Adding routing
Configure the necessary routing information for the created subnet. This setting is necessary for Building a management network. The following is an example procedure for the routing configuration that becomes necessary for SSL-VPN connections.
-
Perform the settings necessary for routing as indicated below.
$ SUBNET_ID=<ID of the subnet to add routing (host_routes) to>
$ HOST_ROUTES={\"nexthop\":\"IP address of the default gateway of the subnet\",\"destination\":\"Virtual network cidr of the VPN tunnel\"}
Specify the network address of the virtual network cidr of the VPN tunnel using the format "XXX.XXX.XXX.XXX/XX".
Example: 192.168.246.0/24
Warning:Specify a network address that does not conflict with the network address used by K5 or the local network addresses used by client PCs.
The cidr of the virtual network of the VPN tunnel must be set the same as the one set for CLIENT_ADDRESS_POOL_CIDR when creating the SSL-VPN connection (Creating an SSL-VPN connection (V2 service/K5 client certificate) or Creating an SSL-VPN connection (V2 service/self-signed certificate)).
-
Execute the following API.
$ curl -Ss $NETWORK/v2.0/subnets/$SUBNET_ID -X PUT -H "X-Auth-Token: $OS_AUTH_TOKEN" \ -H "Content-Type: application/json" -d '{"subnet": { "host_routes": ['$HOST_ROUTES'] }}' | jq .
The following response is output.
{ "subnet": { "availability_zone": "<Same availability zone as specified subnet", "id": "<Subnet ID>", "cidr": "<Virtual network cidr of the specified VPN tunnel>", "gateway_ip": "<Default gateway IP address of specified subnet>", "name": "<Subnet name>", "enable_dhcp": true, "network_id": "<Network ID>", "tenant_id": "<Project ID>", "dns_nameservers": [ "133.162.XXX.XXX", "133.162.XXX.XXX" ], "allocation_pools": [ { "end": "XXX.XXX.XXX.254", "start": "XXX.XXX.XXX.2" } ], "host_routes": [ { "destination": "<Virtual network cidr of specified VPN tunnel>", "nexthop": "<Default gateway IP address of specified subnet>" } ], "ip_version": 4 } }
-
Execute the following API to check the routing that you set:
$ SUBNET_ID=<ID of the subnet that routing (host_routes) was added to>
$ curl -Ss $NETWORK/v2.0/subnets/$SUBNET_ID -X GET -H "X-Auth-Token: $OS_AUTH_TOKEN" | jq .
The following response is output. When a list containing the set routing name is output, creation is complete.
{ "subnet": { "availability_zone": "<Same availability zone as specified subnet", "id": "<Subnet ID>", "cidr": "<Virtual network cidr of the specified VPN tunnel>", "gateway_ip": "<Default gateway IP address of specified subnet>", "name": "<Subnet name>", "enable_dhcp": true, "network_id": "<Network ID>", "tenant_id": "<Project ID>", "dns_nameservers": [ "133.162.XXX.XXX", "133.162.XXX.XXX" ], "allocation_pools": [ { "end": "XXX.XXX.XXX.254", "start": "XXX.XXX.XXX.2" } ], "host_routes": [ { "destination": "<Virtual network cidr of specified VPN tunnel>", "nexthop": "<Default gateway IP address of specified subnet>" } ], "ip_version": 4 } }