Set up VPN for the on-premise cluster

The following figure is an example of a VPN deployment among the two cluster.

In this step, however, we will create a VPN gateway for OnPremCluster, but will NOT create a VPN connection yet. The two VPN gateways from the two clusters must know each other’s gateway IP address and CIDR. For tutorial’s purpose we will rely on the cloud’s control plane to assign new VPN gateway IPs. As a result, the actual VPN connection must be made after both VPN gateways are created, to avoid a chicken-and-egg situation.

To find the CIDR, go to the VPC created by LSF automation package (“LSF tile”). Since us-south-3 is used, the corresponding IP range is 10.240.128.0/18.

Now select VPC Infrastructure > VPNs. In the “VPNs for VPC” page, make sure Dallas is selected as the region, and then click Create. We need to use the following setup:

• VPN type: Site-to-site gateway
• Resource group: hpca_resgrp
• Virtual private cloud: the VPC used by the OnPremCluster
• Subnet: this should be automatically selected since there is only one subnet was created in OnPremCluster’s VPC
• Mode: Policy-based
• VPN connection for VPC: deselected

Upon clicking Create VPN gateway, it takes a moment for the gateway IP to be allocated and reveal in the VPN page. This is the gateway IP we will need during the creation of the next cluster.