Connect your network to your CloudSigma infrastructure with a VPN

A how-to guide: Connect your network to your CloudSigma infrastructure with a VPN

VPNs are in common usage these days and it’s no surprise with the various security threats that are out there. Sometimes you want them to connect to your company’s network securely, other times you may want to connect through a proxy network in order to anonymize your location. With the advent of cloud infrastructure many of our customers want to connect securely to their cloud infrastructure and potentially keep many of their cloud servers on private IP only without exposing them with public IP addresses.

In general, there are many situations where you want to use a VPN so in this post I outline how to quickly and easily get a VPN up and running to secure your cloud infrastructure with.

In this tutorial, you will learn how to connect your CloudSigma network to your own network. This will make your servers available as if they were part of your home network from which you are accessing.

The pre-requisites are:
  • CentOS 7.
  • An internal network (LAN) at CloudSigma; with other servers connected to it.
  • Your own LAN.
Networks:
  • Remote private LAN: 192.168.0.0/24
  • Remote VPN server: 192.168.0.20
  • Your own LAN: 192.168.1.0/24
  • Local VPN server: 192.168.1.10
So, let’s start:

An ipsec/librewsan primer

In case you’re not familiar with ipsec/libreswan concepts, here’s a primer:

Left and right servers are only references for the servers connecting to each other. You can assign these terms arbitrarily. Yet, there is a convention. Usually, we call the local server “left” and right is, obviously, the remote server.

All routing will be taken care off by ipsec so no need to worry about it. If a ping doesn’t work, something is wrong with the configuration. Feel free to use:

To be able to read some cryptic output when you get these kinds of problems. Keep on reading it and paying attention. You will, eventually, understand some of it. 😉

Now, the definitive references are listed below. Read on. You will learn many interesting things about VPNs and related stuff. For example, the LibreSwan wiki contains a ton of setups; including Cisco-specific ones, “road warrior” setup (watch US’ Netflix shows). host-to-host setups and many more.

The RHEL manual; one of my favorite sources of information, explains how to setup everything from the start, in a slow and well explained manner. It is definitely a good read and a great alternative to this HowTo.

References

About Renich

DevOps @ CloudSigma during the day, Creative Commons artist and producer on my free time... Yeah, that means going to play my guitar or piano on the streets sometimes. You can listen to my music in my personal project: Renich or my Rock project: introbella. And I'm sure I have a cover or two @ YouTube. I am, also, a Fedora and Funtoo maintainer and contributor. In fact, you can just google me "Renich" and you'll find my website and other stuff. I have a blog somewhere; where I write technical stuff as well. I am sure you can't imagine the blog's title 😉 On other matters, I've met Richard Stallman, started the local PHP and Ruby groups and contribute continuously to LinuxCabal.

Leave a Reply