![]() You can check that your OVHcloud PCC is visible in the Sites tab.Īt this point, your Zerto setup is functional and you can start to create your virtual protection groups (VPGs). You will be notified when the pairing is successfull: In the dashboard, you can see the pairing is ongoing: Select Pair to a site with a licence, enter the OVHcloud ZVM IP and press Start. It is the same procedure as before, we just need to use the aliases instead of explicit IPs or ports:Īt this point, we have a functional and secure link between our on-premises platform and cloud instance. We have now all the elements we need to implement the required firewall rules to authorise data coming from the OVHcloud platform. Similarly, we can create an alias for the on-premises vRAs:įinally, you need to create the ports alias: Let's create the OVH_VRA alias for OVHCLoud vRAs: You can get the OVHcloud vRAs IP from the destination Private Cloud vCenter interface. An alias is a group of objects IPs, networks, URLs…) that can be used in firewall rules. To simplify this setup, we are going to use the alias feature of OPNsense. VRAs opening is a bit more complex since there are multiple vRAs on each side that need to be able to exchange information on TCP ports 40. The source is the OVHcloud ZVM, and the destination is your on-premises ZVM.ĭestination TCP port is 9081. Interface: "IPsec" (incoming traffic coming from the VPN tunnel)įor "Source" and "Destination", select "Single host or Network" type.Go to the Firewall menu, Rules section, IPSec interface: To allow pairings of on-premises and OVHcloud instances, traffic must be authorised on the following ports: You can check the IPSec logfile in /var/log/ipsec.log on the OPNsense appliance to get more information. Make sure that a firewall is not interfering in the dialog between the local and remote endpoints. ![]() If the tunnel is not coming up, make sure that the parameters values are identical on both sides: Make sure to add, if required, a route to the OVHcloud ZVM network on your local ZVM. If all the parameters are correct, the tunnel will come up and two new icons will appear: Check VPN status.Ĭlick the orange triangle on the right to initialise the connection: You can leave advanced parameters to their default value. Make sure to double-check the parameters, otherwise the VPN tunnel won't come up. On OVHcloud side, the ZVM network is always a /23 network (512 IPs). You need to give the ZVM IP and the associated network range. The local network type must be set to "Lan subnet". There is no phase 2 available, so you will need to add one:Ĭheck that the mode is set to "Tunnel IPv4". The new Phase 1 is now present in the interface: You can keep the default values for the other parameters. Diffie-Hellman key group: 14 (2048 bits).Once the default values are valid, you only need to provide the shared secret for authentication. The only required parameter is the OVHcloud IPSec endpoint IP address. In the VPN menu, go to Tunnel settings, and click on the + to add a new Phase 1: You can configure the IPSec tunnel by defining two sets of parameters: Phase 1 and Phase 2. ![]() Confirm the VRA Network range and then click Install.įrom the OPNsense interface, go to the VPN menu on the left, IPSec section and select Tunnel Setting. Next, select a free public IP from the dropdown menu and enter the desired network range for the ZVM deployment. You just need to select the datacentre linked to the Hosted Private Cloud solution that you want to use, from the Disaster Recovery Plan tab.įirst select Between your infrastructure and an OVHcloud Private Cloud, then click Activate Zerto DRP. It is easy to activate Zerto features from the OVHcloud Control Panel. You can either accept the suggested network or provide your own, as long as it is within a valid /23 range. This avoids any overlap with local networks, which would prevent routing. You need to decide which network to deploy the OVHcloud ZVM in.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |