oracle
diff --git a/‎examples/oci/vpn_sandbox/.gitignore‎ ‎…oci/libreswan_ipsec_vpn_basic/.gitignore‎examples/oci/vpn_sandbox/.gitignore renamed to examples/oci/libreswan_ipsec_vpn_basic/.gitignore b/‎examples/oci/vpn_sandbox/.gitignore‎ ‎…oci/libreswan_ipsec_vpn_basic/.gitignore‎examples/oci/vpn_sandbox/.gitignore renamed to examples/oci/libreswan_ipsec_vpn_basic/.gitignore
diff --git a/‎examples/oci/vpn_sandbox/README.md‎ ‎…/oci/libreswan_ipsec_vpn_basic/README.md‎examples/oci/vpn_sandbox/README.md renamed to examples/oci/libreswan_ipsec_vpn_basic/README.md b/‎examples/oci/vpn_sandbox/README.md‎ ‎…/oci/libreswan_ipsec_vpn_basic/README.md‎examples/oci/vpn_sandbox/README.md renamed to examples/oci/libreswan_ipsec_vpn_basic/README.md
diff --git a/‎…amples/oci/vpn_sandbox/generate_files.tf‎ ‎…psec_vpn_basic/compute_generate_files.tf‎examples/oci/vpn_sandbox/generate_files.tf renamed to examples/oci/libreswan_ipsec_vpn_basic/compute_generate_files.tf
Lines changed: 1 addition & 1 deletion b/‎…amples/oci/vpn_sandbox/generate_files.tf‎ ‎…psec_vpn_basic/compute_generate_files.tf‎examples/oci/vpn_sandbox/generate_files.tf renamed to examples/oci/libreswan_ipsec_vpn_basic/compute_generate_files.tf
Lines changed: 1 addition & 1 deletion
diff --git a/‎examples/oci/vpn_sandbox/instances.tf‎ ‎…wan_ipsec_vpn_basic/compute_instances.tf‎examples/oci/vpn_sandbox/instances.tf renamed to examples/oci/libreswan_ipsec_vpn_basic/compute_instances.tf
Lines changed: 12 additions & 12 deletions b/‎examples/oci/vpn_sandbox/instances.tf‎ ‎…wan_ipsec_vpn_basic/compute_instances.tf‎examples/oci/vpn_sandbox/instances.tf renamed to examples/oci/libreswan_ipsec_vpn_basic/compute_instances.tf
Lines changed: 12 additions & 12 deletions
diff --git a/‎…ples/oci/vpn_sandbox/instances_output.tf‎ ‎…ec_vpn_basic/compute_instances_output.tf‎examples/oci/vpn_sandbox/instances_output.tf renamed to examples/oci/libreswan_ipsec_vpn_basic/compute_instances_output.tf b/‎…ples/oci/vpn_sandbox/instances_output.tf‎ ‎…ec_vpn_basic/compute_instances_output.tf‎examples/oci/vpn_sandbox/instances_output.tf renamed to examples/oci/libreswan_ipsec_vpn_basic/compute_instances_output.tf
diff --git a/‎…s/oci/vpn_sandbox/userdata-webservers.tf‎ ‎…vpn_basic/compute_userdata-webservers.tf‎examples/oci/vpn_sandbox/userdata-webservers.tf renamed to examples/oci/libreswan_ipsec_vpn_basic/compute_userdata-webservers.tf
Lines changed: 1 addition & 12 deletions b/‎…s/oci/vpn_sandbox/userdata-webservers.tf‎ ‎…vpn_basic/compute_userdata-webservers.tf‎examples/oci/vpn_sandbox/userdata-webservers.tf renamed to examples/oci/libreswan_ipsec_vpn_basic/compute_userdata-webservers.tf
Lines changed: 1 addition & 12 deletions
diff --git a/‎examples/oci/vpn_sandbox/configuration.tf‎ ‎…breswan_ipsec_vpn_basic/configuration.tf‎examples/oci/vpn_sandbox/configuration.tf renamed to examples/oci/libreswan_ipsec_vpn_basic/configuration.tf
Lines changed: 9 additions & 6 deletions b/‎examples/oci/vpn_sandbox/configuration.tf‎ ‎…breswan_ipsec_vpn_basic/configuration.tf‎examples/oci/vpn_sandbox/configuration.tf renamed to examples/oci/libreswan_ipsec_vpn_basic/configuration.tf
Lines changed: 9 additions & 6 deletions
diff --git a/‎…ples/oci/vpn_sandbox/env-vars.tf.example‎ ‎…swan_ipsec_vpn_basic/env-vars.tf.example‎examples/oci/vpn_sandbox/env-vars.tf.example renamed to examples/oci/libreswan_ipsec_vpn_basic/env-vars.tf.example b/‎…ples/oci/vpn_sandbox/env-vars.tf.example‎ ‎…swan_ipsec_vpn_basic/env-vars.tf.example‎examples/oci/vpn_sandbox/env-vars.tf.example renamed to examples/oci/libreswan_ipsec_vpn_basic/env-vars.tf.example
diff --git a/‎…/oci/vpn_sandbox/img/oci_vpn_example.png‎ ‎…_ipsec_vpn_basic/img/oci_vpn_example.png‎examples/oci/vpn_sandbox/img/oci_vpn_example.png renamed to examples/oci/libreswan_ipsec_vpn_basic/img/oci_vpn_example.png b/‎…/oci/vpn_sandbox/img/oci_vpn_example.png‎ ‎…_ipsec_vpn_basic/img/oci_vpn_example.png‎examples/oci/vpn_sandbox/img/oci_vpn_example.png renamed to examples/oci/libreswan_ipsec_vpn_basic/img/oci_vpn_example.png
diff --git a/‎examples/oci/libreswan_ipsec_vpn_basic/net_acls.tf‎
Lines changed: 68 additions & 0 deletions b/‎examples/oci/libreswan_ipsec_vpn_basic/net_acls.tf‎
Lines changed: 68 additions & 0 deletions
@@ -48,7 +48,7 @@ conn oci1
   #local
   right=${var.cpe_ip_address}                   #on Premises Libreswan network
   rightid=${var.cpe_ip_address}     #AWS Libreswan Public IP address
-  rightsubnet=${var.vcn_vpn_on_premises_cidr_block}           #on Premises CIDR
+  rightsubnet=${var.on_premises_cidr_block}           #on Premises CIDR
 OCICONF
 }
 
 
@@ -1,19 +1,19 @@
 resource "oci_core_instance" "server01" {
-  availability_domain = "${oci_core_subnet.sub01be.availability_domain}"
+  availability_domain = "${oci_core_subnet.subnet01.availability_domain}"
   compartment_id      = "${var.compartment_ocid}"
   display_name        = "server01"
   shape               = "${var.instance_shape}"
 
   source_details {
-    source_id   = "${var.instance_image_ocid[ var.region ]}"
+    source_id   = "${var.instance_image_ocid[var.region]}"
     source_type = "image"
   }
 
   create_vnic_details {
-    subnet_id              = "${oci_core_subnet.sub01be.id}"
+    subnet_id              = "${oci_core_subnet.subnet01.id}"
     hostname_label         = "server01"
     skip_source_dest_check = true
-    assign_public_ip       = false
+    assign_public_ip       = true
   }
 
   metadata {
@@ -27,21 +27,21 @@ resource "oci_core_instance" "server01" {
 }
 
 resource "oci_core_instance" "server02" {
-  availability_domain = "${oci_core_subnet.sub02be.availability_domain}"
+  availability_domain = "${oci_core_subnet.subnet02.availability_domain}"
   compartment_id      = "${var.compartment_ocid}"
   display_name        = "server02"
   shape               = "${var.instance_shape}"
 
   source_details {
-    source_id   = "${var.instance_image_ocid[ var.region ]}"
+    source_id   = "${var.instance_image_ocid[var.region]}"
     source_type = "image"
   }
 
   create_vnic_details {
-    subnet_id              = "${oci_core_subnet.sub02be.id}"
+    subnet_id              = "${oci_core_subnet.subnet02.id}"
     hostname_label         = "server02"
     skip_source_dest_check = true
-    assign_public_ip       = false
+    assign_public_ip       = true
   }
 
   metadata {
@@ -55,21 +55,21 @@ resource "oci_core_instance" "server02" {
 }
 
 resource "oci_core_instance" "server03" {
-  availability_domain = "${oci_core_subnet.sub03be.availability_domain}"
+  availability_domain = "${oci_core_subnet.subnet03.availability_domain}"
   compartment_id      = "${var.compartment_ocid}"
   display_name        = "server03"
   shape               = "${var.instance_shape}"
 
   source_details {
-    source_id   = "${var.instance_image_ocid[ var.region ]}"
+    source_id   = "${var.instance_image_ocid[var.region]}"
     source_type = "image"
   }
 
   create_vnic_details {
-    subnet_id              = "${oci_core_subnet.sub03be.id}"
+    subnet_id              = "${oci_core_subnet.subnet03.id}"
     hostname_label         = "server03"
     skip_source_dest_check = true
-    assign_public_ip       = false
+    assign_public_ip       = true
   }
 
   metadata {
 
@@ -1,20 +1,15 @@
 variable "user-data-webservers" {
   default = <<EOF
 #!/bin/bash -x
-#
-echo '################### webserver userdata begins #####################'
-touch ~opc/userdata.`date +%s`.start
 
-# echo '########## yum update all ###############'
-# yum update -y
+echo '################### webserver userdata begins #####################'
 
 echo '########## basic webserver ##############'
 yum install -y httpd
 systemctl enable  httpd.service
 systemctl start  httpd.service
 
 echo '<html><head></head><body><pre><code>' > /var/www/html/index.html
-
 hostname >> /var/www/html/index.html
 echo '' >> /var/www/html/index.html
 cat /etc/os-release >> /var/www/html/index.html
@@ -28,13 +23,7 @@ echo '</code></pre></body></html>' >> /var/www/html/index.html
 firewall-offline-cmd --add-service=http
 systemctl enable  firewalld
 systemctl restart  firewalld
-# systemctl stop firewalld
 
-touch ~opc/userdata.`date +%s`.finish
 echo '################### webserver userdata ends #######################'
 EOF
 }
-
-# curl ifconfig.co >> /var/www/html/index.html
-# curl ifconfig.co >> /var/www/html/index.html
-
@@ -1,6 +1,6 @@
 ////// environment setup ///////
 variable "instance_shape" {
-  default = "VM.Standard1.1"
+  default = "VM.Standard2.1"
 }
 
 variable "instance_image_ocid" {
@@ -16,31 +16,34 @@ variable "instance_image_ocid" {
   }
 }
 
-data "oci_identity_availability_domains" "ADs" {
+data "oci_identity_availability_domains" "ads" {
   compartment_id = "${var.compartment_ocid}"
 }
 
+//VCN local CIDR block
 variable "vcn_vpn_cidr_block" {
   description = "VCN IP range"
   default     = "172.31.0.0/16"
 }
 
+//VCN local subnets
 variable "vcn_vpn_subnets_cidr_blocks" {
-  description = "VCN IP range"
+  description = "VCN subnets"
   default     = ["172.31.0.0/24", "172.31.1.0/24", "172.31.2.0/24"]
 }
 
 variable "cpe_ip_address" {
   //update to your external IP ADDRESS
-  default = "127.0.0.1"
+  default = "1.2.3.4"
 }
 
 variable "ipsec_static_routes" {
   // ipsec encryption domain
   default = ["0.0.0.0/0"]
 }
 
-variable "vcn_vpn_on_premises_cidr_block" {
-  description = "VCN IP range"
+//On premises LAN IP range
+variable "on_premises_cidr_block" {
+  description = "On premises IP range"
   default = "10.20.0.0/16"
 }
@@ -0,0 +1,68 @@
+resource "oci_core_security_list" "security_list_default" {
+  display_name   = "security_list_default"
+  compartment_id = "${oci_core_virtual_network.vcn_vpn.compartment_id}"
+  vcn_id         = "${oci_core_virtual_network.vcn_vpn.id}"
+
+  egress_security_rules = [{ protocol    = "all" destination = "0.0.0.0/0" }]
+  ingress_security_rules = [
+    { tcp_options { "max" = 22 "min" = 22 } protocol = "6" source   = "${var.cpe_ip_address}/32" },
+    { protocol = "all" source   = "${var.on_premises_cidr_block}"},
+// example of tcp rule
+    { tcp_options { "max" = 22 "min" = 22 } protocol = "6" source   = "192.168.255.255/32" },
+      // icmp protocol for troubleshooting
+    { icmp_options { "type" = 0 } protocol = 1 source   = "0.0.0.0/0" },
+    { icmp_options { "type" = 3 "code" = 4 } protocol = 1 source   = "0.0.0.0/0" },
+    { icmp_options { "type" = 8 } protocol = 1 source   = "0.0.0.0/0" }
+  ]
+}
+
+# Additional security list for local subnet
+resource "oci_core_security_list" "local_sec_list_01" {
+  display_name = "local_security_list_01"
+  compartment_id = "${oci_core_virtual_network.vcn_vpn.compartment_id}"
+  vcn_id         = "${oci_core_virtual_network.vcn_vpn.id}"
+  egress_security_rules  = [
+            { protocol = "all" destination = "0.0.0.0/0" },
+  ]
+  ingress_security_rules = [
+            { protocol = "all" source = "${var.vcn_vpn_cidr_block}" },
+            { protocol = 1 source = "0.0.0.0/0" stateless = true icmp_options { "type" = 3 "code" = 3} },
+            { protocol = 1 source = "0.0.0.0/0" stateless = true icmp_options { "type" = 3 "code" = 4} },
+            { protocol = 1 source = "0.0.0.0/0" stateless = true icmp_options { "type" = 0 "code" = 1} },
+            { protocol = 1 source = "0.0.0.0/0" stateless = true icmp_options { "type" = 8 "code" = 1} },
+  ]
+}
+
+# Additional security list for local subnet
+resource "oci_core_security_list" "local_sec_list_02" {
+  display_name = "local_security_list_02"
+  compartment_id = "${oci_core_virtual_network.vcn_vpn.compartment_id}"
+  vcn_id         = "${oci_core_virtual_network.vcn_vpn.id}"
+  egress_security_rules  = [
+            { protocol    = "all" destination = "0.0.0.0/0" },
+  ]
+  ingress_security_rules = [
+            { protocol    = "all" source = "${var.vcn_vpn_cidr_block}" },
+            { protocol = 1 source = "0.0.0.0/0" stateless = true icmp_options { "type" = 3 "code" = 3} },
+            { protocol = 1 source = "0.0.0.0/0" stateless = true icmp_options { "type" = 3 "code" = 4} },
+            { protocol = 1 source = "0.0.0.0/0" stateless = true icmp_options { "type" = 0 "code" = 1} },
+            { protocol = 1 source = "0.0.0.0/0" stateless = true icmp_options { "type" = 8 "code" = 1} },
+  ]
+}
+
+# Additional security list for local subnet
+resource "oci_core_security_list" "local_sec_list_03" {
+  display_name = "local_security_list_03}"
+  compartment_id = "${oci_core_virtual_network.vcn_vpn.compartment_id}"
+  vcn_id         = "${oci_core_virtual_network.vcn_vpn.id}"
+  egress_security_rules  = [
+            { protocol    = "all" destination = "0.0.0.0/0" },
+  ]
+  ingress_security_rules = [
+            { protocol    = "all" source = "${var.vcn_vpn_cidr_block}" },
+            { protocol = 1 source = "0.0.0.0/0" stateless = true icmp_options { "type" = 3 "code" = 3} },
+            { protocol = 1 source = "0.0.0.0/0" stateless = true icmp_options { "type" = 3 "code" = 4} },
+            { protocol = 1 source = "0.0.0.0/0" stateless = true icmp_options { "type" = 0 "code" = 1} },
+            { protocol = 1 source = "0.0.0.0/0" stateless = true icmp_options { "type" = 8 "code" = 1} },
+  ]
+}
Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,7 @@ conn oci1`
`48`	`48`	`#local`
`49`	`49`	`right=${var.cpe_ip_address} #on Premises Libreswan network`
`50`	`50`	`rightid=${var.cpe_ip_address} #AWS Libreswan Public IP address`
`51`		`- rightsubnet=${var.vcn_vpn_on_premises_cidr_block} #on Premises CIDR`
	`51`	`+ rightsubnet=${var.on_premises_cidr_block} #on Premises CIDR`
`52`	`52`	`OCICONF`
`53`	`53`	`}`
`54`	`54`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`////// environment setup ///////`
`2`	`2`	`variable "instance_shape" {`
`3`		`- default = "VM.Standard1.1"`
	`3`	`+ default = "VM.Standard2.1"`
`4`	`4`	`}`
`5`	`5`
`6`	`6`	`variable "instance_image_ocid" {`
`@@ -16,31 +16,34 @@ variable "instance_image_ocid" {`
`16`	`16`	`}`
`17`	`17`	`}`
`18`	`18`
`19`		`-data "oci_identity_availability_domains" "ADs" {`
	`19`	`+data "oci_identity_availability_domains" "ads" {`
`20`	`20`	`compartment_id = "${var.compartment_ocid}"`
`21`	`21`	`}`
`22`	`22`
	`23`	`+//VCN local CIDR block`
`23`	`24`	`variable "vcn_vpn_cidr_block" {`
`24`	`25`	`description = "VCN IP range"`
`25`	`26`	`default = "172.31.0.0/16"`
`26`	`27`	`}`
`27`	`28`
	`29`	`+//VCN local subnets`
`28`	`30`	`variable "vcn_vpn_subnets_cidr_blocks" {`
`29`		`- description = "VCN IP range"`
	`31`	`+ description = "VCN subnets"`
`30`	`32`	`default = ["172.31.0.0/24", "172.31.1.0/24", "172.31.2.0/24"]`
`31`	`33`	`}`
`32`	`34`
`33`	`35`	`variable "cpe_ip_address" {`
`34`	`36`	`//update to your external IP ADDRESS`
`35`		`- default = "127.0.0.1"`
	`37`	`+ default = "1.2.3.4"`
`36`	`38`	`}`
`37`	`39`
`38`	`40`	`variable "ipsec_static_routes" {`
`39`	`41`	`// ipsec encryption domain`
`40`	`42`	`default = ["0.0.0.0/0"]`
`41`	`43`	`}`
`42`	`44`
`43`		`-variable "vcn_vpn_on_premises_cidr_block" {`
`44`		`- description = "VCN IP range"`
	`45`	`+//On premises LAN IP range`
	`46`	`+variable "on_premises_cidr_block" {`
	`47`	`+ description = "On premises IP range"`
`45`	`48`	`default = "10.20.0.0/16"`
`46`	`49`	`}`