Deploy 2 VPCs and connect them with Site to Site gateways using policy based VPN.
The first step is to clone the repository and configure the terraform variables.
git clone https://github.com/cloud-design-dev/ibmcloud-vpc-s2s-vpn-demo.git
cd ibmcloud-vpc-s2s-vpn-demoCopy the example terraform variables file and update the values with your own. See inputs for more information on the required variables.
cp tfvars-template terraform.tfvars| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| existing_resource_group | The IBM Cloud resource group to assign to the provisioned resources. | string |
n/a | yes |
| existing_ssh_key | The name of an existing SSH key to use for provisioning resources. If one is not provided, a new key will be generated. | string |
"" |
no |
| ibmcloud_api_key | The IBM Cloud API key to use for provisioning resources | string |
n/a | yes |
| ibmcloud_region | The IBM Cloud region to use for provisioning VPCs and other resources. | string |
n/a | yes |
| project_prefix | The prefix to use for naming resources. If none is provided, a random string will be generated. | string |
"" |
no |
Once you have the required variables set, you can initialize the terraform configuration and create a plan for the deployment.
terraform init
terraform plan -out=plan.outIf no errors are returned, you can apply the plan to create the VPCs, subnets, and compute instances.
terraform apply plan.outWhen the provosion is complete, you should see the output of the plan, including the VPN gateway IPs.
Apply complete! Resources: 33 added, 0 changed, 0 destroyed.
Outputs:
Site_A_Information = [
"VPN Gateway IP: 169.63.99.32",
"Compute Private IP: 172.16.0.20",
"Compute Public IP: 150.239.113.167",
"VPC URL: https://cloud.ibm.com/infrastructure/network/vpc/us-east~r014-78c1dc0f-f20e-43af-a8a4-0909a8a5d7a7/overview",
"VPN URL: https://cloud.ibm.com/infrastructure/network/vpngateway/us-east~0757-55e495cb-aee1-4a86-ba31-700386b065a9/overview",
]
Site_B_Information = [
"VPN Gateway IP: 52.116.123.171",
"Compute Private IP: 192.168.0.20",
"Compute Public IP: 52.116.120.122",
"VPC URL: https://cloud.ibm.com/infrastructure/network/vpc/us-east~r014-e629ce5e-4c32-42ea-b0e8-806887969e38/overview",
"VPN URL: https://cloud.ibm.com/infrastructure/network/vpngateway/us-east~0757-bdee8a6c-fada-4a86-824e-9c94e7fbc9f3/overview",
]We can quickly test the connection by pinging from site a compute to site b compute and vice versa.
ssh -t [email protected] 'ping -c3 192.168.0.20'
PING 192.168.0.20 (192.168.0.20) 56(84) bytes of data.
64 bytes from 192.168.0.20: icmp_seq=1 ttl=62 time=1.51 ms
64 bytes from 192.168.0.20: icmp_seq=2 ttl=62 time=1.78 ms
64 bytes from 192.168.0.20: icmp_seq=3 ttl=62 time=1.58 ms
--- 192.168.0.20 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 1.508/1.623/1.779/0.114 ms
Connection to 150.239.113.167 closed.
ssh -t [email protected] 'ping -c3 172.16.0.20'
PING 172.16.0.20 (172.16.0.20) 56(84) bytes of data.
64 bytes from 172.16.0.20: icmp_seq=1 ttl=62 time=1.78 ms
64 bytes from 172.16.0.20: icmp_seq=2 ttl=62 time=1.75 ms
64 bytes from 172.16.0.20: icmp_seq=3 ttl=62 time=1.73 ms
--- 172.16.0.20 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 1.726/1.751/1.780/0.022 ms
Connection to 52.116.120.122 closed.