DA On-Prem -> OCI Journey when UR on a Budget --aka Cheep like Me - Part 5 - Plumbing another Tunnel

 

Part 5: Da Last Tunnel


I said last time I was missing a tunnel...Ok so let’s put one there. This isn’t too bad really. A lot of the pre-work and config is there. Let’s see the stuff already there:


On the Cloud: 

 

 

 

 


So, two tunnels were constructed in OCI but onlyone configured. Note that all the ingress/egress rules still apply and do not required any modifications on the cloud.



For example:



On the PFSense router (Vbox):


WAN (outward facing):



Nothing more needed….Just have it opened from ANY machine on the OCI VCN subnet to the endpoint for the PFSense router in the outfacing subnet.


LAN (Internal Subnet):


These rules will work fine. Remember the DRG thatis attached to the VCN and also roues to the tunnels has everything it needs configured.

 

 


IPSEC:


Again...no changes:

 

 

Ok, so let’s config the other tunnel:


Use the Green Button ‘P1’ under the below to create a new P1 (Phase 1). We will also have to create a Phase 2 but not there yet….


 

This will take you to the screen below:


 

so to ensure you got it right:


Key Exchange Version: IKEv1

Internet protocol: IPV4

Interface: WAN

Remote Gateway: Tunnel 2’s ip address.

Name: give it one


a little further down: 

 


Now for the encryption algorithm:

 

Make sure it looks like this.

 

Now for PHASE 2: Hit the button to add a P2. You’ll get this: 

 


 


To ensure you got it right:


Mode : Routed VTI

Local Network: Network setting from drop-down and the IP subnet (CIDR 24) from the internal

network.

Remote Network: Network setting from drop-down and the IP subnet(CIDR 24) from The VCN Subnet.


A little further down: 

 


 

Make it look like this.



When you get done, hit SAVE at the bottom.


Hit the ‘Apply Changes’.


Go to the Status and choose IPSEC in the drop down. You should see something like this:


Voila! Both tunnels up now…


That’s it…Time to go swingin'



 

Comments

Post a Comment

Popular posts from this blog

DA On-Prem -> OCI Journey when UR on a Budget --aka Cheep like Me - Part 4 - Config Da Oracle Vbox

Image
  Part 4 : The VirtualBox Setup: The DBServer Vbox T his is Vbox is key to the final section dealing with the PFSense configuration. Note that this Vbox will be on the same internal subnet (192.168.2) CIDR range as the PFSense Box. So you will be able to access the configuration console of the PFSensee box from it. If you want o add additional boxes for different purposes, go ahead. Just remember resources, subnet and ability to reach the internet via this PFSense router Vbox for software, etc. So anyway. Let’s get to it. Here is the configuration – highlighted entries are what you need to configure:     Ok so to summarize Ya need to: 1> use an Oracle Linux 64-bit version (I used 8.5 – but as long as compatible with any db binary. Ur good. 2> Base memory 2gb and all the acceleration stuff as noted above (ur jus checking boxes so don’t forget. 3> You binary Iso (ya got to download this to ur host server)...
Read more

DA On-Prem -> OCI Journey when UR on a Budget --aka Cheep like Me - Part 4 - The Secret Sauce: PFsense Config

Image
  Part5: Da PFSense Configuration. Ok now that you have the pfsense and the Oracle Linux Vboxes on the same subnet. You should be able to pull up the PFSense dashboard on the Oracle Linux Machine’s browser. Note that the ip address is 192.168.2.1. So let’s just take a look at the Dashboard first: A few things to note here: 1> the Oracle Linux Box is reported to be @ 192.168.2.77 – which is the IP address assigned to it when the Oracle Linux Box was created. 2> the Interface are the same as assigned on the pfsense (WAN,LAN and OPT1) Note the subnet differences between the WAN and the others. So you can see that the pFSense can get to both the outside and inside internal network. Again, this emulates an on-prem datacenter. Before we go through the configuration, lets look at the final result first. So from the dashboard above, go to the top menu bar and select Status → IPSEC. As below:    ...
Read more