Windows Azure Virtual Network with between regions
-
Upload
kekekekenta -
Category
Technology
-
view
617 -
download
1
description
Transcript of Windows Azure Virtual Network with between regions
![Page 1: Windows Azure Virtual Network with between regions](https://reader031.fdocuments.in/reader031/viewer/2022013118/556cc9d2d8b42aba548b505b/html5/thumbnails/1.jpg)
Windows Azure Virtual Network with between regions
Japan Windows Azure User GroupKentaro Aoki
@kekekekentaOctober 24, 2013
![Page 2: Windows Azure Virtual Network with between regions](https://reader031.fdocuments.in/reader031/viewer/2022013118/556cc9d2d8b42aba548b505b/html5/thumbnails/2.jpg)
Virtual Networks
2
vn-asia-gw.cloudapp.net(207.46.134.21)
vn-us-gw.cloudapp.net(168.61.66.238)
vn-asia(10.20.0.0/16)
vn-asia-vmUbuntu VM10.20.0.5
GATEWAY(static routing)207.46.137.55
vn-us(10.10.0.0/16)
vn-us-gwUbuntu VPN GW
10.10.0.4
vn-us-vmUbuntu VM10.10.0.5
internet
Windows AzureEast Asia
Windows AzureWest US
GATEWAY(static routing)168.61.64.182
vn-asia-gwUbuntu VPN GW
10.20.0.4
![Page 3: Windows Azure Virtual Network with between regions](https://reader031.fdocuments.in/reader031/viewer/2022013118/556cc9d2d8b42aba548b505b/html5/thumbnails/3.jpg)
Using Network Address Translation
3
vn-asia-gw.cloudapp.net(207.46.134.21)
vn-us-gw.cloudapp.net(168.61.66.238)
vn-asia(10.20.0.0/16)
vn-asia-vmUbuntu VM10.20.0.5
GATEWAY(static routing)207.46.137.55
vn-us(10.10.0.0/16)
vn-us-gwUbuntu VPN GW
10.10.0.4
vn-us-vmUbuntu VM10.10.0.5
internet
Windows AzureEast Asia
Windows AzureWest US
GATEWAY(static routing)168.61.64.182
vn-asia-gwUbuntu VPN GW
10.20.0.4NAT (Masquerading)
NAT (Masquerading)
![Page 4: Windows Azure Virtual Network with between regions](https://reader031.fdocuments.in/reader031/viewer/2022013118/556cc9d2d8b42aba548b505b/html5/thumbnails/4.jpg)
Virtual Network Settings
4
Windows AzureEast Asia
Windows AzureWest US
![Page 5: Windows Azure Virtual Network with between regions](https://reader031.fdocuments.in/reader031/viewer/2022013118/556cc9d2d8b42aba548b505b/html5/thumbnails/5.jpg)
VPN Configurations for the vn-asia-gw (1)
• Create New Virtual Machine from Azure Portal– Ubuntu Server 12.04 LTS
• Install IP-Sec Software on Ubuntu– $sudo apt-get install openswan
• Setup IP-Sec Nat-Traversal– $sudo vi /etc/ipsec.conf
• Config setup
• protostack=netkey
• nat_traversal=yes
• virtual_private=%v4:10.20.0.0/16
• oe=off
• include /etc/ipsec.d/*.conf
5
![Page 6: Windows Azure Virtual Network with between regions](https://reader031.fdocuments.in/reader031/viewer/2022013118/556cc9d2d8b42aba548b505b/html5/thumbnails/6.jpg)
VPN Configurations for the vn-asia-gw (2)
• Setup VPN Information– $sudo vi /etc/ipsec.d/azure-us.conf
• conn azure-us• authby=secret• auto=start• type=tunnel• left=10.20.0.4• leftsubnet=10.20.0.0/16• leftnexthop=%defaultroute• right=168.61.64.182• rightsubnet=10.10.0.0/16• ike=aes128-sha1-modp1024• esp=aes128-sha1• pfs=no
6
![Page 7: Windows Azure Virtual Network with between regions](https://reader031.fdocuments.in/reader031/viewer/2022013118/556cc9d2d8b42aba548b505b/html5/thumbnails/7.jpg)
VPN Configurations for the vn-asia-gw (3)
• Setup Secret Key– $sudo vi /etc/ipec.secrets
• 10.20.0.4 168.61.64.182 : PSK "krOurXxXX6…XXX“
• Enable ipv4 forwarding– $sudo vi /etc/sysctl.conf
• net.ipv4.ip_forward=1
– $sudo sysctl -p /etc/sysctl.conf
• Enable IP-Sec– $sudo service ipsec restart
7
![Page 8: Windows Azure Virtual Network with between regions](https://reader031.fdocuments.in/reader031/viewer/2022013118/556cc9d2d8b42aba548b505b/html5/thumbnails/8.jpg)
VPN Configurations for the vn-asia-gw (4)
• Setup Firewall for SSH
– $sudo ufw allow proto tcp to any port 22
• Setup Firewall for IP-Sec NAT Traversal
– $sudo ufw allow proto udp to any port 500
– $sudo ufw allow proto udp to any port 4500
• Enable ipv4 forwarding for NAT
– $sudo vi /etc/default/ufw
• DEFAULT_FORWARD_POLICY="ACCEPT“
8
![Page 9: Windows Azure Virtual Network with between regions](https://reader031.fdocuments.in/reader031/viewer/2022013118/556cc9d2d8b42aba548b505b/html5/thumbnails/9.jpg)
VPN Configurations for the vn-asia-gw (5)
• Setup NAT Rule– $sudo vi /etc/ufw/before.rules (add following rule to the top)
• # nat Table rules
• *nat
• :POSTROUTING ACCEPT [0:0]
• # Forward traffic from eth1 through eth0.
• -A POSTROUTING -s 10.10.0.0/16 -o eth0 -j MASQUERADE
• # don't delete the 'COMMIT' line or these nat table rules won't be processed
• COMMIT
9
![Page 10: Windows Azure Virtual Network with between regions](https://reader031.fdocuments.in/reader031/viewer/2022013118/556cc9d2d8b42aba548b505b/html5/thumbnails/10.jpg)
VPN Configurations for the vn-asia-gw (6)
• Enable ufw (aka iptables)
– $sudo ufw disable && sudo ufw enable
10
![Page 11: Windows Azure Virtual Network with between regions](https://reader031.fdocuments.in/reader031/viewer/2022013118/556cc9d2d8b42aba548b505b/html5/thumbnails/11.jpg)
Ping through the VPN tunnel
11
Windows AzureEast Asia
Windows AzureWest US
![Page 12: Windows Azure Virtual Network with between regions](https://reader031.fdocuments.in/reader031/viewer/2022013118/556cc9d2d8b42aba548b505b/html5/thumbnails/12.jpg)
Articles
• VPN connection in the region between the Windows Azure
– http://kentablog.cluscore.com/2013/10/windows-azurevpn.html
• Research ed.
– http://kentablog.cluscore.com/2013/10/creating-site-to-site-vpn-with-regions.html
12