Securely gain entry to your networks and onsite IT infrastructure from any place. nobus DaaS allows bridging with an onsite IT infrastructure with an encrypted VPN (MPLS or Internet) connection with Multiple ISPs locally with our Nobus Fast Transit (NFT) service.
You can get running with our custom vpn images available on linux distributions. See Nobus Cloud VPN for more information.
A Site-to-Site VPN gateway connection is used to connect your on-premises network to a Nobus virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has an external public IP address assigned to it. See VPN gateway for more information.
You can go through the Nobus Dashboard to create a Site-to-Site VPN gateway connection from your on-premises network to the virtualNet.
Make sure that you have met the following requirement before starting your configuration:
Make sure that no subnets of your on-premises network are the same as the virtual network subnets that you are connecting to else traffic will route in a wrong way.
The examples in this article use the following values. You can use these values to create a test environment, or refer to them to better understand the examples in this article.
You can create a virtual network through the Nobus Dashboard.
Sign in to the Nobus Dashboard.
Log in to the dashboard.
Select the appropriate project from the drop down menu at the top left.
On the Project tab, open the Network tab and click Networks category.
Click Create Network.
In the Create Network dialog box, specify the following values.
Network tab
Network Name: Specify a name to identify the network.
Shared: Share the network with other projects. Non admin users are not allowed to set shared option.
Admin State: The state to start the network in.
Create Subnet: Select this check box to create a subnet
You do not have to specify a subnet when you create a network, but if you do not specify a subnet, the network can not be attached to an instance.
Subnet tab
Subnet Name: Specify a name for the subnet.
Network Address: Specify the IP address for the subnet.
IP Version: Select IPv4 or IPv6.
Gateway IP: Specify an IP address for a specific gateway. This parameter is optional.
Disable Gateway: Select this check box to disable a gateway IP address.
Subnet Details tab
Enable DHCP: Select this check box to enable DHCP.
Allocation Pools: Specify IP address pools.
DNS Name Servers: Specify a name for the DNS server.
Host Routes: Specify the IP address of host routes.
On the Security tab, leave the default values:
Click Create.
The dashboard shows the network on the Networks tab.
Log in to the dashboard.
Select the appropriate project from the drop down menu at the top left.
On the Project tab, open the Network tab and click Routers category.
Click Create Router.
In the Create Router dialog box, specify a name for the router and External Network, and click Create Router.
The new router is now displayed in the Routers tab.
In this step, you create the virtual network gateway for your virtualNet.
The virtual network gateway uses specific subnet called the gateway subnet. The gateway subnet is part of the virtual network IP address range that you specify when configuring your virtual network. It contains the IP addresses that the virtual network gateway resources and services use.
On the Project tab, open the Network tab and click Routers category.
Click the new router’s Set Gateway button.
In the External Network field, specify the network to which the router will connect, and then click Set Gateway.
Follow the steps below to connect a private network to the newly created virtual router:
On the Routers tab, click the name of the router.
On the Router Details page, click the Interfaces tab, then click Add Interface.
In the Add Interface dialog box, select a Subnet.
Optionally, in the Add Interface dialog box, set an IP Address for the router interface for the selected subnet.
The Router Name and Router ID fields are automatically updated.
Click Add Interface.
You have successfully created the router. You can view the new topology from the Network Topology tab.
On the Project tab, open the Compute tab and click Instances
Click Launch Instance.
In the Launch Instance dialog box, specify the following values:
Details tab
Assign a name to the VPN Server.
This becomes the initial host name of the VPN server.
You can assign a brief description of the virtual machine.
Source tab
If you choose this option, a new field for Image Name displays. select ethier of the ubuntu or centos ipsec vpn custom image:
Flavor tab
Specify the size of the instance to launch.
The flavor is selected based on the size of the image selected for launching an instance.
Networks tab
To add an existing network to the instance, click the + in the Available field.
Security Groups tab
Associate the security groups to the instance.
Security groups are a kind of cloud firewall that define which inbound and outbound taffic to and from the instance.
Also assign the default security group to the instance.
Key Pair tab
Specify a key pair.
When prompted for a key pair, select Choose an existing key pair, then select the key pair that you created when setting up.
Alternatively, you can create a new key pair. Select Create a new key pair, enter a name for the key pair, and then choose Download Key Pair. This is the only chance for you to save the private key file, so be sure to download it. Save the private key file in a safe place. You'll need to provide the name of your key pair when you launch the instance and the corresponding private key each time you connect to the instance.
If the image uses a static root password or a static key set although none is recommended by nobus, you do not need to provide a key pair to launch the instance.
other options are optional
Click Launch Instance.
To launch your instance
If you did not provide a key pair, security groups, or rules, users can access the instance only from inside the cloud through the instance console. Even pinging the instance is not possible without an ICMP rule configured.
For more information about security groups, see Security group rule and referenceImportant! Avoid associating a security group to the gateway subnet.
For information about connecting to your instance, see connecting to your instance via ssh
Choose the FCS instance, select "Actions", then "Instance State", and "Terminate".
The FCS instance and associated data will be deleted
Log in to the Nobus Management Dashboard
Goto Project > Network > Floating IPs
Click on the “ALLOCATE IP TO PROJECT” button. On the new window, select a Pool, provide description and click on “ALLOCATE IP“.
Once the floating IP address is reserved, we can associate it with an instance.
Goto Project > Compute > Instances
Select the VPN server and under actions, select “ASSOCIATE FLOATING IP”
Pick a floating IP, and the port to associate.
click “ASSOCIATE”.
Site-to-Site connections to an on-premises network require a VPN device. In this step, you configure your VPN device. When configuring your VPN device, you need the following:
For steps to configure IPsec/IKE VPN policy see Configure IPsec/IKE policy for site-to-site VPN connections.
If you are having trouble connecting to an instance over your VPN connection, see the following: