LEFT (DEV env)
# @first terminal export OS_CLOUD=dev_left PSK=$(apg -m32) echo "PSK: ${PSK}" PEER_RIGHT_SUBNET1=10.2.0.0/24 PEER_RIGHT_SUBNET2=10.2.1.0/24 ROUTER_LEFT_ID=$(openstack router list -c ID -f value) echo "ROUTER_LEFT_ID: ${ROUTER_LEFT_ID}" SUBNET_LEFT_ID1=$(openstack subnet list --ip-version 4 -c ID -f value) echo "SUBNET_LEFT_ID1: ${SUBNET_LEFT_ID1}" SUBNET_LEFT_ID2=d822def1-e8b3-42b5-a383-fdaf3e73ace3 openstack vpn ike policy create vpn-ike-aes256-sha512 \ --ike-version v2 \ --encryption-algorithm aes-256 \ --auth-algorithm sha512 \ --pfs group14 openstack vpn ipsec policy create vpn-ipsec-aes256-sha512 \ --encryption-algorithm aes-256 \ --auth-algorithm sha512 \ --pfs group14 PEER_LEFT_IP=$(openstack vpn service create vpn-service1 \ --router ${ROUTER_LEFT_ID} \ -c external_v4_ip \ -f value) echo "PEER_LEFT_IP=${PEER_LEFT_IP}" openstack vpn endpoint group create vpn-endpoint-local \ --type subnet \ --value ${SUBNET_LEFT_ID1} \ --value ${SUBNET_LEFT_ID2} openstack vpn endpoint group create vpn-endpoint-peer \ --type cidr \ --value ${PEER_RIGHT_SUBNET1} \ --value ${PEER_RIGHT_SUBNET2} # OPTINAL SECURITY_GROUP=test-secgroup openstack security group create ${SECURITY_GROUP} openstack security group rule create ${SECURITY_GROUP} --protocol tcp --dst-port 22 --remote-ip ${PEER_RIGHT_SUBNET1} # 0.0.0.0/0 openstack security group rule create ${SECURITY_GROUP} --protocol icmp --ingress --remote-ip ${PEER_RIGHT_SUBNET1} # 0.0.0.0/0 openstack security group rule create ${SECURITY_GROUP} --protocol icmp --egress --remote-ip ${PEER_RIGHT_SUBNET1} # 0.0.0.0/0 SERVER_ID=test-dev-u2404-vol-az2 openstack server add security group ${SERVER_ID} ${SECURITY_GROUP}
RIGHT (STAGE env)
# @second terminal export OS_CLOUD=stage-right PEER_LEFT_IP=<copy_from_fist_terminal> PEER_LEFT_SUBNET1=10.1.0.0/24 PEER_LEFT_SUBNET2=10.1.1.0/24 PSK=<copy_from_fist_termina> ROUTER_RIGHT_ID=$(openstack router list -c ID -f value) echo "ROUTER_RIGHT_ID: ${ROUTER_RIGHT_ID}" SUBNET_RIGHT_ID1=$(openstack subnet list --ip-version 4 -c ID -f value) echo "SUBNET_RIGHT_ID1: ${SUBNET_RIGHT_ID1}" SUBNET_RIGHT_ID2=8bccaf01-6cdc-489c-91ca-a0b3c024d28a openstack vpn ike policy create vpn-ike-aes256-sha512 \ --ike-version v2 \ --encryption-algorithm aes-256 \ --auth-algorithm sha512 \ --pfs group14 openstack vpn ipsec policy create vpn-ipsec-aes256-sha512 \ --encryption-algorithm aes-256 \ --auth-algorithm sha512 \ --pfs group14 PEER_RIGHT_IP=$(openstack vpn service create vpn-service1 \ --router ${ROUTER_RIGHT_ID} \ -c external_v4_ip \ -f value) echo "PEER_RIGHT_IP=${PEER_RIGHT_IP}" openstack vpn endpoint group create vpn-endpoint-local \ --type subnet \ --value ${SUBNET_RIGHT_ID1} \ --value ${SUBNET_RIGHT_ID2} openstack vpn endpoint group create vpn-endpoint-peer \ --type cidr \ --value ${PEER_LEFT_SUBNET1} \ --value ${PEER_LEFT_SUBNET2} openstack vpn ipsec site connection create vpn-conn1-right \ --vpnservice vpn-service1 \ --ikepolicy vpn-ike-aes256-sha512 \ --ipsecpolicy vpn-ipsec-aes256-sha512 \ --peer-address ${PEER_LEFT_IP} \ --peer-id ${PEER_LEFT_IP} \ --psk ${PSK} \ --local-endpoint-group vpn-endpoint-local \ --peer-endpoint-group vpn-endpoint-peer # OPTINAL SECURITY_GROUP=test-secgroup openstack security group create ${SECURITY_GROUP} openstack security group rule create ${SECURITY_GROUP} --protocol tcp --dst-port 22 --remote-ip ${PEER_LEFT_SUBNET1} # 0.0.0.0/0 openstack security group rule create ${SECURITY_GROUP} --protocol icmp --ingress --remote-ip ${PEER_LEFT_SUBNET1} # 0.0.0.0/0 openstack security group rule create ${SECURITY_GROUP} --protocol icmp --egress --remote-ip ${PEER_LEFT_SUBNET1} # 0.0.0.0/0 SERVER_ID=test-stage-u2404-vol-az1 openstack server add security group ${SERVER_ID} ${SECURITY_GROUP}
LEFT (DEV env)
# @first terminal PEER_RIGHT_IP=<copy_from_second_terminal> openstack vpn ipsec site connection create vpn-conn1-left \ --vpnservice vpn-service1 \ --ikepolicy vpn-ike-aes256-sha512 \ --ipsecpolicy vpn-ipsec-aes256-sha512 \ --peer-address ${PEER_RIGHT_IP} \ --peer-id ${PEER_RIGHT_IP} \ --psk ${PSK} \ --local-endpoint-group vpn-endpoint-local \ --peer-endpoint-group vpn-endpoint-peer
Debug
openstack server list | grep 217 openstack vpn ipsec site connection list openstack vpn service list