User GuidesDeveloper ReferenceSupportFAQsLog in

Alternative tutorial template

Last reviewed and updated: Date parameter / date

More about title

* Add a descriptive title that’s not too long. * Remember to: — adhere to the file naming convention. — copy the same title to the SUMMARY.md file and link it to this new file.

Helpful URLs:

Overview

Mention the purpose of the tutorial, who is it intended for (audience), basic knowledge necessary to complete the task becomes the concept, and the outcome of it becomes the learning objective. Also, mention if the configuration in the tutorial is specific to a specific server, or a software.

Format

The purpose/primary goal of this tutorial is to (enter relevant text). This tutorial is intended for (audience) who have the necessary privilege to create and manage VPN Gateways assuming you have basic knowledge of:

  • Concept 1

  • Concept 2

  • Concept 3

By the end of this tutorial, you will be able to (relevant text).

Example

The purpose/primary goal of this tutorial is to configure a site-to-site VPN between IONOS Cloud and your on-premise setup by utilising a Managed VPN Gateway in the IONOS Cloud and a user-managed on-prem gateway. This tutorial is intended for administrators who have the necessary privilege to create and manage VPN Gateways assuming you have basic knowledge of:

  • VPN Gateways

  • Command-line tools.... (This is an example. Please add what is necessary)

By the end of this tutorial, you will be able to configure an IPSec tunnel for VPN Gateway from the VDC in the IONOS Cloud to your on-prem cloud.

Prerequisites

Ensure that you have the following:

  • Prerequisite 1

  • Prerequisite 2

Example

Ensure that you have the following: — Privileges to create and manage VPN Gateways — Reserved IP addresses — Configured LAN — Pre-Shared Key

If you want to elaborate a section, for example, Reserve IP addresses, use Heading 3 and add necessary content within it.

Execution (do not use this as a heading.)

Start listing the procedure to accomplish the task mentioned in the tutorial. The procedure must begin with a verb and numbered. Add necessary images wherever applicable. Code samples and results can be included, if applicable.

You can also use tables or expandables; as shown below, to format content.

If a section contains multiple sub-tasks, use the number of the parent task as the prefix. In section 3 below, there are multiple sub-tasks that are numbered 3.1, 3.2, etc,.

Example:

1. Set Up IONOS Cloud

2. Simulate on-prem setup

3. Provision the VPN Gateway

  1. In the DCD, go to Menu > Network > VPN Gateway under Connectivity.

  2. Click Create VPN Gateway from the VPN Gateways window.

  3. Enter the following details:

3.1 Properties

Components

Description

Example

Description

A descriptive text for the gateway. It is limited to 1024 characters.

IP Address

A drop-down list of available public IPv4 Addresses.

212.132.124.163

Define Properties

3.2 Protocol

The IPSec protocol is selected by default and no other configuration parameters are required.

Select a Protocol

3.3 LAN Connections

Attach a VPN Gateway to LANs in IONOS Cloud. Note that it is only possible to connect to LANs present in the same location that the VPN Gateway was provisioned. Let us look at the parameters required:

Components

Description

Example

Datacenter

A drop-down that lists VDCs in the same location as the gatweway

de/txl

Connections

A list of connected LANs and the LAN addresses

See Below

  1. Click Save and wait for the gateway to complete provisioning. This will typically take 10-15 minutes but further operations on the gateway will be instantaneous.

4. Configure the VPN Tunnel

4.1 Properties

4.2 Authentication

5. Deploy on-prem IPSec Instance

In this tutorial, Host 1 in gb/lhr acts as user-managed gateway. The host has internet access and thus SSH can be used instead of the web console. Start by establishing an SSH connection to the public IPv4 address of host 1 in London.

Deploy on-prem IPSec Instance
5.1 Install pre-requisite software

Note: This tutorial performs a basic install and setup of Strongswan on Ubuntu. It is not an in-depth guide or provide detailed information about the configuration files' content. It is an exercise for the reader to determine the correct installation procedure for a secure production environment.

Update the package lists and install the required packages:

apt-get update
apt install strongswan strongswan-pki libcharon-extra-plugins libcharon-extauth-plugins libstrongswan-extra-plugins libtss2-tcti-tabrmd0 -y

6. Configure routing on LAN hosts

Currently, it is impossible to automate the addition of routes to LAN hosts to route the required subnets over the VPN Gateway. In this section, we will manually add the required routes. Remember to add them to the LAN hosts in both VDCs.

Note: In the above example, we added routes that will not persist during a reboot. You must determine how to set persistent routes for their choice of operating system.

6.1 Configure de/txl Route

Step 1: Establish a console session to the LAN host(s)

Because we did not provide internet access for the LAN hosts, our only route is via the web console. Open up a console session and test connectivity to the LAN Address assigned to the VPN gateway; in our case, it is 10.10.1.5/24. Hence, let us first test if we can ping this IP address:

Configure de/txl Route
Step 2: Configure the VPN route

The LAN host(s) must know where to route the return traffic. To accomplish this, we will add a route for the ``gb/lhr`` LAN subnet (10.10.2.0/24) via the `de/txl` gateway's LAN address (10.10.1.5):

ip route add 10.10.2.0/24 via 10.10.1.5

Currently, we cannot ping hosts in the gb/lhr region because those servers do not yet know how to route the return traffic. Continue adding routes for LAN hosts in gb/lhr to resolve this issue.

6.2 Configure on-prem route

Step 1: Establish a console session to the LAN hosts

Note: Perform the configuration on the host acting as the user-managed gateway, as it already knows how to route based on the IPSec configuration. This section relates only to the other on-prem hosts connected to the same LAN.

Our only route now is via the web console because we did not provide internet access for the second LAN host in our on-prem setup. Open a console session and test connectivity to the LAN Address assigned to the VPN Gateway. In our case, this is 10.10.2.10/24 (that is, LAN Host 1, which is the user-managed gateway). Hence, let us first check if we can ping the IP address.

Configure on-prem route
Step 2: Configure the VPN route

The LAN host(s) must know where to route return traffic. To accomplish this, we will add a route for the ``gb/lhr`` LAN subnet (10.10.2.0/24) via the ``de/txl`` Gateway's LAN address (10.10.1.10).

ip route add 10.10.1.0/24 via 10.10.2.10

Repeat this process for all on-prem LAN hosts that need to send or receive traffic over the tunnel. At this point, we should have full connectivity between the two sites via the VPN Gateway.

Verify Connectivity / Final Result

You should now be able to ping hosts in the simulated on-prem setup in gb/lhr from cloud hosts in de/txl and vice-versa.

Verify connectivity

Conclusion / Summary

In the summary section, list the knowledge and skills users have gained by completing the tutorial.

Example

In this tutorial, you have learnt how to successfully configure a site-to-site VPN between the IONOS Cloud and your on-premise setup by utilising a Managed VPN Gateway in the cloud and a user-managed on-prem gateway.

Next Steps

Add links to other tutorials, such as tutorials that are related to this one or any features or products.

PreviousTitle

Last updated

Was this helpful?