{"id":18211,"date":"2022-08-05T16:04:34","date_gmt":"2022-08-05T14:04:34","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/?p=18211"},"modified":"2022-08-05T16:04:37","modified_gmt":"2022-08-05T14:04:37","slug":"oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/","title":{"rendered":"OCI connected to your personal network \u2013 quick&easy example with open source firewall ‘IPFire’"},"content":{"rendered":"\n

Introduction & why attaching your personnal network to OCI (Oracle Cloud Infrastructure)<\/h2>\n\n\n\n

You want to use your existing tools and infrastructure, but you need high internet performance for your Oracle environment \u2013 the combination of on premise and OCI may make sense for you. Or if you simply want to check what possibilities OCI provides for your business with OCI, you can gain some experience with a mix of both worlds.<\/p>\n\n\n\n

Maybe you are interested in Oracle Cloud Infrastructure and you don\u2019t want to move all of your IT to the cloud? Or you have some tools or data locally in your premise IT you want to user further? If you don\u2019t plan to move terabytes of data you can do a quick and easy test within a short time with an open source firewall from IPFire (https:\/\/www.ipfire.org<\/a>) to connect your infrastructure to OCI via VPN. If you have an existing IPFire firewall connected to the internet (in my case no NAT) the time to configure the needed 2 IPSec tunnels is done in less than 5min.<\/p>\n\n\n\n

Why open source \u2018IPFire\u2019 Firewall?<\/h2>\n\n\n\n

I\u2019m using IPFire-firewall since years without problems and even if you\u2019re not very experienced command-line user you can install, configure and maintain the firewall by GUI easily too.<\/p>\n\n\n\n

And in addition, regarding our intention to connect OCI, the IPSec configuration is very simple to configure via GUI too.<\/p>\n\n\n\n

Example configuration overview<\/h2>\n\n\n\n

CPE <\/mark><\/strong>(Customer-Premises Equipment) is nothing else than your personal IT entry-point. So please don’t use public IP-address beginning with something like 94.16.xxx.yyy if you don’t want to run into trouble with my provider Quickline (except if you have the same provider. Only then it would look similar).<\/p>\n\n\n\n

\/!\\ Please check first which IP-address is assigned by your ISP (Internet Service Provider) before you begin to setup CPE in OCI. The OCI CPE is configured together with your personal firewall.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

IPSec <\/mark><\/strong>to be defined on both sides – in OCI and in your personal network (in my example with the IPFire firewall and the IPSec configuration).<\/p>\n\n\n\n

DRG <\/mark><\/strong>“Dynamic Routing Gateway” will coordinate routing between your on-prem netword and the VCNs\/Subnets in OCI.<\/p>\n\n\n\n

VCN <\/mark><\/strong>“Virtual Cloud Network” is the network you attach other components to and where you can define subnets, routing tables, security lists.<\/p>\n\n\n\n

Attach the Routing Table (RT) and Security List (SL) definitions to your subnets later. I was wondering why it didn\u2019t work on my first attempt. <\/p>\n\n\n\n

VCN Subnet<\/mark><\/strong> – here you place your compute instances and apply your SL (Security List ~firewall rules) and RT (Routing Table).<\/p>\n\n\n\n

Prerequisites<\/h2>\n\n\n\n

On OCI side<\/strong><\/p>\n\n\n\n

  • your OCI tenancy<\/li>
  • VCN (Virtual Cloud Network)<\/li>
  • VCN subnet<\/li>
  • CPE (Customer-Premises Equipment)<\/li>
  • IPSec connection<\/li>
  • 2x IPSec tunnel<\/li>
  • Dynamic Routing Gateway (DRG)<\/li>
  • Security List (SL)<\/li>
  • Routing Table (RT)<\/li>
  • At least 1 instance<\/li><\/ul>\n\n\n\n

    On customer side<\/strong><\/p>\n\n\n\n

    • IPFire firewall<\/li>
    • Your external IP-Address<\/li>
    • 1 LINUX OS instance on your premise IT<\/li><\/ul>\n\n\n\n

      Optional<\/strong><\/p>\n\n\n\n

      • DDNS for your personal network<\/li>
      • DDNS  domain name or your own DNS<\/li><\/ul>\n\n\n\n

        Setup OCI<\/h2>\n\n\n\n

        VCN<\/h3>\n\n\n\n
        Name<\/td>myVCN<\/mark><\/strong><\/td><\/tr>
        CIDR<\/td>10.0.5.0\/24<\/mark><\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
        \"\"<\/figure>\n\n\n\n

        VCN subnet<\/h3>\n\n\n\n
        Name<\/td>mySubnet<\/mark><\/strong><\/td><\/td><\/tr>
        CIDR<\/td>10.0.5.0\/24<\/strong><\/mark><\/td><\/td><\/tr>
        RT<\/td>RouteTableMySubnet<\/mark><\/strong><\/td><\/td><\/tr>
        <\/td>Destination<\/td>192.168.0.0\/24<\/mark><\/strong> [customers internal CIDR]<\/td><\/tr>
        <\/td>Target Type<\/td>Dynamic Routing Gateway<\/td><\/tr>
        <\/td>Target<\/td>myDRG<\/mark><\/strong><\/td><\/tr>
        DRG att<\/td>myDRG_Attachment_Subnet<\/mark><\/strong><\/td><\/td><\/tr>
        <\/td>Att Name<\/td>myDRG_Attachment_mySubnet<\/mark><\/strong><\/td><\/tr>
        <\/td>Lifecyc State<\/td>Attached<\/td><\/tr>
        <\/td>DRG<\/td>myDRG<\/mark><\/strong><\/td><\/tr>
        <\/td>VCN RT<\/td>–<\/td><\/tr>
        <\/td>Cross-Ten.<\/td>No<\/td><\/tr>
        SL<\/td>SecurityListMySubnet<\/mark><\/strong><\/td><\/td><\/tr>
        <\/td>Ingress Rules (1)<\/td><\/td><\/tr>
        <\/td>Stateless<\/td>No<\/td><\/tr>
        <\/td>Source<\/td>192.168.0.0\/24<\/mark><\/strong> [customers internal CIDR]<\/td><\/tr>
        <\/td>IP Protocol<\/td>TCP<\/mark><\/strong><\/td><\/tr>
        <\/td>Source PR<\/td>All<\/mark><\/strong><\/td><\/tr>
        <\/td>Destin. PR<\/td>22<\/mark><\/strong><\/td><\/tr>
        <\/td>Type&Code<\/td><\/td><\/tr>
        <\/td>Allows<\/td>TCP traffic for pots: 22 SSH Remote Login Protocol<\/td><\/tr>
        <\/td>Description<\/td>myCPE(ingress)<\/mark><\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
        \"\"<\/figure>\n\n\n\n

        DRG<\/h3>\n\n\n\n
        Name<\/td>myDRG<\/mark><\/strong><\/td><\/td><\/tr>
        Lifecycle St<\/td>Available (when at least one tunnel up)<\/td><\/td><\/tr>
        Ora Redund.<\/td>Redundant (when all up and running)<\/td><\/td><\/tr>
        <\/td>VCN att.<\/td>(2)<\/td><\/tr>
        (1\/2)<\/td>Att Name<\/td>DRG_Attachment_for_IPSec_Tunnel: myIPSecTunnel1<\/mark><\/strong><\/td><\/tr>
        <\/td>Lifecyc St<\/td>Attached<\/td><\/tr>
        <\/td>IPSec Tun.<\/td>myIPSecTunnel1<\/mark><\/strong><\/td><\/tr>
        <\/td>DRG RT<\/td>Autogen. Drg RT for RPC, VC, and IPSec att.<\/td><\/tr>
        <\/td>CPE<\/td>myCPE<\/mark><\/strong><\/td><\/tr>
        <\/td>CPE IKE Id<\/td>test.myddns.com<\/mark><\/strong> (if you changed IPSec \u2018IP-Connection\u2019 with FQDN)<\/td><\/tr>
        (2\/2)<\/td>Att Name<\/td>DRG_Attachment_for_IPSec_Tunnel: myIPSecTunnel2<\/mark><\/strong><\/td><\/tr>
        <\/td>Lifecyc St<\/td>Attached<\/td><\/tr>
        <\/td>IPSec Tun.<\/td>myIPSecTunnel2<\/mark><\/strong><\/td><\/tr>
        <\/td>DRG RT<\/td>Autogen. Drg RT for RPC, VC, and IPSec att.<\/td><\/tr>
        <\/td>CPE<\/td>myCPE<\/mark><\/strong><\/td><\/tr>
        <\/td>CPE IKE Id<\/td>test.myddns.com<\/mark><\/strong> (if you changed IPSec \u2018IP-Connection\u2019 with FQDN)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
        \"\"<\/figure>\n\n\n\n

        Shortly after setup I saw all \u2018ok\/status green\u2019. But after some minutes one tunnel went down. Don\u2019t worry, if the active tunnel has problems the other tunnel becomes active.<\/p>\n\n\n\n

        CPE<\/h3>\n\n\n\n
        Name<\/td>myCPE<\/mark><\/strong><\/td><\/tr>
        Publ. IP<\/td>94.16.100.100<\/mark><\/strong> (you must replace this with your public IP-address !!! )<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

        Here you are able to use an IP-address only and that is the reason why you have to recreate it every day if you use your private dynamic IP-address.<\/p>\n\n\n\n

        In addition \u2013 the whole IPSec configuration depends on this. You have to recreate IPSec and the both tunnels too, even if you could use the same parameters with your own DNS\/URL.<\/p>\n\n\n\n

        \"\"<\/figure>\n\n\n\n
        \"\"<\/figure>\n\n\n\n

        IPSec<\/h3>\n\n\n\n
        Name<\/td>myIPSec<\/mark><\/strong><\/td><\/tr>
        Lifecycle St.<\/td>Available<\/td><\/tr>
        DRG<\/td>myDRG<\/mark><\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

        \/!\\ Here is the point you can change from IP-address to FQDN if you have your own DDNS or your own domain.<\/p>\n\n\n\n

        \"\"<\/figure>\n\n\n\n
        \"\"<\/figure>\n\n\n\n

        Tunnel<\/h3>\n\n\n\n
        Name<\/td>myIPSecTunnel1<\/mark><\/strong><\/td><\/tr>
        Lifecycle St<\/td>Available (when config successful)<\/td><\/tr>
        IPSec Status<\/td>Up (when config successful)<\/td><\/tr>
        IPv4 BGP St.<\/td>–<\/td><\/tr>
        IPv6 BGP St.<\/td>–<\/td><\/tr>
        Oracle VPN<\/td>111.111.111.111<\/mark><\/strong> (address will be provided when created)<\/td><\/tr>
        Routing Typ<\/td>Static Routing<\/strong><\/mark><\/td><\/tr>
        <\/td><\/td><\/tr>
        Name<\/td>myIPSecTunnel2<\/mark><\/strong><\/td><\/tr>
        Lifecycle St<\/td>Available (when config successful)<\/td><\/tr>
        IPSec Status<\/td>Up (when config successful)<\/td><\/tr>
        IPv4 BGP St.<\/td>–<\/td><\/tr>
        IPv6 BGP St.<\/td>–<\/td><\/tr>
        Oracle VPN<\/td>222.222.222.222<\/mark><\/strong> (address will be provided when created)<\/td><\/tr>
        Routing Typ<\/td>Static Routing<\/mark><\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

        Here the pictures of OCI. I omitted the second tunnel as it is configured the same way.<\/p>\n\n\n\n

        \"\"<\/figure>\n\n\n\n
        \"\"<\/figure>\n\n\n\n

        Security List (SL)<\/h3>\n\n\n\n
        SL<\/td>SecurityListMySubnet<\/mark><\/strong><\/td><\/td><\/tr>
        <\/td>Ingress Rules (1)<\/td><\/td><\/tr>
        <\/td>Stateless<\/td>No<\/td><\/tr>
        <\/td>Source<\/td>192.168.0.0\/24<\/mark><\/strong> [customers internal CIDR]<\/td><\/tr>
        <\/td>IP Protocol<\/td>TCP<\/mark><\/td><\/tr>
        <\/td>Source PR<\/td>All<\/mark><\/strong><\/td><\/tr>
        <\/td>Destin. PR<\/td>22<\/mark><\/strong><\/td><\/tr>
        <\/td>Type&Code<\/td><\/td><\/tr>
        <\/td>Allows<\/td>TCP traffic for pots: 22 SSH Remote Login Protocol<\/td><\/tr>
        <\/td>Description<\/td>myCPE(ingress)<\/mark><\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

        Please consider that I used (and copied) the default security list instead of creating the above mentioned \u2018SecurityListMySubnet\u2019<\/p>\n\n\n\n

        \"\"<\/figure>\n\n\n\n

        Routing Table (RT)<\/h3>\n\n\n\n
        RT<\/td>RouteTableMySubnet<\/mark><\/strong><\/td><\/td><\/tr>
        <\/td>Destination<\/td>192.168.0.0\/24<\/mark><\/strong> [customers internal CIDR]<\/td><\/tr>
        <\/td>Target Type<\/td>Dynamic Routing Gateway<\/td><\/tr>
        <\/td>Target<\/td>myDRG<\/strong><\/mark><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

        Please consider that<\/strong> I used (and copied) the<\/strong> default route table instead of<\/strong> creating the above mentioned \u2018RouteTableMySubnet\u2019<\/p>\n\n\n\n

        \"\"<\/figure>\n\n\n\n

        Instance<\/h3>\n\n\n\n

        Create an instance in your OCI VCN-subnet<\/p>\n\n\n\n

        Setup IPFire firewall<\/h2>\n\n\n\n

        On the \u2018Main page\u2019 you will find your external IP if you connect your IPFire firewall directly to the internet. Otherwise you have to do the instructions provided by Oracle for NAT-configuration.<\/p>\n\n\n\n

        In this example it is the 94.16.100.100 IP-address which you have to replace with your external IP.<\/p>\n\n\n\n

        Main Page<\/h3>\n\n\n\n
        \"\"<\/figure>\n\n\n\n

        IPSec<\/h3>\n\n\n\n

        Creating your Certificate Authorities and -Keys is self-explaining and I have filled my Host Certificate CN with my FQDN<\/p>\n\n\n\n

        \"\"<\/figure>\n\n\n\n

        Don’t worry if one tunnel is displayed ‘down’ after some time. OCI and the firewall are automatically selecting one tunnel and take offline the other one if not configured with BGP.<\/p>\n\n\n\n

        Tunnel 1<\/h3>\n\n\n\n

        Parameters for IPSec tunnel 1 on customer side is like this:<\/p>\n\n\n\n

        \"\"<\/figure>\n\n\n\n

        It is very important to fill \u2018Local ID\u2019 with \u2018@<your FQDN>. You don\u2019t get running tunnels in parallel if you don\u2019t use the same naming as in OCI IPSec definition.<\/p>\n\n\n\n

        Tunnel 2<\/h3>\n\n\n\n
        \"\"<\/figure>\n\n\n\n

        Same as tunnel 1: It is very important to fill \u2018Local ID\u2019 with \u2018@<your FQDN>. You don\u2019t get running tunnels in parallel if you don\u2019t use the same naming as in OCI IPSec definition.<\/p>\n\n\n\n

        IPSec Tunnel Advanced<\/h3>\n\n\n\n

        For IPSec advanced features I have set a custom configuration on OCI and my (customers) side. But it was running with defaults too. Advanced settings are identical for tunnel 1 and tunnel 2.<\/p>\n\n\n\n

        \"\"<\/figure>\n\n\n\n

        \/!\\ Don’t forget to set your IPFire firewall to allow traffic to both tunnels and drop traffic from tunnels if you don’t want that someone\/something from OCI can access your private network.<\/p>\n\n\n\n

        By default the traffic is allowed in both directions.<\/p>\n\n\n\n

        Your personal firewall<\/h3>\n\n\n\n

        Last but not least – don’t forget to block traffic from OCI to your personal network if you don’t want the ‘whole world’ in your personal network.<\/p>\n\n\n\n

        IPFire can handle the tunnels very easily. Just allow traffic from your network to tunnels and block (drop) traffic the way from tunnels to your network.<\/p>\n\n\n\n

        \"\"<\/figure>\n\n\n\n

        Faced issues<\/h2>\n\n\n\n

        Most of the configuring was straight forward and the IPSec tunnels were showed up as working after a short time, but \u2026<\/p>\n\n\n\n

        One single IPSec-tunnel \u2018up\u2019 works but the IPSec-tunnels don\u2019t run in parallel<\/h3>\n\n\n\n

        Most time-consuming issue was: Even if each IPSec tunnel was connected and \u2018up\u2019 to OCI, you don\u2019t get any traffic through.<\/p>\n\n\n\n

        As a first try just disable one of the IPSec tunnels. My configuration worked with one tunnel up and the other down. And it doesn\u2019t care which one I had up and which one was down. I just had to avoid using both in parallel.<\/p>\n\n\n\n

        What solved the issue?<\/p>\n\n\n\n

        The problem was gone when I used FQDN on OCI-side and entered the used FQDN in IPFire in the tunnel settings in the field \u2018Local ID\u2019 (with preceeded \u2018@\u2019 character)<\/p>\n\n\n\n

        What was the behavior then? With the FQDN in place OCI and my firewall were negotiating themselves which tunnel is used. One tunnel is up and one tunnel is down. If active tunnel goes down the other one goes up automatically.<\/p>\n\n\n\n

        Remark from Oracle:<\/em><\/strong><\/p>\n\n\n\n

        If your CPE supports having two IPSec tunnels up\/active to the same destination, configure the second tunnel to also be up\/active. Oracle recommends configuring both tunnels to use BGP dynamic routing.<\/p><\/blockquote>\n\n\n\n

        All other issues were mainly to ensure correct order of data-collecting and -entering. If you use OCIs \u2018Wizard\u2019 you are on safe side already.<\/p>\n\n\n\n

        Conclusion<\/h2>\n\n\n\n

        For a \u2018one day valid test\u2019 (if you are using dynamic IP-address) it takes 3min reconfiguring of your environment every day after you\u2019ve received a new external IP-address to do testing with OCI plus on premises IT with no financial impact. What you need is your curiosity and time setting things up initially.<\/p>\n","protected":false},"excerpt":{"rendered":"

        Introduction & why attaching your personnal network to OCI (Oracle Cloud Infrastructure) You want to use your existing tools and infrastructure, but you need high internet performance for your Oracle environment \u2013 the combination of on premise and OCI may make sense for you. Or if you simply want to check what possibilities OCI provides […]<\/p>\n","protected":false},"author":27,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[955,59],"tags":[2643,2642,1375,1930],"type_dbi":[],"class_list":["post-18211","post","type-post","status-publish","format-standard","hentry","category-cloud","category-oracle","tag-connect-oci-to-on-prem","tag-cpe","tag-oci","tag-oracle-cloud-infrastructure"],"acf":[],"yoast_head":"\nOCI connected to your personal network \u2013 quick&easy example with open source firewall 'IPFire' - dbi Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OCI connected to your personal network \u2013 quick&easy example with open source firewall 'IPFire'\" \/>\n<meta property=\"og:description\" content=\"Introduction & why attaching your personnal network to OCI (Oracle Cloud Infrastructure) You want to use your existing tools and infrastructure, but you need high internet performance for your Oracle environment \u2013 the combination of on premise and OCI may make sense for you. Or if you simply want to check what possibilities OCI provides […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-05T14:04:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-08-05T14:04:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/08\/01-Blog-Config-Example-Overview-1024x521.png\" \/>\n<meta name=\"author\" content=\"Oracle Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Oracle Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/\"},\"author\":{\"name\":\"Oracle Team\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee\"},\"headline\":\"OCI connected to your personal network \u2013 quick&easy example with open source firewall ‘IPFire’\",\"datePublished\":\"2022-08-05T14:04:34+00:00\",\"dateModified\":\"2022-08-05T14:04:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/\"},\"wordCount\":1621,\"commentCount\":2,\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/08\/01-Blog-Config-Example-Overview-1024x521.png\",\"keywords\":[\"Connect OCI to On-Prem\",\"CPE\",\"OCI\",\"oracle cloud infrastructure\"],\"articleSection\":[\"Cloud\",\"Oracle\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/\",\"name\":\"OCI connected to your personal network \u2013 quick&easy example with open source firewall 'IPFire' - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/08\/01-Blog-Config-Example-Overview-1024x521.png\",\"datePublished\":\"2022-08-05T14:04:34+00:00\",\"dateModified\":\"2022-08-05T14:04:37+00:00\",\"author\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/#primaryimage\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/08\/01-Blog-Config-Example-Overview.png\",\"contentUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/08\/01-Blog-Config-Example-Overview.png\",\"width\":1412,\"height\":718},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.dbi-services.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OCI connected to your personal network \u2013 quick&easy example with open source firewall ‘IPFire’\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee\",\"name\":\"Oracle Team\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g\",\"caption\":\"Oracle Team\"},\"url\":\"https:\/\/www.dbi-services.com\/blog\/author\/oracle-team\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"OCI connected to your personal network \u2013 quick&easy example with open source firewall 'IPFire' - dbi Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/","og_locale":"en_US","og_type":"article","og_title":"OCI connected to your personal network \u2013 quick&easy example with open source firewall 'IPFire'","og_description":"Introduction & why attaching your personnal network to OCI (Oracle Cloud Infrastructure) You want to use your existing tools and infrastructure, but you need high internet performance for your Oracle environment \u2013 the combination of on premise and OCI may make sense for you. Or if you simply want to check what possibilities OCI provides […]","og_url":"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/","og_site_name":"dbi Blog","article_published_time":"2022-08-05T14:04:34+00:00","article_modified_time":"2022-08-05T14:04:37+00:00","og_image":[{"url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/08\/01-Blog-Config-Example-Overview-1024x521.png","type":"","width":"","height":""}],"author":"Oracle Team","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Oracle Team","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/"},"author":{"name":"Oracle Team","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee"},"headline":"OCI connected to your personal network \u2013 quick&easy example with open source firewall ‘IPFire’","datePublished":"2022-08-05T14:04:34+00:00","dateModified":"2022-08-05T14:04:37+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/"},"wordCount":1621,"commentCount":2,"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/08\/01-Blog-Config-Example-Overview-1024x521.png","keywords":["Connect OCI to On-Prem","CPE","OCI","oracle cloud infrastructure"],"articleSection":["Cloud","Oracle"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/","url":"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/","name":"OCI connected to your personal network \u2013 quick&easy example with open source firewall 'IPFire' - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/#primaryimage"},"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/08\/01-Blog-Config-Example-Overview-1024x521.png","datePublished":"2022-08-05T14:04:34+00:00","dateModified":"2022-08-05T14:04:37+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee"},"breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/#primaryimage","url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/08\/01-Blog-Config-Example-Overview.png","contentUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/08\/01-Blog-Config-Example-Overview.png","width":1412,"height":718},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/oci-connected-to-your-personal-network-quickeasy-example-with-open-source-firewall-ipfire\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"OCI connected to your personal network \u2013 quick&easy example with open source firewall ‘IPFire’"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee","name":"Oracle Team","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g","caption":"Oracle Team"},"url":"https:\/\/www.dbi-services.com\/blog\/author\/oracle-team\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/18211","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=18211"}],"version-history":[{"count":30,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/18211\/revisions"}],"predecessor-version":[{"id":18318,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/18211\/revisions\/18318"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=18211"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=18211"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=18211"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=18211"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}