Oracle Route Advertisement

Configure non-NAT server with route advertisement on Oracle Cloud

This tutorial will describe configuring VPN access to a VPC without using NAT. This is useful for when security group rules are needed to control VPN users access to resources on the VPC. This example will use a server with two hosts attached. In the event that one host fails the VPC routing table will automatically be updated with the other host.

If replication is also used the VXLan option must be enabled and security groups should be configured to allow UDP port 4789 between Pritunl hosts.

First open the Users page in the Identity section of the Oracle Cloud web console. Click Show next to the OCID of the user that will be used for API access. Then copy the users OCID.

In the Pritunl settings set the Cloud Provider to Oracle and enter the User OCID from above. Then copy the Oracle API Public Key.

Open the user details in the Oracle web console and click Add Public Key. Then click Add.

Next open the Pritunl route settings for the VPC network. In this example this is the 10.220.0.0/16 network. In the route settings uncheck NAT Route. Although the route will be advertised to this VPC network route advertisement should not be enabled for this route as the 10.220.0.0/16 network will already exists in the VPC routing table. Generally only the Virtual Network route will be advertised unless the Pritunl server is providing access to other networks such as in site-to-site configurations.

Next open the route settings for the virtual network. This will be the first network listed in the routes section and will have a Virtual Network label on the right side. Select Cloud Route Advertisement. This will add a route for the Pritunl host to the VPC routing table. With the route in the routing table servers on the VPC network will have a route to reach the Pritunl clients allowing for clients to access the VPC without NAT.

Once done start the server and a few seconds later the route should be added to the VPC routing table. If a server failover occurs the routing table will be automatically updated.