zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/modules/net-vpn-ha
History
Roberto Jung Drebes 324890073b
adds project_id to external gateway (#74) 		2020-05-12 18:13:06 +02:00
..
README.md Merge development branch (#44) 2020-04-03 14:06:48 +02:00
main.tf adds project_id to external gateway (#74) 2020-05-12 18:13:06 +02:00
outputs.tf make the vpn ha module more resilient on destroy 2020-04-28 19:43:42 +02:00
variables.tf Merge development branch (#44) 2020-04-03 14:06:48 +02:00
versions.tf Merge development branch (#44) 2020-04-03 14:06:48 +02:00

README.md

Cloud VPN HA Module

This module makes it easy to deploy either GCP-to-GCP or GCP-to-On-prem Cloud HA VPN.

Examples

GCP to GCP

module "vpn_ha-1" {
  source = "../modules/net-vpn-ha"
  project_id  = "<PROJECT_ID>"
  region  = "europe-west4"
  network         = "https://www.googleapis.com/compute/v1/projects/<PROJECT_ID>/global/networks/network-1"
  name            = "net1-to-net-2"
  peer_gcp_gateway = module.vpn_ha-2.self_link
  router_asn = 64514
  tunnels = {
    remote-0 = {
      bgp_peer = {
        address = "169.254.1.1"
        asn     = 64513
      }
      bgp_peer_options  = null
      bgp_session_range = "169.254.1.2/30"
      ike_version       = 2
      vpn_gateway_interface = 0
      peer_external_gateway_interface = null
      shared_secret     = ""
    }
    remote-1 = {
      bgp_peer = {
        address = "169.254.2.1"
        asn     = 64513
      }
      bgp_peer_options  = null
      bgp_session_range = "169.254.2.2/30"
      ike_version       = 2
      vpn_gateway_interface = 1
      peer_external_gateway_interface = null
      shared_secret     = ""
    }
  }
}

module "vpn_ha-2" {
  source = "../modules/net-vpn-ha"
  project_id  = "<PROJECT_ID>"
  region  = "europe-west4"
  network         = "https://www.googleapis.com/compute/v1/projects/<PROJECT_ID>/global/networks/local-network"
  name            = "net2-to-net1"
  router_asn = 64513
  peer_gcp_gateway = module.vpn_ha-1.self_link
  tunnels = {
    remote-0 = {
      bgp_peer = {
        address = "169.254.1.2"
        asn     = 64514
      }
      bgp_peer_options  = null
      bgp_session_range = "169.254.1.1/30"
      ike_version       = 2
      vpn_gateway_interface = 0
      peer_external_gateway_interface = null
      shared_secret     = module.vpn_ha-1.random_secret
    }
    remote-1 = {
      bgp_peer = {
        address = "169.254.2.2"
        asn     = 64514
      }
      bgp_peer_options  = null
      bgp_session_range = "169.254.2.1/30"
      ike_version       = 2
      vpn_gateway_interface = 1
      peer_external_gateway_interface = null
      shared_secret     = module.vpn_ha-1.random_secret
    }
  }
}

GCP to on-prem

module "vpn_ha" {
  source = "../modules/net-vpn-ha"
  project_id  = "<PROJECT_ID>"
  region  = "europe-west4"
  network         = "https://www.googleapis.com/compute/v1/projects/<PROJECT_ID>/global/networks/my-network"
  name            = "mynet-to-onprem"
  peer_external_gateway = {
      redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
      interfaces = [{
          id = 0
          ip_address = "8.8.8.8" # on-prem router ip address

      }]
  }
  router_asn = 64514
  tunnels = {
    remote-0 = {
      bgp_peer = {
        address = "169.254.1.1"
        asn     = 64513
      }
      bgp_peer_options  = null
      bgp_session_range = "169.254.1.2/30"
      ike_version       = 2
      vpn_gateway_interface = 0
      peer_external_gateway_interface = 0
      shared_secret     = "mySecret"
    }
    remote-1 = {
      bgp_peer = {
        address = "169.254.2.1"
        asn     = 64513
      }
      bgp_peer_options  = null
      bgp_session_range = "169.254.2.2/30"
      ike_version       = 2
      vpn_gateway_interface = 1
      peer_external_gateway_interface = 0
      shared_secret     = "mySecret"
    }
  }
}

Variables

name description type required default
name VPN gateway name, and prefix used for dependent resources. string
network VPC used for the gateway and routes. string
project_id Project where resources will be created. string
region Region used for resources. string
peer_external_gateway Configuration of an external VPN gateway to which this VPN is connected. object({...}) null
peer_gcp_gateway Self Link URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected. string null
route_priority Route priority, defaults to 1000. number 1000
router_advertise_config Router custom advertisement configuration, ip_ranges is a map of address ranges and descriptions. object({...}) null
router_asn Router ASN used for auto-created router. number 64514
router_create Create router. bool true
router_name Router name used for auto created router, or to specify existing router to use. Leave blank to use VPN name for auto created router. string
tunnels VPN tunnel configurations, bgp_peer_options is usually null. map(object({...})) {}

Outputs

name description sensitive
external_gateway External VPN gateway resource.
gateway HA VPN gateway resource.
name VPN gateway name.
random_secret Generated secret.
router Router resource (only if auto-created).
router_name Router name.
self_link HA VPN gateway self link.
tunnel_names VPN tunnel names.
tunnel_self_links VPN tunnel self links.
tunnels VPN tunnel resources.