VPNaaS is a Neutron extension for provisioning IPSec VPN servers in your OpenStack
environment. VPN server requires a router.
For the purpose of this tutorial we wil setup following evironment:
- private network (we use 10.1.1.0/24 in this tutorial)
- router with external network connectivity
First of all we need to create an IKEv2 policy with AES-256 encryption:
In next step we will create IPSec policy with same encryption settings:
Next step is to create a VPN service on our router:
And finally we will create a VPN server:
Fill in the public IP address of remote side (client) in the
Peer gateway public
IPv4/IPv6 Address or FQDN and
Peer router identity for authentication (Peer ID).
Fill in remote side’s subnet/subnets to be routed in the field
Remote peer subnet(s).
This guide is designed for Debian 8 but with minor modifications it should be
working for other Linux distributions as well.
Install strongswan VPN client:
apt-get install strongswan libcharon-extra-plugins libstrongswan-standard-plugins libstrongswan-extra-plugins
Configure it by editing the file
Set PSK (pre-shared key) in file
__openstack_router_ip__ : PSK "__password__"
And launch the client:
Last modified: Nov. 7, 2017