Forum Stats

  • 3,782,755 Users
  • 2,254,683 Discussions
  • 7,880,153 Comments

Discussions

Corente VPN Issue with SOACS/JCS

I have been working on setting up the Corente VPN between cloud and on premise environment. As it stands I have managed to get corente to work with a Java Cloud Service. So we are able to use the private IP Address (172.31.1.3) in the web browser to connect to our service on the cloud. However, when carrying out the exact setup steps for the SOA Cloud Service, I am still unable to establish a connection. The documentation around corente says that it only works with "Oracle Compute, Database, and Java Cloud Service instances". My understanding was that SOA Cloud Service was built on top of the Java Cloud Service and therefore should work. Is my understanding of this wrong and that corente simply just does not work with SOA Cloud Service, if so then that would make sense in to why we are unable to connect to the service through the gateway.

Steps carried out

  1. Downloaded App-Net Manager
    1. Logged in with credentials provided
    2. Setup corente-onprem location using 193.35.17.0/24 subnet
    3. Setup corente-cloud location using 172.31.1.0/24 subnet
    4. At this point both locations icons are Orange Arrow meaning they are ready to have configurations downloaded
  2. Created on-premis VM known as corente-onprem (193.35.17.144)
    1. Booted that VM up with corente image provide by oracle.
    2. Followed instructions
    3. Machine rebooted, and now App-Net Manager shows the corente-onprem icon to be green (Working)
  3. Followed instructions to configure and create cloud-csg service on cloud
    1. Once updated .json files I then uploaded to Orchestration
    2. Then started in order the json files recently uploaded
    3. csg-cloud service now has an IP Restriction of 141.144.22.49
    4. Logged back into App-Net Manager and noticed corente-cloud location icon turned green
  4. Next stage was to link both locations together, to achieve this I just held Alt on the location and dragged arrow to other location
    1. Followed instructions in configuring locations using Default User Settings
    2. At this point the arrow between both locations turned green (Both communicating together successfully)
  5. As I already had my DB, JCS and SOA services already created, I followed the instructions around updating running services to include GRE tunnel.
  6. 6) DB Service
    1. Logged onto the service box
    2. Created folders required, and copied over oc-config-corente-tunnel
    3. I decided to use the IP 172.31.1.2 for the DB service
    4. I then ran this command - sudo bash oc-config-corente-tunnel --local-tunnel-address=172.31.1.2 --csg-hostname=csg.compute-atrpoc.oraclecloud.internal --csg-tunnel-address=172.16.254.1 --onprem-subnets=193.35.17.0/24 &
    5. After waiting a minute I ran ifconfig, and noticed an network got created under gre1 with the IP – 172.31.1.2
    6. In order for the service to ping our onprem IPs it was required to add the csg-internal (Security Rule) to the DB Service.
    7. Once this was completed running ping 193.35.17.144 on the DB Service shows we are successfully able to communicate through the new tunnel to our on-prem.
    8. From my local machine web-browser going to 172.31.1.2:5500/em allowed me to successfully logon to the DB console.
  7. 6) JCS Service
    1. Logged onto the service box
    2. Created folders required, and copied over oc-config-corente-tunnel
    3. I decided to use the IP 172.31.1.3 for the DB service
    4. I then ran this command - sudo bash oc-config-corente-tunnel --local-tunnel-address=172.31.1.3 --csg-hostname=csg.compute-atrpoc.oraclecloud.internal --csg-tunnel-address=172.16.254.1 --onprem-subnets=193.35.17.0/24 &
    5. After waiting a minute I ran ifconfig, and noticed an network got created under gre1 with the IP – 172.31.1.3
    6. In order for the service to ping our onprem IPs it was required to add the csg-internal (Security Rule) to the DB Service.
    7. Once this was completed running ping 193.35.17.144 on the JCS Service shows we are successfully able to communicate through the new tunnel to our on-prem.
    8. From my local machine web-browser going to 172.31.1.3:7002/console allowed me to successfully logon to the JCS console.
  8. 7) SOA Service
    1. Following the exact same as above but using the IP 172.31.1.3 instead
    2. I am able to ping 193.35.17.144 and SSH onto the box, which shows the corente connection works.
    3. However, when I try to connect from my local machine web-browser going to 172.31.1.3:7002/console I get Connection Refused
    1. I therefor looked at comparing the differences between the DB Service and SOA Services’s – Security Rules,  Access Roles, Security Lists and IP Networks. But was unable to find a fix
This discussion has been closed.