Configuring an IPSec connection with VTI
The OpenStack VPN-as-a-Service (VPNaaS) is enabled in IBM® Cloud Manager with OpenStack. VPNaaS is optional. For more information about VPNaaS, see the OpenStack community documentation.
About this task
For example, assume the IP address for the private network on OpenStack is 192.168.100.0/24. Then, there is a private network in another OpenStack or Vyatka with the subnet 10.6.12.0/24. After you use VPNaaS to establish a VPN connection, those two subnets can connect to each other.
However, the existing OpenStack VPNaaS does not support IPSec VPN with virtual tunnel interface (VTI). Therefore, you must enable it for IBM Cloud Manager with OpenStack if the remote private network's VPN gateway is set up to use VTI. If the remote private network's gateway is using a policy-based configuration, you can use the standard OpenStack VPNaaS.