IPSec VPN improvements: BGP support and custom shared secret
- Services: Networking
- Release Date: May 21, 2019
- API Versions Affected: 20160918
With this release, there are two changes related to managing an Oracle Cloud Infrastructure IPSec VPN.
BGP Dynamic Routing
You can now use BGP (Border Gateway Protocol) with VPN Connect (also known as an IPSec VPN).
BGP allows dynamic routing or automatic route exchange between your CPE device and your dynamic routing gateway (DRG). This is an alternative to the current static routing support where you must manually configure the IPSec VPN with the individual CIDRs that you want to reach in your on-premises network.
Also with this release, the routing type (BGP or static) is now configured per IPSec tunnel in the overall connection. If the connection has two tunnels, either both can use the same routing type, or one tunnel can use BGP and the other static routing. This per-tunnel choice makes it easy to migrate an existing multi-tunnel IPSec VPN from static routing to BGP one tunnel at a time, without disrupting connectivity to your on-premises network.
For important details about routing, see Routing for the Oracle IPSec VPN.
For instructions on how to migrate from static routing to BGP, see Changing from Static Routing to BGP Dynamic Routing.
Custom Shared Secret
Prior to this release, Oracle always created the shared secret (also called the pre-shared key) for each IPSec tunnel. Now you have the option to provide your own shared secret for each tunnel. You can do this when you first create the IPSec VPN, or later after the IPSec VPN is already created. For more information, see Changing the Shared Secret That an IPSec Tunnel Uses.