ujjwal-ibm
commented
2 years ago vpn gw with mode as policy, needs an active public ip address of the peer. Changing the configuration to this should resolve the issue.
resource "ibm_is_vpn_gateway" "VPNClientGateway" {
name = "demo-think-peer-vpn"
subnet = data.ibm_is_subnet.client_subnet.id
resource_group = data.ibm_resource_group.group.id
mode = "policy"
provisioner "local-exec" {
command = "sleep 180"
}
}
resource "ibm_is_vpn_gateway" "VPNPeerGateway1" {
name = "think-demo-rok2-vpn-gw"
subnet = data.ibm_is_subnet.server_subnet1.id
resource_group = data.ibm_resource_group.group.id
mode = "policy"
provisioner "local-exec" {
command = "sleep 180"
}
}
resource "ibm_is_vpn_gateway" "VPNPeerGateway2" {
name = "think-demo-rok2-vpn-gw-2"
subnet = data.ibm_is_subnet.server_subnet2.id
resource_group = data.ibm_resource_group.group.id
mode = "policy"
provisioner "local-exec" {
command = "sleep 180"
}
}
resource "ibm_is_vpn_gateway_connection" "VPNClientGateway_Conn1" {
name = "demo-think-peer-vpn-gw-conn1"
vpn_gateway = ibm_is_vpn_gateway.VPNClientGateway.id
peer_address = ibm_is_vpn_gateway.VPNPeerGateway1.public_ip_address != "0.0.0.0" ? ibm_is_vpn_gateway.VPNPeerGateway1.public_ip_address : ibm_is_vpn_gateway.VPNPeerGateway1.public_ip_address2
local_cidrs = [data.ibm_is_subnet.client_subnet.ipv4_cidr_block]
peer_cidrs = [data.ibm_is_subnet.server_subnet1.ipv4_cidr_block]
preshared_key = "secret"
admin_state_up = true
depends_on = [ibm_is_vpn_gateway.VPNPeerGateway1]
}
resource "ibm_is_vpn_gateway_connection" "VPNClientGateway_Conn2" {
name = "demo-think-peer-vpn-gw-conn2"
vpn_gateway = ibm_is_vpn_gateway.VPNClientGateway.id
peer_address = ibm_is_vpn_gateway.VPNPeerGateway2.public_ip_address != "0.0.0.0" ? ibm_is_vpn_gateway.VPNPeerGateway2.public_ip_address : ibm_is_vpn_gateway.VPNPeerGateway2.public_ip_address2
local_cidrs = [data.ibm_is_subnet.client_subnet.ipv4_cidr_block]
peer_cidrs = [data.ibm_is_subnet.server_subnet2.ipv4_cidr_block]
preshared_key = "secret"
admin_state_up = true
depends_on = [ibm_is_vpn_gateway.VPNPeerGateway2]
}
resource "ibm_is_vpn_gateway_connection" "VPNPeerGateway1_Conn1" {
name = "think-demo-rok2-vpn-gw-conn1"
vpn_gateway = ibm_is_vpn_gateway.VPNPeerGateway1.id
peer_address = ibm_is_vpn_gateway.VPNClientGateway.public_ip_address != "0.0.0.0" ? ibm_is_vpn_gateway.VPNPeerGateway2.public_ip_address : ibm_is_vpn_gateway.VPNPeerGateway2.public_ip_address2
local_cidrs = [data.ibm_is_subnet.server_subnet1.ipv4_cidr_block]
peer_cidrs = [data.ibm_is_subnet.client_subnet.ipv4_cidr_block]
preshared_key = "secret"
admin_state_up = true
depends_on = [ibm_is_vpn_gateway.VPNClientGateway]
}
resource "ibm_is_vpn_gateway_connection" "VPNPeerGateway2_Conn1" {
name = "think-demo-rok2-vpn-gw-2-conn1"
vpn_gateway = ibm_is_vpn_gateway.VPNPeerGateway2.id
peer_address = ibm_is_vpn_gateway.VPNClientGateway.public_ip_address != "0.0.0.0" ? ibm_is_vpn_gateway.VPNClientGateway.public_ip_address : ibm_is_vpn_gateway.VPNClientGateway.public_ip_address2
local_cidrs = [data.ibm_is_subnet.server_subnet2.ipv4_cidr_block]
peer_cidrs = [data.ibm_is_subnet.client_subnet.ipv4_cidr_block]
preshared_key = "secret"
admin_state_up = true
depends_on = [ibm_is_vpn_gateway.VPNClientGateway]
}
MalarvizhiK
I used the below script to create VPN Gateway, Connections. My VPN gateway connections are created with 0.0.0.0 as the VPN gateway address. We need wait logic in VPN gateway, it should wait till the status is changed from Pending to Available. Then only VPN gateway connections should get created. Please fix on high priority. Issue is seen only with multiple VPN gateways (3 in number) and VPN gateway connections (4 in number). I need to add sleep in VPN gateway, which is not working always.