My Oracle Support Banner

OCI: How to Set Up Open Source VPN Server with a NAT Capability in Oracle Cloud Infrastructure (Doc ID 2495541.1)

Last updated on AUGUST 02, 2023

Applies to:

Oracle Cloud Infrastructure - Version N/A and later
Linux x86-64

Goal

OCI provides Dynamic Routing Gateway for VPN connection, however, DRG doesn't support a NAT capability whereby some customer public IPs can be translated to private IPs in a VCN. So this document provides an alternative way to achieve it. There are two VCNs in this topology. The left VCN acts as OCI VCN. The right VCN tries to simulate the customer environment. However, in the real world, the CPE devices and the network on customer side may be more complex, so the right side network is just for simulation purpose. This article will mainly focus on the left side OCI VPN configuration. It elaborates the steps to configure open source VPN server openswan/libreswan on Oracle Linux 7 instance and how to configure the NAT rules on the instance.

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution
 Topology Diagram
 Tasks on OCI Console
 1) Reserved Public IP creation
 2) VPN instances creation
 3) Attach second VNIC to VPN instance
 4) Configure Route table
 5) Configure Security List to allow IPSec and related subnets
 VPN instances configuration
 1) Install Openswan VPN software
 2) Add firewall rules to allow IPSec
 3) Enable IP forwarding
 4) Modify MTU value
 5) Configure IPSec both VPN instances
 NAT configuration
 Check the connectivity
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.