Scalingo VPNC IPSec Addon
Introduction
Sometimes, your application may need to reach an infrastructure which is not opened to the Internet and the only way to access the services or databases in this infrastructure are to create a VPN connection and join the private network of this infrastructure.
This addon provides a way to create VPN connections from your application containers using the IPSec technology.
What kind of VPN can it connect to?
Currently, you can connect to a VPN IPSec (Cisco) in mode client-to-site. The
addon is using the tool vpnc, so any VPN compatible with this client will be
working correctly.
Setup of the addon
Provision the addon
First, you need to provision the add to your application. This can be done through the dashboard or with our command line tool.
scalingo --app my-app addons-add scalingo-vpn-ipsec vpn-ipsec-standard
Setup the configuration
From the addon tab of your dashboard, click on ‘Link to Dashboard’ under the
VPN addon icon. You’ll arrive on the dashboard of the VPN IPSec addon. It
contains a text area in which you’ve to write your vpnc.conf file.
Usually such configuration file looks like this:
IPSec gateway [server]
IPSec ID [VPN group]
IPSec secret [shared secret]
Xauth username [username]
Xauth password [password]
Once you’ve validated the configuration, the environment variable
SCALINGO_VPNC_CONF will be added to your application, the app will be
restarted. You’ll be able to see in the logs:
2016-02-03 13:59:31.321065492 +0100 CET [web-1] -----> Starting VPN connection
2016-02-03 13:59:31.321223270 +0100 CET [web-1] -----> VPNC started in background (pid: 70)...
Forbidden configuration
The configuration instruction Script is forbidden
Q&A
- What happen if the connection is cut?
A connection problem will be detected immediately and we’ll attempt a reconnection instantly. If the reconnection fails because of a problem from your infrastructure, we’ll try to reconnect every 30 seconds.
- Can I setup site-to-site VPN?
No, currently site-to-site VPN is not compatible with this addon, it is only working in client-to-site mode.
- What happens if the connection fail, will my app be unavailable?
No, it will be written in the logs that we have not been able to connect your container to your VPN, but your application will be started correctly. You should check the configuration and ensure all the fields are correct.
- Where can I find an comprehensive documentation of the
vpnc.conffile?
The Ubuntu manpage about vpnc contains all the properties which can be set in the configuration file.