We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

OVH Cloud VPN feature


trendless
2015-06-20, 03:01 PM
Any updated info on using vRack with multiple OVH VPS Cloud machines in BHS datacentre?

edit: doesn't look possible, only dedicated resources seem to be able to be added to vRack. Is this correct? Is there an alternative for VPS?

eliotte
2014-07-27, 08:52 PM
Quote Originally Posted by Jerome @ OVH
Hi paulhuynh81

You can activate our vRack option for free to use with your pCC.

A Cisco ASA 5505 is $25 per month (+ $189 setup fees) you can find more information here http://www.ovh.com/ca/en/dedicated-s...ed_servers.xml

Regards
Add 39$/month for vRack even if you have vRack included with your servers or pCC. As I understand, the firewall needs vRack 1.0 and currently, server and pCC use vRack 1.5. I talked to 4 different people to order the cisco. Toke 2 days to receive the order and the 39$ appeared by magic in the last email, after all the talks, mail and ticket. OVH should explain that price on their web site.

I use pfsense as a vpn server to connect to my vRack subnet. At 25$ I though it was a good deal to use a hardware firewall instead of software for my vpn but at 64$ it's too much.

Axel @ OVH
2014-07-03, 10:29 AM
Hello Joseph,

A quick search on Google returned me this thread on our UK forum: http://forum.ovh.co.uk/showthread.ph...nd-failover-IP

This can be a solution to your configuration issue with our failover IPs and pfSense. There is surely other ways to configure the pfSense, such as doing all configuration in command line.

Regards,

Axel - Support OVH.com

Joseph
2014-07-03, 10:18 AM
Thank you Axel, yes you are understanding correctly. I'll be happy to try pfSense but I have not found documentation from anyone who's ever tried it on an OVH ESXi server with a failover IP. Of course if we get it to work, I'll happily share on this forum

Axel @ OVH
2014-06-20, 02:12 PM
Quote Originally Posted by Joseph
I have an OVH dedicated server with ESXi, and I want to create an IPSec tunnel between the VM's on this server and our work network. My idea was to add a Vyatta VM to the server, but it seems there is no way to assign a failover IP to the Vyatta VM, therefore I cannot get the Vyatta on the internet.

It seems the big problem is that the gateway lies outside of the failover IP subnet. I've read many Vyatta articles but it all points back to this being the show stopper.

Has anyone been able to set up a Vyatta VM successfully on an OVH dedicated server? Or, is there any other network appliance (pfSense, ipcop, Windows Server Routing, Cisco Virutal Appliance, etc.) that can do the job?

I know there are many others with the same issue I'm having, so I'm hoping someone has found a solution. Thanks!
Hello Joseph,

If I understand correctly, you are trying to configure a software router to act as a VPN gateway to the LAN of your ESXi server. You are facing difficulties to configure an IP failover due to the special configuration used at OVH.

I would suggest that you look at other software routers, such as the one you mentioned: pfSense, or even Mikrotik's RouterOS. They both offers IPSec tunnel, and OVH failover IPs can be configured with them.

There is plenty of documentation available online to help you with the configuration for those 2 products.

Best regards,

Axel - Support OVH.com

Joseph
2014-06-19, 05:24 PM
Quote Originally Posted by js
This is a very common use case and can be done in several ways. The first that comes to my mind would be to terminate your IPSEC tunnel on a virtual machine in the private cloud. There are many software solution to support this topology ranging from a simple linux machine with the open source IPSEC implementation of your choice to the high end commercial appliance. As a reminder, you can use private VLANs on the PCC to ensure that your internal machines are not exposed to the internet and that only your tunnel endpoint is visible.
I have an OVH dedicated server with ESXi, and I want to create an IPSec tunnel between the VM's on this server and our work network. My idea was to add a Vyatta VM to the server, but it seems there is no way to assign a failover IP to the Vyatta VM, therefore I cannot get the Vyatta on the internet.

It seems the big problem is that the gateway lies outside of the failover IP subnet. I've read many Vyatta articles but it all points back to this being the show stopper.

Has anyone been able to set up a Vyatta VM successfully on an OVH dedicated server? Or, is there any other network appliance (pfSense, ipcop, Windows Server Routing, Cisco Virutal Appliance, etc.) that can do the job?

I know there are many others with the same issue I'm having, so I'm hoping someone has found a solution. Thanks!

Jerome @ OVH
2014-05-30, 02:04 PM
Hi paulhuynh81

You can activate our vRack option for free to use with your pCC.

A Cisco ASA 5505 is $25 per month (+ $189 setup fees) you can find more information here http://www.ovh.com/ca/en/dedicated-s...ed_servers.xml

Regards

paulhuynh81
2014-05-30, 10:49 AM
This is great

How much will it cost for
Vrack option on top of the vsphere cloud package for around 500 per months

Cisco asa how much is that per month add on to our service


The 2nd option would be to get an hardware firewall, (we offer the CISCO ASA which can terminate IPSEC) and then use the VRACK to connect it to your PCC. This will definitely work but has an important limitation : it's a single point of failure, gets expansive really fast and has throughput limitations : 100Mbps for the low end model and up to 450Mbps for the high end.


Let me know if it helps or if you had something else in mind.

js
2014-05-29, 11:25 AM
Hi paulhuynh81


This is a very common use case and can be done in several ways. The first that comes to my mind would be to terminate your IPSEC tunnel on a virtual machine in the private cloud. There are many software solution to support this topology ranging from a simple linux machine with the open source IPSEC implementation of your choice to the high end commercial appliance. As a reminder, you can use private VLANs on the PCC to ensure that your internal machines are not exposed to the internet and that only your tunnel endpoint is visible.

The 2nd option would be to get an hardware firewall, (we offer the CISCO ASA which can terminate IPSEC) and then use the VRACK to connect it to your PCC. This will definitely work but has an important limitation : it's a single point of failure, gets expansive really fast and has throughput limitations : 100Mbps for the low end model and up to 450Mbps for the high end.


Let me know if it helps or if you had something else in mind.

paulhuynh81
2014-05-21, 12:12 AM
Is OVH dedicated cloud allow IPSEC or some sort of VPN seating in the front of the cloud? So




MY corp office---vpn ipsec-----internet-----vpn ipsec-----OVH dedicated cloud?

i have been waiting for this feature for a year + now.....