Site-to-site-VPN-StackBill-Cloud-Management-Portal
Site-to-site-VPN-StackBill-Cloud-Management-Portal

Site-To-Site VPN connection between VPC Networks in Apache Cloudstack

 

A Site to Site VPN connection is used to provide secure communication between a business datacenter and cloud infrastructure.This allows us to make secure connections between two VPC networks in our environment.Using this feature, we avoided VPN connections for individual instances.

The primary distinction between Site-to-Site VPN and Remote VPN connections is that Site-to-Site VPN allows us to connect entire networks to one another.For example, if we need to link one of your office branch networks to the headquarters network, which is in a different location, we can do so using Site-to-Site VPN.

The host does not need to employ VPN client software in this technique because all TCP/IP traffic sent and received is routed through the VPN gateway.

To link two VPC networks via site-to-site VPN, the two networks must be in distinct network ranges. For example, VPC-A (10.1.0.0) and VPC-B (10.2.0.0).

We now have two VPC networks with different ranges, and we have established VMs from those networks, which will connect with each other using Site-to-Site VPN.

Step1:

Here we have created two VPC network ,

VPC-A:192.168.3.0/24

VPC-B:10.1.0.0/24

 

01

VPC-B:

02

 

Step2:

We now need to create a network tier for both VPC networks. Here, we are subnetting the VPC networks 192.168.3.0/24 into two subnets as "192.168.3.0/25" and creating a new tier as Tier1 with the details shown in the screenshot.

 

Similarly, we are subnetting the VPC-B network 10.1.0.0/24 into two subnets, 10.1.0.0/25

 

To construct a network tier in VPC, go to Home > Networks > VPC > VPC-A > Networks.

 

03

 

04

 

 

You can use the online subnet calculator for subnetting at https://www.calculator.net/ip-subnet-calculator.html.

In the similar approach, we have constructed a network tier in the VPC-B.

 

 

07

 

Step3:

Once the network was properly created , we launched each VM from the associated VPC networks.

004

 

Steps -4:

Now we'll allow VPN access for the public IP address of the VPC network in cloudstack.
From the CloudStack home page, click on VPC in the Network section and enable Remote VPN access for the public IP address.
Home > Network > VPC > VPC-A > Public IP address > Choose the Public IP address (Source NAT) > VPN > Enable Remote Access VPN


05

06

 

 

Once the VPN is enabled, Cloudstack will generate the IPSec per-shared key.
Repeat the process in VPC-B to enable VPN access.

Step5:

We have now created a VPN Customer Gateway for both VPCs in order to establish a connection between them.
A VPN client gateway is a virtual representation of a device or service that serves as the starting point for VPN connections.It acts as the endpoint for VPN tunnels, allowing secure communication between the two VPC networks in our configuration.

 

08

 

Based on the screenshot above, we constructed the VPN customer gateway for the VPC-A.
Gateway: The public IP address of the VPC-A where we have enabled VPN remote access.
The CIDR List specifies the range of IP addresses that the remote client can access from VPC-A.
IPSec per-shared key: The key obtained in step 3 from the VPC-A
We have already constructed a VPN client gateway for VPC-A; now we will create one for VPC-B.

09

 

Based on the screenshot above, we constructed the VPN customer gateway for the VPC-B.
Gateway: The public IP address of the VPC-B where we have enabled VPN remote access.
The CIDR List specifies the range of IP addresses that the remote client can access from VPC -B.
IPSec per-shared key: The key obtained in step 3 from the VPC -B.

Step6: Enable VPN Gateway

Enabling the VPN gateway in the VPC allows for secure and encrypted communication between cloud resources.
We can enable the VPN connection in Apache Cloud stack from the location listed below. 

1. Sign in to the CloudStack UI as an administrator or end user.
2. In the left navigation, select Network.
3.In the Select view, choose VPC.All of the VPCs that we have created will be displayed there.Select VPC-A and then click the VPN gateway option in the right navigation.
4.Click the Create site-to-site VPN gateway button to create and enable the VPN gateway.

Home > Network > VPC > VPC-A > VPN gateway.
Follow the same steps to enable the VPN gateway in the VPC-B.
Once the VPN gateway is enabled, we can establish a VPN connection between two VPC networks.

Step-7:

To establish a VPN connection in VPC-A, follow the steps below.
1. Log in to the CloudStack user interface.
2.In the left navigation, select Network.
3.In the Select view, select VPC-A, then click the VPN connection tab on the right navigation.
4.Then, create a site-to-site VPN connection. Since we are creating a VPN connection for VPC-A, select the VPC-B gateway.

10

Here, VPC-B gateway refers to the VPN customer gateway that we created from the VPC-B network by selecting this gateway as an active VPN connection in VPC-A. This allows the VPC-B network to communicate with the VPC-A network.

To establish a VPN connection in VPC-B, follow the steps below.

11

1.In the Cloudstack UI, select the VPC -B network under the Network tab.
2. In the VPC-B network, from the right navigation, select the VPN connection option.
3.Click on Create a Site-to-Site VPN Connection.We are creating a VPN connection for VPC-B, so select the VPC-A gateway with Passive mode.
VPC-A gateway refers to the VPN customer gateway that we created from the VPC-A network by adding it as an passive VPN connection in VPC-B. This allows the customer on the VPC-A network to communicate with the VPC-B network.
Here, VPC-B is active, which means it will establish a VPN connection, whereas VPC-A is passive, meaning it will accept the VPN connection.

Step8:

Now that communication between these two VPC networks is established, we can ping the VMs in VPC-A from the VMs in VPC-B.
For example, we initially created two VMs using these two VPC networks.I can now ping these two VMs, which confirms that communication between these networks is working fine using a site-to-site VPN connection.


13

 

12

The site-to-site VPN connection between the two VPC networks has now been successfully configured.

 

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *