Tunneling
Objective
This guide provides instructions on how to configure a tunnel for your site. F5® Distributed Cloud Services support the IPsec tunnel type with Pre-Shared Key (PSK).
Tunnel configuration allows you to specify parameters for configuring static tunnels. Configuration involves specification of encapsulation and related parameters to be used for this tunnel's Payload traffic.
Prerequisites
- F5 Distributed Cloud Account is required.
Note: In case you do not have an account, see Create an Account.
- One or more registered sites in the enterprise tenant.
Note: If you do not have a registered site, see How-to Create a Site.
Create a Tunnel
Perform the following steps to create a tunnel in F5 Distributed Cloud Console :
Step 1: Navigate to the tunnels page and start creating a tunnel.
-
From the Home screen, click
Cloud and Edge Sites
underAll Services
. -
In the
Manage
section of the configuration menu, selectNetworking
from the options pane and thenTunnels
to see a list of existing tunnels. Then clickAdd Tunnel
.Figure: Tunnel metadata -
In the
Metadata
section,- Enter a unique name for the tunnel.
- Optionally, set labels and description, as necessary.
-
In the
Tunnel Type
section, select a tunnel type. Currently onlyIPSEC with PSK
is supported.
Step 2: Configure the Local IP Address selector.
In the Type
dropdown, choose between Local Interface
and Local IP Address Type
.
-
Local Interface: In the
Local Interface
dropdown, select a network interface.Figure: Tunnel metadata -
Local IP Address Type: In the second
Type
dropdown, choose betweenLocal IP Address Type
andAuto IP
:Figure: Tunnel metadata -
Local IP Address Type:
- Select either IPv4 or IPv6 for the address version, and then enter the corresponding IP address into the address field.
- Select a local virtual network from the dropdown.
- Select either IPv4 or IPv6 for the address version, and then enter the corresponding IP address into the address field.
-
Auto IP: Select a local virtual network from the dropdown.
-
Step 3: Configure the Remote IP Address selector.
In the Type
dropdown, choose between Remote IP address
and Remote Endpoints
.
-
Remote IP Address: Select either IPv4 or IPv6 for the address version, and then enter the corresponding IP address into the address field.
Figure: Tunnel metadata -
Remote Endpoints: Use the
Add Item
button to add remote endpoints. For each endpoint you add, follow these steps:Figure: Tunnel metadata - Enter the node for the tunnel in the
Node
field in the form of site:node (site is optional). - Click
Configure
, select either IPv4 or IPv6 for the address version, and then enter the corresponding IP address into the address field.
- Enter the node for the tunnel in the
Step 4: Enter the tunnel parameters.
- In the
Type
field, select the tunnel type.
Note: Only IPSEC is currently supported, so there are no other choices.
- In the
Secret Info
dropdown, choose betweenBlindfold Secret
andClear Secret
.
Blindfold Secret
This option will cause all traffic to be encrypted using F5 Distributed Cloud Blindfold in addition to the protocols and encryption used for IPSEC.
- For the
Policy
dropdown, select betweenBuilt-in
andCustom
. Then select the appropriate policy in the associated dropdown. - Choose the type of secret you will enter. If you have not already created a Blindfold Secret or want to create a new one, then choose between
TEXT
, otherwise chooseBuilt-In
- Text: Enter your cleartext secret and press
Blindfold
. You can use theEdit
button to see and/or copy your encrypted Blindfold Secret. - Blindfold: Paste your existing Blindfold Secret into the text box.
- For more information on Blindfold, see Secrets Management and Blindfold.
Clear Secret
This option will only use the protocols and encryption for IPSEC.
Choose between TEXT
and base64(binary)
for the type of secret you will enter. Then enter your secret in the format specified.
Step 5: Complete tunnel creation.
Press Save and Exit
.
Note: Tunnel configuration becomes effective only when you attach the tunnel to a tunnel interface.