# Oracle Cloud **For a more detailed tutorial refer to** [**Site-to-Site with IPsec**](/kb/vpn/tutorials/pritunl-link.md) First create security list rules to allow `UDP` ports `500` and `4500` for IPsec traffic. You will also need to allow traffic from the other linked networks. **Optionally TCP port 9790 can also be opened for host to host checking. This allows each pritunl-link host to ping other hosts to measure latency and availability. These checks are used to detect network partitions and discover the best link to activate in a high availability configuration.** ![](/files/WfYJimywyK2wydcmex46) Create a private key for the API user using the command below. These commands can be run on any Linux computer. ```shell openssl genrsa -out oci_key.pem 2048 openssl rsa -pubout -in oci_key.pem -out oci_pub.pem cat oci_pub.pem ``` Open the *Users* section of the *Identity* console and select a user that will be used to authenticate with the Oracle Cloud API. Then copy the *OCID* in the user info, this will be needed later. ![](/files/N2IhiLsvHGsBGDHnGicx) Open the user details click *Add Public Key*. Then copy the output of `cat oci_pub.pem` to the *Public Key* field. ![](/files/samFbV0Lgm7H1fNJddqO) Get a base64 copy of the private key by running the command below. This will be needed in the next step. Once done run the second command to delete the key. ```shell openssl base64 -in oci_key.pem | tr -d "\n" rm oci_*.pem ``` Access with this user should be controlled with a policy. This can be done by creating a user group and adding the user to that group then configuring a policy for the group. Below is an example policy for the user. This can be further restricted based on the environment. ``` ALLOW GROUP pritunl TO MANAGE virtual-network-family IN tenancy ALLOW GROUP pritunl TO MANAGE vnics IN tenancy ``` Below is the startup script that can be put it in the *User data* or run manually. The first three pritunl-link commands need to be updated with the Oracle Cloud tenancy ocid, Oracle user ocid and the Base64 private key from above. The fourth pritunl-link command needs to be run if the Pritunl server does not have a signed HTTPS certificate. The fifth command sets the provider to `oracle`. The sixth command will add the URI, this needs to be replaced by clicking *Get URI* in the Pritunl web console. This command can be run multiple times if more then one link is configured. The `pritunl-link verify-off` line can be left out if the Pritunl server is configured with a valid SSL certificate. It is not necessary to verify the SSL certificate, the sensitive data is encrypted with AES-256 and signed with HMAC SHA-512 using the token and secret in the URI. ```shell #!/bin/bash sudo tee /etc/yum.repos.d/pritunl.repo << EOF [pritunl] name=Pritunl Repository baseurl=https://repo.pritunl.com/stable/yum/oraclelinux/10/ gpgcheck=1 enabled=1 gpgkey=https://raw.githubusercontent.com/pritunl/pgp/master/pritunl_repo_pub.asc EOF sudo dnf -y update sudo dnf -y install pritunl-link sudo systemctl stop firewalld sudo systemctl disable firewalld sudo pritunl-link oracle-tenancy-ocid ocid1.tenancy.oc1..aaaaaaaa6emuu... sudo pritunl-link oracle-user-ocid ocid1.user.oc1..aaaaaaaagfbc5x7qsrq... sudo pritunl-link oracle-private-key LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBL... sudo pritunl-link verify-off sudo pritunl-link provider oracle sudo pritunl-link add pritunl://token:secret@test.pritunl.com ``` Create an Oracle Linux 10 instance and open the *Advanced Options* and click *Paste cloud-init script*. ![](/files/gcdmQ1CSEsXbktelqPri) Select the VNIC attached to the instance and click *Edit VNIC*. Then select *Skip Source/Destination Check*. ![](/files/FZcKUDWNPSYwp7KxCa2X) The commands below can be run to check the logs and status of the link. The `pritunl-link` service will already be running and connected once the URI is added. ```shell journalctl -u pritunl-link sudo ipsec status ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.pritunl.com/kb/vpn/link/oracle-cloud.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.