7. VPN Configurations for the vn-asia-gw (3)
• Setup Secret Key
– $sudo vi /etc /ipec.secrets
• 10.20.0.4 168.61.64.182 : PSK "krOurXxXX6…XXX“
• Enable ipv4 forwarding
– $sudo vi /etc /sysctl.conf
• net.ipv4.ip_forward=1
– $sudo sysctl -p /etc /sysctl.conf
• Enable IP-Sec
– $sudo service ipsec restart
7
8. VPN Configurations for the vn-asia-gw (4)
• Setup Firewall for SSH
– $sudo ufw allow proto tcp to any port 22
• Setup Firewall for IP-Sec NAT Traversal
– $sudo ufw allow proto udp to any port 500
– $sudo ufw allow proto udp to any port 4500
• Enable ipv4 forwarding for NAT
– $sudo vi /etc /default/ufw
• DEFAULT_FORWARD_POLICY="ACCEPT“
8
9. VPN Configurations for the vn-asia-gw (5)
• Setup NAT Rule
– $sudo vi /etc /ufw/before.rules (add following rule to the top)
• # nat Table rules
• *nat
• :POSTROUTING ACCEPT [0:0]
• # Forward traffic from eth1 through eth0.
• -A POSTROUTING -s 10.10.0.0/16 -o eth0 -j MASQUERADE
• # don't delete the 'COMMIT' line or these nat table rules won't be
processed
• COMMIT
9
11. Ping through the VPN tunnel
Windows Azure
East Asia
Windows Azure
West US
11
12. Articles
• VPN connection in the region between the Windows Azure
– http://kentablog.cluscore.com/2013/10/windows-azurevpn.html
• Research ed.
– http://kentablog.cluscore.com/2013/10/creating-site-to-sitevpn-with-regions.html
12