address of the WAN interface of your third-party VPN device.
- Visible IP Address: The public IP address of your third-party VPN device that the Corente Services Gateway should connect to. If you use network address translation (NAT), then this IP address would be different from the WAN IP address. Otherwise, the visible IP address would be the same as the WAN IP Address.
- Subnets: A list of IP addresses or subnets in your data center that should be reachable by this third-party device.
- PFS: Perfect Forward Secrecy.
- DPD: Dead Peer Detection.
- Click Update. The device information is updated.
Deleting a Third-Party Device
Prerequisites
-
The device that you want to delete must not be used in a VPN connection. If the device is used in a VPN connection, stop the connection first. See Stopping, Restarting, and Deleting a VPN Connection.
-
To complete this task, you must have the
Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Procedure
Listing VPN Connections
To complete this task, you must have the Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
- Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
- Click the Network tab.
- In the Network drop-down list, expand VPN, expand Corente, and then click Connections.
When a dual-homed gateway is used in a connection, then an IP route is created with the subnet of the third-party device as the destination. This IP route uses the vNIC of the cloud gateway as the next hop vNICset, to route traffic from the IP network to the third-party VPN device. An orchestration is created to manage the required vNICset and IP route and the IP Route column displays the status of the route.
The Connections page also shows the status of each of your VPN connections. If a VPN connection has any status other than Up, check the status again after some time. If the status doesn’t change to Up, then contact Oracle Support.
Updating a VPN Connection
The IKE ID and shared secret that you enter here must match the corresponding entries on the third-party device used in this connection. If you make any changes to these fields, ensure that the corresponding changes are made on the connected third-party device.
To complete this task, you must have the Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Stopping, Restarting, and Deleting a VPN Connection
To complete this task, you must have the Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
After stopping or deleting a VPN connection, you can also delete the gateway instance or delete the information about the third-party device used in this connection. See Deleting a VPN Gateway or Deleting a Third-Party Device.