Getting Started with Free/Lite Edition Administration Videos AWS Quickstart: Encrypted Overlay Network VNS3 in AWS Routing to and from plugins Azure VPN to VNS3 via IPSec VNS3 in Azure Configuring VNS3 via the API Multi-Cloud with Terraform and VNS3 Multi-Region Peering mesh with Terraform and VNS3 Creating IPsets with VNS3 API Route-based VPN with the API VNS3 Troubleshooting Videos Google Cloud Platform VPN
Route-based VPN with the API

Table of Contents

Creating a route based VPN is simple with the VNS3 API. The following script details the steps:

  1. Create a route based IPsec endpoint and tunnel
  2. Create a route to your tunnel
  3. Repeat for the other side of the VPN!

Create route based IPsec Endpoint and Tunnel

POST /ipsec/endpoints:

  • ipaddress - the IP address for the other end of the tunnel
  • secret - preshared key used by both sides of the tunnel
  • pfs - enable/disable Perfect Forward Secrecy
  • ike_version - Version for IKE
  • nat_t_enabled - enable/disable NAT-T
  • vpn_type - vti or gre
  • route_based_int_address - IP/Cidr for VTI
  • route_based_local - SA cidr, typically 0.0.0.0/0
#!/bin/bash

# Some variables to be used by the API calls.
vns3_host="10.10.10.10"
vns3_api_password="xxxxxxxxx"
DataCenterNetworkCidr="10.1.0.0/16"
Payload=`echo "{
    \"name\": \"$DataCenterNetworkCidr\", 
    \"ipaddress\": \"10.1.0.10\", 
    \"secret\": \"mypresharedkey\", 
    \"pfs\": false,
    \"ike_version\": \"2\",
    \"nat_t_enabled\": true,
    \"vpn_type\": \"vti\",
    \"route_based_int_address\": \"10.251.24.2/30\",
    \"route_based_local\": \"0.0.0.0/0\"
}"`

tunnelResponse=`curl -k -X POST -u "api:$vns3_api_password" \
    -d "$Payload" \
    -H "Content-Type:application/json" \
    https://$vns3_host:8000/api/ipsec/endpoints`

cURL Explanation:

  • -k : this is required to turn off SSL verification, you can remove this if you have SSL installed on your VNS3 controller
  • -X POST : POST request
  • -u : Basic user:password credentialing
  • -d : POST payload (Json)
  • -H : Header indicating payload type is Json

Parse the tunnel ID from the response

tunnelId="$(echo "$tunnelResponse" | grep -w '^id\:' | cut -d " " -f2 | head -1)"

Create a route to the tunnel

POST /routes:

Payload=`echo "{
    \"cidr\": \"$DataCenterNetworkCidr\",
    \"description\": \"Tunnel to VPN\",
    \"advertise\": true,
    \"gateway\": \"_notset\",
    \"interface\": \"_notset\",
    \"tunnel\": \"$tunnelId\"
}"`
curl -k -X POST -u "api:$vns3_api_password" \
    -d "$Payload" \
    -H "Content-Type:application/json" \
    https://$vns3_host:8000/api/routes

Now repeat your configuration for the other side of the tunnel. Read more on Route-Based VPNS here.

Updated on 12 Mar 2020

Table of Contents