Neutron VPN
· 阅读需 2 分钟
Neutron 创建 VPN
Step 1 创建路由
neutron router-create ROUTERNAME
# neutron router-create ROUTERNAME | grep -w "id"
# neutron router-list
Step 2 创建网络
neutron net-create NETNAME
# neutron net-create NETNAME | grep -w "id"
# 外网 neutron net-create NETNAME --router:external True --availability-zone-hint edge-4 | grep -w "id"
# 内网 neutron net-create NETNAME --availability-zone-hint edge-4 | grep -w "id"
# neutron net-list
# 删除
# neutron net-delete NETNAME
Step 3 创建子网
neutron subnet-create NETNAME <CIDR> --name SUBNETNAME
# neutron subnet-create NETNAME <CIDR> --name SUBNETNAME | grep -w "id"
# neutron subnet-list
# 删除
# neutron subnet-delete SUBNETNAME
Step 4 路由中添加接口
neutron router-interface-add ROUTERNAME SUBNETNAME
# neutron router-port-list ROUTERNAME
# 删除
# neutron router-interface-delete ROUTERNAME SUBNET|subnet=SUBNET|port=PORT
Step 5 创建流动 ip
neutron floatingip-create ext-net1
# neutron floatingip-list
Step 6 创建 VPN 政策 (IPSec)
neutron vpn-ipsecpolicy-create POLICYNAME --encryption-algorithm 3des --pfs group2
Step 7 创建 VPN 政策 (Ike)
neutron vpn-ikepolicy-create POLICYNAME --encryption-algorithm 3des --pfs group2
Step 8 创建 VPN 服务
neutron vpn-service-create --name VPNSERVICENAME --floatingip FLOATINGIPID ROUTERNAME (INNER)SUBNETNAME
Step 9 创建 vpn 端点组
neutron vpn-endpoint-group-create --name GROUPNAME --type subnet --value ID
neutron vpn-endpoint-group-create --name GROUPNAME --type cidr --value IP Segment
